public static string GetSAMLRequest(SSOOptionsInfo ssoInfo, bool forceAuthn = false) { if (ssoInfo == null) throw new ArgumentNullException("ssoInfo"); string id = "_" + Guid.NewGuid(); string issueInstant = DateTime.Now.ToUniversalTime().ToString("yyyy-mm-ddTH:mm:ssZ", CultureInfo.InvariantCulture); var samlNamespace = string.Format(CultureInfo.InvariantCulture, "urn:oasis:names:tc:SAML:{0}:", ssoInfo.SAMLVersion); using (var sw = new StringWriter(CultureInfo.InvariantCulture)) { var xws = new XmlWriterSettings { OmitXmlDeclaration = true }; using (XmlWriter xw = XmlWriter.Create(sw, xws)) { xw.WriteStartElement("samlp", "AuthnRequest", samlNamespace + "protocol"); xw.WriteAttributeString("ID", id); xw.WriteAttributeString("Version", ssoInfo.SAMLVersion); xw.WriteAttributeString("IssueInstant", issueInstant); xw.WriteAttributeString("ProtocolBinding", samlNamespace + "bindings:HTTP-POST"); xw.WriteAttributeString("AssertionConsumerServiceURL", ConsumerServiceUrl); if (forceAuthn) { xw.WriteAttributeString("IsPassive", "false"); xw.WriteAttributeString("ForceAuthn", "true"); } xw.WriteStartElement("saml", "Issuer", samlNamespace + "assertion"); xw.WriteString(ssoInfo.Issuer); xw.WriteEndElement(); xw.WriteStartElement("samlp", "NameIDPolicy", samlNamespace + "protocol"); xw.WriteAttributeString("Format", samlNamespace + "nameid-format:unspecified"); xw.WriteAttributeString("AllowCreate", "true"); xw.WriteAttributeString("SPNameQualifier", ssoInfo.Issuer); xw.WriteEndElement(); xw.WriteStartElement("samlp", "RequestedAuthnContext", samlNamespace + "protocol"); xw.WriteAttributeString("Comparison", "exact"); xw.WriteStartElement("saml", "AuthnContextClassRef", samlNamespace + "assertion"); xw.WriteString(samlNamespace + "ac:classes:PasswordProtectedTransport"); xw.WriteEndElement(); xw.WriteEndElement(); xw.WriteEndElement(); } var xml = sw.ToString(); return Convert.ToBase64String(Deflate(xml)); } }
/// <summary>Gets the sso logout request.</summary> /// <param name="nameId">SSO name identifier.</param> /// <param name="ssoInfo"></param> /// <param name="deflate">true for Redirect, false for Post</param> public static string GetSSOLogoutRequest(string nameId, SSOOptionsInfo ssoInfo, bool deflate) { string id = "_" + Guid.NewGuid(); string issueInstant = DateTime.Now.ToUniversalTime().ToString("yyyy-mm-ddTH:mm:ssZ", CultureInfo.InvariantCulture); var samlNamespace = string.Format(CultureInfo.InvariantCulture, "urn:oasis:names:tc:SAML:{0}:", ssoInfo.SAMLVersion); using (var sw = new StringWriter(CultureInfo.InvariantCulture)) { var xws = new XmlWriterSettings { OmitXmlDeclaration = true }; using (XmlWriter xw = XmlWriter.Create(sw, xws)) { xw.WriteStartElement("samlp", "LogoutRequest", samlNamespace + "protocol"); xw.WriteAttributeString("ID", id); xw.WriteAttributeString("Version", ssoInfo.SAMLVersion); xw.WriteAttributeString("IssueInstant", issueInstant); xw.WriteStartElement("saml", "Issuer", samlNamespace + "assertion"); xw.WriteString(ssoInfo.Issuer); xw.WriteEndElement(); xw.WriteStartElement("saml", "NameID", samlNamespace + "assertion"); xw.WriteAttributeString("Format", samlNamespace + "nameid-format:unspecified"); xw.WriteAttributeString("AllowCreate", "true"); xw.WriteAttributeString("SPNameQualifier", ssoInfo.Issuer); xw.WriteString(nameId); xw.WriteEndElement(); xw.WriteEndElement(); } var xml = sw.ToString(); return deflate ? Convert.ToBase64String(Deflate(xml)) : Convert.ToBase64String(Encoding.UTF8.GetBytes(xml)); } }