Last active
August 29, 2015 14:24
-
-
Save tomcrane/5f5bafdf74a5d80133a1 to your computer and use it in GitHub Desktop.
SAML Message
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var decoded = Convert.FromBase64String(samlRequest); | |
| var zlibPadding = new [] { decoded[0], decoded[1] }; | |
| var deflated = CompressionUtils.Deflate(decoded.Skip(2).ToArray()); | |
| Log.Info("decoded SAMLRequest:"); | |
| Log.Info(deflated); | |
| var sessionIndex = CasAuthentication.ExtractSingleSignOutTicketFromSamlResponse(deflated); | |
| Log.Info("Extracted sessionIndex: " + sessionIndex); | |
| LibraryAuthentication.SignOut(); | |
| const string samlResponseTemplate = @" | |
| <samlp:LogoutResponse xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol"" | |
| xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion"" | |
| ID=""$ID"" | |
| Version=""2.0"" | |
| IssueInstant=""$IssueInstant"" | |
| InResponseTo=""$InResponseTo""> | |
| <samlp:SessionIndex>$SessionIndex</samlp:SessionIndex | |
| <samlp:Status> | |
| <samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success""/> | |
| </samlp:Status> | |
| </samlp:LogoutResponse> | |
| "; | |
| var samlResponse = samlResponseTemplate.Replace("$ID", Guid.NewGuid().ToString("N")); | |
| samlResponse = samlResponse.Replace("$IssueInstant", DateTime.UtcNow.ToString("O")); | |
| samlResponse = samlResponse.Replace("$InResponseTo", CasAuthentication.ExtractSamlMessageId(deflated)); | |
| samlResponse = samlResponse.Replace("$SessionIndex", sessionIndex); | |
| Log.Info("Constructed response:"); | |
| Log.Info(samlResponse); | |
| var inflated = CompressionUtils.Inflate(samlResponse); | |
| var padded = zlibPadding.Concat(inflated).ToArray(); | |
| var encoded = Convert.ToBase64String(padded); | |
| var redirect = UrlUtil.ConstructRelayStateRedirectUrl(encoded, relayState); | |
| context.Response.Redirect(redirect); | |
| return false; | |
| //Log from above: | |
| // 2015-07-10 15:48:53,394 [52] INFO Wellcome.Dds.Auth.Web.LibraryAuthenticationModule[(null)] - <samlp:LogoutRequest xmlns:samlp= "urn:oasis:names:tc:SAML:2.0:protocol" ID= "LR-64-VEaXS1Qe2wnM3bEynV49TlVtkNmVZBKwT1H" Version= "2.0" IssueInstant= "2015-07-10T15:52:26Z" >< saml:NameID xmlns:saml= "urn:oasis:names:tc:SAML:2.0:assertion" > @NOT_USED@</saml:NameID><samlp:SessionIndex>ST-72-vHMA1LxS5ffQKLiq9fLO-pl-nib</samlp:SessionIndex></samlp:LogoutRequest> | |
| // 2015-07-10 15:48:53,393 [52] INFO Wellcome.Dds.Auth.Web.LibraryAuthenticationModule [(null)] - decoded SAMLRequest: | |
| // 2015-07-10 15:48:53,396 [52] INFO Wellcome.Dds.Auth.Web.LibraryAuthenticationModule[(null)] - Extracted sessionIndex: ST-72-vHMA1LxS5ffQKLiq9fLO-pl-nib | |
| // 2015-07-10 15:48:53,398 [52] INFO DotNetCasClient.CasAuthentication[(null)] - Setting GatewayStatusCookie | |
| // 2015-07-10 15:48:53,400 [52] INFO Wellcome.Dds.Auth.Web.LibraryAuthenticationModule[(null)] - Constructed response: | |
| // 2015-07-10 15:48:53,401 [52] INFO Wellcome.Dds.Auth.Web.LibraryAuthenticationModule[(null)] - | |
| // <samlp:LogoutResponse xmlns:samlp= "urn:oasis:names:tc:SAML:2.0:protocol" | |
| // xmlns:saml= "urn:oasis:names:tc:SAML:2.0:assertion" | |
| // ID= "b2bbf71d2dd9409589d7e71492442d2b" | |
| // Version= "2.0" | |
| // IssueInstant= "2015-07-10T14:48:53.3999007Z" | |
| // InResponseTo= "LR-64-VEaXS1Qe2wnM3bEynV49TlVtkNmVZBKwT1H" > | |
| // <samlp:SessionIndex>ST-72-vHMA1LxS5ffQKLiq9fLO-pl-nib</samlp:SessionIndex | |
| // <samlp:Status> | |
| // <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> | |
| // </samlp:Status> | |
| // </samlp:LogoutResponse> | |
| // | |
| // 2015-07-10 15:48:53,405 [52] INFO DotNetCasClient.Utils.UrlUtil[(null)] - ConstructRelayStateRedirectUrl constructed - https://account-uat.wellcome.ac.uk/cas/logout?SAMLResponse=eJx9kV1vgjAUhu9N/A+k91VaYdhGTNxmohG3KIQs3hUoCxm0zFOm+/djTrboEs/lec9z3vPR701AVGXNA/2qG7OVUGsF0jpWpQJ+knzU7BXXAgrgSlQSuEl5OFsHnA5sXu+10akukdXvWW38gbc5ASD3ptCqA5ePPkpokuQeyWiWMcdm7phlnvSIw6jj0Iwm6Kc0lntoSR+1jX5xgEYuFRihTCvYxMW2h4kdEYc7Y+6OBiPGmG17O2R1iOrWjbSPgi2+c3A8Fy8h2Uh6UOtRMv9UscOiMjZvT1W8u18dIrJA0x/8fLhQwvcwS5XJ4zSMsEfxx2I9I8ExdPN8swqKd5YHz7gusSqSyfA/ddnOCNPA2eIq+6AzacWibOTt28KpmodNmrY2aNgNPLyy6BKXv2+FLw==&RelayState=e1s1 by ConstructRelayStateRedirectUrl() | |
| // 2015-07-10 15:48:53,406 [52] INFO Wellcome.Dds.Auth.Web.LibraryAuthenticationModule[(null)] - redirecting to https://account-uat.wellcome.ac.uk/cas/logout?SAMLResponse=eJx9kV1vgjAUhu9N/A+k91VaYdhGTNxmohG3KIQs3hUoCxm0zFOm+/djTrboEs/lec9z3vPR701AVGXNA/2qG7OVUGsF0jpWpQJ+knzU7BXXAgrgSlQSuEl5OFsHnA5sXu+10akukdXvWW38gbc5ASD3ptCqA5ePPkpokuQeyWiWMcdm7phlnvSIw6jj0Iwm6Kc0lntoSR+1jX5xgEYuFRihTCvYxMW2h4kdEYc7Y+6OBiPGmG17O2R1iOrWjbSPgi2+c3A8Fy8h2Uh6UOtRMv9UscOiMjZvT1W8u18dIrJA0x/8fLhQwvcwS5XJ4zSMsEfxx2I9I8ExdPN8swqKd5YHz7gusSqSyfA/ddnOCNPA2eIq+6AzacWibOTt28KpmodNmrY2aNgNPLyy6BKXv2+FLw==&RelayState=e1s1 | |
| // ERROR! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment