public static IEnumerable <SecurityKey> GetEmbeddedSecurityKeys(this Saml2SecurityToken saml) { if (saml?.Assertion?.Signature?.KeyInfo == null) { Enumerable.Empty <SecurityKey>(); } return(saml.Assertion.Signature.KeyInfo.GetSecurityKeys()); }
private static void AddAuthenticationStatement(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token) { // Chage to "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" or something. var authenticationMethod = "urn:none"; var authenticationContext = new Microsoft.IdentityModel.Tokens.Saml2.Saml2AuthenticationContext(new Uri(authenticationMethod)); var authenticationStatement = new Microsoft.IdentityModel.Tokens.Saml2.Saml2AuthenticationStatement(authenticationContext); token.Assertion.Statements.Add(authenticationStatement); }
public static void SetNotOnOrAfter(this Saml2SecurityToken token, DateTime?notOnOrAfter) { var data = token.GetBearerSubjectConfirmationData(); if (data == null) { return; } data.NotOnOrAfter = notOnOrAfter; }
private static void AddConfirmationData(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token) { var confirmationData = new Microsoft.IdentityModel.Tokens.Saml2.Saml2SubjectConfirmationData { Recipient = new Uri(assertionConsumerEndpoint), NotOnOrAfter = DateTime.UtcNow.AddMinutes(tokenLifetime), }; token.Assertion.Subject.SubjectConfirmations.Add(new Microsoft.IdentityModel.Tokens.Saml2.Saml2SubjectConfirmation( Saml2Constants.ConfirmationMethods.Bearer, confirmationData)); }
public static void SetRecipient(this Saml2SecurityToken token, Uri recipient, Saml2Id inResponseTo) { var data = token.GetBearerSubjectConfirmationData(); if (data == null) { return; } data.Recipient = recipient; data.InResponseTo = inResponseTo; }
static Saml2SubjectConfirmationData GetBearerSubjectConfirmationData(this Saml2SecurityToken token) { var confirmation = token.Assertion.Subject.SubjectConfirmations.FirstOrDefault(c => c.Method == Saml2Constants.ConfirmationMethods.Bearer); if (confirmation == null) { token.Assertion.Subject.SubjectConfirmations.Add(confirmation = new Saml2SubjectConfirmation(Saml2Constants.ConfirmationMethods.Bearer)); } if (confirmation.SubjectConfirmationData == null) { confirmation.SubjectConfirmationData = new Saml2SubjectConfirmationData(); } return(confirmation.SubjectConfirmationData); }
public static void ValidateResponseToken(this Saml2SecurityToken token, string authnRequestId, DateTime now) { var data = token.GetBearerSubjectConfirmationData(); if (data == null) { throw new SecurityException("Missing bearer subject confirmation data."); } if (data.InResponseTo?.Value != authnRequestId) { throw new SecurityException($"Invalid InResponseTo. Expected '{authnRequestId}' but got '{data.InResponseTo?.Value}'."); } if (data.NotBefore != null && now < data.NotBefore) { throw new SecurityException($"NotBefore validation failed."); } if (data.NotOnOrAfter != null && data.NotOnOrAfter <= now) { throw new SecurityException($"NotOnOrAfter validation failed."); } }
public static void SetRecipient(this Saml2SecurityToken token, Uri recipient) => token.SetRecipient(recipient, null as Saml2Id);
public static Saml2Id GetInResponseTo(this Saml2SecurityToken token) { var data = token.GetBearerSubjectConfirmationData(); return(data?.InResponseTo); }
public static void SetNotOnOrAfter(this Saml2SecurityToken token) => token.SetNotOnOrAfter(token.ValidTo);
public static void SetNotBefore(this Saml2SecurityToken token) => token.SetNotBefore(token.ValidFrom);
public static void SetRecipient(this Saml2SecurityToken token, Uri recipient, string inResponseTo) => token.SetRecipient(recipient, inResponseTo != null ? new Saml2Id(inResponseTo) : null);
private static string CreateSamlResponseXml(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler tokenHandler, Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token) { var buffer = new StringBuilder(); using (var stringWriter = new StringWriter(buffer)) using (var xmlWriter = XmlWriter.Create(stringWriter, new XmlWriterSettings())) { xmlWriter.WriteStartElement("Response", "urn:oasis:names:tc:SAML:2.0:protocol"); xmlWriter.WriteAttributeString("IssueInstant", DateTime.UtcNow.ToString("s")); xmlWriter.WriteAttributeString("ID", "_" + Guid.NewGuid()); xmlWriter.WriteAttributeString("Version", "2.0"); xmlWriter.WriteStartElement("Status"); xmlWriter.WriteStartElement("StatusCode"); xmlWriter.WriteAttributeString("Value", "urn:oasis:names:tc:SAML:2.0:status:Success"); xmlWriter.WriteEndElement(); xmlWriter.WriteEndElement(); tokenHandler.WriteToken(xmlWriter, token); xmlWriter.WriteEndElement(); } return(buffer.ToString()); }