XmlDocument createGlobalConfiguration()
{
/* Yuqing: I know there is a lot of hardcode, we will refactor later, for now only fix those value effect testing
* with different AD FS name, domain name, certificates
*
*/
XmlDocument doc = new XmlDocument();
XmlNode configuration = doc.CreateNode(XmlNodeType.Element, "Configuration", null);
XmlNode global = doc.CreateNode(XmlNodeType.Element, "GlobalConfig", null);
XmlNode endpoint = doc.CreateNode(XmlNodeType.Element, "EndpointConfig", null);
doc.AppendChild(configuration);
configuration.AppendChild(global);
configuration.AppendChild(endpoint);
XmlAttribute attr = doc.CreateAttribute("ADFSWebApplicationProxyRelyingPartyUri");
attr.Value = Constraints.DefaultProxyRelyingPartyTrustIdentifier;
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AccessCookieEncryption");
attr.Value = "true";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AccessCookieEncryptionKey");
attr.Value = "03u7p4AjlGaItiKM+tH8Dw==";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AccessTokenApplicationUrlClaimName");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AccessTokenClientCertificateClaimName");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AccessTokenName");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AccessTokenUpnClaimName");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AppProxySPN");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AuthenticationPackageNameLSA");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("AuthenticationPackageNameSSPI");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("ConfigurationChangesPollingIntervalSec");
attr.Value = "30";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("ConnectedServersName");
attr.Value = "Proxy.contoso.com:";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("OAuthAuthenticationURL");
attr.Value = "https://" + EnvironmentConfig.ADFSFamrDNSName + AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Auth);
global.Attributes.Append(attr);
attr = doc.CreateAttribute("ServiceAccountNameForKCD");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("ServiceAccountPasswordForKCD");
attr.Value = "";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("StsTokenSigningCertificatePublicKey");
attr.Value = Convert.ToBase64String(SigningCertificate.GetPublicKey()); //"MIIC3DCCAcSgAwIBAgIQQFj5UayT6otPjYDPbLshbjANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9BREZTIFNpZ25pbmcgLSBhZGZzLmNvbnRvc28uY29tMB4XDTEzMTEwMTA3NDg0OVoXDTE0MTEwMTA3NDg0OVowKjEoMCYGA1UEAxMfQURGUyBTaWduaW5nIC0gYWRmcy5jb250b3NvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALedGmaVh0sbS3jQZLQSoVedbP+kzA5cosw8MVuIrKJefxOom4uOGH99wKic88kbezEoeDAbYugZ9Iwgez0Lpp1YYvDfaNwmNX3wPRciPcZ7NQMTkLO2GcBBw+zhWtcN31f2MMePTJIQIPvRAzUUtGwerbH9MkmBdmKAkVmVXV50lqFmngZg4fUMV1MRDe3mdc3IkWn/JZB2ffCoyI4ojRfh6hYcOeKT4mtixjyt7w+/lzLB55LceMnwjvS8SAUeLRHUFLn9NgnKFWjUj2556oszVDTgNwcbyWp6WklvlzU3bMwRvoXTliZhPcktryv5jPnNXJ8T8B1ohEoeU8ti/UUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEALnDcFyHYQmPCoHaABsj0u58RluT56iXduTeIO+FoC9BGO5uxqbcFte9yWRXkSUUkdatxgprhG8V+BlcU3f74MzKlZkDDHSrtMvTkabK+zRE6HBllQ1k29ve9a2KFWWEU8LEgeTa+i5aY6oC34GiiaoNjewyiC/jahsGeeY0SPl4F2yArhLlQubGlFjdkWitkOUmTM9S3tykhWmOkGQrmWQRisLzwJZ2//Xb3vAexg+mHpNE69v0Syn9uxblmZ3pgF1voGbXswG81NBkiVYZBGZ5dqPRVkDju0N7zWxsgARg/o1ZhCPaQXWNqTpliLzppkM1grUVqs5XJMYzcY/A4Mw==";
global.Attributes.Append(attr);
attr = doc.CreateAttribute("StsUrl");
attr.Value = "https://" + EnvironmentConfig.ADFSFamrDNSName + AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Ls);
global.Attributes.Append(attr);
attr = doc.CreateAttribute("ADFSRelyingPartyID");
attr.Value = "0c820403-cd42-e311-80b9-00155db08b14";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("ADFSRelyingPartyName");
attr.Value = "fed1";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("AppID");
attr.Value = "30D8A29C-A508-84F8-F5B3-726D1513B785";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("AppName");
attr.Value = EnvironmentConfig.App1Name;
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("ApplicationType");
attr.Value = "PublishedWebApplication";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("BackendAuthNMode");
