private string GetResponse() { if (CurrentPerson == null) { return(""); } RockContext rockContext = new RockContext(); BinaryFileService binaryFileService = new BinaryFileService(rockContext); var binaryFile = binaryFileService.Get(GetAttributeValue(AttributeKey.CertificateFile).AsGuid()); if (binaryFile == null) { return(""); } var binaryData = binaryFile.ContentStream.ReadBytesToEnd(); X509Certificate2 signingCert = new X509Certificate2(binaryData, GetAttributeValue(AttributeKey.CertificatePassword), X509KeyStorageFlags.Exportable); var attributeStatements = new Dictionary <string, string> { { "FirstName", CurrentPerson.FirstName }, { "LastName", CurrentPerson.LastName }, { "DateOfBirth", CurrentPerson.BirthDate.Value.ToString("o") }, { "Gender", CurrentPerson.Gender.ToString() }, { "Email", CurrentPerson.Email }, }; var response = SAML20Assertion.CreateSAML20Response( "Southeast Christian Church", 60 * 24 * GetAttributeValue(AttributeKey.DaysValid).AsInteger(), "WellRight", CurrentPerson.Email, GetAttributeValue(AttributeKey.RequestUrl), attributeStatements, signingCert ); return(response); }
protected void btnLaunchSSO_Click(object sender, EventArgs e) { // Set RelayState - Target Resource RelayState.Value = txtTarget.Text; // Create SAML Response and set Form Value // Collect SAML Attributes for packing into assertion Dictionary <string, string> SAMLAttributes = new Dictionary <string, string>(); foreach (System.Web.UI.HtmlControls.HtmlTableRow tr in tblAttrs.Rows) { if (tr.Cells[1].Controls.Count > 1) { TextBox AttrKey = (TextBox)tr.Cells[0].Controls[1]; if (!string.IsNullOrEmpty(AttrKey.Text)) { TextBox AttrValue = (TextBox)tr.Cells[1].Controls[1]; CheckBox SendNull = (CheckBox)tr.Cells[2].Controls[1]; if (SendNull.Checked) { if (string.IsNullOrEmpty(AttrValue.Text)) { SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, null); } else { SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text); } } else { SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text); } } } } // get the certificate X509Certificate2 SigningCert = CertificateUtility.GetCertificateForSigning(ddlIssuer.SelectedValue, StoreName.Root, StoreLocation.LocalMachine); // Add base 64 encoded SAML Response to form for POST SAMLResponse.Value = SAML20Assertion.CreateSAML20Response(ddlIssuer.SelectedItem.Text, 5, "Audience", "Subject", "Recipient", SAMLAttributes, SigningCert); // Set Body page load action if (string.IsNullOrEmpty(txtSPURL.Text)) { frmIdPLauncher.Action = ddlSPUrl.SelectedValue; } else { frmIdPLauncher.Action = txtSPURL.Text; } // add javascript to HTTP POST to the SSO configured // This implements the IdP-initiated HTTP POST use case HtmlGenericControl body = (HtmlGenericControl)this.Page.FindControl("bodySSO"); if (body != null) { body.Attributes.Add("onload", "document.forms.frmIdPLauncher.submit();"); } }
protected void btnLaunchSSO_Click(object sender, EventArgs e) { // Set RelayState - Target Resource RelayState.Value = txtTarget.Text; // Create SAML Response and set Form Value // Collect SAML Attributes for packing into assertion Dictionary <string, string> SAMLAttributes = new Dictionary <string, string>(); foreach (System.Web.UI.HtmlControls.HtmlTableRow tr in tblAttrs.Rows) { if (tr.Cells[1].Controls.Count > 1) { TextBox AttrKey = (TextBox)tr.Cells[0].Controls[1]; if (!string.IsNullOrEmpty(AttrKey.Text)) { TextBox AttrValue = (TextBox)tr.Cells[1].Controls[1]; CheckBox SendNull = (CheckBox)tr.Cells[2].Controls[1]; if (SendNull.Checked) { if (string.IsNullOrEmpty(AttrValue.Text)) { SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, null); } else { SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text); } } else { SAMLAttributes.Add(((TextBox)tr.Cells[0].Controls[1]).Text, AttrValue.Text); } } } } // get the certificate String CertPath = System.Web.Hosting.HostingEnvironment.MapPath(@"~/App_Data/CoverMyMeds.pfx"); X509Certificate2 