Menu
I need a way to POST a <samlp:response> message to a certain URL, its fairly simple and .NET helps me with Saml2Assertion class but I can't seem to find a way to wrap that assertion in a response and have it serialized (or even send without manual post)?
Saml2Assertion assert = new Saml2Assertion(new Saml2NameIdentifier("SAMLIssuer"));
assert.Subject = new Saml2Subject(new Saml2NameIdentifier("10001", new Uri("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")));
Saml2AuthenticationContext context = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
assert.Statements.Add(new Saml2AuthenticationStatement(context, DateTime.Now));
string assertion;
using (var sw = new StringWriter())
{
var xws = new XmlWriterSettings();
using (var xw = XmlWriter.Create(sw, xws))
{
var handler = new Saml2SecurityTokenHandler();
handler.WriteToken(xw, new Saml2SecurityToken(assert));
}
assertion = sw.ToString();
}
And the XML I get for assert seems fine:
<?xml version="1.0" encoding="utf-16"?>
<Assertion ID="_fc348927-c0bf-4955-b98f-483043d8dedd" IssueInstant="2017-04-19T11:29:38.464Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>SAMLIssuer</Issuer>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">10001</NameID>
</Subject>
<AuthnStatement AuthnInstant="2017-04-19T11:29:39.040Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
So, what now? How do I get from my code to getting:
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="new id"
InResponseTo="old id"
Version="2.0"
IssueInstant="2017-04-19T11:29:39.040Z"
Destination="some url">
<saml:Issuer>SAMLIssuer</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ....
without using external libraries or making my own wrappers/string concatenations? I can't seem to find anything in .NET 4.5 implementation of WIF that can help me.
788
To view a SAML response in ChromePress F12 to start the Developer Tools console. Select the Network tab, and then select Preserve log in the upper left of the Developer Tools window. Reproduce the issue.
A SAML Request, also known as an authentication request, is generated by the Service Provider to "request" an authentication. A SAML Response is generated by the Identity Provider. It contains the actual assertion of the authenticated user.
The user clicks an icon to access one of those applications or services. The IdP creates and signs an SAML assertion that includes information about the user's identity, along with any other attribute information that the IdP and SP agreed to share to authenticate users.
AFAIK .NET has no built-in support for the SAMLp protocol. It only supports WsFederation. Also have a look here : How should I implement SAMLP 2.0 in an ASP.NET MVC 4 service provider?
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
