private static IClaimsPrincipal GetClaimsIdentity(RequestSecurityTokenResponse rstr)
{
var rstrXml = rstr.RequestedSecurityToken.SecurityTokenXml;
var xnm = new XmlNamespaceManager(rstrXml.OwnerDocument.NameTable);
xnm.AddNamespace(Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Prefix, Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Namespace);
XNamespace ast = "urn:oasis:names:tc:SAML:2.0:assertion";
var xElement = ToXElement(rstrXml);
var xAssertionElement = xElement.Element(ast + "Assertion");
if (xAssertionElement != null)
{
var xAttributeStatement = xAssertionElement.Element(ast + "AttributeStatement");
if (xAttributeStatement != null)
{
var xAttributes = xAttributeStatement.Elements(ast + "Attribute");
IClaimsIdentity claimsIdentity = new Microsoft.IdentityModel.Claims.ClaimsIdentity();
foreach (var element in xAttributes)
{
var claimType = element.Attribute("NameFormat") + "/" + element.Attribute("Name");
var value = element.Value;
var xAttribute = element.Attribute("Name");
if (xAttribute != null && xAttribute.Value == "urn:FirstName")
{
claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(ClaimTypes.Name, element.Value));
}
claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(claimType, value ?? ""));
}
var claimsIdentitycol = new ClaimsIdentityCollection(new[] { claimsIdentity });
return(Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromIdentities(claimsIdentitycol));
}
}
return(null);
}
public ActionResult IssueResponse()
{
if (Request.Form.HasKeys())
{
if (Request.Form["SAMLResponse"] != null)
{
var samlResponse = Request.Form["SAMLResponse"];
var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse)));
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token;
using (var sr = new StringReader(responseDecoded))
{
using (var reader = XmlReader.Create(sr))
{
reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
}
}
var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString();
var issuer = token.Assertion.Issuer.Value;
var rstr = new RequestSecurityTokenResponse
{
TokenType = Constants.TokenKeys.TokenType,
RequestType = Constants.TokenKeys.RequestType,
KeyType = Constants.TokenKeys.KeyType,
Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter),
AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)),
RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded))
};
var principal = GetClaimsIdentity(rstr);
if (principal != null)
{
var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal);
var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm);
var ipc = new SamlTokenServiceConfiguration(issuer);
SecurityTokenService identityProvider = new SamlTokenService(ipc);
var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider);
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri);
Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
//return new EmptyResult();
}
var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() };
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request));
}
}
return View("Error");
}
private static IClaimsPrincipal GetClaimsIdentity(RequestSecurityTokenResponse rstr)
{
var rstrXml = rstr.RequestedSecurityToken.SecurityTokenXml;
var xnm = new XmlNamespaceManager(rstrXml.OwnerDocument.NameTable);
xnm.AddNamespace(Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Prefix, Microsoft.IdentityModel.Tokens.Saml2.Saml2Constants.Namespace);
XNamespace ast = "urn:oasis:names:tc:SAML:2.0:assertion";
var xElement = ToXElement(rstrXml);
var xAssertionElement = xElement.Element(ast + "Assertion");
if (xAssertionElement != null)
{
var xAttributeStatement = xAssertionElement.Element(ast + "AttributeStatement");
if (xAttributeStatement != null)
{
var xAttributes = xAttributeStatement.Elements(ast + "Attribute");
IClaimsIdentity claimsIdentity = new Microsoft.IdentityModel.Claims.ClaimsIdentity();
foreach (var element in xAttributes)
{
var claimType = element.Attribute("NameFormat") + "/" + element.Attribute("Name");
var value = element.Value;
var xAttribute = element.Attribute("Name");
if (xAttribute != null && xAttribute.Value == "urn:FirstName")
claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(ClaimTypes.Name, element.Value));
claimsIdentity.Claims.Add(new Microsoft.IdentityModel.Claims.Claim(claimType, value ?? ""));
}
var claimsIdentitycol = new ClaimsIdentityCollection(new[] { claimsIdentity });
return Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromIdentities(claimsIdentitycol);
}
}
return null;
}
public ActionResult IssueResponse()
{
if (Request.Form.HasKeys())
{
if (Request.Form["SAMLResponse"] != null)
{
var samlResponse = Request.Form["SAMLResponse"];
var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse)));
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token;
using (var sr = new StringReader(responseDecoded))
{
using (var reader = XmlReader.Create(sr))
{
reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
}
}
var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString();
var issuer = token.Assertion.Issuer.Value;
var rstr = new RequestSecurityTokenResponse
{
TokenType = Constants.TokenKeys.TokenType,
RequestType = Constants.TokenKeys.RequestType,
KeyType = Constants.TokenKeys.KeyType,
Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter),
AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)),
RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded))
};
var principal = GetClaimsIdentity(rstr);
if (principal != null)
{
var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal);
var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm);
var ipc = new SamlTokenServiceConfiguration(issuer);
SecurityTokenService identityProvider = new SamlTokenService(ipc);
var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider);
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri);
Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
//return new EmptyResult();
}
var fam = new WSFederationAuthenticationModule {
FederationConfiguration = new FederationConfiguration()
};
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)));
}
}
return(View("Error"));
}