SigningCert = new X509Certificate2(CertPath, "4CoverMyMeds"); // Add base 64 encoded SAML Response to form for POST String NameID = String.Empty; if (!string.IsNullOrEmpty(txtNameID.Text)) { NameID = txtNameID.Text; } SAMLResponse.Value = SAML20Assertion.CreateSAML20Response( txtIssuer.Text, 5, "Audience", NameID, "Recipient", SAMLAttributes, SigningCert); // Set Body page load action frmIdPLauncher.Action = txtSPURL.Text; // add javascript to HTTP POST to the SSO configured // This implements the IdP-initiated HTTP POST use case HtmlGenericControl body = (HtmlGenericControl)this.Page.FindControl("bodySSO"); if (body != null) { body.Attributes.Add("onload", "document.forms.frmIdPLauncher.submit();"); } }
public ActionResult SingleSignOn(string attributes, string targetUrl, string partnerSP) { try { // Initiate single sign-on to the service provider (IdP-initiated SSO)] // by sending a SAML response containing a SAML assertion to the SP. // get the member id (was IWS number) from the database var member = Services.MemberService.GetByUsername(User.Identity.Name); Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ":" + string.Format("---------------------USER '{0}' initiated the SSO---------------------", member.Username)); // Create a dictionary of attributes to add to the SAML assertion var attribs = new Dictionary <string, string>(); ///////////////////////////////////////////////////////////////////////// // SAML Parameter Configurations ///////////////////////////////////////////////////////////////////////// // Attributes for StatDoctors if (partnerSP == "StatDoctors") { string AccountUniqueContactId = member.GetValue("yNumber").ToString(); string AccountFamilyId = member.GetValue("yNumber").ToString(); if (AccountFamilyId.Length > 7) { AccountFamilyId = AccountFamilyId.Substring(0, 7); } string FamilyDependentId = member.GetValue("yNumber").ToString(); if (FamilyDependentId.Length > 7) { FamilyDependentId = FamilyDependentId.Substring(7, 2); } { // Create attribute list an populate with needed data var attrib = new Dictionary <string, string> { { "AccountUniqueContactId", AccountUniqueContactId }, { "AccountFamilyId", AccountFamilyId }, { "FamilyDependentId", FamilyDependentId }, { "PartnerId", "AC4134" }, { "PartnerAccountId", "" }, { "ReturnUrl", "" } }; // Send an IdP initiated SAML assertion SAMLIdentityProvider.InitiateSSO( Response, member.GetValue("yNumber").ToString(), attrib, "", partnerSP); } } // Attributes for US Script if (partnerSP == "USScript") { string yNumber = member.GetValue("yNumber").ToString(); if (yNumber.Length > 7) { yNumber = yNumber.Substring(0, 7); } var samlAttributes = new Dictionary <string, string> { { "urn:uss:saml:attrib::id", yNumber }, { "urn:uss:saml:attrib::firstname", member.GetValue("msFirstName").ToString() }, { "urn:uss:saml:attrib::lastname", member.GetValue("msLastName").ToString() }, { "urn:uss:saml:attrib::groupid", member.GetValue("groupId").ToString() }, { "urn:uss:saml:attrib::dateofbirth", Convert.ToDateTime(member.GetValue("birthday")).ToString("yyyy-MM-dd") }, { "urn:uss:saml:attrib::email", member.Email } }; PgpSAML20Assertion.GuideSSO(Response, partnerSP, String.Empty, samlAttributes); } // Attributes for MagnaCare if (partnerSP == "MagnaCare") { var samlAttributes = new Dictionary <string, string> { { "member:id", member.GetValue("yNumber").ToString() }, { "member:first_name", member.GetValue("msFirstName").ToString() }, { "member:last_name", member.GetValue("msLastName").ToString() }, { "member:product", member.GetValue("healthPlanName").ToString() } }; SAML20Assertion.GuideSSO(Response, partnerSP, member.GetValue("yNumber").ToString(), samlAttributes); } // Attributes for HealthX if (partnerSP == "https://secure.healthx.com/PublicService/SSO/AutoLogin.aspx" || partnerSP == "https://secure.healthx.com/PublicService/SSO/AutoLogin.aspx?mobile=1") { // Create attribute list an populate