private XmlDocument GenerateRequestMetadata(SAMLRequest context) { DateTime now = DateTime.UtcNow; AuthnRequestType request = new AuthnRequestType(); request.ID = context.Id; request.Version = SAMLConstants.SAML_VERSION; request.IssueInstant = now; request.Destination = context.Destination; request.Consent = SAMLConstants.CONSENT; request.ForceAuthn = true; request.IsPassive = false; request.ProtocolBinding = SAMLConstants.PROTOCOL_BINDING; request.AssertionConsumerServiceURL = context.AssertionConsumerServiceURL; request.ProviderName = context.ProviderName; request.Issuer = new NameIDType(); request.Issuer.Value = context.Issuer; request.Issuer.Format = context.IssuerFormat; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; XmlElement requestedAttrs = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS_PREFIX), "RequestedAttributes", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS)); foreach (AttributeElement attr in context.Attributes) { XmlElement requestedAttr = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX), "RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR)); requestedAttr.SetAttribute("Name", attr.AttrName); requestedAttr.SetAttribute("NameFormat", SAMLConstants.ATTRIBUTE_NAME_FORMAT); requestedAttr.SetAttribute("isRequired", attr.IsRequired.ToString().ToLower()); if (attr.AttrName.Equals(CommonConstants.FORCE_AUTH)) { XmlElement attrValue = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR_PREFIX), "AttributeValue", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR)); attrValue.InnerText = attr.AttrValue.ToString().ToLower(); requestedAttr.AppendChild(attrValue); } requestedAttrs.AppendChild(requestedAttr); } // stork extensions XmlElement qualityAuthnAssLevel = doc.CreateElement(ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL_PREFIX), "QualityAuthenticationAssuranceLevel", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_QAALEVEL)); qualityAuthnAssLevel.InnerText = context.QAALevel; XmlElement spSectorEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spSector", SAMLConstants.NS_STORK_ASSER); spSectorEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigIntSetting(CommonConstants.SAMLSECTOR).ToString(); XmlElement spInstitutionEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spInstitution", SAMLConstants.NS_STORK_ASSER); spInstitutionEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLINSTITUTION); XmlElement spApplicationEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spApplication", SAMLConstants.NS_STORK_ASSER); spApplicationEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLAPPLICATION); XmlElement spCountryEl = doc.CreateElement(SAMLConstants.NS_STORK_ASSER_PREFIX, "spCountry", SAMLConstants.NS_STORK_ASSER); spCountryEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigSetting(CommonConstants.SAMLCOUNTRY); XmlElement eIDSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDSectorShare", SAMLConstants.NS_STORK_PROT); eIDSectorShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDSectorShare").ToString().ToLower(); XmlElement eIDCrossSectorShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDCrossSectorShare", SAMLConstants.NS_STORK_PROT); eIDCrossSectorShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDCrossSectorShare").ToString().ToLower(); XmlElement eIDCrossBorderShareEl = doc.CreateElement(SAMLConstants.NS_STORK_PROT_PREFIX, "eIDCrossBorderShare", SAMLConstants.NS_STORK_PROT); eIDCrossBorderShareEl.InnerText = ConfigurationSettingsHelper .GetCriticalConfigBoolSetting("SamlEIDCrossBorderShare").ToString().ToLower(); request.Extensions = new ExtensionsType(); request.Extensions.Any = new XmlElement[] { qualityAuthnAssLevel, spSectorEl, spInstitutionEl, spApplicationEl, spCountryEl, eIDSectorShareEl, eIDCrossSectorShareEl, eIDCrossBorderShareEl, requestedAttrs }; MemoryStream stream = new MemoryStream(); Serialize(request, stream); StreamReader reader = new StreamReader(stream); stream.Seek(0, SeekOrigin.Begin); string xml = reader.ReadToEnd(); XmlTextReader xmlReader = new XmlTextReader(new StringReader(xml)); return(Deserialize <XmlDocument>(xmlReader)); }
/// <summary> /// /// </summary> /// <param name="doc"></param> /// <returns>a saml context to be used when generating the response</returns> private SAMLContext ExtractRequestValues(XmlDocument doc) { SAMLContext context = new SAMLContext(SAMLConstants.ErrorCodes.VALID); XmlReader reader = new XmlTextReader(new StringReader(doc.OuterXml)); AuthnRequestType request = Deserialize <AuthnRequestType>(reader); context.AssertionConsumer = request.AssertionConsumerServiceURL; if (IsRepeatedId(request.ID)) { context.ErrorCode = SAMLConstants.ErrorCodes.REPEATED_ID; return(context); } AddId(request.ID); if (thisDestination != null && request.Destination != thisDestination) { context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_DESTINATION; return(context); } if (Math.Abs(request.IssueInstant.Subtract(DateTime.UtcNow).TotalMinutes) > validTimeframe) { context.ErrorCode = SAMLConstants.ErrorCodes.EXPIRED; return(context); } context.Issuer = request.Issuer.Value; context.RequestID = request.ID; XmlElement[] xmlElement = request.Extensions.Any; XmlElement reqAttributes = null; foreach (XmlElement element in xmlElement) { if (element.LocalName == "RequestedAttributes" && element.NamespaceURI == ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTRS)) { reqAttributes = element; break; } } if (reqAttributes == null) { context.ErrorCode = SAMLConstants.ErrorCodes.XML_VALIDATION_FAILED; return(context); } try { foreach (XmlElement element in reqAttributes.GetElementsByTagName("RequestedAttribute", ConfigurationSettingsHelper.GetCriticalConfigSetting(CommonConstants.NS_REQ_ATTR))) { XmlAttributeCollection attrCollection = element.Attributes; string name = attrCollection["Name"].Value; // string nameFormat = attrColection["NameFormat"].Value; string isRequired = attrCollection["isRequired"].Value; context.AddAttribute(name, bool.Parse(isRequired)); } } catch (Exception) { //something wrong happend with the attribute processing. //Problably the isRequiredAttribut is not present. Log the event and return an InvalidAttribute response context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_ATTRIBUTES; return(context); } if (context.GetAttributeNames().Count == 0) { context.ErrorCode = SAMLConstants.ErrorCodes.INVALID_ATTRIBUTES; } return(context); }