protected virtual NameIDPolicyValidationResult CheckNameIDPolicy(RelyingPartyAggregate relyingParty, User user, AuthnRequestType authnRequest) { var attributes = ConvertAttributes(relyingParty, user); string nameIdFormat = Saml.Constants.NameIdentifierFormats.EntityIdentifier; string nameIdValue = user.Claims.First(c => c.Type == Jwt.Constants.UserClaims.Subject).Value; if (authnRequest.NameIDPolicy != null && (string.IsNullOrWhiteSpace(authnRequest.NameIDPolicy.Format) || authnRequest.NameIDPolicy.Format == Saml.Constants.NameIdentifierFormats.Unspecified)) { var attr = attributes.FirstOrDefault(a => a.AttributeFormat == authnRequest.NameIDPolicy.Format); if (attr == null) { throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.InvalidNameIDPolicy, string.Format(Global.UnknownNameId, authnRequest.NameIDPolicy.SPNameQualifier)); } nameIdFormat = attr.AttributeFormat; nameIdValue = attr.Value; } return(new NameIDPolicyValidationResult { NameIdFormat = nameIdFormat, NameIdValue = nameIdValue, Attributes = attributes }); }
public Task <bool> Update(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken) { var record = _relyingParties.First(r => r.Id == relyingPartyAggregate.Id); _relyingParties.Remove(record); return(Task.FromResult(true)); }
public static SingleSignOnResult Ok(ResponseType response, RelyingPartyAggregate relyingParty) { return(new SingleSignOnResult { IsValid = true, Response = response, RelyingParty = relyingParty }); }
public async Task <string> Handle(JObject jObj, CancellationToken cancellationToken) { var parameter = jObj.ToCreateRelyingPartyParameter(); var relyingParty = RelyingPartyAggregate.Create(parameter.MetadataUrl); await _relyingPartyRepository.Add(relyingParty, cancellationToken); await _relyingPartyRepository.SaveChanges(cancellationToken); _logger.LogInformation("Relying party has been added"); return(relyingParty.Id); }
public static JObject ToDto(this RelyingPartyAggregate rp) { var mappings = rp.ClaimMappings.Select(c => c.ToDto()); return(new JObject { { RelyingPartyParameters.Id, rp.Id }, { RelyingPartyParameters.AssertionExpirationTimeInSeconds, rp.AssertionExpirationTimeInSeconds }, { RelyingPartyParameters.ClaimMappings, new JArray(mappings) }, { RelyingPartyParameters.CreateDateTime, rp.CreateDateTime }, { RelyingPartyParameters.MetadataUrl, rp.MetadataUrl }, { RelyingPartyParameters.UpdateDateTime, rp.UpdateDateTime } }); }
protected ICollection <SamlAttribute> ConvertAttributes(RelyingPartyAggregate relyingParty, User user) { var result = new List <SamlAttribute>(); foreach (var claim in user.Claims) { var mapping = relyingParty.GetMapping(claim.Type); if (mapping != null) { result.Add(new SamlAttribute { AttributeName = mapping.ClaimName, Type = claim.Type, Value = claim.Value, AttributeFormat = mapping.ClaimFormat }); } } return(result); }
protected virtual async Task <ResponseType> BuildResponse(AuthnRequestType authnRequest, RelyingPartyAggregate relyingParty, NameIDPolicyValidationResult validationResult, CancellationToken cancellationToken) { var builder = SamlResponseBuilder.New() .AddAssertion(cb => { cb.SetIssuer(Constants.NameIdentifierFormats.PersistentIdentifier, _options.IDPId); cb.SetSubject(s => { s.SetNameId(validationResult.NameIdFormat, validationResult.NameIdValue); s.AddSubjectConfirmationBearer(DateTime.UtcNow, DateTime.UtcNow.AddSeconds(relyingParty.AssertionExpirationTimeInSeconds), inResponseTo: authnRequest.ID); }); cb.SetConditions(DateTime.UtcNow, DateTime.UtcNow.AddSeconds(relyingParty.AssertionExpirationTimeInSeconds), c => { c.AddAudienceRestriction(relyingParty.Id); }); foreach (var attr in validationResult.Attributes) { cb.AddAttributeStatementAttribute(attr.AttributeName, null, attr.Type, attr.Value); } }); if (await relyingParty.GetAssertionSigned(_entityDescriptorStore, cancellationToken)) { return(builder.SignAndBuild(_options.SigningCertificate, _options.SignatureAlg.Value, _options.CanonicalizationMethod)); } return(builder.Build()); }
public Task <bool> Delete(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken) { _relyingParties.Remove(relyingPartyAggregate); return(Task.FromResult(true)); }
public Task <bool> Add(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken) { _relyingParties.Add((RelyingPartyAggregate)relyingPartyAggregate.Clone()); return(Task.FromResult(true)); }
public Task <bool> Update(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken) { _dbContext.RelyingParties.Update(relyingPartyAggregate); return(Task.FromResult(true)); }