/// <summary>
/// Creates a SamlAttribute with the specified name.
/// </summary>
/// <param name="name">The name.</param>
/// <param name="friendlyName">Friendly name.</param>
/// <param name="value">The attribute value.</param>
/// <returns></returns>
protected static SamlAttribute Create(string name, string friendlyName, string value)
{
SamlAttribute att = new SamlAttribute();
att.NameFormat = SamlAttribute.NAMEFORMAT_URI;
att.Name = name;
att.FriendlyName = friendlyName;
att.AttributeValue = new string[] { value };
return att;
}
/// <summary>
/// Adds an attribute by name using the specified name format.
/// </summary>
/// <param name="attrName">Name of the attribute.</param>
/// <param name="nameFormat">The name format of the attribute.</param>
public void AddAttribute(string attrName, Saml20NameFormat nameFormat)
{
List<SamlAttribute> found = _attributes.FindAll(delegate(SamlAttribute at) { return at.Name == attrName && at.NameFormat == GetNameFormat(nameFormat); });
if (found.Count > 0)
throw new InvalidOperationException(
string.Format("An attribute with name \"{0}\" and name format \"{1}\" has already been added", attrName, Enum.GetName(typeof(Saml20NameFormat), nameFormat)));
SamlAttribute attr = new SamlAttribute();
attr.Name = attrName;
attr.NameFormat = GetNameFormat(nameFormat);
_attributes.Add(attr);
}
public void ValidateAttribute(SamlAttribute samlAttribute)
{
if (!Uri.IsWellFormedUriString(samlAttribute.Name, UriKind.Absolute))
throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that an attribute's \"Name\" is an URI.");
if (samlAttribute.AttributeValue == null)
return;
foreach (object val in samlAttribute.AttributeValue)
{
if (val is string)
continue;
throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that all attribute values are of type \"xs:string\".");
}
}
private void GenerateMetadataDocument(HttpContext context)
{
EntityDescriptor metadata = new EntityDescriptor();
metadata.entityID = IDPConfig.ServerBaseUrl;
metadata.ID = "id" + Guid.NewGuid().ToString("N");
IDPSSODescriptor descriptor = new IDPSSODescriptor();
metadata.Items = new object[] { descriptor };
descriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL };
descriptor.KeyDescriptor = CreateKeyDescriptors();
{ // Signon endpoint
Endpoint endpoint = new Endpoint();
endpoint.Location = IDPConfig.ServerBaseUrl + "Signon.ashx";
endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect;
descriptor.SingleSignOnService = new Endpoint[] { endpoint };
}
{ // Logout endpoint
Endpoint endpoint = new Endpoint();
endpoint.Location = IDPConfig.ServerBaseUrl + "Logout.ashx";
endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect;
descriptor.SingleLogoutService = new Endpoint[] { endpoint };
}
// Create the list of attributes offered.
List<SamlAttribute> atts = new List<SamlAttribute>(IDPConfig.attributes.Length);
foreach (string name in IDPConfig.attributes)
{
SamlAttribute att = new SamlAttribute();
att.NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
att.Name = name;
atts.Add(att);
}
descriptor.Attributes = atts.ToArray();
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(Serialization.SerializeToXmlString(metadata));
signDocument(doc);
context.Response.Write( doc.OuterXml );
}
/// <summary>
/// [SAML2.0std] section 2.7.3.1
/// </summary>
public void ValidateAttribute(SamlAttribute samlAttribute)
{
if (samlAttribute == null) throw new ArgumentNullException("samlAttribute");
if (!Saml20Utils.ValidateRequiredString(samlAttribute.Name))
throw new Saml20FormatException("Name attribute of Attribute element MUST contain at least one non-whitespace character");
if (samlAttribute.AttributeValue != null)
{
foreach (object o in samlAttribute.AttributeValue)
{
if (o == null)
throw new Saml20FormatException("null-AttributeValue elements are not supported");
}
}
if (samlAttribute.AnyAttr != null)
AnyAttrValidator.ValidateXmlAnyAttributes(samlAttribute.AnyAttr);
}
/// <summary>
/// Assembles our basic test assertion
/// </summary>
/// <returns></returns>
public static Assertion GetBasicAssertion()
{
Assertion assertion = new Assertion();
{
assertion.Issuer = new NameID();
assertion.ID = "_b8977dc86cda41493fba68b32ae9291d";
assertion.IssueInstant = DateTime.UtcNow;
assertion.Version = "2.0";
assertion.Issuer.Value = GetBasicIssuer();
}
{
