1

我正在阅读 Okta 对应用程序的响应如下。请让我知道是否有 nuget 包或开源类来读取属性。

        var xml = HttpContext.Request.Form["SAMLResponse"];
        byte[] byteData = Convert.FromBase64String(xml);
        string samlXmlString = Encoding.UTF8.GetString(byteData);
        var stream = new StringReader(samlXmlString);
        var xmlReader = XmlReader.Create(stream);
        XmlDocument doc = new XmlDocument();
        doc.LoadXml(samlXmlString);
        var emailElement = doc.GetElementsByTagName("saml2:NameID");
        var attributes = doc.GetElementsByTagName("saml2:Attribute"); 
        var attributesValues = doc.GetElementsByTagName("saml2:AttributeValue");
        var username = emailElement[0].InnerText;
        var role = attributesValues[0].InnerText;
4

2 回答 2

1

SAML response attributes can be read from following code.

var responseDecoded = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(HttpContext.Current.Request.Form["SAMLResponse"])));

        // Pick out the token
        using (StringReader sr = new StringReader(responseDecoded))
        {
            using (XmlReader reader = XmlReader.Create(sr))
            {
                reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");

                // Deserialize the token so that data can be taken from it and plugged into the RSTR
                SecurityTokenHandlerCollection coll = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
                token = (Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
            }
        }

        if (token != null)
        {
            UserName = token.Assertion.Subject.NameId.Value;
            Issuer = token.Assertion.Issuer.Value;

            var saml2Statement = token.Assertion.Statements.FirstOrDefault(x => x.GetType() == new Saml2AttributeStatement().GetType());
            if (saml2Statement != null)
            {
                var attributes = ((Saml2AttributeStatement)saml2Statement).Attributes;
                if (attributes != null)
                {
                    if (attributes.FirstOrDefault(x => x.Name.ToString().ToLower().Equals("firstname")) != null)
                        FirstName = attributes.FirstOrDefault(x => x.Name.ToString().ToLower().Equals("firstname")).Values.FirstOrDefault();

                    if (attributes.FirstOrDefault(x => x.Name.ToString().ToLower().Equals("lastname")) != null)
                        LastName = attributes.FirstOrDefault(x => x.Name.ToString().ToLower().Equals("lastname")).Values.FirstOrDefault();
                }
            }
        }
于 2015-02-17T22:37:30.767 回答
0

不要直接解析 SAML 响应。检查SAML 响应上的XML 签名至关重要。否则,未经授权的用户很容易使用 SAML 登录到您的系统。

我一直无法找到一个好的 NuGet 或开源包来解析 .NET 中的 SAML。因此,我建议使用来自 ComponentSpace 的SAML v2.0 SSO组件。一旦配置了 ComponentSpace 包,解析 SAML 响应就像这样简单:

bool isInResponseTo = false;
string partnerIdP = null;
string userName = null;
IDictionary<string, string> attributes = null;
string targetUrl = null;

try
{
    SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);
}
catch (ComponentSpace.SAML2.Exceptions.SAMLException exception)
{
    throw exception;
}

在上面的示例代码中,来自 SAML 响应的属性将在attributesIDictionary 中。

如果您将 SAML v2.0 SSO 组件安装到系统的默认位置,您将在C:\Program Files (x86)\ComponentSpace SAML v2.0 for .NET\Examples\SSO\HighLevelAPI\MVC\MvcExampleServiceProvider\Controllers

于 2015-01-15T18:29:14.500 回答