Пример #1
0
        /// <summary>
        /// Create an authenticate request aimed for this idp.
        /// </summary>
        /// <param name="returnUrl">The return url where the browser should be sent after
        /// successful authentication.</param>
        /// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
        /// in the created AuthnRequest</param>
        /// <param name="relayData">Aux data that should be preserved across the authentication</param>
        /// <returns>AuthnRequest</returns>
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
            };

            var responseData = new StoredRequestState(EntityId, returnUrl, relayData);

            PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData);

            return(authnRequest);
        }
Пример #2
0
 internal static void Add(Saml2Id id, StoredRequestState idp)
 {
     lock (pendingAuthnRequest)
     {
         if (pendingAuthnRequest.ContainsKey(id))
         {
             throw new InvalidOperationException("AuthnRequest id can't be reused.");
         }
         pendingAuthnRequest.Add(id, idp);
     }
 }
Пример #3
0
 internal static void Add(Saml2Id id, StoredRequestState idp)
 {
     lock (pendingAuthnRequest)
     {
         if (pendingAuthnRequest.ContainsKey(id))
         {
             throw new InvalidOperationException("AuthnRequest id can't be reused.");
         }
         pendingAuthnRequest.Add(id, idp);
     }
 }
Пример #4
0
 internal static bool TryRemove(Saml2Id id, out StoredRequestState idp)
 {
     lock (pendingAuthnRequest)
     {
         if (id != null && pendingAuthnRequest.ContainsKey(id))
         {
             idp = pendingAuthnRequest[id];
             return pendingAuthnRequest.Remove(id);
         }
         idp = null;
         return false;
     }
 }
Пример #5
0
 internal static bool TryRemove(Saml2Id id, out StoredRequestState idp)
 {
     lock (pendingAuthnRequest)
     {
         if (id != null && pendingAuthnRequest.ContainsKey(id))
         {
             idp = pendingAuthnRequest[id];
             return(pendingAuthnRequest.Remove(id));
         }
         idp = null;
         return(false);
     }
 }
Пример #6
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(Uri returnUri)
        {
            var request = new Saml2AuthenticationRequest()
            {
                DestinationUri = AssertionConsumerServiceUrl,
                AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
                Issuer = KentorAuthServicesSection.Current.EntityId
            };

            var responseData = new StoredRequestState(EntityId, returnUri);

            PendingAuthnRequests.Add(new Saml2Id(request.Id), responseData);

            return(request);
        }
Пример #7
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
                NameIdPolicy          = spOptions.NameIdPolicy,
                RequestedAuthnContext = spOptions.RequestedAuthnContext
            };

            if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always ||
                (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned &&
                 WantAuthnRequestsSigned))
            {
                if (spOptions.SigningServiceCertificate == null)
                {
                    throw new ConfigurationErrorsException(
                              string.Format(
                                  CultureInfo.InvariantCulture,
                                  "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
                                  EntityId.Id));
                }

                authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
            }

            var requestState = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);

            PendingAuthnRequests.Add(authnRequest.RelayState, requestState);

            return(authnRequest);
        }
Пример #8
0
        /// <summary>
        /// Create an authenticate request aimed for this idp.
        /// </summary>
        /// <param name="returnUrl">The return url where the browser should be sent after
        /// successful authentication.</param>
        /// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
        /// in the created AuthnRequest</param>
        /// <param name="relayData">Aux data that should be preserved across the authentication</param>
        /// <returns>AuthnRequest</returns>
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException("authServicesUrls");
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
            };

            var responseData = new StoredRequestState(EntityId, returnUrl, relayData);

            PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData);

            return authnRequest;
        }
Пример #9
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
            };

            if(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always)
            {
                if(spOptions.SigningServiceCertificate == null)
                {
                    throw new ConfigurationErrorsException(
                        string.Format(
                            CultureInfo.InvariantCulture,
                            "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
                            EntityId.Id));
                }

                authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
            }

            var responseData = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);

            PendingAuthnRequests.Add(authnRequest.RelayState, responseData);

            return authnRequest;
        }