示例#1
0
        /// <summary>
        /// Initializes a new instance of the ArtifactResolve class.
        /// </summary>
        /// <param name="serviceProvider">Service Provider to issue this request</param>
        /// <param name="artifact">SAMLv2 Artifact</param>
        public ArtifactResolve(IServiceProvider serviceProvider, Artifact artifact, Saml2Utils saml2Utils)
        {
            xml = new XmlDocument();
            xml.PreserveWhitespace = true;

            nsMgr = new XmlNamespaceManager(xml.NameTable);
            nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
            nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");

            Id = saml2Utils.GenerateId();
            IssueInstant = saml2Utils.GenerateIssueInstant();
            Issuer = serviceProvider.EntityId;
            Artifact = artifact;

            var rawXml = new StringBuilder();
            rawXml.Append("<samlp:ArtifactResolve");
            rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
            rawXml.Append(" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"");
            rawXml.Append(" ID=\"" + Id + "\"");
            rawXml.Append(" Version=\"2.0\"");
            rawXml.Append(" IssueInstant=\"" + IssueInstant + "\"");
            rawXml.Append(">");
            rawXml.Append(" <saml:Issuer>" + Issuer + "</saml:Issuer>");
            rawXml.Append(" <samlp:Artifact>" + Artifact + "</samlp:Artifact>");
            rawXml.Append("</samlp:ArtifactResolve>");

            xml.LoadXml(rawXml.ToString());
        }
示例#2
0
        /// <summary>
        /// Initializes a new instance of the ArtifactResolve class.
        /// </summary>
        /// <param name="serviceProvider">Service Provider to issue this request</param>
        /// <param name="artifact">SAMLv2 Artifact</param>
        public ArtifactResolve(ServiceProvider serviceProvider, Artifact artifact)
        {
            this.xml = new XmlDocument();
            this.xml.PreserveWhitespace = true;

            this.nsMgr = new XmlNamespaceManager(this.xml.NameTable);
            this.nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
            this.nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");

            this.Id           = Saml2Utils.GenerateId();
            this.IssueInstant = Saml2Utils.GenerateIssueInstant();
            this.Issuer       = serviceProvider.EntityId;
            this.Artifact     = artifact;

            StringBuilder rawXml = new StringBuilder();

            rawXml.Append("<samlp:ArtifactResolve");
            rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
            rawXml.Append(" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"");
            rawXml.Append(" ID=\"" + this.Id + "\"");
            rawXml.Append(" Version=\"2.0\"");
            rawXml.Append(" IssueInstant=\"" + this.IssueInstant + "\"");
            rawXml.Append(">");
            rawXml.Append(" <saml:Issuer>" + this.Issuer + "</saml:Issuer>");
            rawXml.Append(" <samlp:Artifact>" + this.Artifact.ToString() + "</samlp:Artifact>");
            rawXml.Append("</samlp:ArtifactResolve>");

            this.xml.LoadXml(rawXml.ToString());
        }
示例#3
0
        /// <summary>
        /// Initializes a new instance of the AuthnRequest class.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider to receive the AuthnRequest
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider to issue the AuthnRequest
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the
        /// construction of the AuthnRequest.
        /// </param>
        public AuthnRequest(IdentityProvider identityProvider, ServiceProvider serviceProvider, NameValueCollection parameters)
        {
            this.xml = new XmlDocument();
            this.xml.PreserveWhitespace = true;

            this.nsMgr = new XmlNamespaceManager(this.xml.NameTable);
            this.nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
            this.nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");

            this.Id           = Saml2Utils.GenerateId();
            this.IssueInstant = Saml2Utils.GenerateIssueInstant();
            this.Issuer       = serviceProvider.EntityId;

            if (parameters != null)
            {
                this.AllowCreate = Saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]);
                this.AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex];
                this.Binding     = parameters[Saml2Constants.Binding];
                this.Consent     = parameters[Saml2Constants.Consent];
                this.Destination = parameters[Saml2Constants.Destination];
                this.ForceAuthn  = Saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]);
                this.IsPassive   = Saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]);
            }

            string assertionConsumerSvcUrl = null;

            if (!String.IsNullOrEmpty(this.Binding))
            {
                if (!String.IsNullOrEmpty(this.AssertionConsumerServiceIndex))
                {
                    // find assertion consumer service location by binding and index.
                    assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(this.Binding, this.AssertionConsumerServiceIndex);
                }
                else
                {
                    // find assertion consumer service location by binding only, using first found.
                    assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(this.Binding);
                }
            }

