protected virtual NameIDPolicyValidationResult CheckNameIDPolicy(RelyingPartyAggregate relyingParty, User user, AuthnRequestType authnRequest)
{
var attributes = ConvertAttributes(relyingParty, user);
string nameIdFormat = Saml.Constants.NameIdentifierFormats.EntityIdentifier;
string nameIdValue = user.Claims.First(c => c.Type == Jwt.Constants.UserClaims.Subject).Value;
if (authnRequest.NameIDPolicy != null &&
(string.IsNullOrWhiteSpace(authnRequest.NameIDPolicy.Format) || authnRequest.NameIDPolicy.Format == Saml.Constants.NameIdentifierFormats.Unspecified))
{
var attr = attributes.FirstOrDefault(a => a.AttributeFormat == authnRequest.NameIDPolicy.Format);
if (attr == null)
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.InvalidNameIDPolicy, string.Format(Global.UnknownNameId, authnRequest.NameIDPolicy.SPNameQualifier));
}
nameIdFormat = attr.AttributeFormat;
nameIdValue = attr.Value;
}
return(new NameIDPolicyValidationResult
{
NameIdFormat = nameIdFormat,
NameIdValue = nameIdValue,
Attributes = attributes
});
}
public Task <bool> Update(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken)
{
var record = _relyingParties.First(r => r.Id == relyingPartyAggregate.Id);
_relyingParties.Remove(record);
return(Task.FromResult(true));
}
public static SingleSignOnResult Ok(ResponseType response, RelyingPartyAggregate relyingParty)
{
return(new SingleSignOnResult
{
IsValid = true,
Response = response,
RelyingParty = relyingParty
});
}
public async Task <string> Handle(JObject jObj, CancellationToken cancellationToken)
{
var parameter = jObj.ToCreateRelyingPartyParameter();
var relyingParty = RelyingPartyAggregate.Create(parameter.MetadataUrl);
await _relyingPartyRepository.Add(relyingParty, cancellationToken);
await _relyingPartyRepository.SaveChanges(cancellationToken);
_logger.LogInformation("Relying party has been added");
return(relyingParty.Id);
}
public static JObject ToDto(this RelyingPartyAggregate rp)
{
var mappings = rp.ClaimMappings.Select(c => c.ToDto());
return(new JObject
{
{ RelyingPartyParameters.Id, rp.Id },
{ RelyingPartyParameters.AssertionExpirationTimeInSeconds, rp.AssertionExpirationTimeInSeconds },
{ RelyingPartyParameters.ClaimMappings, new JArray(mappings) },
{ RelyingPartyParameters.CreateDateTime, rp.CreateDateTime },
{ RelyingPartyParameters.MetadataUrl, rp.MetadataUrl },
{ RelyingPartyParameters.UpdateDateTime, rp.UpdateDateTime }
});
}
protected ICollection <SamlAttribute> ConvertAttributes(RelyingPartyAggregate relyingParty, User user)
{
var result = new List <SamlAttribute>();
foreach (var claim in user.Claims)
{
var mapping = relyingParty.GetMapping(claim.Type);
if (mapping != null)
{
result.Add(new SamlAttribute {
AttributeName = mapping.ClaimName, Type = claim.Type, Value = claim.Value, AttributeFormat = mapping.ClaimFormat
});
}
}
return(result);
}
protected virtual async Task <ResponseType> BuildResponse(AuthnRequestType authnRequest, RelyingPartyAggregate relyingParty, NameIDPolicyValidationResult validationResult, CancellationToken cancellationToken)
{
var builder = SamlResponseBuilder.New()
.AddAssertion(cb =>
{
cb.SetIssuer(Constants.NameIdentifierFormats.PersistentIdentifier, _options.IDPId);
cb.SetSubject(s =>
{
s.SetNameId(validationResult.NameIdFormat, validationResult.NameIdValue);
s.AddSubjectConfirmationBearer(DateTime.UtcNow, DateTime.UtcNow.AddSeconds(relyingParty.AssertionExpirationTimeInSeconds), inResponseTo: authnRequest.ID);
});
cb.SetConditions(DateTime.UtcNow, DateTime.UtcNow.AddSeconds(relyingParty.AssertionExpirationTimeInSeconds), c =>
{
c.AddAudienceRestriction(relyingParty.Id);
});
foreach (var attr in validationResult.Attributes)
{
cb.AddAttributeStatementAttribute(attr.AttributeName, null, attr.Type, attr.Value);
}
});
if (await relyingParty.GetAssertionSigned(_entityDescriptorStore, cancellationToken))
{
return(builder.SignAndBuild(_options.SigningCertificate, _options.SignatureAlg.Value, _options.CanonicalizationMethod));
}
return(builder.Build());
}
public Task <bool> Delete(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken)
{
_relyingParties.Remove(relyingPartyAggregate);
return(Task.FromResult(true));
}
public Task <bool> Add(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken)
{
_relyingParties.Add((RelyingPartyAggregate)relyingPartyAggregate.Clone());
return(Task.FromResult(true));
}
public Task <bool> Update(RelyingPartyAggregate relyingPartyAggregate, CancellationToken cancellationToken)
{
_dbContext.RelyingParties.Update(relyingPartyAggregate);
return(Task.FromResult(true));
}
