I have a SAML token in a string:
<saml:Assertion xmlns:saml="..." ...> ..etc... </>
In an HttpModule, I want to convert this into a ClaimsPrincipal so that my service can do the usual Thread.CurrentPrincipal as IClaimsPrincipal stuff.
I found a couple enticing pages/blogs/etc... that looked helpful:
I'm stuck literally trying to turn the SAML token into the ClaimsPrincipal (via SecurityToken intermediate step or direct... happy either way). The sample code from Cibrax's idea uses the following for the crucial verification and deserialization step:
SecurityTokenSerializer securityTokenSerializer = new SecurityTokenSerializerAdapter( FederatedAuthentication.SecurityTokenHandlers, MessageSecurityVersion.Default.SecurityVersion, false, new SamlSerializer(), null, null); SecurityToken theToken = WSFederationAuthenticationModule.GetSecurityToken( theSamlTokenInStringForm, securityTokenSerializer);
The wall I've hit is that the RTM version of WIF does not expose this overload of GetSecurityToken... it only exposes:
WSFederationAuthenticationModule fam = new WSFederationAuthenticationModule(); SecurityToken theToken = fam.GetSecurityToken(HttpRequest theRequest); SecurityToken theToken = fam.GetSecurityToken(SignInResponseMessage message);
Thanks for helping me to get unstuck!
Tyler
Just found this helpful. http://www.tecsupra.com/blog/system-identitymodel-manually-parsing-the-saml-token/
Basic idea: You need the XML of the "Audience"-node and then you can use the SecurityTokenHandlerCollection and use "ValidateToken"
From the post:
string samlTokenXml = signInResponseXml .DocumentElement // <trust:RequestSecurityTokenResponseCollection> .ChildNodes[0] // <trust:RequestSecurityTokenResponse> .ChildNodes[2] // <trust:RequestedSecurityToken> .InnerXml; // <Assertion> var xmlTextReader = new XmlTextReader(new StringReader(samlTokenXml)); SecurityTokenHandlerCollection handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; // read the token SecurityToken securityToken = handlers.ReadToken(xmlTextReader);
I want to share some resources I found very useful in implementing essentially the same scenario. Basically, Dominick Baier is a god in this space. His blog is full of great info on the subject:
http://leastprivilege.com/
For converting a SAML/SWT token to IClaimsIdentity in a RESTful service:
http://www.develop.com/wcfrest/
http://identitymodel.codeplex.com/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With