Create release 0.2

Merge branch 'fixes-from-integration-testing'

* fixes-from-integration-testing:
  Update plugin version to 2.0.0.0
  Add CHANGELOG
  Update README
  Add/update logging
  Add LoA URIs for test2
  Get SAML Response from "SAMLResponse" (or "_SAMLResponse") POST parameter
  Always prefix ADFS ContextId with a "_" when we use it as SAML request ID
  Do not urlencode "Context"
  Added copyright and license info
  Removed plugin binaries from project
  - Updated configuration - Created new setup package - Updated ReadMe
  - Changed from HTTP redirect to HTTP post. - Removed authentication service and merge core project into plugin project
  removed Saml ID from request

CHANGELOG

@@ -0,0 +1,6 @@
+Version 0.1 (plugin version 1.0.0.0)
+Initial release
+
+Version 0.2 (plugin version 2.0.0.0)
+Allow the extension to work directly with Stepup-Gateway, removing the need for the "Authentication Services".
+Requires Stepup-Gateway version 2.7.0

SURFnet.Authentication.sln

@@ -1,12 +1,10 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 14
-VisualStudioVersion = 14.0.25420.1
+# Visual Studio 15
+VisualStudioVersion = 15.0.26430.14
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SURFnet.Authentication.Adfs.Plugin", "src\SURFnet.Authentication.Adfs.Plugin\SURFnet.Authentication.Adfs.Plugin.csproj", "{7F165692-9E1E-4231-B3BF-3E3AED44B11A}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SURFnet.Authentication.Core", "src\SURFnet.Authentication.Core\SURFnet.Authentication.Core.csproj", "{964A89B6-FD6D-4153-A489-40A9D7AF50C2}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "SolutionItems", "SolutionItems", "{9D4482C6-E4FA-48DD-A9C3-473B7FF90551}"
 	ProjectSection(SolutionItems) = preProject
 		SolutionItems\SignKentorAuthLibrary.cmd = SolutionItems\SignKentorAuthLibrary.cmd
@@ -15,8 +13,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "SolutionItems", "SolutionIt
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SURFnet.Authentication.Test", "src\SURFnet.Authentication.Test\SURFnet.Authentication.Test.csproj", "{F910F17B-758E-401E-8E30-08A95A4FE661}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SURFnet.Authentication.Service", "src\SURFnet.Authentication.Service\SURFnet.Authentication.Service.csproj", "{D3912778-4399-4EEF-BEF6-38AE8A2FE9D3}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -27,18 +23,10 @@ Global
 		{7F165692-9E1E-4231-B3BF-3E3AED44B11A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7F165692-9E1E-4231-B3BF-3E3AED44B11A}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{7F165692-9E1E-4231-B3BF-3E3AED44B11A}.Release|Any CPU.Build.0 = Release|Any CPU
-		{964A89B6-FD6D-4153-A489-40A9D7AF50C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{964A89B6-FD6D-4153-A489-40A9D7AF50C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{964A89B6-FD6D-4153-A489-40A9D7AF50C2}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{964A89B6-FD6D-4153-A489-40A9D7AF50C2}.Release|Any CPU.Build.0 = Release|Any CPU
 		{F910F17B-758E-401E-8E30-08A95A4FE661}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{F910F17B-758E-401E-8E30-08A95A4FE661}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{F910F17B-758E-401E-8E30-08A95A4FE661}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{F910F17B-758E-401E-8E30-08A95A4FE661}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D3912778-4399-4EEF-BEF6-38AE8A2FE9D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D3912778-4399-4EEF-BEF6-38AE8A2FE9D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D3912778-4399-4EEF-BEF6-38AE8A2FE9D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D3912778-4399-4EEF-BEF6-38AE8A2FE9D3}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

SolutionItems/SignKentorAuthLibrary.cmd

@@ -1 +1 @@
-..\packages\Brutal.Dev.StrongNameSigner.2.1.0\build\StrongNameSigner.Console.exe -a ..\packages\Kentor.AuthServices.0.19.0\lib\net45\Kentor.AuthServices.dll -k SURFnet.Authentication.snk
+..\packages\Brutal.Dev.StrongNameSigner.2.1.0\build\StrongNameSigner.Console.exe -a ..\packages\Kentor.AuthServices.0.21.2\lib\net45\Kentor.AuthServices.dll -k SURFnet.Authentication.snk

src/SURFnet.Authentication.Adfs.Plugin/Adapter.cs

@@ -1,7 +1,24 @@
-namespace SURFnet.Authentication.Adfs.Plugin
+/*
+* Copyright 2017 SURFnet bv, The Netherlands
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace SURFnet.Authentication.Adfs.Plugin
 {
     using System;
     using System.Configuration;
+    using System.IdentityModel.Tokens;
     using System.Net;
     using System.Security.Claims;
     using System.Text;
@@ -12,9 +29,9 @@
 
     using Microsoft.IdentityServer.Web.Authentication.External;
 
