/// <summary>
/// Returns an instance of the class with meaningful default values set.
/// </summary>
/// <returns></returns>
public static Saml20AuthnRequest GetDefault(string issuer)
{
Saml20AuthnRequest result = new Saml20AuthnRequest();
result.Issuer = issuer;
List<ConditionAbstract> audienceRestrictions = new List<ConditionAbstract>(1);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = new List<string>(1);
audienceRestriction.Audience.Add(issuer);
audienceRestrictions.Add(audienceRestriction);
result.SetConditions(audienceRestrictions);
return result;
}
/// <summary>
/// Assembles our basic test assertion
/// </summary>
/// <returns></returns>
public static Assertion GetBasicAssertion()
{
Assertion assertion = new Assertion();
{
assertion.Issuer = new NameID();
assertion.ID = "_b8977dc86cda41493fba68b32ae9291d";
assertion.IssueInstant = DateTime.UtcNow;
assertion.Version = "2.0";
assertion.Issuer.Value = GetBasicIssuer();
}
{
assertion.Subject = new Subject();
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk";
assertion.Subject.Items = new object[] { subjectConfirmation };
}
{
assertion.Conditions = new Conditions();
assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = GetAudiences();
assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
}
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
authnStatement.SessionIndex = "70225885";
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" };
authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
SamlAttribute surName = new SamlAttribute();
surName.FriendlyName = "SurName";
surName.Name = "urn:oid:2.5.4.4";
surName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
surName.AttributeValue = new string[] { "Fry" };
SamlAttribute commonName = new SamlAttribute();
commonName.FriendlyName = "CommonName";
commonName.Name = "urn:oid:2.5.4.3";
commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
commonName.AttributeValue = new string[] { "Philip J. Fry" };
SamlAttribute userName = new SamlAttribute();
userName.Name = "urn:oid:0.9.2342.19200300.100.1.1";
userName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
userName.AttributeValue = new string[] { "fry" };
SamlAttribute eMail = new SamlAttribute();
eMail.FriendlyName = "Email";
eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3";
eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI;
eMail.AttributeValue = new string[] { "*****@*****.**" };
attributeStatement.Items = new object[] { surName, commonName, userName, eMail };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return assertion;
}
private Assertion CreateAssertion(User user, string receiver)
{
Assertion assertion = new Assertion();
{ // Subject element
assertion.Subject = new Subject();
assertion.ID = "id" + Guid.NewGuid().ToString("N");
assertion.IssueInstant = DateTime.Now.AddMinutes(10);
assertion.Issuer = new NameID();
assertion.Issuer.Value = IDPConfig.ServerBaseUrl;
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1);
subjectConfirmation.SubjectConfirmationData.Recipient = receiver;
NameID nameId = new NameID();
nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent;
nameId.Value = user.ppid;
assertion.Subject.Items = new object[] { nameId, subjectConfirmation };
}
{ // Conditions element
assertion.Conditions = new Conditions();
assertion.Conditions.Items = new List<ConditionAbstract>();
assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = new List<string>();
audienceRestriction.Audience.Add(receiver);
assertion.Conditions.Items.Add(audienceRestriction);
}
List<StatementAbstract> statements = new List<StatementAbstract>(2);
{ // AuthnStatement element
AuthnStatement authnStatement = new AuthnStatement();
authnStatement.AuthnInstant = DateTime.Now;
authnStatement.SessionIndex = Convert.ToString(new Random().Next());
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items =
new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"};
// Wow! Setting the AuthnContext is .... verbose.
authnStatement.AuthnContext.ItemsElementName =
new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
statements.Add(authnStatement);
}
{ // Generate attribute list.
AttributeStatement attributeStatement = new AttributeStatement();
List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count);
foreach (KeyValuePair<string, string> att in user.Attributes)
{
SamlAttribute attribute = new SamlAttribute();
attribute.Name = att.Key;
attribute.AttributeValue = new string[] { att.Value };
attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
attributes.Add(attribute);
}
attributeStatement.Items = attributes.ToArray();
statements.Add(attributeStatement);
}
assertion.Items = statements.ToArray();
return assertion;
}
public void AudienceRestriction_Valid_MultipleAudienceRestrictions()
{
Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
List<ConditionAbstract> audienceConditions = new List<ConditionAbstract>(saml20Assertion.Conditions.Items);
AudienceRestriction sar = new AudienceRestriction();
sar.Audience = new List<string>(new string[] { "urn:borger.dk:id" });
audienceConditions.Add(sar);
saml20Assertion.Conditions.Items = audienceConditions;
CreateSaml20Token(saml20Assertion);
}
public void AudienceRestriction_Invalid_MultipleAudienceRestrictions()
{
Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
List<ConditionAbstract> audienceConditions = new List<ConditionAbstract>(saml20Assertion.Conditions.Items);
AudienceRestriction sar = new AudienceRestriction();
sar.Audience = new List<string>(new string[] { "http://well/formed.uri" });
audienceConditions.Add(sar);
saml20Assertion.Conditions.Items = audienceConditions;
CreateSaml20Token(saml20Assertion);
}
public void AudienceRestriction_Invalid_Assertion()
{
Assertion saml20Assertion = AssertionUtil.GetBasicAssertion();
AudienceRestriction sar = new AudienceRestriction();
sar.Audience = new List<string>( new string[] { "malformed uri" });
saml20Assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { sar });
CreateSaml20Token(saml20Assertion);
}
/// <summary>
/// Returns an instance of the class with meaningful default values set.
/// </summary>
/// <returns></returns>
public static Saml20AuthnRequest GetDefault()
{
SAML20FederationConfig config = SAML20FederationConfig.GetConfig();
if (config.ServiceProvider == null || string.IsNullOrEmpty(config.ServiceProvider.ID))
throw new Saml20FormatException(Resources.ServiceProviderNotSet);
Saml20AuthnRequest result = new Saml20AuthnRequest();
result.Issuer = config.ServiceProvider.ID;
List<ConditionAbstract> audienceRestrictions = new List<ConditionAbstract>(1);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = new List<string>(1);
audienceRestriction.Audience.Add(config.ServiceProvider.ID);
audienceRestrictions.Add(audienceRestriction);
result.SetConditions(audienceRestrictions);
return result;
}
