/// <summary> /// Creates a SamlAttribute with the specified name. /// </summary> /// <param name="name">The name.</param> /// <param name="friendlyName">Friendly name.</param> /// <param name="value">The attribute value.</param> /// <returns></returns> protected static SamlAttribute Create(string name, string friendlyName, string value) { SamlAttribute att = new SamlAttribute(); att.NameFormat = SamlAttribute.NAMEFORMAT_URI; att.Name = name; att.FriendlyName = friendlyName; att.AttributeValue = new string[] { value }; return att; }
/// <summary> /// Adds an attribute by name using the specified name format. /// </summary> /// <param name="attrName">Name of the attribute.</param> /// <param name="nameFormat">The name format of the attribute.</param> public void AddAttribute(string attrName, Saml20NameFormat nameFormat) { List<SamlAttribute> found = _attributes.FindAll(delegate(SamlAttribute at) { return at.Name == attrName && at.NameFormat == GetNameFormat(nameFormat); }); if (found.Count > 0) throw new InvalidOperationException( string.Format("An attribute with name \"{0}\" and name format \"{1}\" has already been added", attrName, Enum.GetName(typeof(Saml20NameFormat), nameFormat))); SamlAttribute attr = new SamlAttribute(); attr.Name = attrName; attr.NameFormat = GetNameFormat(nameFormat); _attributes.Add(attr); }
public void ValidateAttribute(SamlAttribute samlAttribute) { if (!Uri.IsWellFormedUriString(samlAttribute.Name, UriKind.Absolute)) throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that an attribute's \"Name\" is an URI."); if (samlAttribute.AttributeValue == null) return; foreach (object val in samlAttribute.AttributeValue) { if (val is string) continue; throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that all attribute values are of type \"xs:string\"."); } }
private void GenerateMetadataDocument(HttpContext context) { EntityDescriptor metadata = new EntityDescriptor(); metadata.entityID = IDPConfig.ServerBaseUrl; metadata.ID = "id" + Guid.NewGuid().ToString("N"); IDPSSODescriptor descriptor = new IDPSSODescriptor(); metadata.Items = new object[] { descriptor }; descriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL }; descriptor.KeyDescriptor = CreateKeyDescriptors(); { // Signon endpoint Endpoint endpoint = new Endpoint(); endpoint.Location = IDPConfig.ServerBaseUrl + "Signon.ashx"; endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect; descriptor.SingleSignOnService = new Endpoint[] { endpoint }; } { // Logout endpoint Endpoint endpoint = new Endpoint(); endpoint.Location = IDPConfig.ServerBaseUrl + "Logout.ashx"; endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect; descriptor.SingleLogoutService = new Endpoint[] { endpoint }; } // Create the list of attributes offered. List<SamlAttribute> atts = new List<SamlAttribute>(IDPConfig.attributes.Length); foreach (string name in IDPConfig.attributes) { SamlAttribute att = new SamlAttribute(); att.NameFormat = SamlAttribute.NAMEFORMAT_BASIC; att.Name = name; atts.Add(att); } descriptor.Attributes = atts.ToArray(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(Serialization.SerializeToXmlString(metadata)); signDocument(doc); context.Response.Write( doc.OuterXml ); }
/// <summary> /// [SAML2.0std] section 2.7.3.1 /// </summary> public void ValidateAttribute(SamlAttribute samlAttribute) { if (samlAttribute == null) throw new ArgumentNullException("samlAttribute"); if (!Saml20Utils.ValidateRequiredString(samlAttribute.Name)) throw new Saml20FormatException("Name attribute of Attribute element MUST contain at least one non-whitespace character"); if (samlAttribute.AttributeValue != null) { foreach (object o in samlAttribute.AttributeValue) { if (o == null) throw new Saml20FormatException("null-AttributeValue elements are not supported"); } } if (samlAttribute.AnyAttr != null) AnyAttrValidator.ValidateXmlAnyAttributes(samlAttribute.AnyAttr); }
