private static XmlElement ResolveArtifact(
string artifact,
string relayState,
IOptions options)
{
var binaryArtifact = Convert.FromBase64String(artifact);
var idp = GetIdp(binaryArtifact, relayState, options);
var arsIndex = (binaryArtifact[2] << 8) | binaryArtifact[3];
var arsUri = idp.ArtifactResolutionServiceUrls[arsIndex];
var payload = new Saml2ArtifactResolve()
{
Artifact = artifact,
Issuer = options.SPOptions.EntityId
}.ToXml();
if (options.SPOptions.SigningServiceCertificate != null)
{
var xmlDoc = new XmlDocument()
{
PreserveWhitespace = true
};
xmlDoc.LoadXml(payload);
xmlDoc.Sign(options.SPOptions.SigningServiceCertificate, true);
payload = xmlDoc.OuterXml;
}
var response = Saml2SoapBinding.SendSoapRequest(payload, arsUri);
return(new Saml2ArtifactResponse(response).Message);
}
private static XmlElement ResolveArtifact(
string artifact,
StoredRequestState storedRequestState,
IOptions options)
{
var binaryArtifact = Convert.FromBase64String(artifact);
var idp = GetIdp(binaryArtifact, storedRequestState, options);
var arsIndex = (binaryArtifact[2] << 8) | binaryArtifact[3];
var arsUri = idp.ArtifactResolutionServiceUrls[arsIndex];
var payload = new Saml2ArtifactResolve
{
Artifact = artifact,
Issuer = options.SPOptions.EntityId
}.ToXml();
var signingServiceCertificate = options.SPOptions.SigningServiceCertificate;
var resolver = options.SPOptions.ArtifactResolver;
options.SPOptions.Logger.WriteVerbose("Calling idp " + idp.EntityId.Id + " to resolve artifact\n" + artifact);
var response =
Saml2SoapBinding.SendSoapRequest(payload, arsUri, signingServiceCertificate, resolver);
options.SPOptions.Logger.WriteVerbose("Artifact resolved returned\n" + response);
return(new Saml2ArtifactResponse(response).GetMessage());
}
/// <summary>
/// Resolves an artifact.
/// </summary>
/// <returns>A stream containing the artifact response from the IdP</returns>
public Stream ResolveArtifact(string artifact, string artifactResolveEndpoint, string serviceProviderId,
X509Certificate2 cert)
{
if (artifactResolveEndpoint == null)
{
throw new InvalidOperationException("Received artifact from unknown IDP.");
}
var resolve = new Saml2ArtifactResolve
{
Issuer = serviceProviderId,
Artifact = artifact
};
var doc = resolve.GetXml();
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
XmlSignatureUtils.SignDocument(doc, resolve.ID, cert);
var artifactResolveString = doc.OuterXml;
return(GetResponse(artifactResolveEndpoint, artifactResolveString));
}
private static XmlElement ResolveArtifact(
string artifact,
StoredRequestState storedRequestState,
IOptions options)
{
var binaryArtifact = Convert.FromBase64String(artifact);
var idp = GetIdp(binaryArtifact, storedRequestState, options);
var arsIndex = (binaryArtifact[2] << 8) | binaryArtifact[3];
var arsUri = idp.ArtifactResolutionServiceUrls[arsIndex];
var payload = new Saml2ArtifactResolve()
{
Artifact = artifact,
Issuer = options.SPOptions.EntityId
}.ToXml();
if (options.SPOptions.SigningServiceCertificate != null)
{
var xmlDoc = XmlHelpers.XmlDocumentFromString(payload);
xmlDoc.Sign(options.SPOptions.SigningServiceCertificate, true);
payload = xmlDoc.OuterXml;
}
options.SPOptions.Logger.WriteVerbose("Calling idp " + idp.EntityId.Id + " to resolve artifact\n" + artifact);
var clientCertificates = options.SPOptions.ServiceCertificates
.Where(sc => sc.Use.HasFlag(CertificateUse.TlsClient) && sc.Status == CertificateStatus.Current)
.Select(sc => sc.Certificate);
var response = Saml2SoapBinding.SendSoapRequest(payload, arsUri, clientCertificates);
options.SPOptions.Logger.WriteVerbose("Artifact resolved returned\n" + response);
return(new Saml2ArtifactResponse(response).GetMessage());
}
public void Saml2ArtifactResolve_ToXml()
{
var artifact = "MyArtifact";
var subject = new Saml2ArtifactResolve()
{
Issuer = new EntityId("http://sp.example.com"),
Artifact = artifact
};
var actual = XElement.Parse(subject.ToXml());
var expected = XElement.Parse(
@"<saml2p:ArtifactResolve
xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2 = ""urn:oasis:names:tc:SAML:2.0:assertion""
ID = ""_6c3a4f8b9c2d"" Version = ""2.0""
IssueInstant = ""2004-01-21T19:00:49Z"" >
<saml2:Issuer>http://sp.example.com</saml2:Issuer>
<saml2:Artifact>MyArtifact</saml2:Artifact>
</saml2p:ArtifactResolve>");
// Set generated expected values to the actual.
expected.Attribute("ID").Value = actual.Attribute("ID").Value;
expected.Attribute("IssueInstant").Value = actual.Attribute("IssueInstant").Value;
actual.ShouldBeEquivalentTo(expected, opt => opt.IgnoringCyclicReferences());
}
/// <summary>
/// Resolves an artifact.
/// </summary>
/// <param name="providerName"></param>
/// <returns>A stream containing the artifact response from the IdP</returns>
public Stream ResolveArtifact(string providerName)
{
var artifactResolveEndpoint = _configurationProvider.GetIdentityProviderConfiguration(providerName).ArtifactResolveService;
if (artifactResolveEndpoint == null)
{
throw new InvalidOperationException("Received artifact from unknown IDP.");
}
var serviceProviderId = _configurationProvider.ServiceProviderConfiguration.EntityId;
var artifact = GetArtifact();
var resolve = new Saml2ArtifactResolve
{
Issuer = serviceProviderId,
Artifact = artifact
};
var doc = resolve.GetXml();
if (doc.FirstChild is XmlDeclaration)
{
doc.RemoveChild(doc.FirstChild);
}
var cert = _configurationProvider.ServiceProviderSigningCertificate();
XmlSignatureUtils.SignDocument(doc, resolve.ID, cert);
var artifactResolveString = doc.OuterXml;
return(GetResponse(artifactResolveEndpoint, artifactResolveString));
}
public void Saml2ArtifactResolve_ToXml_ToXml_PreservesCustomChanges()
{
var subject = new Saml2ArtifactResolve();
subject.XmlCreated += (s, e) =>
{
e.Add(new XAttribute("CustomAttribute", "CustomValue"));
};
var xml = subject.ToXml();
xml.Should().Contain("CustomAttribute=\"CustomValue\"");
}
