public static string CreateSamlResponse(SamlResponseFactoryArgs args)
{
if (!args.Certificate.HasPrivateKey)
{
throw new Exception("Certificate does not not contains a private key");
}
var section = Saml2SectionFactory.Create(args.Audience);
var config = Saml2ConfigFactory.Create(section);
Saml2Config.Init(config);
var assertionDocument = CreateAssertionDocument(args).DocumentElement;
var cert = args.Certificate;
var assertion20 = new Saml20Assertion(assertionDocument, null, false);
assertion20.Sign(cert);
assertion20.CheckValid(new[] { cert.PublicKey.Key });
var assertionString = assertion20.GetXml().OuterXml;
var deserializedAssertionDoc = new XmlDocument {
PreserveWhitespace = true
};
deserializedAssertionDoc.Load(new StringReader(assertionString));
var deserializedAssertion = new Saml20Assertion(deserializedAssertionDoc.DocumentElement, null, false);
deserializedAssertion.CheckValid(new[] { cert.PublicKey.Key });
var issueInstant = new IssueInstant(deserializedAssertion.Assertion.IssueInstant.Value);
var result = CompoundResponse(issueInstant, args.Recipient, args.Issuer, assertionString, args.RequestId);
return(result);
}
public static XmlDocument CreateAssertionDocument(SamlResponseFactoryArgs args)
{
var document = new XmlDocument
{
PreserveWhitespace = true,
};
var assertion = CreateAssertion(args);
document.Load(new StringReader(Serialization.SerializeToXmlString(assertion)));
return(document);
}
private static Assertion CreateAssertion(SamlResponseFactoryArgs args)
{
var assertionId = AssertionIdFactory();
var issueInstant = IssueInstantFactory();
var version = VersionFactory();
var notOnOrAfter = issueInstant.DateTime.Add(args.TimeToBeExpired);
var authnInstant = issueInstant.DateTime;
var sessionIndex = string.IsNullOrEmpty(args.SessionIndex.Value)
? SessionIndexFactory() : args.SessionIndex.Value;
var assertion = new Assertion
{
Issuer = new NameId(),
Id = assertionId,
IssueInstant = issueInstant.DateTime,
Version = version,
};
assertion.Issuer.Value = args.Issuer.Value;
assertion.Subject = new Subject();
var subjectConfirmation = new SubjectConfirmation
{
Method = SubjectConfirmation.BearerMethod,
SubjectConfirmationData = new SubjectConfirmationData
{
NotOnOrAfter = notOnOrAfter,
Recipient = args.Recipient.Value,
InResponseTo = args.RequestId.Value,
},
};
assertion.Subject.Items = new object[]
{
new NameId
{
Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
Value = args.Email.Value
},
subjectConfirmation
};
assertion.Conditions = new Conditions {
NotOnOrAfter = notOnOrAfter
};
var audienceRestriction = new AudienceRestriction
{
Audience = new List <string>(new[] { args.Audience.Value })
};
assertion.Conditions.Items = new List <ConditionAbstract>(new ConditionAbstract[]
{
audienceRestriction
});
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = authnInstant;
authnStatement.SessionIndex = sessionIndex;
authnStatement.AuthnContext = new AuthnContext
{
Items = new object[]
{
"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
},
ItemsElementName = new[]
{
AuthnContextType.AuthnContextClassRef
}
};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
var email = new SamlAttribute
{
Name = "User.email",
NameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
AttributeValue = new[] { args.Email.Value }
};
attributeStatement.Items = new object[] { email };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return(assertion);
}