/// <summary>
/// Removes an service provider from the list of recognized service providers.
/// </summary>
void removeBt_Command(object sender, CommandEventArgs e)
{
if (!string.IsNullOrEmpty(e.CommandName))
{
IDPConfig.RemoveServiceProvider(e.CommandName);
}
}
private void CreateAuthenticationFailedResponse()
{
string entityId = request.Issuer.Value;
Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId);
IDPEndPointElement endpoint =
metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); });
if (endpoint == null)
{
Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId));
Context.Response.End();
return;
}
Response response = new Response();
response.Destination = endpoint.Url;
response.Status = new Status();
response.Status.StatusCode = new StatusCode();
response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Requester;
response.Status.StatusCode.SubStatusCode = new StatusCode();
response.Status.StatusCode.SubStatusCode.Value = Saml20Constants.StatusCodes.AuthnFailed;
response.Status.StatusMessage = "Authentication failed. Username and/or password was incorrect.";
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint);
builder.Action = SAMLAction.SAMLResponse;
builder.Response = Serialization.SerializeToXmlString(response);
builder.GetPage().ProcessRequest(Context);
Context.Response.End();
}
void button_Command(object sender, CommandEventArgs e)
{
X509Certificate2Collection certs = GetCertificates();
// find the right one.
X509Certificate2 IDPCertificate = null;
foreach (X509Certificate2 cert in certs)
{
if (cert.Thumbprint == e.CommandName)
{
IDPCertificate = cert;
break;
}
}
if (IDPCertificate == null)
{
WriteWarning("An unknown error occurred when retrieving the certificate.");
return;
}
if (!hasAccessToPrivateKey(IDPCertificate))
{
return;
}
IDPConfig.SetCertificate(IDPCertificate, GetSelectedEnum <StoreName>(CertificateStoreDropDown), GetSelectedEnum <StoreLocation>(StoreLocationDropDown));
Response.Redirect("../Control.aspx");
}
private void CreateAssertionResponse(User user)
{
string entityId = request.Issuer.Value;
Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId);
IDPEndPointElement endpoint =
metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); });
if (endpoint == null)
{
Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId));
Context.Response.End();
return;
}
UserSessionsHandler.AddLoggedInSession(entityId);
Response response = new Response();
response.Destination = endpoint.Url;
response.InResponseTo = request.ID;
response.Status = new Status();
response.Status.StatusCode = new StatusCode();
response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Success;
Assertion assertion = CreateAssertion(user, entityId);
response.Items = new object[] { assertion };
// Serialize the response.
XmlDocument assertionDoc = new XmlDocument();
assertionDoc.XmlResolver = null;
assertionDoc.PreserveWhitespace = true;
assertionDoc.LoadXml(Serialization.SerializeToXmlString(response));
// Sign the assertion inside the response message.
var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256);
signatureProvider.SignAssertion(assertionDoc, assertion.ID, IDPConfig.IDPCertificate);
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint);
builder.Action = SAMLAction.SAMLResponse;
builder.Response = assertionDoc.OuterXml;
builder.GetPage().ProcessRequest(Context);
Context.Response.End();
}
private void PopulateSPList()
{
ReadyPanel.Visible = true;
ServiceProviderList.Controls.Clear();
foreach (string entityID in IDPConfig.GetServiceProviderIdentifiers())
{
Panel p = new Panel();
p.Style.Add(HtmlTextWriterStyle.MarginLeft, "10px");
p.Style.Add(HtmlTextWriterStyle.MarginTop, "4px");
p.Style.Add(HtmlTextWriterStyle.Color, "green");
p.Controls.Add(new LiteralControl(" - " + entityID + " "));
LinkButton removeBt = new LinkButton();
removeBt.Text = "remove";
removeBt.Command += removeBt_Command;
removeBt.CommandName = entityID;
p.Controls.Add(removeBt);
ServiceProviderList.Controls.Add(p);
}
}
protected void UploadButton_Click(object sender, EventArgs e)
{
if (_fileupload.HasFile)
{
XmlDocument doc;
try
{
doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(new StreamReader(_fileupload.FileContent, Encoding.UTF8));
}
catch (Exception)
{
_statusLabel.Text = "Unable to load metadata. File contents were not recognized as XML.";
return;
}
// Apparently updating the metadata. Remove old version.
