AWSSAML.AWSSAMLUtils.GetAwsSamlRoles C# (CSharp) Метод

        public string[] GetAwsSamlRoles(string samlAssertion)
        {
            string[] awsSamlRoles = null;
            XmlDocument doc = new XmlDocument();
            StringBuilder sb = new StringBuilder();
            StringWriter sw = new StringWriter(sb);
            byte[] decoded = Convert.FromBase64String(samlAssertion);
            string deflated = Encoding.UTF8.GetString(decoded);

            doc.LoadXml(deflated);
            using (XmlTextWriter tw = new XmlTextWriter(sw) { Formatting = Formatting.Indented })
            {
                doc.WriteTo(tw);
            }

            XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);
            nsmgr.AddNamespace("response", "urn:oasis:names:tc:SAML:2.0:assertion");
            string xPathString = "//response:Attribute[@Name='https://aws.amazon.com/SAML/Attributes/Role']";
            XmlNodeList roleAttributeNodes = doc.DocumentElement.SelectNodes(xPathString, nsmgr);

            if (roleAttributeNodes != null && roleAttributeNodes.Count > 0)
            {
                XmlNodeList roleNodes = roleAttributeNodes[0].ChildNodes;

                awsSamlRoles = new string[roleNodes.Count];

                for (int i = 0; i < roleNodes.Count; i++)
                {
                    XmlNode roleNode = roleNodes[i];
                    if (roleNode.InnerText.Length > 0)
                    {
                        string[] chunks = roleNode.InnerText.Split(',');
                        string newAwsSamlRole = chunks[0] + ',' + chunks[1];
                        awsSamlRoles[i] = newAwsSamlRole;
                    }
                }
            }

            return awsSamlRoles;
        }

        protected override void ProcessRecord()
        {
            try
            {
                AWSSAMLUtils          awsSamlUtils          = new AWSSAMLUtils();
                SessionAWSCredentials awsSessionCredentials = null;

                ICredentials userCredentials = GetUserCredentials(useCurrentCredentials);

                Uri uri = new Uri(identityProviderUrl);
                NetworkCredential networkCredentials = userCredentials.GetCredential(uri, "");
                if (CredentialCache.DefaultCredentials != userCredentials)
                {
                    ImpersonateUser(networkCredentials.UserName, networkCredentials.Password, networkCredentials.Domain);
                }

                string   samlAssertion = awsSamlUtils.GetSamlAssertion(identityProviderUrl);
                string[] awsSamlRoles  = awsSamlUtils.GetAwsSamlRoles(samlAssertion);
                UnImpersonateUser();

                string awsSamlRole = null;
                if (roleIndex < awsSamlRoles.Length)
                {
                    awsSamlRole = awsSamlRoles[roleIndex];
                }
                else if (!string.IsNullOrEmpty(role))
                {
                    awsSamlRole = awsSamlRoles.FirstOrDefault(p => p.Contains(role));
                    if (awsSamlRole == null)
                    {
                        throw new ArgumentException(string.Format("role {0} not found in list of available roles: {1}", role, string.Join(", ", awsSamlRoles)));
                    }
                }
                else
                {
                    awsSamlRole = AskUserForAwsSamlRole(awsSamlRoles);
                }

                awsSessionCredentials = awsSamlUtils.GetSamlRoleCredentails(samlAssertion, awsSamlRole);
                SetPowershellSamlProfile(awsSessionCredentials.GetCredentials());
            }
            catch
            {
                throw;
            }
        }