/// <summary> /// Subject of the assertion is the bearer of the assertion /// </summary> /// <param name="notBefore">A time instant before which the subject cannot be confirmed.</param> /// <param name="notOnAfter">A time instant at which the subject can no longer be confirmed.</param> /// <param name="recipient">URI specifying the entity or location to which an attesting entity can present the assertion.</param> /// <param name="inResponseTo">The ID of a SAML protocol message in response to which an attesting entity can present the assertion.</param> /// <returns></returns> public SubjectBuilder AddSubjectConfirmationBearer(DateTime?notBefore, DateTime?notOnAfter, string recipient = null, string inResponseTo = null) { var data = new SubjectConfirmationDataType { InResponseTo = inResponseTo, Recipient = recipient }; if (notBefore != null) { data.NotBefore = notBefore.Value; data.NotBeforeSpecified = true; } if (notOnAfter != null) { data.NotOnOrAfter = notOnAfter.Value; data.NotOnOrAfterSpecified = true; } var subjectConfirmation = new SubjectConfirmationType { Method = Constants.ConfirmationMethodIdentifiers.Bearer, SubjectConfirmationData = data }; AddSubjectConfirmation(subjectConfirmation); return(this); }
private static void ValidateKeyInfo(SubjectConfirmationDataType subjectConfirmationData, ServiceProviderModel serviceProvider) { if (subjectConfirmationData == null) { throw new Exception("SubjectConfirmationData cannot be null"); } if (string.IsNullOrEmpty(subjectConfirmationData.InResponseTo)) { throw new ArgumentNullException(nameof(subjectConfirmationData.InResponseTo)); } if (subjectConfirmationData.InResponseTo != SamlHelper.AuthnRequestID) { throw new Exception("Saml Response is not in reference to Saml Request"); } if (default(DateTime) == subjectConfirmationData.NotOnOrAfter) { throw new Exception($"{nameof(subjectConfirmationData.NotOnOrAfter)} in Saml Response is invalid"); } if (DateTime.UtcNow >= subjectConfirmationData.NotOnOrAfter) { throw new Exception("Saml Response has been expired"); } if (string.IsNullOrEmpty(subjectConfirmationData.Recipient)) { throw new ArgumentNullException(nameof(subjectConfirmationData.Recipient)); } if (subjectConfirmationData.Recipient != serviceProvider.AssertionConsumerServiceUrl) { throw new Exception("Invalid saml recipient"); } }
/// <summary> /// Creates a Version 1.1 Saml Assertion /// </summary> /// <param name="issuer">Issuer</param> /// <param name="subject">Subject</param> /// <param name="attributes">Attributes</param> /// <returns>returns a Version 1.1 Saml Assertion</returns> private static AssertionType CreateSamlAssertion(string issuer, string recipient, string domain, string subject, Dictionary <string, string> attributes) { // Here we create some SAML assertion with ID and Issuer name. AssertionType assertion = new AssertionType(); assertion.ID = "_" + Guid.NewGuid().ToString(); NameIDType issuerForAssertion = new NameIDType(); issuerForAssertion.Value = issuer.Trim(); assertion.Issuer = issuerForAssertion; assertion.Version = "2.0"; assertion.IssueInstant = System.DateTime.UtcNow; //Not before, not after conditions ConditionsType conditions = new ConditionsType(); conditions.NotBefore = DateTime.UtcNow; conditions.NotBeforeSpecified = true; conditions.NotOnOrAfter = DateTime.UtcNow.AddMinutes(5); conditions.NotOnOrAfterSpecified = true; AudienceRestrictionType audienceRestriction = new AudienceRestrictionType(); audienceRestriction.Audience = new string[] { domain.Trim() }; conditions.Items = new ConditionAbstractType[] { audienceRestriction }; //Name Identifier to be used in Saml Subject NameIDType nameIdentifier = new NameIDType(); nameIdentifier.NameQualifier = domain.Trim(); nameIdentifier.Value = subject.Trim(); SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); subjectConfirmation.Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; subjectConfirmation.SubjectConfirmationData = subjectConfirmationData; // // Create some SAML subject. SubjectType samlSubject = new SubjectType(); AttributeStatementType attrStatement = new AttributeStatementType(); AuthnStatementType authStatement = new AuthnStatementType(); authStatement.AuthnInstant = DateTime.UtcNow; AuthnContextType context = new AuthnContextType(); context.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef }; context.Items = new object[] { "AuthnContextClassRef" }; authStatement.AuthnContext = context; samlSubject.Items = new object[] { nameIdentifier, subjectConfirmation }; assertion.Subject = samlSubject; IPHostEntry ipEntry = Dns.GetHostEntry(System.Environment.MachineName); SubjectLocalityType subjectLocality = new SubjectLocalityType(); subjectLocality.Address = ipEntry.AddressList[0].ToString(); attrStatement.Items = new AttributeType[attributes.Count]; int i = 0; // Create userName SAML attributes. foreach (KeyValuePair <string, string> attribute in attributes) { AttributeType attr = new AttributeType(); attr.Name = attribute.Key; attr.NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"; attr.AttributeValue = new object[] { attribute.Value }; attrStatement.Items[i] = attr; i++; } assertion.Conditions = conditions; assertion.Items = new StatementAbstractType[] { authStatement, attrStatement }; return(assertion); }