public static IDictionary <string, string> GetSignInResponseMessageContext( this WSFederationAuthenticationModule fam, HttpContext context) { var message = fam.GetSignInResponseMessage(context.Request); var ctx = message.Context.ToDictionary(); return(ctx); }
public ActionResult IssueResponse() { var fam = new WSFederationAuthenticationModule(); fam.FederationConfiguration = new FederationConfiguration(); if (fam.CanReadSignInResponse(Request)) { var responseMessage = fam.GetSignInResponseMessage(Request); return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)); } return View("Error"); }
public ActionResult IssueResponse() { var fam = new WSFederationAuthenticationModule(); fam.FederationConfiguration = new FederationConfiguration(); if (fam.CanReadSignInResponse(Request)) { var responseMessage = fam.GetSignInResponseMessage(Request); return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request))); } return(View("Error")); }
public static void AddSignInResponseParametersToForm(this WSFederationAuthenticationModule fam, HttpContext context, HtmlForm form) { var message = fam.GetSignInResponseMessage(context.Request); foreach (var parameter in message.GetParameters()) { var input = new HtmlGenericControl("input"); input.Attributes["type"] = "hidden"; input.Attributes["name"] = parameter.Key; input.Attributes["value"] = parameter.Value; TraceInformation("AddSignInResponseParametersToForm", "parameter.Key={0}, parameter.Value={1}", parameter.Key, parameter.Value); form.Controls.Add(input); } }
public static string GetSignInResponseMessageAsFormPost( this WSFederationAuthenticationModule fam, HttpContext context, Uri uri) { var message = fam.GetSignInResponseMessage(context.Request); message.BaseUri = uri; // clean out the non-WIF parameters var parametersToRemove = GetUnknownParameters(message).Select(parameter => parameter.Key).ToList(); foreach (var parameter in parametersToRemove) { message.RemoveParameter(parameter); } var post = message.WriteFormPost(); return(post); }
public ActionResult ProcessWSFedResponse() { var fam = new WSFederationAuthenticationModule(); fam.FederationConfiguration = new FederationConfiguration(); if (ConfigurationRepository.Keys.DecryptionCertificate != null) { var idConfig = new IdentityConfiguration(); idConfig.ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver( new ReadOnlyCollection <SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false); fam.FederationConfiguration.IdentityConfiguration = idConfig; } if (fam.CanReadSignInResponse(Request)) { var token = fam.GetSecurityToken(Request); return(ProcessWSFedSignInResponse(fam.GetSignInResponseMessage(Request), token)); } return(View("Error")); }
public ActionResult ProcessWSFedResponse() { var fam = new WSFederationAuthenticationModule(); fam.FederationConfiguration = new FederationConfiguration(); if (ConfigurationRepository.Keys.DecryptionCertificate != null) { var idConfig = new IdentityConfiguration(); idConfig.ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver( new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false); fam.FederationConfiguration.IdentityConfiguration = idConfig; } if (fam.CanReadSignInResponse(Request)) { var token = fam.GetSecurityToken(Request); return ProcessWSFedSignInResponse(fam.GetSignInResponseMessage(Request), token); } return View("Error"); }
public ActionResult IssueResponse() { if (Request.Form.HasKeys()) { if (Request.Form["SAMLResponse"] != null) { var samlResponse = Request.Form["SAMLResponse"]; var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse))); Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token; using (var sr = new StringReader(responseDecoded)) { using (var reader = XmlReader.Create(sr)) { reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion"); var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree()); } } var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString(); var issuer = token.Assertion.Issuer.Value; var rstr = new RequestSecurityTokenResponse { TokenType = Constants.TokenKeys.TokenType, RequestType = Constants.TokenKeys.RequestType, KeyType = Constants.TokenKeys.KeyType, Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter), AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)), RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded)) }; var principal = GetClaimsIdentity(rstr); if (principal != null) { var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal); var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm); var ipc = new SamlTokenServiceConfiguration(issuer); SecurityTokenService identityProvider = new SamlTokenService(ipc); var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider); new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri); Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response); } //return new EmptyResult(); } var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() }; if (fam.CanReadSignInResponse(Request)) { var responseMessage = fam.GetSignInResponseMessage(Request); return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)); } } return View("Error"); }
public ActionResult IssueResponse() { if (Request.Form.HasKeys()) { if (Request.Form["SAMLResponse"] != null) { var samlResponse = Request.Form["SAMLResponse"]; var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse))); Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token; using (var sr = new StringReader(responseDecoded)) { using (var reader = XmlReader.Create(sr)) { reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion"); var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(); token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree()); } } var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString(); var issuer = token.Assertion.Issuer.Value; var rstr = new RequestSecurityTokenResponse { TokenType = Constants.TokenKeys.TokenType, RequestType = Constants.TokenKeys.RequestType, KeyType = Constants.TokenKeys.KeyType, Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter), AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)), RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded)) }; var principal = GetClaimsIdentity(rstr); if (principal != null) { var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal); var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm); var ipc = new SamlTokenServiceConfiguration(issuer); SecurityTokenService identityProvider = new SamlTokenService(ipc); var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider); new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri); Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response); } //return new EmptyResult(); } var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() }; if (fam.CanReadSignInResponse(Request)) { var responseMessage = fam.GetSignInResponseMessage(Request); return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request))); } } return(View("Error")); }