            // neither index nor binding, throw exception
            if (String.IsNullOrEmpty(this.AssertionConsumerServiceIndex) && String.IsNullOrEmpty(assertionConsumerSvcUrl))
            {
                throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined);
            }

            // If destination not specified, use SSO location by binding
            if (string.IsNullOrEmpty(this.Destination))
            {
                this.Destination
                    = identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]);

                if (string.IsNullOrEmpty(this.Destination))
                {
                    // default to HttpRedirect
                    this.Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
                }
            }

            // Get RequestedAuthnContext if parameters are available...
            RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters);

            // Get Scoping if available...
            Scoping scoping = GetScoping(serviceProvider);

            // Generate the XML for the AuthnRequest...
            StringBuilder rawXml = new StringBuilder();

            rawXml.Append("<samlp:AuthnRequest");
            rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
            rawXml.Append(" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"");
            rawXml.Append(" ID=\"" + this.Id + "\"");
            rawXml.Append(" Version=\"2.0\"");
            rawXml.Append(" IssueInstant=\"" + this.IssueInstant + "\"");
            rawXml.Append(" IsPassive=\"" + (this.IsPassive ? "true" : "false") + "\"");
            rawXml.Append(" ForceAuthn=\"" + (this.ForceAuthn ? "true" : "false") + "\"");

            if (!String.IsNullOrEmpty(this.Consent))
            {
                rawXml.Append(" Consent=\"" + this.Consent + "\"");
            }

            if (!String.IsNullOrEmpty(this.Destination))
            {
                rawXml.Append(" Destination=\"" + this.Destination + "\"");
            }

            if (!String.IsNullOrEmpty(assertionConsumerSvcUrl))
            {
                rawXml.Append(" ProtocolBinding=\"" + this.Binding + "\"");
                rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\"");
            }
            else
            {
                rawXml.Append(" AssertionConsumerIndex=\"" + this.AssertionConsumerServiceIndex + "\"");
            }

            rawXml.Append(">");
            rawXml.Append("<saml:Issuer>" + serviceProvider.EntityId + "</saml:Issuer>");
            rawXml.Append("<samlp:NameIDPolicy AllowCreate=\"" + (this.AllowCreate ? "true" : "false") + "\" />");

            if (reqAuthnContext != null)
            {
                rawXml.Append(reqAuthnContext.GenerateXmlString());
            }

            if (scoping != null)
            {
                rawXml.Append(scoping.GenerateXmlString());
            }

            rawXml.Append("</samlp:AuthnRequest>");

            this.xml.LoadXml(rawXml.ToString());
        }
        /// <summary>
        /// Initializes a new instance of the AttributeQueryRequest class.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider of the AttributeQueryRequest
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider of the AttributeQueryRequest
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the
        /// construction of the AttributeQueryRequest.
        /// </param>
        /// <param name="attributes">
        /// List of SamlAttribute to query
        /// </param>
        public AttributeQueryRequest(IdentityProvider identityProvider,
                                     ServiceProvider serviceProvider, NameValueCollection parameters, List <SamlAttribute> attributes)
        {
            try
            {
                this.xml = new XmlDocument();
                this.xml.PreserveWhitespace = true;
                this.X509SubjectName        = false;

                this.nsMgr = new XmlNamespaceManager(this.xml.NameTable);
                this.nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
                this.nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
                this.nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");

                string subjectNameId = null;

