How do I correctly prepare an 'HTTP Redirect Binding' SAML Request using C#
I need to create an SP initiated SAML 2.0 Authentication transaction using HTTP Redirect Binding method. It turns out this is quite easy. Just get the IdP URI and concatenat
-
I've just run the following code with your example SAML:
var saml = string.Format(sample, Guid.NewGuid()); var bytes = Encoding.UTF8.GetBytes(saml); string middle; using (var output = new MemoryStream()) { using (var zip = new DeflaterOutputStream(output)) zip.Write(bytes, 0, bytes.Length); middle = Convert.ToBase64String(output.ToArray()); } string decoded; using (var input = new MemoryStream(Convert.FromBase64String(middle))) using (var unzip = new InflaterInputStream(input)) using (var reader = new StreamReader(unzip, Encoding.UTF8)) decoded = reader.ReadToEnd(); bool test = decoded == saml;The test variable is
true. This means that the zip/base64/unbase64/unzip roundtrip performs correctly. The error must occur later. Maybe the URLEncoder destroys them? Could you try similar urlencode/decode test? Also, check how long the result is. It may be possible that the resulting URL is truncated due to its length.(edit: I've added a StreamReader instead of reading to arrays. Earlier my sample used bytes.Length to prepare the buffer and that could damage the test. Now the reading uses only the information from the compressed stream)
edit:
var saml = string.Format(sample, Guid.NewGuid()); var bytes = Encoding.UTF8.GetBytes(saml); string middle; using (var output = new MemoryStream()) { using (var zip = new DeflateStream(output, CompressionMode.Compress)) zip.Write(bytes, 0, bytes.Length); middle = Convert.ToBase64String(output.ToArray()); } // MIDDLE is the thing that should be now UrlEncode'd string decoded; using (var input = new MemoryStream(Convert.FromBase64String(middle))) using (var unzip = new DeflateStream(input, CompressionMode.Decompress)) using (var reader = new StreamReader(unzip, Encoding.UTF8)) decoded = reader.ReadToEnd(); bool test = decoded == saml;this code produces a
middlevariable, that once is UrlEncoded, passes through the debugger properly.DeflateStreamcomes from the standard .Net'sSystem.IO.Compressionnamespace. I don't have the slightest idea why the SharpZip's Deflate is not accepted by the 'debugger' site. It is undeniable that the compression works, as it manages to decompress the data properly.. it just has to be some difference in the algorithms, but I cannot tell what is the difference between this deflate and that deflate, d'oh.讨论(0) -
The question at the top contains a "Decode SAMLResponse - Working Code" section, but that code seemed broken. After trying a few things, I discovered that it was trying to read and write to the same stream at the same time. I reworked it by separating the read and write streams and here is my solution (I am providing the request section for convenience and clarity):
Encode SAML Authentication Request:
public static string EncodeSamlAuthnRequest(this string authnRequest) { var bytes = Encoding.UTF8.GetBytes(authnRequest); using (var output = new MemoryStream()) { using (var zip = new DeflateStream(output, CompressionMode.Compress)) { zip.Write(bytes, 0, bytes.Length); } var base64 = Convert.ToBase64String(output.ToArray()); return HttpUtility.UrlEncode(base64); } }Decode SAML Authentication Response:
public static string DecodeSamlAuthnRequest(this string encodedAuthnRequest) { var utf8 = Encoding.UTF8; var bytes = Convert.FromBase64String(HttpUtility.UrlDecode(encodedAuthnRequest)); using (var output = new MemoryStream()) { using (var input = new MemoryStream(bytes)) { using (var unzip = new DeflateStream(input, CompressionMode.Decompress)) { unzip.CopyTo(output, bytes.Length); unzip.Close(); } return utf8.GetString(output.ToArray()); } } }讨论(0)
加载中...
- 热议问题