/// <summary>
/// Gets a response from the IdP based on a message.
/// </summary>
/// <param name="endpoint">The IdP endpoint.</param>
/// <param name="message">The message.</param>
/// <param name="auth">Basic authentication settings.</param>
/// <returns>The Stream.</returns>
public Stream GetResponse(string endpoint, string message, HttpAuth auth, string relayState)
{
if (auth != null && auth.ClientCertificate != null && auth.Credentials != null)
{
throw new Saml20Exception(string.Format("Artifact resolution cannot specify both client certificate and basic credentials for endpoint {0}", endpoint));
}
var binding = CreateSslBinding();
if (auth != null && auth.ClientCertificate != null)
{
// Client certificate auth
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
}
var request = Message.CreateMessage(binding.MessageVersion, HttpArtifactBindingConstants.SoapAction, new SimpleBodyWriter(message));
request.Headers.To = new Uri(endpoint);
var property = new HttpRequestMessageProperty { Method = "POST" };
property.Headers.Add(HttpRequestHeader.ContentType, "text/xml; charset=utf-8");
if (auth != null && auth.Credentials != null)
{
// Basic http auth over ssl
var basicAuthzHeader = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(auth.Credentials.Username + ":" + auth.Credentials.Password));
property.Headers.Add(HttpRequestHeader.Authorization, basicAuthzHeader);
}
request.Properties.Add(HttpRequestMessageProperty.Name, property);
if (relayState != null)
{
request.Properties.Add("relayState", relayState);
}
var epa = new EndpointAddress(endpoint);
var factory = new ChannelFactory<IRequestChannel>(binding, epa);
if (auth != null && auth.ClientCertificate != null)
{
// Client certificate
factory.Credentials.ClientCertificate.Certificate = auth.ClientCertificate;
}
var reqChannel = factory.CreateChannel();
reqChannel.Open();
var response = reqChannel.Request(request);
Console.WriteLine(response);
reqChannel.Close();
var doc = new XmlDocument { PreserveWhitespace = true };
doc.Load(response.GetReaderAtBodyContents());
var outerXml = doc.DocumentElement.OuterXml;
var memStream = new MemoryStream(Encoding.UTF8.GetBytes(outerXml));
return memStream;
}
/// <summary>
/// Get configuration from config file.
/// </summary>
/// <returns>A configured <see cref="Saml2Config"/> instance.</returns>
public static Saml2Config GetConfig()
{
var section = GetConfigElement();
var config = new Saml2Config();
// Actions
if (section.Actions.ElementInformation.IsPresent)
{
foreach (var action in section.Actions)
{
config.Actions.Add(new Action {
Name = action.Name, Type = action.Type
});
}
}
// Allowed Audience URIs
if (section.AllowedAudienceUris.ElementInformation.IsPresent)
{
foreach (var allowedAudienceUri in section.AllowedAudienceUris)
{
config.AllowedAudienceUris.Add(allowedAudienceUri.Uri);
}
}
// Assertion profile
if (section.AssertionProfile.ElementInformation.IsPresent)
{
config.AssertionProfile.AssertionValidator = section.AssertionProfile.AssertionValidator;
}
// Common domain cookie
if (section.CommonDomainCookie.ElementInformation.IsPresent)
{
config.CommonDomainCookie.Enabled = section.CommonDomainCookie.Enabled;
config.CommonDomainCookie.LocalReaderEndpoint = section.CommonDomainCookie.LocalReaderEndpoint;
}
// Identity Providers
if (section.IdentityProviders.ElementInformation.IsPresent)
{
config.IdentityProviderSelectionUrl = section.IdentityProviders.SelectionUrl;
config.IdentityProviders.Encodings = section.IdentityProviders.Encodings;
config.IdentityProviders.MetadataLocation = section.IdentityProviders.MetadataLocation;
foreach (var identityProvider in section.IdentityProviders)
{
var idp = new IdentityProvider
{
AllowUnsolicitedResponses = identityProvider.AllowUnsolicitedResponses,
Default = identityProvider.Default,
ForceAuth = identityProvider.ForceAuth,
Id = identityProvider.Id,
IsPassive = identityProvider.IsPassive,
Name = identityProvider.Name,
OmitAssertionSignatureCheck = identityProvider.OmitAssertionSignatureCheck,
QuirksMode = identityProvider.QuirksMode,
ResponseEncoding = identityProvider.ResponseEncoding
};
if (identityProvider.ArtifactResolution.ElementInformation.IsPresent)
{
var artifactResolution = new HttpAuth();
if (identityProvider.ArtifactResolution.ClientCertificate.ElementInformation.IsPresent)
{
artifactResolution.ClientCertificate = new Certificate
{
FindValue = identityProvider.ArtifactResolution.ClientCertificate.FindValue,
StoreLocation = identityProvider.ArtifactResolution.ClientCertificate.StoreLocation,
StoreName = identityProvider.ArtifactResolution.ClientCertificate.StoreName,
ValidOnly = identityProvider.ArtifactResolution.ClientCertificate.ValidOnly,
X509FindType = identityProvider.ArtifactResolution.ClientCertificate.X509FindType
};
}
if (identityProvider.ArtifactResolution.Credentials.ElementInformation.IsPresent)
{