IDPConfig.AddServiceProvider(doc);
PopulateSPList();
}
}
protected void ClearCert_Click(object sender, EventArgs e)
{
IDPConfig.ClearCertificate();
VerifyConfiguration();
}
private void CreateAssertionResponse(User user)
{
string entityId = request.Issuer.Value;
Saml20MetadataDocument metadataDocument = IDPConfig.GetServiceProviderMetadata(entityId);
IDPEndPointElement endpoint =
metadataDocument.AssertionConsumerServiceEndpoints().Find(delegate(IDPEndPointElement e) { return(e.Binding == SAMLBinding.POST); });
if (endpoint == null)
{
Context.Response.Write(string.Format("'{0}' does not have a SSO endpoint that supports the POST binding.", entityId));
Context.Response.End();
return;
}
UserSessionsHandler.AddLoggedInSession(entityId);
Response response = new Response();
response.Destination = endpoint.Url;
response.InResponseTo = request.ID;
response.Status = new Status();
response.Status.StatusCode = new StatusCode();
response.Status.StatusCode.Value = Saml20Constants.StatusCodes.Success;
var nameIdFormat = metadataDocument.Entity.Items.OfType <SPSSODescriptor>().SingleOrDefault()?.NameIDFormat.SingleOrDefault() ?? Saml20Constants.NameIdentifierFormats.Persistent;
Assertion assertion = CreateAssertion(user, entityId, nameIdFormat);
var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256);
EncryptedAssertion encryptedAssertion = null;
var keyDescriptors = metadataDocument.Keys.Where(x => x.use == KeyTypes.encryption);
if (keyDescriptors.Any())
{
foreach (KeyDescriptor keyDescriptor in keyDescriptors)
{
KeyInfo ki = (KeyInfo)keyDescriptor.KeyInfo;
foreach (KeyInfoClause clause in ki)
{
if (clause is KeyInfoX509Data)
{
X509Certificate2 cert = XmlSignatureUtils.GetCertificateFromKeyInfo((KeyInfoX509Data)clause);
var spec = new DefaultCertificateSpecification();
string error;
if (spec.IsSatisfiedBy(cert, out error))
{
AsymmetricAlgorithm key = XmlSignatureUtils.ExtractKey(clause);
AssertionEncryptionUtility.AssertionEncryptionUtility encryptedAssertionUtil = new AssertionEncryptionUtility.AssertionEncryptionUtility((RSA)key, assertion);
// Sign the assertion inside the response message.
signatureProvider.SignAssertion(encryptedAssertionUtil.Assertion, assertion.ID, IDPConfig.IDPCertificate);
encryptedAssertionUtil.Encrypt();
encryptedAssertion = Serialization.DeserializeFromXmlString <EncryptedAssertion>(encryptedAssertionUtil.EncryptedAssertion.OuterXml);
break;
}
}
}
if (encryptedAssertion != null)
{
break;
}
}
if (encryptedAssertion == null)
{
throw new Exception("Could not encrypt. No valid certificates found.");
}
}
if (encryptedAssertion != null)
{
response.Items = new object[] { encryptedAssertion };
}
else
{
response.Items = new object[] { assertion };
}
// Serialize the response.
XmlDocument responseDoc = new XmlDocument();
responseDoc.XmlResolver = null;
responseDoc.PreserveWhitespace = true;
responseDoc.LoadXml(Serialization.SerializeToXmlString(response));
if (encryptedAssertion == null)
{
// Sign the assertion inside the response message.
signatureProvider.SignAssertion(responseDoc, assertion.ID, IDPConfig.IDPCertificate);
}
HttpPostBindingBuilder builder = new HttpPostBindingBuilder(endpoint);
builder.Action = SAMLAction.SAMLResponse;
builder.Response = responseDoc.OuterXml;
builder.GetPage().ProcessRequest(Context);
Context.Response.End();
}
