Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Pull SecurityToken from SAML Assertion

Tags:

c#

saml

I have the XML of a SAML Assertion that looks like this:

<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_9b6e6302-d6a8-47f0-9155-1051a05edbfb" Issuer="http://example.com/adfs/services/trust" IssueInstant="2013-04-29T19:35:51.197Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
...
</saml:Assertion>

I am trying to get a SecurityToken out of this XML using code similar to the following:

// Loading the XML referenced above.
XDocument doc = XDocument.Load(new StringReader(assertion));

// Creating config to use in TokenHandlers below; required if not using a SecurityTokenHandlerCollection.
SecurityTokenHandlerConfiguration config = new SecurityTokenHandlerConfiguration();
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://localhost/Orchard/"));
config.CertificateValidator = X509CertificateValidator.None;

// Both of these lines throw Exceptions, as explained below.
new Saml11SecurityTokenHandler() { Configuration = config }.ReadToken(doc.CreateReader());
new Saml2SecurityTokenHandler() { Configuration = config }.ReadToken(doc.CreateReader());

If I try to read the token using the Saml11SecurityTokenHandler, I get the following Exception:

ID4075: SAML Assertion is missing the required 'MajorVersion' Attribute.

If I try to read the token using the Saml2SecurityTokenHandler, I get a different Exception:

Element 'Assertion' with namespace name 'urn:oasis:names:tc:SAML:2.0:assertion' was not found.

Obviously the one for Saml2SecurityTokenHandler makes sense, since this is a SAML 1.1 Assertion. However, why can't the SAML 1.1 TokenHandler read this Assertion?

EDIT: The reader appears to be empty; why is that? doc has content.

string notEmpty = doc.FirstNode.ToString();
string empty = doc.CreateReader().ReadOuterXml();
like image 480
zimdanen Avatar asked Mar 25 '23 03:03

zimdanen

1 Answers

Drawing from the technique shown here, this works:

SecurityToken token;
using (StringReader sr = new StringReader(assertion))
{
    using (XmlReader reader = XmlReader.Create(sr))
    {
        if (!reader.ReadToFollowing("saml:Assertion"))
        {
            throw new Exception("Assertion not found!");
        }
        SecurityTokenHandlerCollection collection = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
        token = collection.ReadToken(reader.ReadSubtree());
    }
}

Make sure you don't change of the whitespace in the XML document, otherwise you'll get a signature verification error.

like image 129
zimdanen Avatar answered Apr 04 '23 18:04

zimdanen
Sign in to Comment

Related questions

How get database table name with schema name from entity programmatically [duplicate]
How can one prevent accessing content directly?
Scheduled Task using Task Scheduler Managed Wrapper
The thread has exited with code 0 in Windows Forms
Extensions Method trying to call protected methods / wrong exhibition of dynamic parameters
Does the order of extern and static matter?
Avoid from running more than one instance
How to use Visual Studio unit test to compare two XML files
Unexpected behaviour in ternary operator
XAML adding namespace for converters class
C# Dynamic SQL INSERT ... SELECT
Adding service initialization method when using Castle Windsor IoC container
IEnumerable property is null after submit
how to use classes themselves as method parameters?
Monodroid: Performing a full GC
C#: DateTime - Going through a period of days?
C# generate Guid that is unique(does not exist in a table in the database)
Processing a large file in .NET
C# - Encrypting and Decrypting Data using RSA
How to make Sqlcommand accept null values

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!