attr.Value = "None";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("BackendAuthNSPN");
attr.Value = "";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("BackendCertValidationMode");
attr.Value = "None";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("BackendUrl");
attr.Value = EnvironmentConfig.App1Url;
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("ClientCertBindingMode");
attr.Value = "None";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("ClientCertificatePreauthenticationThumbprint");
attr.Value = "";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("ExternalCertificateThumbprint");
attr.Value = new X509Certificate2(EnvironmentConfig.WebAppCert, "123").Thumbprint;
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("ExternalPreauthentication");
attr.Value = "ADFS";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("FrontendUrl");
attr.Value = EnvironmentConfig.App1Url;
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("InactiveTransactionsTimeoutSec");
attr.Value = "300";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("TranslateUrlInRequestHeaders");
attr.Value = "true";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("TranslateUrlInResponseHeaders");
attr.Value = "true";
endpoint.Attributes.Append(attr);
attr = doc.CreateAttribute("UseOAuthAuthentication");
attr.Value = "false";
endpoint.Attributes.Append(attr);
return(doc);
}
static private STSConfiguration createValidStsConfigurationResponse()
{
EndpointConfiguration ec = new EndpointConfiguration();
List <Endpoint> eps = new List <Endpoint>();
Endpoint fed = new Endpoint();
fed.AuthenticationSchemes = AuthType.Anonymous;
fed.CertificateValidation = CertificateValidation.None;
fed.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
fed.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.FederationMetadata);
fed.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.FederationMetadata);
fed.ServicePortType = PortType.HttpsPort;
fed.PortType = PortType.HttpsPort;
fed.SupportsNtlm = false;
eps.Add(fed);
Endpoint ls = new Endpoint();
ls.AuthenticationSchemes = AuthType.Anonymous;
ls.CertificateValidation = CertificateValidation.Device;
ls.ClientCertificateQueryMode = ClientCertificateQueryMode.QueryAndRequire;
ls.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Ls);
ls.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Ls);
ls.ServicePortType = PortType.HttpsPort;
ls.PortType = PortType.HttpsPort;
ls.SupportsNtlm = false;
eps.Add(ls);
Endpoint ls2 = new Endpoint();
ls2.AuthenticationSchemes = AuthType.Anonymous;
ls2.CertificateValidation = CertificateValidation.User;
ls2.ClientCertificateQueryMode = ClientCertificateQueryMode.QueryAndRequire;
ls2.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Ls);
ls2.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Ls);
ls2.ServicePortType = PortType.HttpsPortForUserTlsAuth;
ls2.PortType = PortType.HttpsPortForUserTlsAuth;
ls2.SupportsNtlm = false;
eps.Add(ls2);
Endpoint portal1 = new Endpoint();
portal1.AuthenticationSchemes = AuthType.Anonymous;
portal1.CertificateValidation = CertificateValidation.None;
portal1.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
portal1.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Portal);
portal1.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Portal);
portal1.ServicePortType = PortType.HttpsPortForUserTlsAuth;
portal1.PortType = PortType.HttpsPortForUserTlsAuth;
portal1.SupportsNtlm = false;
eps.Add(portal1);
Endpoint oauth2token = new Endpoint();
oauth2token.AuthenticationSchemes = AuthType.Anonymous;
oauth2token.CertificateValidation = CertificateValidation.None;
oauth2token.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
oauth2token.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Token);
oauth2token.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Token);
oauth2token.ServicePortType = PortType.HttpsPort;
oauth2token.PortType = PortType.HttpsPort;
oauth2token.SupportsNtlm = false;
eps.Add(oauth2token);
Endpoint oauth2auth = new Endpoint();
oauth2auth.AuthenticationSchemes = AuthType.Anonymous;
