示例#1
0
 public static IEnumerable <SecurityKey> GetEmbeddedSecurityKeys(this Saml2SecurityToken saml)
 {
     if (saml?.Assertion?.Signature?.KeyInfo == null)
     {
         Enumerable.Empty <SecurityKey>();
     }
     return(saml.Assertion.Signature.KeyInfo.GetSecurityKeys());
 }
示例#2
0
        private static void AddAuthenticationStatement(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token)
        {
            // Chage to "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" or something.
            var authenticationMethod = "urn:none";

            var authenticationContext   = new Microsoft.IdentityModel.Tokens.Saml2.Saml2AuthenticationContext(new Uri(authenticationMethod));
            var authenticationStatement = new Microsoft.IdentityModel.Tokens.Saml2.Saml2AuthenticationStatement(authenticationContext);

            token.Assertion.Statements.Add(authenticationStatement);
        }
示例#3
0
        public static void SetNotOnOrAfter(this Saml2SecurityToken token, DateTime?notOnOrAfter)
        {
            var data = token.GetBearerSubjectConfirmationData();

            if (data == null)
            {
                return;
            }

            data.NotOnOrAfter = notOnOrAfter;
        }
示例#4
0
        private static void AddConfirmationData(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token)
        {
            var confirmationData = new Microsoft.IdentityModel.Tokens.Saml2.Saml2SubjectConfirmationData
            {
                Recipient    = new Uri(assertionConsumerEndpoint),
                NotOnOrAfter = DateTime.UtcNow.AddMinutes(tokenLifetime),
            };

            token.Assertion.Subject.SubjectConfirmations.Add(new Microsoft.IdentityModel.Tokens.Saml2.Saml2SubjectConfirmation(
                                                                 Saml2Constants.ConfirmationMethods.Bearer, confirmationData));
        }
示例#5
0
        public static void SetRecipient(this Saml2SecurityToken token, Uri recipient, Saml2Id inResponseTo)
        {
            var data = token.GetBearerSubjectConfirmationData();

            if (data == null)
            {
                return;
            }

            data.Recipient    = recipient;
            data.InResponseTo = inResponseTo;
        }
示例#6
0
        static Saml2SubjectConfirmationData GetBearerSubjectConfirmationData(this Saml2SecurityToken token)
        {
            var confirmation = token.Assertion.Subject.SubjectConfirmations.FirstOrDefault(c => c.Method == Saml2Constants.ConfirmationMethods.Bearer);

            if (confirmation == null)
            {
                token.Assertion.Subject.SubjectConfirmations.Add(confirmation = new Saml2SubjectConfirmation(Saml2Constants.ConfirmationMethods.Bearer));
            }
            if (confirmation.SubjectConfirmationData == null)
            {
                confirmation.SubjectConfirmationData = new Saml2SubjectConfirmationData();
            }
            return(confirmation.SubjectConfirmationData);
        }
示例#7
0
        public static void ValidateResponseToken(this Saml2SecurityToken token, string authnRequestId, DateTime now)
        {
            var data = token.GetBearerSubjectConfirmationData();

            if (data == null)
            {
                throw new SecurityException("Missing bearer subject confirmation data.");
            }

            if (data.InResponseTo?.Value != authnRequestId)
            {
                throw new SecurityException($"Invalid InResponseTo. Expected '{authnRequestId}' but got '{data.InResponseTo?.Value}'.");
            }

            if (data.NotBefore != null && now < data.NotBefore)
            {
                throw new SecurityException($"NotBefore validation failed.");
            }
            if (data.NotOnOrAfter != null && data.NotOnOrAfter <= now)
            {
                throw new SecurityException($"NotOnOrAfter validation failed.");
            }
        }
示例#8
0
 public static void SetRecipient(this Saml2SecurityToken token, Uri recipient) => token.SetRecipient(recipient, null as Saml2Id);
示例#9
0
        public static Saml2Id GetInResponseTo(this Saml2SecurityToken token)
        {
            var data = token.GetBearerSubjectConfirmationData();

            return(data?.InResponseTo);
        }
示例#10
0
 public static void SetNotOnOrAfter(this Saml2SecurityToken token)
 => token.SetNotOnOrAfter(token.ValidTo);
示例#11
0
 public static void SetNotBefore(this Saml2SecurityToken token)
 => token.SetNotBefore(token.ValidFrom);
示例#12
0
 public static void SetRecipient(this Saml2SecurityToken token, Uri recipient, string inResponseTo) => token.SetRecipient(recipient, inResponseTo != null ? new Saml2Id(inResponseTo) : null);
示例#13
0
        private static string CreateSamlResponseXml(Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler tokenHandler, Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token)
        {
            var buffer = new StringBuilder();

            using (var stringWriter = new StringWriter(buffer))
                using (var xmlWriter = XmlWriter.Create(stringWriter, new XmlWriterSettings()))
                {
                    xmlWriter.WriteStartElement("Response", "urn:oasis:names:tc:SAML:2.0:protocol");
                    xmlWriter.WriteAttributeString("IssueInstant", DateTime.UtcNow.ToString("s"));
                    xmlWriter.WriteAttributeString("ID", "_" + Guid.NewGuid());
                    xmlWriter.WriteAttributeString("Version", "2.0");

                    xmlWriter.WriteStartElement("Status");
                    xmlWriter.WriteStartElement("StatusCode");
                    xmlWriter.WriteAttributeString("Value", "urn:oasis:names:tc:SAML:2.0:status:Success");
                    xmlWriter.WriteEndElement();
                    xmlWriter.WriteEndElement();

                    tokenHandler.WriteToken(xmlWriter, token);

                    xmlWriter.WriteEndElement();
                }

            return(buffer.ToString());
        }