private string GetResponse()
{
if (CurrentPerson == null)
{
return("");
}
RockContext rockContext = new RockContext();
BinaryFileService binaryFileService = new BinaryFileService(rockContext);
var binaryFile = binaryFileService.Get(GetAttributeValue(AttributeKey.CertificateFile).AsGuid());
if (binaryFile == null)
{
return("");
}
var binaryData = binaryFile.ContentStream.ReadBytesToEnd();
X509Certificate2 signingCert = new X509Certificate2(binaryData, GetAttributeValue(AttributeKey.CertificatePassword), X509KeyStorageFlags.Exportable);
var attributeStatements = new Dictionary <string, string> {
{ "FirstName", CurrentPerson.FirstName },
{ "LastName", CurrentPerson.LastName },
{ "DateOfBirth", CurrentPerson.BirthDate.Value.ToString("o") },
{ "Gender", CurrentPerson.Gender.ToString() },
{ "Email", CurrentPerson.Email },
};
var response = SAML20Assertion.CreateSAML20Response(
"Southeast Christian Church",
60 * 24 * GetAttributeValue(AttributeKey.DaysValid).AsInteger(),
"WellRight",
CurrentPerson.Email,
GetAttributeValue(AttributeKey.RequestUrl),
attributeStatements,
signingCert
);
return(response);
}
protected void btnLaunchSSO_Click(object sender, EventArgs e)
{
// Set RelayState - Target Resource
RelayState.Value = txtTarget.Text;
// Create SAML Response and set Form Value
// Collect SAML Attributes for packing into assertion
Dictionary <string, string> SAMLAttributes = new Dictionary <string, string>();
foreach (System.Web.UI.HtmlControls.HtmlTableRow tr in tblAttrs.Rows)
{
if (tr.Cells[1].Controls.Count > 1)
{
TextBox AttrKey = (TextBox)tr.Cells[0].Controls[1];
if (!string.IsNullOrEmpty(AttrKey.Text))
{
TextBox AttrValue = (TextBox)tr.Cells[1].Controls[1];
CheckBox SendNull = (CheckBox)tr.Cells[2].Controls[1];
if (SendNull.Checked)
{
if (string.IsNullOrEmpty(AttrValue.Text))
{
SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, null);
}
else
{
SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text);
}
}
else
{
SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text);
}
}
}
}
// get the certificate
X509Certificate2 SigningCert = CertificateUtility.GetCertificateForSigning(ddlIssuer.SelectedValue, StoreName.Root, StoreLocation.LocalMachine);
// Add base 64 encoded SAML Response to form for POST
SAMLResponse.Value = SAML20Assertion.CreateSAML20Response(ddlIssuer.SelectedItem.Text, 5, "Audience", "Subject", "Recipient", SAMLAttributes, SigningCert);
// Set Body page load action
if (string.IsNullOrEmpty(txtSPURL.Text))
{
frmIdPLauncher.Action = ddlSPUrl.SelectedValue;
}
else
{
frmIdPLauncher.Action = txtSPURL.Text;
}
// add javascript to HTTP POST to the SSO configured
// This implements the IdP-initiated HTTP POST use case
HtmlGenericControl body = (HtmlGenericControl)this.Page.FindControl("bodySSO");
if (body != null)
{
body.Attributes.Add("onload", "document.forms.frmIdPLauncher.submit();");
}
}
protected void btnLaunchSSO_Click(object sender, EventArgs e)
{
// Set RelayState - Target Resource
RelayState.Value = txtTarget.Text;
// Create SAML Response and set Form Value
// Collect SAML Attributes for packing into assertion
Dictionary <string, string> SAMLAttributes = new Dictionary <string, string>();
foreach (System.Web.UI.HtmlControls.HtmlTableRow tr in tblAttrs.Rows)
{
if (tr.Cells[1].Controls.Count > 1)
{
TextBox AttrKey = (TextBox)tr.Cells[0].Controls[1];
if (!string.IsNullOrEmpty(AttrKey.Text))
{
TextBox AttrValue = (TextBox)tr.Cells[1].Controls[1];
CheckBox SendNull = (CheckBox)tr.Cells[2].Controls[1];
if (SendNull.Checked)
{
if (string.IsNullOrEmpty(AttrValue.Text))
{
SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, null);
}
else
{
SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text);
}
}
else
{
SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text);
}
}
}
}
// get the certificate
String CertPath = System.Web.Hosting.HostingEnvironment.MapPath(@"~/App_Data/CoverMyMeds.pfx");