oauth2auth.CertificateValidation = CertificateValidation.Device;
oauth2auth.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
oauth2auth.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Auth);
oauth2auth.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Auth);
oauth2auth.ServicePortType = PortType.HttpsPort;
oauth2auth.PortType = PortType.HttpsPort;
oauth2auth.SupportsNtlm = false;
eps.Add(oauth2auth);
Endpoint oauth2auth2 = new Endpoint();
oauth2auth2.AuthenticationSchemes = AuthType.Anonymous;
oauth2auth2.CertificateValidation = CertificateValidation.User;
oauth2auth2.ClientCertificateQueryMode = ClientCertificateQueryMode.QueryAndRequire;
oauth2auth2.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Auth);
oauth2auth2.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.OAuth2Auth);
oauth2auth2.ServicePortType = PortType.HttpsPortForUserTlsAuth;
oauth2auth2.PortType = PortType.HttpsPortForUserTlsAuth;
oauth2auth2.SupportsNtlm = false;
eps.Add(oauth2auth2);
Endpoint enroll = new Endpoint();
enroll.AuthenticationSchemes = AuthType.Anonymous;
enroll.CertificateValidation = CertificateValidation.None;
enroll.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
enroll.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.EnrollmentServer);
enroll.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.EnrollmentServer);
enroll.ServicePortType = PortType.HttpsPort;
enroll.PortType = PortType.HttpsPort;
enroll.SupportsNtlm = false;
eps.Add(enroll);
Endpoint portal2 = new Endpoint();
portal2.AuthenticationSchemes = AuthType.Anonymous;
portal2.CertificateValidation = CertificateValidation.None;
portal2.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
portal2.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Portal);
portal2.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Portal);
portal2.ServicePortType = PortType.HttpsPort;
portal2.PortType = PortType.HttpsPort;
portal2.SupportsNtlm = false;
eps.Add(portal2);
Endpoint winTrans = new Endpoint();
winTrans.AuthenticationSchemes = AuthType.Anonymous;
winTrans.CertificateValidation = CertificateValidation.None;
winTrans.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
winTrans.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.WindowsTransportTrust2005);
winTrans.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.WindowsTransportTrust2005);
winTrans.ServicePortType = PortType.HttpsPort;
winTrans.PortType = PortType.HttpsPort;
winTrans.SupportsNtlm = false;
eps.Add(winTrans);
Endpoint cert2005 = new Endpoint();
cert2005.AuthenticationSchemes = AuthType.Anonymous;
cert2005.CertificateValidation = CertificateValidation.None;
cert2005.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
cert2005.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.CertificateMixedTrust2005);
cert2005.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.CertificateMixedTrust2005);
cert2005.ServicePortType = PortType.HttpsPort;
cert2005.PortType = PortType.HttpsPort;
cert2005.SupportsNtlm = false;
eps.Add(cert2005);
Endpoint certTrans = new Endpoint();
certTrans.AuthenticationSchemes = AuthType.Anonymous;
certTrans.CertificateValidation = CertificateValidation.None;
certTrans.ClientCertificateQueryMode = ClientCertificateQueryMode.QueryAndRequire;
certTrans.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.CertificateTransportTrust2005);
certTrans.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.CertificateTransportTrust2005);
certTrans.ServicePortType = PortType.HttpsPortForUserTlsAuth;
certTrans.PortType = PortType.HttpsPortForUserTlsAuth;
certTrans.SupportsNtlm = false;
eps.Add(certTrans);
Endpoint user2005 = new Endpoint();
user2005.AuthenticationSchemes = AuthType.Anonymous;
user2005.CertificateValidation = CertificateValidation.None;
user2005.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
user2005.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.UsernameMixedTrust2005);
user2005.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.UsernameMixedTrust2005);
user2005.ServicePortType = PortType.HttpsPort;
user2005.PortType = PortType.HttpsPort;
user2005.SupportsNtlm = false;
eps.Add(user2005);
