public static string GetSAMLRequest(SSOOptionsInfo ssoInfo, bool forceAuthn = false)
{
if (ssoInfo == null) throw new ArgumentNullException("ssoInfo");
string id = "_" + Guid.NewGuid();
string issueInstant = DateTime.Now.ToUniversalTime().ToString("yyyy-mm-ddTH:mm:ssZ", CultureInfo.InvariantCulture);
var samlNamespace = string.Format(CultureInfo.InvariantCulture, "urn:oasis:names:tc:SAML:{0}:", ssoInfo.SAMLVersion);
using (var sw = new StringWriter(CultureInfo.InvariantCulture))
{
var xws = new XmlWriterSettings { OmitXmlDeclaration = true };
using (XmlWriter xw = XmlWriter.Create(sw, xws))
{
xw.WriteStartElement("samlp", "AuthnRequest", samlNamespace + "protocol");
xw.WriteAttributeString("ID", id);
xw.WriteAttributeString("Version", ssoInfo.SAMLVersion);
xw.WriteAttributeString("IssueInstant", issueInstant);
xw.WriteAttributeString("ProtocolBinding", samlNamespace + "bindings:HTTP-POST");
xw.WriteAttributeString("AssertionConsumerServiceURL", ConsumerServiceUrl);
if (forceAuthn)
{
xw.WriteAttributeString("IsPassive", "false");
xw.WriteAttributeString("ForceAuthn", "true");
}
xw.WriteStartElement("saml", "Issuer", samlNamespace + "assertion");
xw.WriteString(ssoInfo.Issuer);
xw.WriteEndElement();
xw.WriteStartElement("samlp", "NameIDPolicy", samlNamespace + "protocol");
xw.WriteAttributeString("Format", samlNamespace + "nameid-format:unspecified");
xw.WriteAttributeString("AllowCreate", "true");
xw.WriteAttributeString("SPNameQualifier", ssoInfo.Issuer);
xw.WriteEndElement();
xw.WriteStartElement("samlp", "RequestedAuthnContext", samlNamespace + "protocol");
xw.WriteAttributeString("Comparison", "exact");
xw.WriteStartElement("saml", "AuthnContextClassRef", samlNamespace + "assertion");
xw.WriteString(samlNamespace + "ac:classes:PasswordProtectedTransport");
xw.WriteEndElement();
xw.WriteEndElement();
xw.WriteEndElement();
}
var xml = sw.ToString();
return Convert.ToBase64String(Deflate(xml));
}
}
/// <summary>Gets the sso logout request.</summary>
/// <param name="nameId">SSO name identifier.</param>
/// <param name="ssoInfo"></param>
/// <param name="deflate">true for Redirect, false for Post</param>
public static string GetSSOLogoutRequest(string nameId, SSOOptionsInfo ssoInfo, bool deflate)
{
string id = "_" + Guid.NewGuid();
string issueInstant = DateTime.Now.ToUniversalTime().ToString("yyyy-mm-ddTH:mm:ssZ", CultureInfo.InvariantCulture);
var samlNamespace = string.Format(CultureInfo.InvariantCulture, "urn:oasis:names:tc:SAML:{0}:", ssoInfo.SAMLVersion);
using (var sw = new StringWriter(CultureInfo.InvariantCulture))
{
var xws = new XmlWriterSettings { OmitXmlDeclaration = true };
using (XmlWriter xw = XmlWriter.Create(sw, xws))
{
xw.WriteStartElement("samlp", "LogoutRequest", samlNamespace + "protocol");
xw.WriteAttributeString("ID", id);
xw.WriteAttributeString("Version", ssoInfo.SAMLVersion);
xw.WriteAttributeString("IssueInstant", issueInstant);
xw.WriteStartElement("saml", "Issuer", samlNamespace + "assertion");
xw.WriteString(ssoInfo.Issuer);
xw.WriteEndElement();
xw.WriteStartElement("saml", "NameID", samlNamespace + "assertion");
xw.WriteAttributeString("Format", samlNamespace + "nameid-format:unspecified");
xw.WriteAttributeString("AllowCreate", "true");
xw.WriteAttributeString("SPNameQualifier", ssoInfo.Issuer);
xw.WriteString(nameId);
xw.WriteEndElement();
xw.WriteEndElement();
}
var xml = sw.ToString();
return deflate ?
Convert.ToBase64String(Deflate(xml)) :
Convert.ToBase64String(Encoding.UTF8.GetBytes(xml));
}
}