                if (parameters != null)
                {
                    subjectNameId        = parameters[Saml2Constants.SubjectNameId];
                    this.X509SubjectName = Saml2Utils.GetBoolean(parameters[Saml2Constants.X509SubjectName]);
                }

                if (string.IsNullOrWhiteSpace(subjectNameId))
                {
                    throw new Saml2Exception(Resources.AttributeQueryRequestSubjectNameIdNotDefined);
                }
                else if (serviceProvider == null)
                {
                    throw new Saml2Exception(Resources.AttributeQueryRequestServiceProviderIsNull);
                }
                else if (identityProvider == null)
                {
                    throw new Saml2Exception(Resources.AttributeQueryRequestIdentityProviderIsNull);
                }
                else if (attributes == null || attributes.Count == 0)
                {
                    throw new Saml2Exception(Resources.AttributeQueryRequestIsEmpty);
                }

                StringBuilder rawXml = new StringBuilder();
                rawXml.Append("<samlp:AttributeQuery xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"");
                rawXml.Append(" ID=\"" + Saml2Utils.GenerateId() + "\"");
                rawXml.Append(" Version=\"2.0\"");
                rawXml.Append(" IssueInstant=\"" + Saml2Utils.GenerateIssueInstant() + "\">");
                rawXml.Append("<saml:Issuer>" + serviceProvider.EntityId + "</saml:Issuer>");
                rawXml.Append("<saml:Subject>");
                rawXml.Append("<saml:NameID");

                if (this.X509SubjectName)
                {
                    rawXml.Append(" Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\"");
                }
                else
                {
                    rawXml.Append(" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\"");
                }

                rawXml.Append(" SPNameQualifier=\"" + serviceProvider.EntityId + "\"");
                rawXml.Append(" NameQualifier=\"" + identityProvider.EntityId + "\">" + subjectNameId + "</saml:NameID>");
                rawXml.Append("</saml:Subject>");

                foreach (SamlAttribute attr in attributes)
                {
                    if (attr != null)
                    {
                        rawXml.Append(attr.ToString());
                    }
                }

                rawXml.Append("</samlp:AttributeQuery>");

                this.xml.LoadXml(rawXml.ToString());
            }
            catch (ArgumentNullException ane)
            {
                throw new Saml2Exception(Resources.AttributeQueryRequestNullArgument, ane);
            }
            catch (XmlException xe)
            {
                throw new Saml2Exception(Resources.AttributeQueryRequestXmlException, xe);
            }
        }
示例#5
0
        /// <summary>
        /// Initializes a new instance of the LogoutResponse class based on
        /// the complimentary logout request.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider of the LogoutResponse
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider of the LogoutResponse
        /// </param>
        /// <param name="logoutRequest">
        /// Logout request that requires this response
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the
        /// construction of the LogoutResponse.
        /// </param>
        public LogoutResponse(
            IIdentityProvider identityProvider,
            IServiceProvider serviceProvider,
            LogoutRequest logoutRequest,
            NameValueCollection parameters)
        {
            if (identityProvider == null)
            {
                throw new Saml2Exception(Resources.LogoutResponseIdentityProviderIsNull);
            }
            if (serviceProvider == null)
            {
                throw new Saml2Exception(Resources.LogoutResponseServiceProviderIsNull);
            }
            if (logoutRequest == null)
            {
                throw new Saml2Exception(Resources.LogoutResponseLogoutRequestIsNull);
            }

            if (parameters == null)
            {
                parameters = new NameValueCollection();
            }

            var inResponseToValue = logoutRequest.Id;
            var issuerValue       = serviceProvider.EntityId;

            var binding = parameters[Saml2Constants.Binding];

            if (string.IsNullOrEmpty(binding))
            {
                binding = Saml2Constants.HttpPostProtocolBinding;
            }

            string idpSvcResponseLocation = null;

            if (binding != Saml2Constants.HttpSoapProtocolBinding)
            {
                idpSvcResponseLocation = identityProvider.GetSingleLogoutServiceResponseLocation(binding);
            }

