示例#1
0
        public static string CreateSamlResponse(SamlResponseFactoryArgs args)
        {
            if (!args.Certificate.HasPrivateKey)
            {
                throw new Exception("Certificate does not not contains a private key");
            }

            var section = Saml2SectionFactory.Create(args.Audience);
            var config  = Saml2ConfigFactory.Create(section);

            Saml2Config.Init(config);

            var assertionDocument = CreateAssertionDocument(args).DocumentElement;
            var cert = args.Certificate;

            var assertion20 = new Saml20Assertion(assertionDocument, null, false);

            assertion20.Sign(cert);
            assertion20.CheckValid(new[] { cert.PublicKey.Key });

            var assertionString          = assertion20.GetXml().OuterXml;
            var deserializedAssertionDoc = new XmlDocument {
                PreserveWhitespace = true
            };

            deserializedAssertionDoc.Load(new StringReader(assertionString));
            var deserializedAssertion = new Saml20Assertion(deserializedAssertionDoc.DocumentElement, null, false);

            deserializedAssertion.CheckValid(new[] { cert.PublicKey.Key });

            var issueInstant = new IssueInstant(deserializedAssertion.Assertion.IssueInstant.Value);
            var result       = CompoundResponse(issueInstant, args.Recipient, args.Issuer, assertionString, args.RequestId);

            return(result);
        }
示例#2
0
        public static XmlDocument CreateAssertionDocument(SamlResponseFactoryArgs args)
        {
            var document = new XmlDocument
            {
                PreserveWhitespace = true,
            };
            var assertion = CreateAssertion(args);

            document.Load(new StringReader(Serialization.SerializeToXmlString(assertion)));
            return(document);
        }
示例#3
0
        private static Assertion CreateAssertion(SamlResponseFactoryArgs args)
        {
            var assertionId  = AssertionIdFactory();
            var issueInstant = IssueInstantFactory();
            var version      = VersionFactory();
            var notOnOrAfter = issueInstant.DateTime.Add(args.TimeToBeExpired);
            var authnInstant = issueInstant.DateTime;
            var sessionIndex = string.IsNullOrEmpty(args.SessionIndex.Value)
                ? SessionIndexFactory() : args.SessionIndex.Value;

            var assertion = new Assertion
            {
                Issuer       = new NameId(),
                Id           = assertionId,
                IssueInstant = issueInstant.DateTime,
                Version      = version,
            };

            assertion.Issuer.Value = args.Issuer.Value;
            assertion.Subject      = new Subject();
            var subjectConfirmation = new SubjectConfirmation
            {
                Method = SubjectConfirmation.BearerMethod,
                SubjectConfirmationData = new SubjectConfirmationData
                {
                    NotOnOrAfter = notOnOrAfter,
                    Recipient    = args.Recipient.Value,
                    InResponseTo = args.RequestId.Value,
                },
            };

            assertion.Subject.Items = new object[]
            {
                new NameId
                {
                    Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
                    Value  = args.Email.Value
                },
                subjectConfirmation
            };
            assertion.Conditions = new Conditions {
                NotOnOrAfter = notOnOrAfter
            };
            var audienceRestriction = new AudienceRestriction
            {
                Audience = new List <string>(new[] { args.Audience.Value })
            };

            assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[]
            {
                audienceRestriction
            });
            AuthnStatement authnStatement;
            {
                authnStatement              = new AuthnStatement();
                assertion.Items             = new StatementAbstract[] { authnStatement };
                authnStatement.AuthnInstant = authnInstant;
                authnStatement.SessionIndex = sessionIndex;
                authnStatement.AuthnContext = new AuthnContext
                {
                    Items = new object[]
                    {
                        "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
                    },
                    ItemsElementName = new[]
                    {
                        AuthnContextType.AuthnContextClassRef
                    }
                };
            }
            AttributeStatement attributeStatement;

            {
                attributeStatement = new AttributeStatement();
                var email = new SamlAttribute
                {
                    Name           = "User.email",
                    NameFormat     = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
                    AttributeValue = new[] { args.Email.Value }
                };
                attributeStatement.Items = new object[] { email };
            }
            assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
            return(assertion);
        }