/// <summary>
/// Sends the SAML response to the Service Provider.
/// </summary>
/// <param name="samlResponse">The SAML response object.</param>
/// <param name="relayState">The relay state.</param>
public static void SendResponse(Page page, ComponentPro.Saml2.Response samlResponse, string relayState)
{
// Sign the SAML response.
X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.IdPCertKey];
samlResponse.Sign(x509Certificate);
switch (Global.AssertionServiceSamlBinding)
{
case SamlBinding.HttpPost:
// Send the SAML Response object.
samlResponse.SendPostBindingForm(page.Response.OutputStream, Global.AssertionServiceUrl, relayState);
break;
case SamlBinding.HttpArtifact:
// Create the artifact.
string identificationUrl = GetAbsoluteUrl(page, "~/");
Saml2ArtifactType0004 httpArtifact = new Saml2ArtifactType0004(SamlArtifact.GetSourceId(identificationUrl), SamlArtifact.GetHandle());
// Convert the authentication request to XML and save to the application Cache.
SamlSettings.CacheProvider.Insert(httpArtifact.ToString(), samlResponse.GetXml(), new TimeSpan(1, 0, 0));
// Send the artifact with POST form.
httpArtifact.SendPostForm(page.Response.OutputStream, Global.AssertionServiceUrl, relayState);
break;
default:
throw new ApplicationException("Invalid assertion consumer service binding.");
}
}
// Send the SAML response over the specified binding.
public static void SendSamlResponse(Page page, ComponentPro.Saml2.Response samlResponse, SsoAuthnState ssoState)
{
// Sign the SAML response
X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.IdPCertKey];
samlResponse.Sign(x509Certificate);
// Send the SAML response to the service provider.
switch (ssoState.IdpProtocolBinding)
{
case SamlBinding.HttpPost:
samlResponse.SendPostBindingForm(page.Response.OutputStream, ssoState.AssertionConsumerServiceURL, ssoState.RelayState);
break;
case SamlBinding.HttpArtifact:
// Create the artifact.
string identificationUrl = Util.GetAbsoluteUrl(page, "~/");
Saml2ArtifactType0004 httpArtifact = new Saml2ArtifactType0004(SamlArtifact.GetSourceId(identificationUrl), SamlArtifact.GetHandle());
// Cache the authentication request for subsequent sending using the artifact resolution protocol. Sliding expiration time is 1 hour.
SamlSettings.CacheProvider.Insert(httpArtifact.ToString(), samlResponse.GetXml(), new TimeSpan(1, 0, 0));
// Send the artifact.
httpArtifact.SendPostForm(page.Response.OutputStream, ssoState.AssertionConsumerServiceURL,
ssoState.RelayState);
break;
default:
Trace.Write("IdentityProvider", "Invalid identity provider binding");
break;
}
}
/// <summary>
/// Processes a successful SAML response and redirect to the requested URL.
/// </summary>
/// <param name="page">The page object.</param>
/// <param name="samlResponse">The SAML response object.</param>
/// <param name="relayState">The relay state.</param>
public static void SamlSuccessRedirect(Page page, ComponentPro.Saml2.Response samlResponse, string relayState)
{
// Get the previously loaded certificate.
X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.SpCertKey];
Assertion samlAssertion;
// Check assertions.
if (samlResponse.GetAssertions().Count > 0)
{
// Extract the first assertion.
samlAssertion = samlResponse.GetAssertions()[0];
}
else if (samlResponse.GetEncryptedAssertions().Count > 0)
{
// Extract the first assertion.
samlAssertion = samlResponse.GetEncryptedAssertions()[0].Decrypt(x509Certificate.PrivateKey, null);
}
else
{
throw new ApplicationException("No assertions in response");
}
string userName;
// Get the subject name identifier.
if (samlAssertion.Subject.NameId != null)
{
//userName = samlAssertion.Subject.NameId.NameIdentifier;
userName = samlAssertion.GetAttributeValueByFriendlyName("eduPersonPrincipalName");
System.Collections.Generic.Dictionary<string, string> dict = new System.Collections.Generic.Dictionary<string, string>();
foreach (ComponentPro.Saml2.Attribute attribute in samlAssertion.AttributeStatements[0].Attributes)
{
dict.Add(attribute.FriendlyName, attribute.Values[0].ToString());
System.Diagnostics.Trace.WriteLine(attribute.FriendlyName + ":" + attribute.Values[0].ToString());
}
HttpContext.Current.Session.Add("samlAttributes", dict);
}
else if (samlAssertion.Subject.EncryptedId != null)
{
NameId nameId = samlAssertion.Subject.EncryptedId.Decrypt(x509Certificate.PrivateKey, null);
userName = nameId.NameIdentifier;
}
else
{
throw new ApplicationException("No name in subject");
}
try
{
string aaURL = "https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/AttributeQuery";
//Testing subject
NameId subje = new NameId(userName,null,null,SamlNameIdentifierFormat.Unspecified,aaURL);
//Testing subject
Subject subject = new Subject(new NameId(userName));
SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SamlSubjectConfirmationMethod.Bearer);
SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
subjectConfirmationData.Recipient = aaURL;
subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
subject.SubjectConfirmations.Add(subjectConfirmation);
AttributeQuery attributeQuery = new AttributeQuery();
//attributeQuery.Subject = subject;
attributeQuery.Destination = aaURL;
attributeQuery.Issuer = new Issuer(Global.entityId);
attributeQuery.Attributes.Add(new ComponentPro.Saml2.Attribute() { FriendlyName = "givenName" });
attributeQuery.Subject = new Subject(samlAssertion.Subject.NameId);
attributeQuery.Sign(x509Certificate);
System.Diagnostics.Trace.WriteLine("Trying to get attributes from AA");
System.Diagnostics.Trace.WriteLine("AA query " + attributeQuery.GetXml().OuterXml);
System.Diagnostics.Trace.WriteLine("AA Subject " + attributeQuery.Subject.ToString());
ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(aaURL, attributeQuery);
Response attrResponse;
attrResponse = new ComponentPro.Saml2.Response(artifactResponse.Message);
System.Diagnostics.Trace.WriteLine("AA reponse " + attrResponse.GetXml().OuterXml);
}
catch (Exception e)
{
System.Diagnostics.Trace.WriteLine("Execption: " + e.ToString());
//throw;
}
// Get the originally requested resource URL from the relay state.
string resourceUrl = (string)SamlSettings.CacheProvider.Remove(relayState);
if (resourceUrl == null)
{
throw new ApplicationException("Invalid relay state");
}
// Create a login context for the asserted identity.
FormsAuthentication.SetAuthCookie(userName, false);
// Redirect to the originally requested resource URL.
page.Response.Redirect(resourceUrl, false);
}
