Redirect After SAML Authentication (VB .NET)

Subject: Redirect After SAML Authentication (VB .NET)
Date: 2018-11-27 17:21:48
From: CMcHenry
Source: redirect-saml-authentication-vb-net
----------------------------------------------------------------------

We are using a trial of your software for an IdP-initiated SAML authentication.

Our service partner has an assertion consumer service URL.  After authenticating through that URL we need to redirect to a different URL.  The redirect URL is the SP's base URL plus a query string and then the full text of the SAML response, both Base64 encoded and URL encoded.

The actual text of the SAML response is correct - the service provider gave us a sample for us to match for the initial testing.  The problem is just with the redirect.  Is there a way to do this?


    Dim samlResponse As New ComponentPro.Saml2.Response()    
    Dim issuer As New ComponentPro.Saml2.Issuer(CreateAbsoluteURL("NS:saml2:entityid"))
    samlResponse.Issuer = issuer
    samlResponse.Status = New ComponentPro.Saml2.Status(ComponentPro.Saml2.SamlPrimaryStatusCode.Success, Nothing)
    
    Dim samlAssertion As New ComponentPro.Saml2.Assertion()
    samlAssertion.Issuer = issuer
    
    Dim subject As New ComponentPro.Saml2.Subject(New ComponentPro.Saml2.NameId("ava", "", "", ComponentSpace.SAML2.SAMLIdentifiers.NameIdentifierFormats.Unspecified, ""))
    Dim subjectConfirmation As New ComponentPro.Saml2.SubjectConfirmation(ComponentPro.Saml2.SamlSubjectConfirmationMethod.Bearer)
    Dim subjectConfirmationData As New ComponentPro.Saml2.SubjectConfirmationData()
    subjectConfirmationData.Recipient = AssertionConsumerServiceUrl
    subjectConfirmation.SubjectConfirmationData = subjectConfirmationData
    subject.SubjectConfirmations.Add(subjectConfirmation)
    samlAssertion.Subject = subject    
    
    Dim authnStatement As New ComponentPro.Saml2.AuthnStatement()
    authnStatement.AuthnContext = New ComponentPro.Saml2.AuthnContext()
    authnStatement.AuthnContext.AuthnContextClassRef = New ComponentPro.Saml2.AuthnContextClassRef(ComponentPro.Saml2.SamlAuthenticationContext.Unspecified)
    samlAssertion.Statements.Add(authnStatement)
    
    samlAssertion.Conditions = New ComponentPro.Saml2.Conditions(New TimeSpan(0, 10, 0))
    Dim audienceRestriction As New ComponentPro.Saml2.AudienceRestriction()
    audienceRestriction.Audiences.Add(New ComponentPro.Saml2.Audience("WR_ROLE_SP"))
    samlAssertion.Conditions.ConditionsList.Add(audienceRestriction)
    
    Dim attributeStatement As New ComponentPro.Saml2.AttributeStatement()
    
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("org_code", ComponentPro.Saml2.SamlAttributeNameFormat.Basic, "", "xs:string", "NSTEST"))
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_gender", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "F"))
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_dob", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "09/30/1930"))
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("login_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "jdoe"))
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_last_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "Smith"))
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_first_name", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "Mary"))
    attributeStatement.Attributes.Add(New ComponentPro.Saml2.Attribute("patient_number", ComponentSpace.SAML2.SAMLIdentifiers.AttributeNameFormats.Basic, "", "xs:string", "12345"))
    
    samlAssertion.Statements.Add(attributeStatement)
        
    Dim x509Certificate As X509Certificate2 = DirectCast(Application(IdPX509Certificate), X509Certificate2)    
    samlResponse.Sign(x509Certificate.PrivateKey, x509Certificate, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
    
    samlResponse.Assertions.Add(samlAssertion)
    
    Dim samlResponseStr As String = samlResponse.ToString()
    
    Dim bytesToEncode() As Byte = Encoding.UTF8.GetBytes(samlResponseStr)
    Dim encodedData As String = Convert.ToBase64String(bytesToEncode)
    
    Dim strUrl As String = "http://trainingsite.com/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=" & Server.UrlEncode(encodedData)
    
    samlResponse.SendHttpPost(Response, AssertionConsumerServiceUrl, strUrl)

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index