+    using SURFnet.Authentication.Adfs.Plugin.Models;
     using SURFnet.Authentication.Adfs.Plugin.Properties;
     using SURFnet.Authentication.Adfs.Plugin.Services;
-    using SURFnet.Authentication.Core;
 
     /// <summary>
     /// The ADFS MFA Adapter.
@@ -46,21 +63,17 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene
             {
                 this.InitializeLogger();
                 this.log.Debug("Enter BeginAuthentication");
-                var url = Settings.Default.AuthenticationServiceUrl;
-                var authRequest = SamlService.CreateAuthnRequest(identityClaim);
-                var request = new SecondFactorAuthRequest(httpListenerRequest.Url)
-                                  {
-                                      SamlRequestId = authRequest.Id.Value,
-                                      SamlRequest = SamlService.Deflate(authRequest),
-                                      SecondFactorEndpoint = Settings.Default.SecondFactorEndpoint
-                                  };
+                this.log.DebugFormat("context.ActivityId='{0}'; context.ContextId='{1}'; conext.Lcid={2}", context.ActivityId, context.ContextId, context.Lcid);
+
+                string authnRequestId = $"_{context.ContextId}";
+                var authRequest = SamlService.CreateAuthnRequest(identityClaim, authnRequestId, httpListenerRequest.Url);
 
                 using (var cryptographicService = new CryptographicService())
                 {
-                    cryptographicService.SignSamlRequest(request);
+                    this.log.DebugFormat("Signing AuthnRequest with id {0}", authnRequestId);
+                    var signedXml = cryptographicService.SignSamlRequest(authRequest);
+                    return new AuthForm(Settings.Default.SecondFactorEndpoint, signedXml);
                 }
-
-                return new AuthForm(url, request);
             }
             catch (Exception ex)
             {
@@ -118,19 +131,38 @@ public IAdapterPresentation OnError(HttpListenerRequest request, ExternalAuthent
         public IAdapterPresentation TryEndAuthentication(IAuthenticationContext context, IProofData proofData, HttpListenerRequest request, out Claim[] claims)
         {
             this.log.Debug("Enter TryEndAuthentication");
+            this.log.DebugFormat("context.ActivityId='{0}'; context.ContextId='{1}'; conext.Lcid={2}", context.ActivityId, context.ContextId, context.Lcid);
+            foreach (var d in context.Data)
+            {
+                this.log.DebugFormat("conext.Data: '{0}'='{1}'", d.Key, d.Value);
+            }
+            foreach (var p in proofData.Properties)
+            {
+                this.log.DebugFormat("proofData.Properties: '{0}'='{1}'", p.Key, p.Value);
+            }
             claims = null;
             try
             {
-                var response = SecondFactorAuthResponse.Deserialize(proofData);
-                this.log.InfoFormat("Received response for request with id '{0}'", response.SamlRequestId.Value);
-                var samlResponse = new Saml2Response(response.SamlResponse, response.SamlRequestId);
+                var response = SecondFactorAuthResponse.Deserialize(proofData, context);
+                string authnRequestId = $"_{ context.ContextId}";
+                this.log.InfoFormat("Received response for request with id '{0}'", authnRequestId);
+                var samlResponse = new Saml2Response(response.SamlResponse, new Saml2Id(authnRequestId));
                 if (samlResponse.Status != Saml2StatusCode.Success)
                 {
                     return new AuthFailedForm(samlResponse.StatusMessage);
                 }
 
                 claims = SamlService.VerifyResponseAndGetAuthenticationClaim(samlResponse);
-                this.log.InfoFormat("Successfully processed response for request with id '{0}'", response.SamlRequestId.Value);
+                foreach (var claim in claims)
+                {
+                    this.log.DebugFormat("claim.Issuer='{0}'; claim.OriginalIssuer='{1}; claim.Type='{2}'; claim.Value='{3}'",
+                        claim.Issuer, claim.OriginalIssuer, claim.Type, claim.Value);
+                    foreach (var p in claim.Properties)
+                    {
+                        this.log.DebugFormat("claim.Properties: '{0}'='{1}'", p.Key, p.Value);
+                    }
+                }
+                this.log.InfoFormat("Successfully processed response for request with id '{0}'", authnRequestId);
                 return null;
             }
             catch (Exception ex)
@@ -164,6 +196,15 @@ private void LogCurrentConfiguration()
                 sb.AppendLine($"{settingsProperty.Name} : '{Settings.Default[settingsProperty.Name]}'");
             }
 
