private static void Validate(XmlDocument xmlDocument)
{
Console.Error.WriteLine("Validating against XML schemas");
DateTime startDateTime = DateTime.Now;
SAMLValidator samlValidator = new SAMLValidator();
bool validated = samlValidator.Validate(xmlDocument);
TimeSpan elapsedTimeSpan = DateTime.Now - startDateTime;
Console.Error.WriteLine("Validated: {0}", validated);
if (!validated)
{
foreach (XmlSchemaException warning in samlValidator.Warnings)
{
Console.WriteLine(warning.Message);
}
foreach (XmlSchemaException error in samlValidator.Errors)
{
Console.WriteLine(error.Message);
}
}
Console.Error.WriteLine("Elapsed time: {0} ms", elapsedTimeSpan.TotalMilliseconds);
}
protected virtual SAMLValidatorResult <ResponseType> CheckSamlResponse(SAMLResponseDto samlResponse)
{
var response = SAMLValidator.CheckSaml <ResponseType>(samlResponse.SAMLResponse, samlResponse.RelayState);
var assertion = response.Content.Items.FirstOrDefault(i => i is AssertionType) as AssertionType;
if (assertion == null)
{
throw new SamlException(System.Net.HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Responder, Global.MissingAssertion);
}
return(response);
}
private static void Validate(XmlDocument xmlDocument)
{
Console.Error.WriteLine("Validating against XML schemas");
SAMLValidator samlValidator = new SAMLValidator();
bool validated = samlValidator.Validate(xmlDocument);
Console.Error.WriteLine("Validated: " + validated);
if (!validated) {
foreach (XmlSchemaException warning in samlValidator.Warnings) {
Console.WriteLine(warning.Message);
}
foreach (XmlSchemaException error in samlValidator.Errors) {
Console.WriteLine(error.Message);
}
}
}
protected virtual AuthnRequestType CheckParameter(SAMLRequestDto parameter)
{
var authnRequest = SAMLValidator.CheckSaml <AuthnRequestType>(parameter.SAMLRequest, parameter.RelayState);
if (authnRequest.Content.Issuer == null || string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Value))
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.MissingParameter, nameof(authnRequest.Content.Issuer)));
}
if (!string.IsNullOrWhiteSpace(authnRequest.Content.Issuer.Format) && authnRequest.Content.Issuer.Format != Saml.Constants.NameIdentifierFormats.EntityIdentifier)
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.Requester, string.Format(Global.UnsupportNameIdFormat, nameof(authnRequest.Content.Issuer.Format)));
}
if (!string.IsNullOrWhiteSpace(authnRequest.Content.ProtocolBinding) && authnRequest.Content.ProtocolBinding != Saml.Constants.Bindings.HttpRedirect)
{
throw new SamlException(HttpStatusCode.BadRequest, Saml.Constants.StatusCodes.UnsupportedBinding, string.Format(Global.UnsupportBinding, authnRequest.Content.ProtocolBinding));
}
return(authnRequest.Content);
}
private static void Validate(XmlDocument xmlDocument)
{
Console.Error.WriteLine("Validating against XML schemas");
SAMLValidator samlValidator = new SAMLValidator();
bool validated = samlValidator.Validate(xmlDocument);
Console.Error.WriteLine("Validated: " + validated);
if (!validated)
{
foreach (XmlSchemaException warning in samlValidator.Warnings)
{
Console.WriteLine(warning.Message);
}
foreach (XmlSchemaException error in samlValidator.Errors)
{
Console.WriteLine(error.Message);
}
}
}
public ActionResult UploadSaml(FormCollection formCollection)
{
var attributes = new List <SAMLAttribute>();
var errorMessages = new List <string>();
var xmlDoc = null as XmlDocument;
SessionHelper.Set(SamlAttributesSessionKey, null);
SessionHelper.Set(SamlErrorMessagesSessionKey, null);
if (Request != null)
{
var file = Request.Files["SamlFile"];
if ((file != null) && (file.ContentLength > 0) && !string.IsNullOrEmpty(file.FileName))
{
try
{
xmlDoc = new XmlDocument();
xmlDoc.Load(file.InputStream);
var samlValidator = new SAMLValidator();
var isValid = samlValidator.Validate(xmlDoc);
if (!isValid)
{
errorMessages.AddRange(samlValidator.Warnings.Select(warning => string.Format("Warning:, {0}", warning.Message)));
errorMessages.AddRange(samlValidator.Errors.Select(error => error.Message));
}
if (SAMLMessageSignature.IsSigned(xmlDoc.DocumentElement))
{
if (!SAMLMessageSignature.Verify(xmlDoc.DocumentElement))
{
errorMessages.Add(string.Format("Failed to verify SAML response signature. [{0}]", xmlDoc.OuterXml));
}
}
var samlResponse = new SAMLResponse(xmlDoc.DocumentElement);
var assertions = samlResponse.GetAssertions();
var encryptedAssertions = samlResponse.GetEncryptedAssertions();
var signedAssertions = samlResponse.GetSignedAssertions();
var x509CertificateFilePath = Path.Combine(HttpRuntime.AppDomainAppPath, SAMLConfiguration.Current.ServiceProviderConfiguration.CertificateFile);
var x509Certificate = new X509Certificate2(x509CertificateFilePath, SAMLConfiguration.Current.ServiceProviderConfiguration.CertificatePassword);
encryptedAssertions.ForEach(a =>
{
var decryptedAssertion = a.DecryptToXml(x509Certificate);
assertions.Add(new SAMLAssertion(decryptedAssertion));
});
signedAssertions.ForEach(a =>
{
if (SAMLAssertionSignature.IsSigned(a))
{
if (!SAMLAssertionSignature.Verify(a))
{
errorMessages.Add(string.Format("Failed to verify SAML assertion signature. [{0}]", a.OuterXml));
}
}
assertions.Add(new SAMLAssertion(a));
});
assertions.ForEach(a =>
{
var nameId = a.GetNameID();
if (!string.IsNullOrEmpty(nameId))
{
attributes.Add("NameId", nameId);
}
a.GetAttributeStatements().ForEach(
s => attributes.AddRange(from object attribute in s.Attributes
select attribute as SAMLAttribute));
});
}
catch (Exception ex)
{
var saml = xmlDoc != null ? xmlDoc.OuterXml : string.Empty;
_logger.Log(ex);
errorMessages.Add(string.Format("{0} [{1}]", ex.Message, saml));
}
}
}
SessionHelper.Set(SamlAttributesSessionKey, attributes.ToArray());
SessionHelper.Set(SamlErrorMessagesSessionKey, errorMessages);
return(Redirect(TestTargetUrl));
}