            m_xml = new XmlDocument {
                PreserveWhitespace = true
            };

            m_nsMgr = new XmlNamespaceManager(m_xml.NameTable);
            m_nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
            m_nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");

            var rawXml = new StringBuilder();

            rawXml.Append("<samlp:LogoutResponse xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ");
            rawXml.Append(" ID=\"" + Saml2Utils.GenerateId() + "\" Version=\"2.0\" ");
            rawXml.Append(" IssueInstant=\"" + Saml2Utils.GenerateIssueInstant() + "\" ");

            if (idpSvcResponseLocation != null)
            {
                rawXml.Append(" Destination=\"" + idpSvcResponseLocation + "\" ");
            }

            rawXml.Append(" InResponseTo=\"" + inResponseToValue + "\">");
            rawXml.Append(" <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + issuerValue +
                          "</saml:Issuer>");
            rawXml.Append(" <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">");
            rawXml.Append("   <samlp:StatusCode ");
            rawXml.Append("     xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ");
            rawXml.Append("     Value=\"" + Saml2Constants.Success + "\">");
            rawXml.Append("   </samlp:StatusCode>");
            rawXml.Append(" </samlp:Status>");
            rawXml.Append("</samlp:LogoutResponse>");

            m_xml.LoadXml(rawXml.ToString());
        }
示例#6
0
        /// <summary>
        /// Initializes a new instance of the LogoutRequest class.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider of the LogoutRequest
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider of the LogoutRequest
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the
        /// construction of the LogoutRequest.
        /// </param>
        public LogoutRequest(
            IdentityProvider identityProvider,
            ServiceProvider serviceProvider,
            NameValueCollection parameters)
        {
            try
            {
                this.xml = new XmlDocument();
                this.xml.PreserveWhitespace = true;

                this.nsMgr = new XmlNamespaceManager(this.xml.NameTable);
                this.nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
                this.nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
                this.nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");

                string sessionIndex  = null;
                string subjectNameId = null;
                string binding       = null;
                string destination   = null;

                if (parameters != null)
                {
                    sessionIndex  = parameters[Saml2Constants.SessionIndex];
                    subjectNameId = parameters[Saml2Constants.SubjectNameId];
                    binding       = parameters[Saml2Constants.Binding];
                    destination   = parameters[Saml2Constants.Destination];
                }

                if (String.IsNullOrEmpty(sessionIndex))
                {
                    throw new Saml2Exception(Resources.LogoutRequestSessionIndexNotDefined);
                }
                else if (String.IsNullOrEmpty(subjectNameId))
                {
                    throw new Saml2Exception(Resources.LogoutRequestSubjectNameIdNotDefined);
                }
                else if (serviceProvider == null)
                {
                    throw new Saml2Exception(Resources.LogoutRequestServiceProviderIsNull);
                }
                else if (identityProvider == null)
                {
                    throw new Saml2Exception(Resources.LogoutRequestIdentityProviderIsNull);
                }

                if (string.IsNullOrEmpty(destination))
                {
                    destination = identityProvider.GetSingleLogoutServiceLocation(binding);

                    if (string.IsNullOrEmpty(destination))
                    {
                        // default with HttpRedirect
                        destination = identityProvider.GetSingleLogoutServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
                    }
                }

                StringBuilder rawXml = new StringBuilder();
                rawXml.Append("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
                rawXml.Append(" ID=\"" + Saml2Utils.GenerateId() + "\"");
                rawXml.Append(" Version=\"2.0\"");
                rawXml.Append(" IssueInstant=\"" + Saml2Utils.GenerateIssueInstant() + "\"");

                if (!String.IsNullOrEmpty(destination))
                {
                    rawXml.Append(" Destination=\"" + destination + "\"");
                }

                rawXml.Append(" >");
                rawXml.Append(" <saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"");
                rawXml.Append("  Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\"");
                rawXml.Append("  NameQualifier=\"" + identityProvider.EntityId + "\">" + subjectNameId + "</saml:NameID> ");
                rawXml.Append(" <samlp:SessionIndex xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">" + sessionIndex + "</samlp:SessionIndex>");
                rawXml.Append(" <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId + "</saml:Issuer>");
                rawXml.Append("</samlp:LogoutRequest>");

