ComponentSpace

Forums



Including XML in AttributeValue


Including XML in AttributeValue

Author
Message
bkrell
bkrell
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 4, Visits: 7
I have a requirement to pass XML data in a CDATA section in an attribute in the SAMLResponse. I am using ASP.NET Core and have ComponentSpace v2.0.6. I'm using the low level API. I've seen some forum postings of examples of doing this for ASP.NET. But the same code doesn't compile for the .NET Core. I can't seem to find the methods/classes RegisterAttributeValueSerializer or XmlAttributeValueSerializer. What is the way to do this in .NET Core?

Here's an example that I modified slightly from another forum posting.
ComponentSpace.Saml2.Assertions.AttributeType.RegisterAttributeValueSerializer("ppc_plans", SamlConstants.AttributeNameFormats.Basic, new XmlAttributeValueSerializer());
var xmlDocument = new XmlDocument();
xmldocument.LoadXml(vendorNetworkListXmlString);
samlAttribute = new SamlAttribute("ppc_plans", SAMLIdentifiers.AttributeNameFormats.Basic, "ppc_plans");
samlAttribute.Values.Add(new AttributeValue(xmldocument.DocumentElement));
attributeStatement.Attributes.Add(samlAttribute);

Thank you
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The following code demonstrates creating a SAML attribute whose value is a CDATA section.


// Create some test XML.
var xmlDocument = new XmlDocument()
{
  PreserveWhitespace = true
};

xmlDocument.LoadXml("<test><![CDATA[this is a test]]></test>");

// Create the SAML attribute with the CDATA section as the attribute value.
// NB. The Type is cleared as it defaults to string.
var samlAttribute = new SamlAttribute()
{
    Name = "test",
    AttributeValues = new List<AttributeValue>
    {
        new AttributeValue()
        {
            Type = null,
            Data = new List<XmlNode>()
            {
                xmlDocument.DocumentElement.FirstChild
            }
        }
    }
};



The resultant XML is:


<saml:Attribute Name="test">
<saml:AttributeValue>
    <![CDATA[ this is a test ]]>
</saml:AttributeValue>
</saml:Attribute>




Regards
ComponentSpace Development
bkrell
bkrell
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 4, Visits: 7
ComponentSpace - 10/2/2019
The following code demonstrates creating a SAML attribute whose value is a CDATA section.


// Create some test XML.
var xmlDocument = new XmlDocument()
{
  PreserveWhitespace = true
};

xmldocument.LoadXml("<test><![CDATA[this is a test]]></test>");

// Create the SAML attribute.
var samlAttribute = new SamlAttribute()
{
  Name = "test"
};


// Add the CDATA section as the attribute value.
// NB. The Type is cleared as it defaults to string.
samlAttribute.AttributeValues.Add(new AttributeValue()
{
  Type = null,
  Data = new List<XmlNode>()
  {
   xmldocument.DocumentElement.FirstChild
  }
});



The resultant XML is:


<saml:Attribute Name="test">
<saml:AttributeValue>
    <![CDATA[ this is a test ]]>
</saml:AttributeValue>
</saml:Attribute>



Thank you that worked.
The only thing I would add is the following code, to add the SAML attribute into the SAML assertion. It took me awhile to figure this out since you can't use assertion.SetAttributeValue() as it doesn't take a SamlAttribute.

      AttributeStatement statement = new AttributeStatement();
       AttributeListItem listItem = new AttributeListItem();
       listItem.SamlAttribute = samlAttribute;
       statement.Attributes.Add(listItem);
       assertion.Statements.Add(statement);


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
That's true and thanks for sharing.

Note that for the great majority of use cases we recommend using the SAML high-level API. For an IdP this is the ISamlIdentityProvider interface. Using the high-level API, you don't have to construct the SAML assertion as this is done for you.


Regards
ComponentSpace Development
bkrell
bkrell
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 4, Visits: 7
ComponentSpace - 10/2/2019
That's true and thanks for sharing.

Note that for the great majority of use cases we recommend using the SAML high-level API. For an IdP this is the ISamlIdentityProvider interface. Using the high-level API, you don't have to construct the SAML assertion as this is done for you.

I know, but for other reasons we can't use the high level API as this code is in a separate microservice docker container that is called from a variety of front ends.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Understood. It sounds like you fall into the set of use cases where calling the low-level API makes sense.

Regards
ComponentSpace Development
bkrell
bkrell
New Member
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)

Group: Forum Members
Posts: 4, Visits: 7
ComponentSpace - 10/2/2019
Understood. It sounds like you fall into the set of use cases where calling the low-level API makes sense.

Even if I could use the high-level API, wouldn't I still need to use the low-level API code you posted above to add in my custom XML in a CDATA section of a SAML attribute?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
No. The SAML high-level API accepts SamlAttribute objects. This is different from the SAML for ASP.NET API.
Here's some code from the ExampleIdentityProvider project.


// Get the name of the logged in user.
var userName = User.Identity.Name;

// For demonstration purposes, include some claims.
var attributes = new List<SamlAttribute>()
{
  new SamlAttribute(ClaimTypes.Email, User.FindFirst(ClaimTypes.Email)?.Value),
  new SamlAttribute(ClaimTypes.GivenName, User.FindFirst(ClaimTypes.GivenName)?.Value),
  new SamlAttribute(ClaimTypes.Surname, User.FindFirst(ClaimTypes.Surname)?.Value),
};

var partnerName = _configuration["PartnerName"];
var relayState = _configuration["RelayState"];

// Initiate single sign-on to the service provider (IdP-initiated SSO)
// by sending a SAML response containing a SAML assertion to the SP.
// The optional relay state normally specifies the target URL once SSO completes.
await _samlIdentityProvider.InitiateSsoAsync(partnerName, userName, attributes, relayState);



These SAML attributes are string values but you could also construct a SAML attribute as shown in my previous reply. That's what I did to test the code I included here.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search