Skip to content

Add support for inflating (decompressing) response SAML messages. #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zarusz wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for inflating (decompressing) response SAML messages. #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion src/SAML2.Core/Config/IdentityProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ public class IdentityProvider
/// <value>The response encoding.</value>
public string ResponseEncoding { get; set; }


/// <summary>
/// Gets or sets the artifact resolution.
/// </summary>
Expand Down
9 changes: 9 additions & 0 deletions src/SAML2.Core/Config/Saml2Configuration.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,15 @@ public class Saml2Configuration
/// <value>The service provider.</value>
public ServiceProvider ServiceProvider { get; set; }

/// <summary>
/// Gets or sets a value weather the response SAML message from IdP should be decompressed after it's BAse64 endoded.
/// Compression is used by some IdP providers for example PingFederate.
/// This perform these decode steps: https://www.samltool.com/decode.php (see Base64 Decode + Inflate page)
/// Default: false
/// </summary>
/// <value>The response encoding.</value>
public bool InflateResponseMessage { get; set; }

public Saml2Configuration()
{
IdentityProviders = new IdentityProviders();
Expand Down
29 changes: 25 additions & 4 deletions src/SAML2.Core/Protocol/Utility.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.IO.Compression;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
Expand Down Expand Up @@ -153,14 +154,34 @@ public static void PreHandleAssertion(XmlElement elem, IdentityProvider endpoint
/// </summary>
/// <param name="samlResponse">This is base64 encoded SAML Response (usually SAMLResponse on query string)</param>
/// <param name="encoding">The encoding.</param>
/// <param name="infateResponse">Wheater the response message should be inflated (decompressed).</param>
/// <returns>The decoded SAML response XML.</returns>
public static XmlDocument GetDecodedSamlResponse(string samlResponse, Encoding encoding)
public static XmlDocument GetDecodedSamlResponse(string samlResponse, Encoding encoding, bool infateResponse)
{
logger.Debug(TraceMessages.SamlResponseDecoding);

var samlResponseBytes = Convert.FromBase64String(samlResponse);
if (infateResponse)
{
logger.Debug(TraceMessages.SamlResponseDecodingDeflating);

// The response message is compressed using the Deflate algorith. Need to decompress it first.
using (var decompressedStream = new MemoryStream())
{
using (var compressedStream = new MemoryStream(samlResponseBytes))
using (var decompressor = new DeflateStream(compressedStream, CompressionMode.Decompress))
{
decompressor.CopyTo(decompressedStream);
}
samlResponseBytes = decompressedStream.ToArray();
}

logger.Debug(TraceMessages.SamlResponseDecodingDeflated);
}

samlResponse = encoding.GetString(samlResponseBytes);

var doc = new XmlDocument { PreserveWhitespace = true };
samlResponse = encoding.GetString(Convert.FromBase64String(samlResponse));
doc.LoadXml(samlResponse);

logger.DebugFormat(TraceMessages.SamlResponseDecoded, samlResponse);
Expand Down Expand Up @@ -381,7 +402,7 @@ public static void HandleSoap(HttpArtifactBindingBuilder builder, Stream inputSt
public static Saml20Assertion HandleResponse(Saml2Configuration config, string samlResponse, IDictionary<string, object> session, Func<string, object> getFromCache, Action<string, object, DateTime> setInCache)
{
var defaultEncoding = Encoding.UTF8;
var doc = Utility.GetDecodedSamlResponse(samlResponse, defaultEncoding);
var doc = Utility.GetDecodedSamlResponse(samlResponse, defaultEncoding, config.InflateResponseMessage);
logger.DebugFormat(TraceMessages.SamlResponseReceived, doc.OuterXml);

// Determine whether the assertion should be decrypted before being validated.
Expand Down Expand Up @@ -419,7 +440,7 @@ public static Saml20Assertion HandleResponse(Saml2Configuration config, string s
}

if (encodingOverride.CodePage != defaultEncoding.CodePage) {
var doc1 = GetDecodedSamlResponse(samlResponse, encodingOverride);
var doc1 = GetDecodedSamlResponse(samlResponse, encodingOverride, config.InflateResponseMessage);
assertion = GetAssertion(doc1.DocumentElement, out isEncrypted);
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/SAML2.Core/Resources.Designer.cs
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 8 additions & 2 deletions src/SAML2.Core/TraceMessages.resx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,10 @@
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="ArtifactCreated" xml:space="preserve">
<value>Artifact created: {0}</value>
Expand Down Expand Up @@ -273,4 +273,10 @@
<data name="SignOnHandlerCalled" xml:space="preserve">
<value>SignOn handler called</value>
</data>
<data name="SamlResponseDecodingDeflating" xml:space="preserve">
<value>Deflating the response SAML message</value>
</data>
<data name="SamlResponseDecodingDeflated" xml:space="preserve">
<value>The response SAML message was deflated</value>
</data>
</root>
4 changes: 2 additions & 2 deletions src/SAML2.sln
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 14
VisualStudioVersion = 14.0.22310.1
# Visual Studio 2013
VisualStudioVersion = 12.0.31101.0
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SAML2.Core", "SAML2.Core\SAML2.Core.csproj", "{75E5BAD2-A20C-43CC-B5C8-38004CEDBDFD}"
EndProject
Expand Down