Using SAML 2.0 protocol to obtain SAML 2.0 assertion XML

0
votes

I would like to obtain SAML 2.0 token by using SAML 2.0 protocol instead of WSTrust. ADFS 3.0 is used. Are there any nuget packages or other libraries that can achieve that?

Current code is using WSTrust and KERBEROS:

WSTrustChannelFactory trustChannelFactory = null;
var bindingElementCollection = new BindingElementCollection();
    bindingElementCollection.Add(SecurityBindingElement.CreateKerberosOverTransportBindingElement());

    trustChannelFactory = new WSTrustChannelFactory
    (
        new CustomBinding(bindingElementCollection),
        new EndpointAddress(kerberosmixedendpoint)
    );

    trustChannelFactory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;


trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;

var requestSecurityToken = new RequestSecurityToken
{
    RequestType = RequestTypes.Issue,
    AppliesTo = new EndpointReference(Url),
    KeyType = KeyTypes.Bearer,
};   


var channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

var securityToken = await Task<GenericXmlSecurityToken>.Factory.FromAsync(
    channel.BeginIssue, ar =>
    {
        GenericXmlSecurityToken token = null;

        try
        {
            token = channel.EndIssue(ar, out RequestSecurityTokenResponse response)
                as GenericXmlSecurityToken;
        }
        catch (Exception ex)
        {
        }

        return token as GenericXmlSecurityToken;
    },
    requestSecurityToken,
    null
);

result = securityToken?.TokenXml?.OuterXml;

so I need to get smth like this securityToken?.TokenXml?.OuterXml but using SAMLP protocol. I cannot use WIF since it does not support SAML 2.0 protocol.

1
c#samlwif
So are you wanting to use the ECP profile? I'm not aware of any easy way to do it in .NET without using the basic building blocks and pulling them together yourself. - Damien_The_Unbeliever
I am a bit newbie what comes to SAML so any help would be appreciated! I don't know yet what does ECP profile mean... Probably you are right that I have to do a manual implementation of all requests and signings to obtain SAML 2 token via SAML 2,0 protocol in .NET. I was just wondering if there were any libraries/packages available to make my life simpler... I found some libraries and examples but those were related to ASP.NET/MVC applications only rather than c#/WPF/Desktop apps - staserdevel
Almost everyone using SAML is using a profile where there's a browser at the client end - that can support redirects, etc. But if you're writing a WPF app, your interaction with the IDP is going to be very different to how a browser would work. - Damien_The_Unbeliever

1 Answers

0
votes

You could include the code files available in below location in your project, to gain access to all basic method calls you would need to construct a SAML Request, Decrypt & Validate SAML Response, Read SAML Assertion etc.

https://github.com/onelogin/dotnet-saml/tree/master/App_Code