public AssertionData(AssertionType assertion) { // Find the attribute statement within the assertion AttributeStatementType ast = null; foreach (StatementAbstractType sat in assertion.Items) { if (sat.GetType().Equals(typeof(AttributeStatementType))) { ast = (AttributeStatementType)sat; } } if (ast == null) { throw new ApplicationException("Invalid SAML Assertion: Missing Attribute Values"); } SAMLAttributes = new Dictionary<string, string>(); // Do what needs to be done to pull specific attributes out for sending on // For now assuming this is a simple list of string key and string values foreach (AttributeType at in ast.Items) { SAMLAttributes.Add(at.Name, at.AttributeValue.ToString()); //switch (at.Name) //{ // case "UserID": // if (at.AttributeValue.Length > 0) UserID = at.AttributeValue[0].ToString(); // break; // case "UserFirstName": // if (at.AttributeValue.Length > 0) UserFirstName = int.Parse(at.AttributeValue[0].ToString()); // break; // case "UserLastName": // if (at.AttributeValue.Length > 0) UserLastName = at.AttributeValue[0].ToString(); // break; // case "UserDisplayName": // if (at.AttributeValue.Length > 0) UserDisplayName = at.AttributeValue[0].ToString(); // break; // case "UserEmail": // if (at.AttributeValue.Length > 0) UserEmail = at.AttributeValue[0].ToString(); // break; // case "GroupID": // if (at.AttributeValue.Length > 0) GroupID = int.Parse(at.AttributeValue[0].ToString()); // break; //} } }
/// <summary> /// Creates a SAML 2.0 Assertion Segment for a Response /// Simple implmenetation assuming a list of string key and value pairs /// </summary> /// <param name="Issuer"></param> /// <param name="AssertionExpirationMinutes"></param> /// <param name="Audience"></param> /// <param name="Subject"></param> /// <param name="Recipient"></param> /// <param name="Attributes">Dictionary of string key, string value pairs</param> /// <returns>Assertion to sign and include in Response</returns> private static AssertionType CreateSAML20Assertion(string Issuer, int AssertionExpirationMinutes, string Audience, string Subject, string Recipient, Dictionary<string, string> Attributes) { var NewAssertion = new AssertionType { Version = "2.0", IssueInstant = DateTime.UtcNow, ID = "_" + Guid.NewGuid().ToString(), Issuer = new NameIDType() {Value = Issuer.Trim()} }; // Create Issuer // Create Assertion Subject var subject = new SubjectType(); var subjectNameIdentifier = new NameIDType() { Value = Subject.Trim(), Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }; var subjectConfirmation = new SubjectConfirmationType() { Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer", SubjectConfirmationData = new SubjectConfirmationDataType() { NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes), Recipient = Recipient } }; subject.Items = new object[] { subjectNameIdentifier, subjectConfirmation }; NewAssertion.Subject = subject; // Create Assertion Conditions var conditions = new ConditionsType { NotBefore = DateTime.UtcNow, NotBeforeSpecified = true, NotOnOrAfter = DateTime.UtcNow.AddMinutes(AssertionExpirationMinutes), NotOnOrAfterSpecified = true, Items = new ConditionAbstractType[] {new AudienceRestrictionType() {Audience = new string[] {Audience.Trim()}}} }; NewAssertion.Conditions = conditions; // Add AuthnStatement and Attributes as Items var authStatement = new AuthnStatementType() { AuthnInstant = DateTime.UtcNow, SessionIndex = NewAssertion.ID }; var context = new AuthnContextType(); context.ItemsElementName = new[] { ItemsChoiceType5.AuthnContextClassRef }; context.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" }; authStatement.AuthnContext = context; var attributeStatement = new AttributeStatementType(); attributeStatement.Items = new AttributeType[Attributes.Count]; int i = 0; foreach (KeyValuePair<string, string> attribute in Attributes) { attributeStatement.Items[i] = new AttributeType() { Name = attribute.Key, AttributeValue = new object[] { attribute.Value }, NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" }; i++; } NewAssertion.Items = new StatementAbstractType[] { authStatement, attributeStatement }; return NewAssertion; }