                this.xml.LoadXml(rawXml.ToString());
            }
            catch (ArgumentNullException ane)
            {
                throw new Saml2Exception(Resources.LogoutRequestNullArgument, ane);
            }
            catch (XmlException xe)
            {
                throw new Saml2Exception(Resources.LogoutRequestXmlException, xe);
            }
        }
示例#7
0
        /// <summary>
        /// Initializes a new instance of the LogoutResponse class based on
        /// the complimentary logout request.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider of the LogoutResponse
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider of the LogoutResponse
        /// </param>
        /// <param name="logoutRequest">
        /// Logout request that requires this response
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the 
        /// construction of the LogoutResponse.
        /// </param>
        /// <param name="saml2Utils">Utilities class</param>
        public LogoutResponse(
			IIdentityProvider identityProvider,
			IServiceProvider serviceProvider,
			LogoutRequest logoutRequest,
			NameValueCollection parameters,
            Saml2Utils saml2Utils)
        {
            if (identityProvider == null)
            {
                throw new Saml2Exception(Resources.LogoutResponseIdentityProviderIsNull);
            }
            else if (serviceProvider == null)
            {
                throw new Saml2Exception(Resources.LogoutResponseServiceProviderIsNull);
            }
            else if (logoutRequest == null)
            {
                throw new Saml2Exception(Resources.LogoutResponseLogoutRequestIsNull);
            }

            if (parameters == null)
            {
                parameters = new NameValueCollection();
            }

            string inResponseToValue = logoutRequest.Id;
            string issuerValue = serviceProvider.EntityId;

            string binding = parameters[Saml2Constants.Binding];
            if (string.IsNullOrEmpty(binding))
            {
                binding = Saml2Constants.HttpPostProtocolBinding;
            }

            string idpSvcResponseLocation = null;
            if (binding != Saml2Constants.HttpSoapProtocolBinding)
            {
                idpSvcResponseLocation = identityProvider.GetSingleLogoutServiceResponseLocation(binding);
            }

            xml = new XmlDocument();
            xml.PreserveWhitespace = true;

            nsMgr = new XmlNamespaceManager(xml.NameTable);
            nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
            nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");

            var rawXml = new StringBuilder();
            rawXml.Append("<samlp:LogoutResponse xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ");
            rawXml.Append(" ID=\"" + saml2Utils.GenerateId() + "\" Version=\"2.0\" ");
            rawXml.Append(" IssueInstant=\"" + saml2Utils.GenerateIssueInstant() + "\" ");

            if (idpSvcResponseLocation != null)
            {
                rawXml.Append(" Destination=\"" + idpSvcResponseLocation + "\" ");
            }

            rawXml.Append(" InResponseTo=\"" + inResponseToValue + "\">");
            rawXml.Append(" <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + issuerValue + "</saml:Issuer>");
            rawXml.Append(" <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">");
            rawXml.Append("   <samlp:StatusCode ");
            rawXml.Append("     xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ");
            rawXml.Append("     Value=\"" + Saml2Constants.Success + "\">");
            rawXml.Append("   </samlp:StatusCode>");
            rawXml.Append(" </samlp:Status>");
            rawXml.Append("</samlp:LogoutResponse>");

            xml.LoadXml(rawXml.ToString());
        }
示例#8
0
        /// <summary>
        /// Initializes a new instance of the AuthnRequest class.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider to receive the AuthnRequest
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider to issue the AuthnRequest
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the 
        /// construction of the AuthnRequest.
        /// </param>
        /// <param name="saml2Utils">Utilities class</param>
        public AuthnRequest(IIdentityProvider identityProvider, IServiceProvider serviceProvider, NameValueCollection parameters, Saml2Utils saml2Utils)
        {
            xml = new XmlDocument();
            xml.PreserveWhitespace = true;

            nsMgr = new XmlNamespaceManager(xml.NameTable);
            nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
            nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");

