public ActionResult IssueResponse()
{
if (Request.Form.HasKeys())
{
if (Request.Form["SAMLResponse"] != null)
{
var samlResponse = Request.Form["SAMLResponse"];
var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse)));
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token;
using (var sr = new StringReader(responseDecoded))
{
using (var reader = XmlReader.Create(sr))
{
reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
}
}
var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString();
var issuer = token.Assertion.Issuer.Value;
var rstr = new RequestSecurityTokenResponse
{
TokenType = Constants.TokenKeys.TokenType,
RequestType = Constants.TokenKeys.RequestType,
KeyType = Constants.TokenKeys.KeyType,
Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter),
AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)),
RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded))
};
var principal = GetClaimsIdentity(rstr);
if (principal != null)
{
var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal);
var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm);
var ipc = new SamlTokenServiceConfiguration(issuer);
SecurityTokenService identityProvider = new SamlTokenService(ipc);
var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider);
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri);
Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
//return new EmptyResult();
}
var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() };
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request));
}
}
return View("Error");
}
public ActionResult IssueResponse()
{
if (Request.Form.HasKeys())
{
if (Request.Form["SAMLResponse"] != null)
{
var samlResponse = Request.Form["SAMLResponse"];
var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse)));
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token;
using (var sr = new StringReader(responseDecoded))
{
using (var reader = XmlReader.Create(sr))
{
reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
}
}
var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString();
var issuer = token.Assertion.Issuer.Value;
var rstr = new RequestSecurityTokenResponse
{
TokenType = Constants.TokenKeys.TokenType,
RequestType = Constants.TokenKeys.RequestType,
KeyType = Constants.TokenKeys.KeyType,
Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter),
AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)),
RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded))
};
var principal = GetClaimsIdentity(rstr);
if (principal != null)
{
var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal);
var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm);
var ipc = new SamlTokenServiceConfiguration(issuer);
SecurityTokenService identityProvider = new SamlTokenService(ipc);
var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider);
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri);
Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
//return new EmptyResult();
}
var fam = new WSFederationAuthenticationModule {
FederationConfiguration = new FederationConfiguration()
};
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)));
}
}
return(View("Error"));
}
