private SAMLEngine() { try { _xmlNamespaces.Add(SAMLConstants.NS_PROTOCOL_PREFIX, SAMLConstants.NS_PROTOCOL); _xmlNamespaces.Add(SAMLConstants.NS_ASSERT_PREFIX, SAMLConstants.NS_ASSERT); _xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX), ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL)); _xmlNamespaces.Add(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX), ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS)); thisIssuer = ConfigurationSettingsHelper.GetCriticalConfigSetting("SPIssuer"); validateXsd = ConfigurationSettingsHelper.GetCriticalConfigBoolSetting("SamlValidateXsdXml"); thisDestination = ConfigurationManager.AppSettings["SamlDestinationAlias"]; if (string.IsNullOrEmpty(thisDestination)) { thisDestination = null; } else { thisDestination = thisIssuer + thisDestination; } validTimeframe = ConfigurationSettingsHelper.GetCriticalConfigIntSetting("SamlValidTimeframe"); int?skewClockTmp = ConfigurationSettingsHelper.GetConfigIntSetting("SamlSkewClock"); skewClock = skewClockTmp == null ? SKEW_CLOCK : (int)skewClockTmp; int capacity = ConfigurationSettingsHelper.GetConfigIntSetting("SamlNumberStoredIds") ?? MAX_STORED_IDS; receivedIds = new List <string>(capacity); string tumbprint = ConfigurationSettingsHelper.GetCriticalConfigSetting("SamlCertificate"); certificate = CertificateUtils.GetCertificateFromPersonalStore(tumbprint); if (certificate == null || !certificate.HasPrivateKey) { _logger.Trace("Certificate '" + tumbprint + "' not found at " + "LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate); throw new SAMLException("Certificate '" + tumbprint + "' not found at " + "LocalMachine/My keystore or access to private key was denied. Certificate: " + certificate); } citizenAttributes = CitizenAttributes.Instance; } catch (Exception) { throw; } }
private XmlDocument GenerateLogoutRequestMetadata(SAMLLogoutRequest context) { DateTime now = DateTime.UtcNow; LogoutRequestType request = new LogoutRequestType(); request.ID = context.Id; request.Version = SAMLConstants.SAML_VERSION; request.IssueInstant = now; request.Destination = context.Destination; request.Consent = SAMLConstants.CONSENT; request.Issuer = new NameIDType(); request.Issuer.Value = context.Issuer; request.NameID = new NameIDType(); request.NameID.Value = ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.SP_ID); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; // stork extensions XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX), "QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL)); qualityAuthnAssLevel.InnerText = context.QAALevel; XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spSector", SAMLConstants.NS_STORK_ASSER); spSectorEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString(); XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spInstitution", SAMLConstants.NS_STORK_ASSER); spInstitutionEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION); XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spApplication", SAMLConstants.NS_STORK_ASSER); spApplicationEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION); XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spCountry", SAMLConstants.NS_STORK_ASSER); spCountryEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY); XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDSectorShare", SAMLConstants.NS_STORK_PROT); eIDSectorShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower(); XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT); eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower(); XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT); eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower(); request.Extensions = new ExtensionsType(); request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl, spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl, eIDCrossSectorShareEl, eIDCrossBorderShareEl }; MemoryStream stream = new MemoryStream(); Serialize(request, stream); StreamReader reader = new StreamReader(stream); stream.Seek(0, SeekOrigin.Begin); string xml = reader.ReadToEnd(); XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml)); return(Deserialize <XmlDocument>(xmlReader)); }
private XmlDocument GenerateRequestMetadata(SAMLRequest context) { DateTime now = DateTime.UtcNow; AuthnRequestType request = new AuthnRequestType(); request.ID = context.Id; request.Version = SAMLConstants.SAML_VERSION; request.IssueInstant = now; request.Destination = context.Destination; request.Consent = SAMLConstants.CONSENT; request.ForceAuthn = true; request.IsPassive = false; request.ProtocolBinding = SAMLConstants.PROTOCOL_BINDING; request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL; request.ProviderName = context.ProviderName; request.Issuer = new NameIDType(); request.Issuer.Value = context.Issuer; request.Issuer.Format = context.IssuerFormat; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX), "RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS)); foreach (AttributeElement attr in context.Attributes) { XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX), "RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR)); requestedAttr.SetAttribute("Name", attr.AttrName); requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT); requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower()); if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH)) { XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX), "AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR)); attrValue.InnerText = attr.AttrValue.ToString().ToLower(); requestedAttr.AppendChild(attrValue); } requestedAttrs.AppendChild(requestedAttr); } // stork extensions XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX), "QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL)); qualityAuthnAssLevel.InnerText = context.QAALevel; XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spSector", SAMLConstants.NS_STORK_ASSER); spSectorEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString(); XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spInstitution", SAMLConstants.NS_STORK_ASSER); spInstitutionEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION); XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spApplication", SAMLConstants.NS_STORK_ASSER); spApplicationEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION); XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spCountry", SAMLConstants.NS_STORK_ASSER); spCountryEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY); XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDSectorShare", SAMLConstants.NS_STORK_PROT); eIDSectorShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower(); XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT); eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower(); XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT); eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower(); request.Extensions = new ExtensionsType(); request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl, spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl, eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs }; MemoryStream stream = new MemoryStream(); Serialize(request, stream); StreamReader reader = new StreamReader(stream); stream.Seek(0, SeekOrigin.Begin); string xml = reader.ReadToEnd(); XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml)); return(Deserialize <XmlDocument>(xmlReader)); }