/// <summary> /// Assembles our basic test assertion /// </summary> /// <returns></returns> public static Assertion GetBasicAssertion() { Assertion assertion = new Assertion(); { assertion.Issuer = new NameID(); assertion.ID = "_b8977dc86cda41493fba68b32ae9291d"; assertion.IssueInstant = DateTime.UtcNow; assertion.Version = "2.0"; assertion.Issuer.Value = GetBasicIssuer(); } { assertion.Subject = new Subject(); SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0); subjectConfirmation.SubjectConfirmationData.Recipient = "http://borger.dk"; assertion.Subject.Items = new object[] { subjectConfirmation }; } { assertion.Conditions = new Conditions(); assertion.Conditions.NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audience = GetAudiences(); assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); } AuthnStatement authnStatement; { authnStatement = new AuthnStatement(); assertion.Items = new StatementAbstract[] { authnStatement }; authnStatement.AuthnInstant = new DateTime(2008, 1, 8); authnStatement.SessionIndex = "70225885"; authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" }; authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef, ItemsChoiceType5.AuthnContextDeclRef}; } AttributeStatement attributeStatement; { attributeStatement = new AttributeStatement(); SamlAttribute surName = new SamlAttribute(); surName.FriendlyName = "SurName"; surName.Name = "urn:oid:2.5.4.4"; surName.NameFormat = SamlAttribute.NAMEFORMAT_URI; surName.AttributeValue = new string[] { "Fry" }; SamlAttribute commonName = new SamlAttribute(); commonName.FriendlyName = "CommonName"; commonName.Name = "urn:oid:2.5.4.3"; commonName.NameFormat = SamlAttribute.NAMEFORMAT_URI; commonName.AttributeValue = new string[] { "Philip J. Fry" }; SamlAttribute userName = new SamlAttribute(); userName.Name = "urn:oid:0.9.2342.19200300.100.1.1"; userName.NameFormat = SamlAttribute.NAMEFORMAT_URI; userName.AttributeValue = new string[] { "fry" }; SamlAttribute eMail = new SamlAttribute(); eMail.FriendlyName = "Email"; eMail.Name = "urn:oid:0.9.2342.19200300.100.1.3"; eMail.NameFormat = SamlAttribute.NAMEFORMAT_URI; eMail.AttributeValue = new string[] { "*****@*****.**" }; attributeStatement.Items = new object[] { surName, commonName, userName, eMail }; } assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement }; return assertion; }
private Assertion CreateAssertion(User user, string receiver) { Assertion assertion = new Assertion(); { // Subject element assertion.Subject = new Subject(); assertion.ID = "id" + Guid.NewGuid().ToString("N"); assertion.IssueInstant = DateTime.Now.AddMinutes(10); assertion.Issuer = new NameID(); assertion.Issuer.Value = IDPConfig.ServerBaseUrl; SubjectConfirmation subjectConfirmation = new SubjectConfirmation(); subjectConfirmation.Method = SubjectConfirmation.BEARER_METHOD; subjectConfirmation.SubjectConfirmationData = new SubjectConfirmationData(); subjectConfirmation.SubjectConfirmationData.NotOnOrAfter = DateTime.Now.AddHours(1); subjectConfirmation.SubjectConfirmationData.Recipient = receiver; NameID nameId = new NameID(); nameId.Format = Saml20Constants.NameIdentifierFormats.Persistent; nameId.Value = user.ppid; assertion.Subject.Items = new object[] { nameId, subjectConfirmation }; } { // Conditions element assertion.Conditions = new Conditions(); assertion.Conditions.Items = new List<ConditionAbstract>(); assertion.Conditions.NotOnOrAfter = DateTime.Now.AddHours(1); AudienceRestriction audienceRestriction = new AudienceRestriction(); audienceRestriction.Audience = new List<string>(); audienceRestriction.Audience.Add(receiver); assertion.Conditions.Items.Add(audienceRestriction); } List<StatementAbstract> statements = new List<StatementAbstract>(2); { // AuthnStatement element AuthnStatement authnStatement = new AuthnStatement(); authnStatement.AuthnInstant = DateTime.Now; authnStatement.SessionIndex = Convert.ToString(new Random().Next()); authnStatement.AuthnContext = new AuthnContext(); authnStatement.AuthnContext.Items = new object[] {"urn:oasis:names:tc:SAML:2.0:ac:classes:X509"}; // Wow! Setting the AuthnContext is .... verbose. authnStatement.AuthnContext.ItemsElementName = new ItemsChoiceType5[] { ItemsChoiceType5.AuthnContextClassRef }; statements.Add(authnStatement); } { // Generate attribute list. AttributeStatement attributeStatement = new AttributeStatement(); List<SamlAttribute> attributes = new List<SamlAttribute>(user.Attributes.Count); foreach (KeyValuePair<string, string> att in user.Attributes) { SamlAttribute attribute = new SamlAttribute(); attribute.Name = att.Key; attribute.AttributeValue = new string[] { att.Value }; attribute.NameFormat = SamlAttribute.NAMEFORMAT_BASIC; attributes.Add(attribute); } attributeStatement.Items = attributes.ToArray(); statements.Add(attributeStatement); } assertion.Items = statements.ToArray(); return assertion; }