with needed data var attrib = new List <SAMLAttribute> { // Version 1 is constant value set by HealthX new SAMLAttribute("Version", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "Version", "xs:string", "1"), // This is the site ID and is redundant since it is in the Assertion consumer url. I added this for completeness new SAMLAttribute("ServiceId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "ServiceID", "xs:string", "d99bfe58-3896-4eb6-9586-d2f9ae673052"), // This is the service ID and is redundant since it is in the Assertion consumer url. I added this for completeness new SAMLAttribute("SiteId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "SiteId", "xs:string", "e6fa832c-fbd3-48c7-860f-e4f04b22bab7"), new SAMLAttribute("RelationshipCode", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "RelationshipCode", "xs:string", "18"), new SAMLAttribute("UserId", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserId", "xs:string", member.GetValue("yNumber").ToString().ToUpper()), new SAMLAttribute("MemberLastName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "MemberLastName", "xs:string", member.GetValue("msLastName").ToString().ToUpper()), new SAMLAttribute("MemberFirstName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "MemberFirstName", "xs:string", member.GetValue("msFirstName").ToString().ToUpper()), new SAMLAttribute("UserLastName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserLastName", "xs:string", member.GetValue("msLastName").ToString().ToUpper()), new SAMLAttribute("UserFirstName", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "UserFirstName", "xs:string", member.GetValue("msFirstName").ToString().ToUpper()) }; // Nest a node named ServiceId in the RedirectInfo attribute // Add a serializer to allow the nesting of the serviceid attribute without it being url encoded if (!AttributeType.IsAttributeValueSerializerRegistered("RedirectInfo", null)) { AttributeType.RegisterAttributeValueSerializer("RedirectInfo", null, new XmlAttributeValueSerializer()); } // Add Redirect Info xml var xmlRedirectInfo = new XmlDocument { PreserveWhitespace = true }; xmlRedirectInfo.LoadXml(targetUrl); var attrRedirectInfo = new SAMLAttribute("RedirectInfo", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "RedirectInfo"); attrRedirectInfo.Values.Add(new AttributeValue(xmlRedirectInfo.DocumentElement)); attrib.Add(attrRedirectInfo); // Send an IdP initiated SAML assertion SAMLIdentityProvider.InitiateSSO( Response, member.GetValue("yNumber").ToString(), attrib.ToArray(), "", partnerSP); } // Attributes for Morneau Shapell if (partnerSP == "SBCSystems") { // Replace the template variables in the url if (targetUrl.IndexOf("<%PLANID%>") != -1) { targetUrl = targetUrl.Replace("<%PLANID%>", member.GetValue("healthplanid").ToString()); } // Replace "initialEnrollment" with "specialEnrollmentSelect" if outside of 11/15-3/31 if (targetUrl.Contains("initialEnrollment") && !IsInInitialEnrollmentPeriod()) { targetUrl = targetUrl.Replace("initialEnrollment", "specialEnrollmentSelect"); } // Send an IdP initiated SAML assertion SAMLIdentityProvider.InitiateSSO( Response, member.GetValue("memberId").ToString(), attribs, targetUrl, partnerSP); } // Add the response to the ViewBag so we can access it on the front end if we need to ViewBag.Response = Response; TempData["response"] = Response; // Return an empty response since we wait for the SAML consumer to send us the requested page return(new EmptyResult()); } catch (Exception ex) { // Create an error message with sufficient info to contact the user string additionalInfo = "SSO Error for user " + User.Identity.Name + ". Partner: " + partnerSP + ". TargetUrl: " + targetUrl + "."; // Add the error message to the log4net output log4net.GlobalContext.Properties["additionalInfo"] = additionalInfo; // Log the error logger.Error("Unable to use SSO", ex); return(new EmptyResult()); } }