assertion.Subject = new Subject();
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk";
assertion.Subject.Items = new object[] { subjectConfirmation };
}
{
assertion.Conditions = new Conditions();
assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = GetAudiences();
assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction });
}
AuthnStatement authnStatement;
{
authnStatement = new AuthnStatement();
assertion.Items = new StatementAbstract[] { authnStatement };
authnStatement.AuthnInstant = new DateTime(2008, 1, 8);
authnStatement.SessionIndex = "70225885";
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" };
authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef};
}
AttributeStatement attributeStatement;
{
attributeStatement = new AttributeStatement();
SamlAttribute surName = new SamlAttribute();
surName.FriendlyName = "SurName";
surName.Name = "urn:oid:2.5.4.4";
surName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
surName.AttributeValue = new string[] { "Fry" };
SamlAttribute commonName = new SamlAttribute();
commonName.FriendlyName = "CommonName";
commonName.Name = "urn:oid:2.5.4.3";
commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
commonName.AttributeValue = new string[] { "Philip J. Fry" };
SamlAttribute userName = new SamlAttribute();
userName.Name = "urn:oid:0.9.2342.19200300.100.1.1";
userName.NameFormat = SamlAttribute.NAMEFORMAT_URI;
userName.AttributeValue = new string[] { "fry" };
SamlAttribute eMail = new SamlAttribute();
eMail.FriendlyName = "Email";
eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3";
eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI;
eMail.AttributeValue = new string[] { "*****@*****.**" };
attributeStatement.Items = new object[] { surName, commonName, userName, eMail };
}
assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement };
return assertion;
}
private Assertion CreateAssertion(User user, string receiver)
{
Assertion assertion = new Assertion();
{ // Subject element
assertion.Subject = new Subject();
assertion.ID = "id" + Guid.NewGuid().ToString("N");
assertion.IssueInstant = DateTime.Now.AddMinutes(10);
assertion.Issuer = new NameID();
assertion.Issuer.Value = IDPConfig.ServerBaseUrl;
SubjectConfirmation subjectConfirmation = new SubjectConfirmation();
subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD;
subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData();
subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1);
subjectConfirmation.SubjectConfirmationData.Recipient = receiver;
NameID nameId = new NameID();
nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent;
nameId.Value = user.ppid;
assertion.Subject.Items = new object[] { nameId, subjectConfirmation };
}
{ // Conditions element
assertion.Conditions = new Conditions();
assertion.Conditions.Items = new List<ConditionAbstract>();
assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1);
AudienceRestriction audienceRestriction = new AudienceRestriction();
audienceRestriction.Audience = new List<string>();
audienceRestriction.Audience.Add(receiver);
assertion.Conditions.Items.Add(audienceRestriction);
}
List<StatementAbstract> statements = new List<StatementAbstract>(2);
{ // AuthnStatement element
AuthnStatement authnStatement = new AuthnStatement();
authnStatement.AuthnInstant = DateTime.Now;
authnStatement.SessionIndex = Convert.ToString(new Random().Next());
authnStatement.AuthnContext = new AuthnContext();
authnStatement.AuthnContext.Items =
new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"};
// Wow! Setting the AuthnContext is .... verbose.
authnStatement.AuthnContext.ItemsElementName =
new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef };
statements.Add(authnStatement);
}
{ // Generate attribute list.
AttributeStatement attributeStatement = new AttributeStatement();
List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count);
foreach (KeyValuePair<string, string> att in user.Attributes)
{
SamlAttribute attribute = new SamlAttribute();
attribute.Name = att.Key;
attribute.AttributeValue = new string[] { att.Value };
attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
attributes.Add(attribute);
}
attributeStatement.Items = attributes.ToArray();
statements.Add(attributeStatement);
}
assertion.Items = statements.ToArray();
return assertion;
}
