/// <summary>
/// Create an authenticate request aimed for this idp.
/// </summary>
/// <param name="returnUrl">The return url where the browser should be sent after
/// successful authentication.</param>
/// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
/// in the created AuthnRequest</param>
/// <param name="relayData">Aux data that should be preserved across the authentication</param>
/// <returns>AuthnRequest</returns>
public Saml2AuthenticationRequest CreateAuthenticateRequest(
Uri returnUrl,
AuthServicesUrls authServicesUrls,
object relayData)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException(nameof(authServicesUrls));
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
};
var responseData = new StoredRequestState(EntityId, returnUrl, relayData);
PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData);
return(authnRequest);
}
internal static void Add(Saml2Id id, StoredRequestState idp)
{
lock (pendingAuthnRequest)
{
if (pendingAuthnRequest.ContainsKey(id))
{
throw new InvalidOperationException("AuthnRequest id can't be reused.");
}
pendingAuthnRequest.Add(id, idp);
}
}
internal static void Add(Saml2Id id, StoredRequestState idp)
{
lock (pendingAuthnRequest)
{
if (pendingAuthnRequest.ContainsKey(id))
{
throw new InvalidOperationException("AuthnRequest id can't be reused.");
}
pendingAuthnRequest.Add(id, idp);
}
}
internal static bool TryRemove(Saml2Id id, out StoredRequestState idp)
{
lock (pendingAuthnRequest)
{
if (id != null && pendingAuthnRequest.ContainsKey(id))
{
idp = pendingAuthnRequest[id];
return pendingAuthnRequest.Remove(id);
}
idp = null;
return false;
}
}
internal static bool TryRemove(Saml2Id id, out StoredRequestState idp)
{
lock (pendingAuthnRequest)
{
if (id != null && pendingAuthnRequest.ContainsKey(id))
{
idp = pendingAuthnRequest[id];
return(pendingAuthnRequest.Remove(id));
}
idp = null;
return(false);
}
}
public Saml2AuthenticationRequest CreateAuthenticateRequest(Uri returnUri)
{
var request = new Saml2AuthenticationRequest()
{
DestinationUri = AssertionConsumerServiceUrl,
AssertionConsumerServiceUrl = KentorAuthServicesSection.Current.AssertionConsumerServiceUrl,
Issuer = KentorAuthServicesSection.Current.EntityId
};
var responseData = new StoredRequestState(EntityId, returnUri);
PendingAuthnRequests.Add(new Saml2Id(request.Id), responseData);
return(request);
}
public Saml2AuthenticationRequest CreateAuthenticateRequest(
Uri returnUrl,
AuthServicesUrls authServicesUrls,
object relayData)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException(nameof(authServicesUrls));
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
NameIdPolicy = spOptions.NameIdPolicy,
RequestedAuthnContext = spOptions.RequestedAuthnContext
};
if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always ||
(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned &&
WantAuthnRequestsSigned))
{
if (spOptions.SigningServiceCertificate == null)
{
throw new ConfigurationErrorsException(
string.Format(
CultureInfo.InvariantCulture,
"Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
EntityId.Id));
}
authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
}
var requestState = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);
PendingAuthnRequests.Add(authnRequest.RelayState, requestState);
return(authnRequest);
}
/// <summary>
/// Create an authenticate request aimed for this idp.
/// </summary>
/// <param name="returnUrl">The return url where the browser should be sent after
/// successful authentication.</param>
/// <param name="authServicesUrls">Urls for AuthServices, used to populate fields
/// in the created AuthnRequest</param>
/// <param name="relayData">Aux data that should be preserved across the authentication</param>
/// <returns>AuthnRequest</returns>
public Saml2AuthenticationRequest CreateAuthenticateRequest(
Uri returnUrl,
AuthServicesUrls authServicesUrls,
object relayData)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException("authServicesUrls");
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null
};
var responseData = new StoredRequestState(EntityId, returnUrl, relayData);
PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData);
return authnRequest;
}
public Saml2AuthenticationRequest CreateAuthenticateRequest(
Uri returnUrl,
AuthServicesUrls authServicesUrls,
object relayData)
{
if (authServicesUrls == null)
{
throw new ArgumentNullException(nameof(authServicesUrls));
}
var authnRequest = new Saml2AuthenticationRequest()
{
DestinationUrl = SingleSignOnServiceUrl,
AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl,
Issuer = spOptions.EntityId,
// For now we only support one attribute consuming service.
AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null,
};
if(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always)
{
if(spOptions.SigningServiceCertificate == null)
{
throw new ConfigurationErrorsException(
string.Format(
CultureInfo.InvariantCulture,
"Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".",
EntityId.Id));
}
authnRequest.SigningCertificate = spOptions.SigningServiceCertificate;
}
var responseData = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData);
PendingAuthnRequests.Add(authnRequest.RelayState, responseData);
return authnRequest;
}