artifactResolution.Credentials = new HttpAuthCredentials
{
Password = identityProvider.ArtifactResolution.Credentials.Password,
Username = identityProvider.ArtifactResolution.Credentials.Username
};
}
idp.ArtifactResolution = artifactResolution;
}
if (identityProvider.AttributeQuery.ElementInformation.IsPresent)
{
var attributeQuery = new HttpAuth();
if (identityProvider.AttributeQuery.ClientCertificate.ElementInformation.IsPresent)
{
attributeQuery.ClientCertificate = new Certificate
{
FindValue = identityProvider.AttributeQuery.ClientCertificate.FindValue,
StoreLocation = identityProvider.AttributeQuery.ClientCertificate.StoreLocation,
StoreName = identityProvider.AttributeQuery.ClientCertificate.StoreName,
ValidOnly = identityProvider.AttributeQuery.ClientCertificate.ValidOnly,
X509FindType = identityProvider.AttributeQuery.ClientCertificate.X509FindType
};
}
if (identityProvider.AttributeQuery.Credentials.ElementInformation.IsPresent)
{
attributeQuery.Credentials = new HttpAuthCredentials
{
Password = identityProvider.AttributeQuery.Credentials.Password,
Username = identityProvider.AttributeQuery.Credentials.Username
};
}
idp.AttributeQuery = attributeQuery;
}
if (identityProvider.PersistentPseudonym.ElementInformation.IsPresent)
{
idp.PersistentPseudonym = new PersistentPseudonym {
Mapper = identityProvider.PersistentPseudonym.Mapper
};
}
foreach (var certificateValidation in identityProvider.CertificateValidations)
{
idp.CertificateValidations.Add(certificateValidation.Type);
}
foreach (var key in identityProvider.CommonDomainCookie.AllKeys)
{
idp.CommonDomainCookie.Add(identityProvider.CommonDomainCookie[key].Key, identityProvider.CommonDomainCookie[key].Value);
}
foreach (var endpoint in identityProvider.Endpoints)
{
idp.Endpoints.Add(new IdentityProviderEndpoint
{
Binding = endpoint.Binding,
ForceProtocolBinding = endpoint.ForceProtocolBinding,
TokenAccessor = endpoint.TokenAccessor,
Type = endpoint.Type,
Url = endpoint.Url
});
}
config.IdentityProviders.Add(idp);
}
}
// Logging config
if (section.Logging.ElementInformation.IsPresent)
{
config.Logging.LoggingFactory = section.Logging.LoggingFactory;
}
// Metadata config
if (section.Metadata.ElementInformation.IsPresent)
{
config.Metadata.ExcludeArtifactEndpoints = section.Metadata.ExcludeArtifactEndpoints;
config.Metadata.Lifetime = section.Metadata.Lifetime;
if (section.Metadata.Organization.ElementInformation.IsPresent)
{
config.Metadata.Organization = new Organization
{
Name = section.Metadata.Organization.Name,
DisplayName = section.Metadata.Organization.DisplayName,
Url = section.Metadata.Organization.Url
};
}
foreach (var contact in section.Metadata.Contacts)
{
config.Metadata.Contacts.Add(new Contact
{
Company = contact.Company,
Email = contact.Email,
GivenName = contact.GivenName,
Phone = contact.Phone,
SurName = contact.SurName,
Type = contact.Type
});
}
foreach (var attribute in section.Metadata.RequestedAttributes)
{
config.Metadata.RequestedAttributes.Add(new Attribute {
IsRequired = attribute.IsRequired, Name = attribute.Name
});
}
}
// Service provider
if (section.ServiceProvider.ElementInformation.IsPresent)
{
config.ServiceProvider.AuthenticationContextComparison = section.ServiceProvider.AuthenticationContexts.Comparison;
config.ServiceProvider.Id = section.ServiceProvider.Id;
config.ServiceProvider.NameIdFormatAllowCreate = section.ServiceProvider.NameIdFormats.AllowCreate;
config.ServiceProvider.Server = section.ServiceProvider.Server;
if (section.ServiceProvider.SigningCertificate.ElementInformation.IsPresent)
{
config.ServiceProvider.SigningCertificate = new Certificate
{
FindValue = section.ServiceProvider.SigningCertificate.FindValue,
StoreLocation = section.ServiceProvider.SigningCertificate.StoreLocation,
StoreName = section.ServiceProvider.SigningCertificate.StoreName,
ValidOnly = section.ServiceProvider.SigningCertificate.ValidOnly,
X509FindType = section.ServiceProvider.SigningCertificate.X509FindType
};
}
foreach (var authContext in section.ServiceProvider.AuthenticationContexts)
{
config.ServiceProvider.AuthenticationContexts.Add(new AuthenticationContext {
Context = authContext.Context, ReferenceType = authContext.ReferenceType
});
}
foreach (var endpoint in section.ServiceProvider.Endpoints)
{
config.ServiceProvider.Endpoints.Add(new ServiceProviderEndpoint
{
Binding = endpoint.Binding,
Index = endpoint.Index,
LocalPath = endpoint.LocalPath,
RedirectUrl = endpoint.RedirectUrl,
Type = endpoint.Type
});
}
foreach (var nameIdFormat in section.ServiceProvider.NameIdFormats)
{
config.ServiceProvider.NameIdFormats.Add(nameIdFormat.Format);
}
}
// State config
if (section.State.ElementInformation.IsPresent)
{
config.State.StateServiceFactory = section.State.StateServiceFactory;
foreach (var setting in section.State.Settings)
{
config.State.Settings.Add(setting.Name, setting.Value);
}
}
return(config);
}