/// <summary>
        /// Create an authenticate request aimed for this idp.
        /// </summary>
        /// <param name="returnUrl">The return url where the browser should be sent after
        /// successful authentication.</param>
        /// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
        /// in the created AuthnRequest</param>
        /// <param name="relayData">Aux data that should be preserved across the authentication</param>
        /// <returns>AuthnRequest</returns>
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
            };

            var responseData = new StoredRequestState(EntityId, returnUrl, relayData);

            PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData);

            return(authnRequest);
        }
        public Saml2AuthenticationRequest CreateAuthenticateRequest()
        {
            var request = new Saml2AuthenticationRequest()
            {
                DestinationUri = DestinationUri,
                AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
                Issuer = KentorAuthServicesSection.Current.Issuer
            };

            PendingAuthnRequests.Add(new Saml2Id(request.Id), Issuer);

            return(request);
        }
示例#3
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(Uri returnUri)
        {
            var request = new Saml2AuthenticationRequest()
            {
                DestinationUri = AssertionConsumerServiceUrl,
                AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
                Issuer = KentorAuthServicesSection.Current.EntityId
            };

            var responseData = new StoredRequestState(EntityId, returnUri);

            PendingAuthnRequests.Add(new Saml2Id(request.Id), responseData);

            return(request);
        }
示例#4
0
        public Saml2AuthenticationRequest CreateAuthenticateRequest(
            Uri returnUrl,
            AuthServicesUrls authServicesUrls,
            object relayData)
        {
            if (authServicesUrls == null)
            {
                throw new ArgumentNullException(nameof(authServicesUrls));
            }

            var authnRequest = new Saml2AuthenticationRequest()
            {
                DestinationUrl = SingleSignOnServiceUrl,
                AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
                Issuer = spOptions.EntityId,
                // For now we only support one attribute consuming service.
                AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
                NameIdPolicy          = spOptions.NameIdPolicy,
                RequestedAuthnContext = spOptions.RequestedAuthnContext
            };

            if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always ||
                (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned &&
                 WantAuthnRequestsSigned))
            {
                if (spOptions.SigningServiceCertificate == null)
                {
                    throw new ConfigurationErrorsException(
                              string.Format(
                                  CultureInfo.InvariantCulture,
                                  "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
                                  EntityId.Id));
                }

                authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
            }

            var requestState = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);

            PendingAuthnRequests.Add(authnRequest.RelayState, requestState);

            return(authnRequest);
        }
示例#5
0
 private bool ValidateInResponseTo()
 {
     if (InResponseTo == null &&
         KentorAuthServicesSection.Current.IdentityProviders
         .Single(idpConfig => idpConfig.Issuer == this.Issuer).AllowUnsolicitedAuthnResponse)
     {
         return(true);
     }
     else
     {
         string sentToIdp;
         bool   knownInResponseToId = PendingAuthnRequests.TryRemove(InResponseTo, out sentToIdp);
         if (!knownInResponseToId)
         {
             return(false);
         }
         if (sentToIdp != Issuer)
         {
             return(false);
         }
         return(true);
     }
 }
示例#6
0
 /// <summary>
 /// Validates the in response to.
 /// </summary>
 /// <returns></returns>
 private bool ValidateInResponseTo()
 {
     if (InResponseTo == null &&
         IdentityProvider.ActiveIdentityProviders[Issuer].AllowUnsolicitedAuthnResponse)
     {
         return(true);
     }
     else
     {
         StoredRequestState storedRequestState;
         bool knownInResponseToId = PendingAuthnRequests.TryRemove(InResponseTo, out storedRequestState);
         if (!knownInResponseToId)
         {
             return(false);
         }
         RequestState = storedRequestState;
         if (RequestState.Idp.Id != Issuer.Id)
         {
             return(false);
         }
         return(true);
     }
 }