X509Certificate2 SigningCert = new X509Certificate2(CertPath, "4CoverMyMeds");
// Add base 64 encoded SAML Response to form for POST
String NameID = String.Empty;
if (!string.IsNullOrEmpty(txtNameID.Text))
{
NameID = txtNameID.Text;
}
SAMLResponse.Value = SAML20Assertion.CreateSAML20Response(
txtIssuer.Text, 5, "Audience", NameID, "Recipient", SAMLAttributes, SigningCert);
// Set Body page load action
frmIdPLauncher.Action = txtSPURL.Text;
// add javascript to HTTP POST to the SSO configured
// This implements the IdP-initiated HTTP POST use case
HtmlGenericControl body = (HtmlGenericControl)this.Page.FindControl("bodySSO");
if (body != null)
{
body.Attributes.Add("onload", "document.forms.frmIdPLauncher.submit();");
}
}
public ActionResult SingleSignOn(string attributes, string targetUrl, string partnerSP)
{
try
{
// Initiate single sign-on to the service provider (IdP-initiated SSO)]
// by sending a SAML response containing a SAML assertion to the SP.
// get the member id (was IWS number) from the database
var member = Services.MemberService.GetByUsername(User.Identity.Name);
Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ":" + string.Format("---------------------USER '{0}' initiated the SSO---------------------", member.Username));
// Create a dictionary of attributes to add to the SAML assertion
var attribs = new Dictionary <string, string>();
/////////////////////////////////////////////////////////////////////////
// SAML Parameter Configurations
/////////////////////////////////////////////////////////////////////////
// Attributes for StatDoctors
if (partnerSP == "StatDoctors")
{
string AccountUniqueContactId = member.GetValue("yNumber").ToString();
string AccountFamilyId = member.GetValue("yNumber").ToString();
if (AccountFamilyId.Length > 7)
{
AccountFamilyId = AccountFamilyId.Substring(0, 7);
}
string FamilyDependentId = member.GetValue("yNumber").ToString();
if (FamilyDependentId.Length > 7)
{
FamilyDependentId = FamilyDependentId.Substring(7, 2);
}
{
// Create attribute list an populate with needed data
var attrib = new Dictionary <string, string>
{
{ "AccountUniqueContactId", AccountUniqueContactId },
{ "AccountFamilyId", AccountFamilyId },
{ "FamilyDependentId", FamilyDependentId },
{ "PartnerId", "AC4134" },
{ "PartnerAccountId", "" },
{ "ReturnUrl", "" }
};
// Send an IdP initiated SAML assertion
SAMLIdentityProvider.InitiateSSO(
Response,
member.GetValue("yNumber").ToString(),
attrib,
"",
partnerSP);
}
}
// Attributes for US Script
if (partnerSP == "USScript")
{
string yNumber = member.GetValue("yNumber").ToString();
if (yNumber.Length > 7)
{
yNumber = yNumber.Substring(0, 7);
}
var samlAttributes = new Dictionary <string, string>
{
{ "urn:uss:saml:attrib::id", yNumber },
{ "urn:uss:saml:attrib::firstname", member.GetValue("msFirstName").ToString() },
{ "urn:uss:saml:attrib::lastname", member.GetValue("msLastName").ToString() },
{ "urn:uss:saml:attrib::groupid", member.GetValue("groupId").ToString() },
{ "urn:uss:saml:attrib::dateofbirth", Convert.ToDateTime(member.GetValue("birthday")).ToString("yyyy-MM-dd") },
{ "urn:uss:saml:attrib::email", member.Email }
};
PgpSAML20Assertion.GuideSSO(Response, partnerSP, String.Empty, samlAttributes);
}
// Attributes for MagnaCare
if (partnerSP == "MagnaCare")
{
var samlAttributes = new Dictionary <string, string>
{
{ "member:id", member.GetValue("yNumber").ToString() },
{ "member:first_name", member.GetValue("msFirstName").ToString() },
{ "member:last_name", member.GetValue("msLastName").ToString() },
{ "member:product", member.GetValue("healthPlanName").ToString() }
};
SAML20Assertion.GuideSSO(Response, partnerSP, member.GetValue("yNumber").ToString(), samlAttributes);
}
// Attributes for HealthX
if (partnerSP == "https://secure.healthx.com/PublicService/SSO/AutoLogin.aspx" ||
partnerSP == "https://secure.healthx.com/PublicService/SSO/AutoLogin.aspx?mobile=1")
{
// Create attribute list an populate with needed data
