从 C# 4.5 (WIF) 中的断言创建 SAML 响应
Create SAML response from assertion in C# 4.5 (WIF)
我需要一种方法来 POST 向某个 URL 发送 <samlp:response>
消息,它相当简单,.NET 帮助我 Saml2Assertion
class但我似乎无法找到一种方法将该断言包装在响应中并将其序列化(甚至无需手动发送 post)?
Saml2Assertion assert = new Saml2Assertion(new Saml2NameIdentifier("SAMLIssuer"));
assert.Subject = new Saml2Subject(new Saml2NameIdentifier("10001", new Uri("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")));
Saml2AuthenticationContext context = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
assert.Statements.Add(new Saml2AuthenticationStatement(context, DateTime.Now));
string assertion;
using (var sw = new StringWriter())
{
var xws = new XmlWriterSettings();
using (var xw = XmlWriter.Create(sw, xws))
{
var handler = new Saml2SecurityTokenHandler();
handler.WriteToken(xw, new Saml2SecurityToken(assert));
}
assertion = sw.ToString();
}
我得到的断言 XML 看起来不错:
<?xml version="1.0" encoding="utf-16"?>
<Assertion ID="_fc348927-c0bf-4955-b98f-483043d8dedd" IssueInstant="2017-04-19T11:29:38.464Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>SAMLIssuer</Issuer>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">10001</NameID>
</Subject>
<AuthnStatement AuthnInstant="2017-04-19T11:29:39.040Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
那么,现在怎么办?我如何从我的代码得到:
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="new id"
InResponseTo="old id"
Version="2.0"
IssueInstant="2017-04-19T11:29:39.040Z"
Destination="some url">
<saml:Issuer>SAMLIssuer</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ....
不使用外部库或自己制作 wrappers/string 连接?我似乎无法在 WIF 的 .NET 4.5 实现中找到任何可以帮助我的东西。
AFAIK .NET 没有对 SAMLp 协议的内置支持。它只支持 WsFederation。也可以在这里看看:How should I implement SAMLP 2.0 in an ASP.NET MVC 4 service provider?
我需要一种方法来 POST 向某个 URL 发送 <samlp:response>
消息,它相当简单,.NET 帮助我 Saml2Assertion
class但我似乎无法找到一种方法将该断言包装在响应中并将其序列化(甚至无需手动发送 post)?
Saml2Assertion assert = new Saml2Assertion(new Saml2NameIdentifier("SAMLIssuer"));
assert.Subject = new Saml2Subject(new Saml2NameIdentifier("10001", new Uri("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")));
Saml2AuthenticationContext context = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
assert.Statements.Add(new Saml2AuthenticationStatement(context, DateTime.Now));
string assertion;
using (var sw = new StringWriter())
{
var xws = new XmlWriterSettings();
using (var xw = XmlWriter.Create(sw, xws))
{
var handler = new Saml2SecurityTokenHandler();
handler.WriteToken(xw, new Saml2SecurityToken(assert));
}
assertion = sw.ToString();
}
我得到的断言 XML 看起来不错:
<?xml version="1.0" encoding="utf-16"?>
<Assertion ID="_fc348927-c0bf-4955-b98f-483043d8dedd" IssueInstant="2017-04-19T11:29:38.464Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>SAMLIssuer</Issuer>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">10001</NameID>
</Subject>
<AuthnStatement AuthnInstant="2017-04-19T11:29:39.040Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
那么,现在怎么办?我如何从我的代码得到:
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="new id"
InResponseTo="old id"
Version="2.0"
IssueInstant="2017-04-19T11:29:39.040Z"
Destination="some url">
<saml:Issuer>SAMLIssuer</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ....
不使用外部库或自己制作 wrappers/string 连接?我似乎无法在 WIF 的 .NET 4.5 实现中找到任何可以帮助我的东西。
AFAIK .NET 没有对 SAMLp 协议的内置支持。它只支持 WsFederation。也可以在这里看看:How should I implement SAMLP 2.0 in an ASP.NET MVC 4 service provider?