            Id = saml2Utils.GenerateId();
            IssueInstant = saml2Utils.GenerateIssueInstant();
            Issuer = serviceProvider.EntityId;

            if (parameters != null)
            {
                AllowCreate = saml2Utils.GetBoolean(parameters[Saml2Constants.AllowCreate]);
                AssertionConsumerServiceIndex = parameters[Saml2Constants.AssertionConsumerServiceIndex];
                Binding = parameters[Saml2Constants.Binding];
                Consent = parameters[Saml2Constants.Consent];
                Destination = parameters[Saml2Constants.Destination];
                ForceAuthn = saml2Utils.GetBoolean(parameters[Saml2Constants.ForceAuthn]);
                IsPassive = saml2Utils.GetBoolean(parameters[Saml2Constants.IsPassive]);
                NameIDPolicyFormat = parameters[Saml2Constants.NameIDPolicyFormat];
            }

            string assertionConsumerSvcUrl = null;
            if (!String.IsNullOrEmpty(Binding))
            {
                if (!String.IsNullOrEmpty(AssertionConsumerServiceIndex))
                {
                    // find assertion consumer service location by binding and index.
                    assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding,
                                                                                                  AssertionConsumerServiceIndex);
                }
                else
                {
                    // find assertion consumer service location by binding only, using first found.
                    assertionConsumerSvcUrl = serviceProvider.GetAssertionConsumerServiceLocation(Binding);
                }
            }

            // neither index nor binding, throw exception
            if (String.IsNullOrEmpty(AssertionConsumerServiceIndex) && String.IsNullOrEmpty(assertionConsumerSvcUrl))
            {
                throw new Saml2Exception(Resources.AuthnRequestAssertionConsumerServiceNotDefined);
            }

            // If destination not specified, use SSO location by binding
            if (string.IsNullOrEmpty(Destination))
            {
                Destination
                    = identityProvider.GetSingleSignOnServiceLocation(parameters[Saml2Constants.RequestBinding]);

                if (string.IsNullOrEmpty(Destination))
                {
                    // default to HttpRedirect
                    Destination = identityProvider.GetSingleSignOnServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
                }
            }

            // Get RequestedAuthnContext if parameters are available...
            RequestedAuthnContext reqAuthnContext = GetRequestedAuthnContext(serviceProvider, parameters);

            // Generate the XML for the AuthnRequest...
            var rawXml = new StringBuilder();
            rawXml.Append("<samlp:AuthnRequest ");
            rawXml.Append(" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
            rawXml.Append(" ID=\"" + Id + "\"");
            rawXml.Append(" Version=\"2.0\"");
            rawXml.Append(" IssueInstant=\"" + IssueInstant + "\"");
            rawXml.Append(" IsPassive=\"" + IsPassive.ToString().ToLower() + "\"");
            rawXml.Append(" ForceAuthn=\"" + ForceAuthn.ToString().ToLower() + "\"");

            if (!String.IsNullOrEmpty(Consent))
            {
                rawXml.Append(" Consent=\"" + Consent + "\"");
            }

            if (!String.IsNullOrEmpty(Destination))
            {
                rawXml.Append(" Destination=\"" + Destination + "\"");
            }

            if (!String.IsNullOrEmpty(assertionConsumerSvcUrl))
            {
                rawXml.Append(" ProtocolBinding=\"" + Binding + "\"");
                rawXml.Append(" AssertionConsumerServiceURL=\"" + assertionConsumerSvcUrl + "\"");
            }
            else
            {
                rawXml.Append(" AssertionConsumerIndex=\"" + AssertionConsumerServiceIndex + "\"");
            }

            rawXml.Append(">");
            rawXml.Append("<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId +
                          "</saml:Issuer>");

            rawXml.Append("<samlp:NameIDPolicy Format=\"" + NameIDPolicyFormat + "\" AllowCreate=\"" + AllowCreate.ToString().ToLower() + "\" />");