Endpoint asym2005 = new Endpoint();
asym2005.AuthenticationSchemes = AuthType.Anonymous;
asym2005.CertificateValidation = CertificateValidation.None;
asym2005.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
asym2005.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedAsymmetricBasic256Trust2005);
asym2005.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedAsymmetricBasic256Trust2005);
asym2005.ServicePortType = PortType.HttpsPort;
asym2005.PortType = PortType.HttpsPort;
asym2005.SupportsNtlm = false;
eps.Add(asym2005);
Endpoint sym2005 = new Endpoint();
sym2005.AuthenticationSchemes = AuthType.Anonymous;
sym2005.CertificateValidation = CertificateValidation.None;
sym2005.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
sym2005.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedSymmetricBasic256Trust2005);
sym2005.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedSymmetricBasic256Trust2005);
sym2005.ServicePortType = PortType.HttpsPort;
sym2005.PortType = PortType.HttpsPort;
sym2005.SupportsNtlm = false;
eps.Add(sym2005);
Endpoint cert13 = new Endpoint();
cert13.AuthenticationSchemes = AuthType.Anonymous;
cert13.CertificateValidation = CertificateValidation.None;
cert13.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
cert13.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.CertificateMixedTrust13);
cert13.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.CertificateMixedTrust13);
cert13.ServicePortType = PortType.HttpsPort;
cert13.PortType = PortType.HttpsPort;
cert13.SupportsNtlm = false;
eps.Add(cert13);
Endpoint user13 = new Endpoint();
user13.AuthenticationSchemes = AuthType.Anonymous;
user13.CertificateValidation = CertificateValidation.None;
user13.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
user13.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.UsernameMixedTrust13);
user13.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.UsernameMixedTrust13);
user13.ServicePortType = PortType.HttpsPort;
user13.PortType = PortType.HttpsPort;
user13.SupportsNtlm = false;
eps.Add(user13);
Endpoint asym13 = new Endpoint();
asym13.AuthenticationSchemes = AuthType.Anonymous;
asym13.CertificateValidation = CertificateValidation.None;
asym13.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
asym13.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedAsymmetricBasic256Trust13);
asym13.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedAsymmetricBasic256Trust13);
asym13.ServicePortType = PortType.HttpsPort;
asym13.PortType = PortType.HttpsPort;
asym13.SupportsNtlm = false;
eps.Add(asym13);
Endpoint sym13 = new Endpoint();
sym13.AuthenticationSchemes = AuthType.Anonymous;
sym13.CertificateValidation = CertificateValidation.None;
sym13.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
sym13.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedSymmetricBasic256Trust13);
sym13.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.IssuedTokenMixedSymmetricBasic256Trust13);
sym13.ServicePortType = PortType.HttpsPort;
sym13.PortType = PortType.HttpsPort;
sym13.SupportsNtlm = false;
eps.Add(sym13);
Endpoint proxyMex = new Endpoint();
proxyMex.AuthenticationSchemes = AuthType.Anonymous;
proxyMex.CertificateValidation = CertificateValidation.None;
proxyMex.ClientCertificateQueryMode = ClientCertificateQueryMode.None;
proxyMex.Path = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.Mex);
proxyMex.ServicePath = AdfsServicePathPairs.GetServicePath(AdfsServicePathPairs.PathKey.ProxyMex);
proxyMex.ServicePortType = PortType.HttpsPort;
proxyMex.PortType = PortType.HttpsPort;
proxyMex.SupportsNtlm = false;
eps.Add(proxyMex);
ec.Endpoints = eps.ToArray();
ServiceConfiguration sc = new ServiceConfiguration();
sc.HttpPort = 80;
sc.HttpsPort = 443;
sc.HttpsPortForUserTlsAuth = 10000;
sc.ProxyTrustCertificateLifetime = 21600;
sc.ServiceHostName = EnvironmentConfig.ADFSFamrDNSName;
sc.CustomUpnSuffixes = new string[0];
sc.DeviceCertificateIssuers = new string[0];
sc.DiscoveredUpnSuffixes = new string[0];
STSConfiguration sts = new STSConfiguration();
sts.EndpointConfiguration = ec;
sts.ServiceConfiguration = sc;
return(sts);
}
