private IDictionary<string, string> ExtractRoleData()
{
var doc = new XmlDocument();
//var sw = new StringWriter(CultureInfo.InvariantCulture);
var decoded = Convert.FromBase64String(AssertionDocument);
var deflated = Encoding.UTF8.GetString(decoded);
doc.LoadXml(deflated);
//using (var tw = new XmlTextWriter(sw) { Formatting = Formatting.Indented })
//{
// doc.WriteTo(tw);
//}
var nsmgr = new XmlNamespaceManager(doc.NameTable);
nsmgr.AddNamespace("response", AssertionNamespace);
var roleAttributeNodes = doc.DocumentElement.SelectNodes(RoleXPath, nsmgr);
var discoveredRoles = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
if (roleAttributeNodes != null && roleAttributeNodes.Count > 0)
{
var roleNodes = roleAttributeNodes[0].ChildNodes;
// we use this in case we encounter a provider that does allow duplicate
// role definitions (unlikely)
var seenRoles = new HashSet<string>(StringComparer.Ordinal);
foreach (XmlNode roleNode in roleNodes)
{
if (!string.IsNullOrEmpty(roleNode.InnerText))
{
var chunks = roleNode.InnerText.Split(new[] { ',' }, 3);
var samlRole = chunks[0] + ',' + chunks[1];
if (!seenRoles.Contains(samlRole))
{
// It is possible to configure the same role name across different accounts
// so we much take account number into consideration to get the friendly name
// to avoid duplicate keys
var roleNameStart = chunks[1].LastIndexOf("::", StringComparison.Ordinal);
string roleName;
if (roleNameStart >= 0)
roleName = chunks[1].Substring(roleNameStart + 2);
else
roleName = chunks[1];
discoveredRoles.Add(roleName, samlRole);
seenRoles.Add(samlRole);
}
}
}
}
return discoveredRoles;
}
}