            if (reqAuthnContext != null)
            {
                rawXml.Append(reqAuthnContext.GenerateXmlString());
            }

            rawXml.Append("</samlp:AuthnRequest>");

            xml.LoadXml(rawXml.ToString());
        }
示例#9
0
        /// <summary>
        /// Initializes a new instance of the LogoutRequest class.
        /// </summary>
        /// <param name="identityProvider">
        /// IdentityProvider of the LogoutRequest
        /// </param>
        /// <param name="serviceProvider">
        /// ServiceProvider of the LogoutRequest
        /// </param>
        /// <param name="parameters">
        /// NameValueCollection of varying parameters for use in the 
        /// construction of the LogoutRequest.
        /// </param>
        /// <param name="saml2Utils">Utilities Class</param>
        public LogoutRequest(
			IIdentityProvider identityProvider,
			IServiceProvider serviceProvider,
			NameValueCollection parameters,
            Saml2Utils saml2Utils)
        {
            try
            {
                xml = new XmlDocument();
                xml.PreserveWhitespace = true;

                nsMgr = new XmlNamespaceManager(xml.NameTable);
                nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
                nsMgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
                nsMgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");

                string sessionIndex = null;
                string subjectNameId = null;
                string binding = null;
                string destination = null;

                if (parameters != null)
                {
                    sessionIndex = parameters[Saml2Constants.SessionIndex];
                    subjectNameId = parameters[Saml2Constants.SubjectNameId];
                    binding = parameters[Saml2Constants.Binding];
                    destination = parameters[Saml2Constants.Destination];
                }

                if (String.IsNullOrEmpty(sessionIndex))
                {
                    throw new Saml2Exception(Resources.LogoutRequestSessionIndexNotDefined);
                }
                else if (String.IsNullOrEmpty(subjectNameId))
                {
                    throw new Saml2Exception(Resources.LogoutRequestSubjectNameIdNotDefined);
                }
                else if (serviceProvider == null)
                {
                    throw new Saml2Exception(Resources.LogoutRequestServiceProviderIsNull);
                }
                else if (identityProvider == null)
                {
                    throw new Saml2Exception(Resources.LogoutRequestIdentityProviderIsNull);
                }

                if (string.IsNullOrEmpty(destination))
                {
                    destination = identityProvider.GetSingleLogoutServiceLocation(binding);

                    if (string.IsNullOrEmpty(destination))
                    {
                        // default with HttpRedirect
                        destination = identityProvider.GetSingleLogoutServiceLocation(Saml2Constants.HttpRedirectProtocolBinding);
                    }
                }

                var rawXml = new StringBuilder();
                rawXml.Append("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"");
                rawXml.Append(" ID=\"" + saml2Utils.GenerateId() + "\"");
                rawXml.Append(" Version=\"2.0\"");
                rawXml.Append(" IssueInstant=\"" + saml2Utils.GenerateIssueInstant() + "\"");

                if (!String.IsNullOrEmpty(destination))
                {
                    rawXml.Append(" Destination=\"" + destination + "\"");
                }

                rawXml.Append(" >");
                rawXml.Append(" <saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"");
                rawXml.Append("  Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\"");
                rawXml.Append("  NameQualifier=\"" + identityProvider.EntityId + "\">" + subjectNameId + "</saml:NameID> ");
                rawXml.Append(" <saml:SessionIndex xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + sessionIndex +
                              "</saml:SessionIndex>");
                rawXml.Append(" <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + serviceProvider.EntityId +
                              "</saml:Issuer>");
                rawXml.Append("</samlp:LogoutRequest>");

                xml.LoadXml(rawXml.ToString());
            }
            catch (ArgumentNullException ane)
            {
                throw new Saml2Exception(Resources.LogoutRequestNullArgument, ane);
            }
            catch (XmlException xe)
            {
                throw new Saml2Exception(Resources.LogoutRequestXmlException, xe);
            }
        }