+            sb.AppendLine("Plugin Metadata:");
+            foreach (var am in this.Metadata.AuthenticationMethods)
+            {
+                sb.AppendLine($"AuthenticationMethod: '{am}'");
+            }
+            foreach (var ic in this.Metadata.IdentityClaims)
+            {
+                sb.AppendLine($"IdentityClaim: '{ic}'");
+            }
             try
             {
                 var options = Kentor.AuthServices.Configuration.Options.FromConfiguration;

src/SURFnet.Authentication.Adfs.Plugin/AdapterMetadata.cs

@@ -1,4 +1,20 @@
-namespace SURFnet.Authentication.Adfs.Plugin
+/*
+* Copyright 2017 SURFnet bv, The Netherlands
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace SURFnet.Authentication.Adfs.Plugin
 {
     using System;
     using System.Collections.Generic;
@@ -24,6 +40,8 @@ public class AdapterMetadata : IAuthenticationAdapterMetadata
         /// <value>The authentication methods.</value>
         public string[] AuthenticationMethods => new[]
                                                      {
+                                                         "http://test2.surfconext.nl/assurance/sfo-level2",
+                                                         "http://test2.surfconext.nl/assurance/sfo-level3",
                                                          "http://pilot.surfconext.nl/assurance/sfo-level2",
                                                          "http://pilot.surfconext.nl/assurance/sfo-level3",
                                                          "http://surfconext.nl/assurance/sfo-level2",

src/SURFnet.Authentication.Adfs.Plugin/AuthFailedForm.cs

@@ -1,4 +1,20 @@
-namespace SURFnet.Authentication.Adfs.Plugin
+/*
+* Copyright 2017 SURFnet bv, The Netherlands
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace SURFnet.Authentication.Adfs.Plugin
 {
     using Microsoft.IdentityServer.Web.Authentication.External;
 

src/SURFnet.Authentication.Adfs.Plugin/AuthForm.cs

@@ -1,4 +1,20 @@
-namespace SURFnet.Authentication.Adfs.Plugin
+/*
+* Copyright 2017 SURFnet bv, The Netherlands
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace SURFnet.Authentication.Adfs.Plugin
 {
     using System;
 
@@ -8,19 +24,12 @@
 
     using Properties;
 
-    using SURFnet.Authentication.Core;
-
     /// <summary>
     /// The presentation form for the adapter.
     /// </summary>
     /// <seealso cref="Microsoft.IdentityServer.Web.Authentication.External.IAdapterPresentationForm" />
     public class AuthForm : IAdapterPresentationForm
     {
-        /// <summary>
-        /// The second factor request.
-        /// </summary>
-        private readonly SecondFactorAuthRequest request;
-
         /// <summary>
         /// The service URL.
         /// </summary>
@@ -31,17 +40,22 @@ public class AuthForm : IAdapterPresentationForm
         /// </summary>
         private readonly ILog log;
 
+        /// <summary>
+        /// The signed XML.
+        /// </summary>
+        private readonly string signedXml;
+
         /// <summary>
         /// Initializes a new instance of the <see cref="AuthForm" /> class.
         /// </summary>
         /// <param name="serviceUrl">The service URL.</param>
-        /// <param name="request">The request.</param>
-        public AuthForm(Uri serviceUrl, SecondFactorAuthRequest request)
+        /// <param name="signedXml">The signed XML.</param>
+        public AuthForm(Uri serviceUrl, string signedXml)
         {
             this.log = LogManager.GetLogger("AuthForm");
             this.log.Debug("Entering AuthForm.");
             this.serviceUrl = serviceUrl;
-            this.request = request;
+            this.signedXml = signedXml;
         }
 
         /// <summary>
@@ -51,11 +65,10 @@ public AuthForm(Uri serviceUrl, SecondFactorAuthRequest request)
         /// <returns>The form HTML.</returns>
         public string GetFormHtml(int lcid)
         {
-            var serializedRequest = this.request.Serialize();
-            this.log.DebugFormat("Rendering form for posting request to '{0}'.{1}Serialized Request:{2}", this.serviceUrl, Environment.NewLine, serializedRequest);
+            this.log.DebugFormat("Rendering form for posting request to '{0}'", this.serviceUrl);
             var form = Resources.AuthForm;
             form = form.Replace("%FormUrl%", this.serviceUrl.ToString());
-            form = form.Replace("%Request%", serializedRequest);
+            form = form.Replace("%SAMLRequest%", this.signedXml);
             return form;
         }
 

src/SURFnet.Authentication.Core/Saml2AuthenticationSecondFactorRequest.cs → src/SURFnet.Authentication.Adfs.Plugin/Models/Saml2AuthenticationSecondFactorRequest.cs

@@ -1,4 +1,20 @@
-namespace SURFnet.Authentication.Core
+/*
+* Copyright 2017 SURFnet bv, The Netherlands
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace SURFnet.Authentication.Adfs.Plugin.Models
 {
     using System.Diagnostics.CodeAnalysis;
     using System.IdentityModel.Tokens;
@@ -52,5 +68,14 @@ public override string ToXml()
         {
             return this.ToXElement().ToString();
         }
+
+        /// <summary>
+        /// Sets the identifier of this AuthnRequest.
+        /// </summary>
+        /// <param name="id">The identifier.</param>
+        public void SetId(string id)
+        {
+            this.Id = new Saml2Id(id);
+        }
     }
 }