var attrib = new List <SAMLAttribute>
{
// Version 1 is constant value set by HealthX
new SAMLAttribute("Version", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "Version",
"xs:string", "1"),
// This is the site ID and is redundant since it is in the Assertion consumer url. I added this for completeness
new SAMLAttribute("ServiceId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "ServiceID",
"xs:string", "d99bfe58-3896-4eb6-9586-d2f9ae673052"),
// This is the service ID and is redundant since it is in the Assertion consumer url. I added this for completeness
new SAMLAttribute("SiteId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "SiteId", "xs:string",
"e6fa832c-fbd3-48c7-860f-e4f04b22bab7"),
new SAMLAttribute("RelationshipCode", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"RelationshipCode", "xs:string", "18"),
new SAMLAttribute("UserId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserId", "xs:string",
member.GetValue("yNumber").ToString().ToUpper()),
new SAMLAttribute("MemberLastName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"MemberLastName", "xs:string", member.GetValue("msLastName").ToString().ToUpper()),
new SAMLAttribute("MemberFirstName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"MemberFirstName", "xs:string", member.GetValue("msFirstName").ToString().ToUpper()),
new SAMLAttribute("UserLastName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserLastName",
"xs:string", member.GetValue("msLastName").ToString().ToUpper()),
new SAMLAttribute("UserFirstName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"UserFirstName", "xs:string", member.GetValue("msFirstName").ToString().ToUpper())
};
// Nest a node named ServiceId in the RedirectInfo attribute
// Add a serializer to allow the nesting of the serviceid attribute without it being url encoded
if (!AttributeType.IsAttributeValueSerializerRegistered("RedirectInfo", null))
{
AttributeType.RegisterAttributeValueSerializer("RedirectInfo", null, new XmlAttributeValueSerializer());
}
// Add Redirect Info xml
var xmlRedirectInfo = new XmlDocument {
PreserveWhitespace = true
};
xmlRedirectInfo.LoadXml(targetUrl);
var attrRedirectInfo = new SAMLAttribute("RedirectInfo", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "RedirectInfo");
attrRedirectInfo.Values.Add(new AttributeValue(xmlRedirectInfo.DocumentElement));
attrib.Add(attrRedirectInfo);
// Send an IdP initiated SAML assertion
SAMLIdentityProvider.InitiateSSO(
Response,
member.GetValue("yNumber").ToString(),
attrib.ToArray(),
"",
partnerSP);
}
// Attributes for Morneau Shapell
if (partnerSP == "SBCSystems")
{
// Replace the template variables in the url
if (targetUrl.IndexOf("<%PLANID%>") != -1)
{
targetUrl = targetUrl.Replace("<%PLANID%>", member.GetValue("healthplanid").ToString());
}
// Replace "initialEnrollment" with "specialEnrollmentSelect" if outside of 11/15-3/31
if (targetUrl.Contains("initialEnrollment") && !IsInInitialEnrollmentPeriod())
{
targetUrl = targetUrl.Replace("initialEnrollment", "specialEnrollmentSelect");
}
// Send an IdP initiated SAML assertion
SAMLIdentityProvider.InitiateSSO(
Response,
member.GetValue("memberId").ToString(),
attribs,
targetUrl,
partnerSP);
}
// Add the response to the ViewBag so we can access it on the front end if we need to
ViewBag.Response = Response;
TempData["response"] = Response;
// Return an empty response since we wait for the SAML consumer to send us the requested page
return(new EmptyResult());
}
catch (Exception ex)
{
// Create an error message with sufficient info to contact the user
string additionalInfo = "SSO Error for user " + User.Identity.Name + ". Partner: " + partnerSP + ". TargetUrl: " + targetUrl + ".";
// Add the error message to the log4net output
log4net.GlobalContext.Properties["additionalInfo"] = additionalInfo;
// Log the error
logger.Error("Unable to use SSO", ex);
return(new EmptyResult());
}
}
