public ExternalDomainGeneralProperty(IPropertyDataManager manager, IdentityProviderDto providerDto)
{
_providerDto = providerDto;
_dataManager = manager;
InitializeComponent();
PropertyPageInit();
}
private void AddExternalDomain_Load(object sender, EventArgs e)
{
advancedSettings = new AdvancedExternalDomain();
_createNew = IdentityProviderDto == null;
if (_createNew)
{
_current = Steps.One;
rdoADWindowsAuth.Checked = false;
rdoADLdap.Checked = true;
rdoAnyDomain.Checked = true;
IdentityProviderDto = new IdentityProviderDto();
this.Text = NEW_EXTERNAL_DOMAIN_TITLE;
}
else
{
DtoToView();
_current = rdoADWindowsAuth.Checked ? Steps.Four : Steps.Two;
this.Text = rdoADWindowsAuth.Checked ? AD_WIN_AUTH_TITLE :
rdoADLdap.Checked?AD_AS_LDAP_TITLE:
OPEN_LDAP_TITLE;
}
button11.Enabled = false;
button1.Enabled = false;
button2.Enabled = false;
StepShow();
}
public ExternalDomainSchemaObjectMapProperty(IPropertyDataManager mgr, IdentityProviderDto dto)
{
_dataMgr = mgr;
_providerDto = dto;
InitializeComponent();
PropertyPageInit();
}
public ExternalDomainPropertyManager(string tenantName, ServiceGateway service, ServerDto server, IdentityProviderDto provider)
{
_tenantName = tenantName;
_service = service;
_server = server;
_provider = provider;
}
private IdentityProviderDto ViewToDto()
{
var isAd = IsAdWinSelected();
var useMachineAccount = (isAd && RdoSpn.SelectedRow != 1);
//var useSpn = (isAd && RdoSpn.SelectedRow == 1);
var providerDto = new IdentityProviderDto
{
DomainType = DomainType.EXTERNAL_DOMAIN.ToString(),
Type = GetIdentitySourceType(RdoIdentitySource.SelectedTag),
Name = isAd ? _domainName : TxtDomainName.StringValue,
Alias = isAd ? null : TxtDomainAlias.StringValue,
FriendlyName = isAd ? null : TxtFriendlyName.StringValue,
UserBaseDN = isAd ? null : TxtBaseDnUser.StringValue,
GroupBaseDN = isAd ? null : TxtBaseDnGroups.StringValue,
ConnectionStrings = isAd ? null : GetConnectionStrings(),
SiteAffinityEnabled = RdoDomainController.SelectedTag == 1 && ChkProtect.StringValue == "1",
Certificates = _certificates,
UserMachineAccount = useMachineAccount,
Username = useMachineAccount ? null : TxtUpn.StringValue,
Password = useMachineAccount ? null : TxtPassword.StringValue,
ServicePrincipalName = useMachineAccount ? null : TxtSpn.StringValue,
AuthenticationType = isAd ? "USE_KERBEROS" : "PASSWORD",
BaseDnForNestedGroupsEnabled = IdentityProviderDto.BaseDnForNestedGroupsEnabled,
DirectGroupsSearchEnabled = IdentityProviderDto.DirectGroupsSearchEnabled,
MatchingRuleInChainEnabled = IdentityProviderDto.MatchingRuleInChainEnabled,
AttributesMap = IdentityProviderDto.AttributesMap != null && IdentityProviderDto.AttributesMap.Count > 0 ? IdentityProviderDto.AttributesMap : null,
Schema = IdentityProviderDto.Schema // != null && IdentityProviderDto.Schema.Count > 0 ? GetSchema(IdentityProviderDto.Schema) : null
};
return(providerDto);
}
public async Task GivenAValidIdPDefinition_WhenICallTheCreateDelegate_ThenTheProviderShouldBePersisted()
{
// Setup: Create a database with an Account and two existing Subscriptions.
await using var db = ClientsDbTestProvider.CreateInMemoryClientDb();
var account = DtoProvider.CreateValidAccountDefinition();
var createAccountDelegate = new CreateAccountDelegate(db, Mapper);
account = await createAccountDelegate.CreateAccountAsync(account);
var identityProvider = new IdentityProviderDto {
Name = "Health Dialog Secondary IdP"
};
// System under test: CreateIdentityProviderDelegate
var createIdentityProvider = new CreateIdentityProviderDelegate(db, Mapper);
// Exercise: invoke Create Identity Provider
identityProvider = await createIdentityProvider.CreateIdentityProvider(account.AccountId, identityProvider);
// Assert: the number of Accounts in the InMemory database is still 1
// Assert: the number of Subscriptions in the InMemory database is still 2
// Assert: the number of Subscriptions in the InMemory database is now 2
db.Accounts.Count().Should().Be(1, $"The number of {nameof(db.Accounts)} in the ClientsDb is not 1");
db.Subscriptions.Count().Should().Be(2, $"The number of {nameof(db.Subscriptions)} in the ClientsDb is not 2");
db.IdentityProviders.Count().Should().Be(2, $"The number of {nameof(db.IdentityProviders)} in the ClientsDb is not 2");
identityProvider.IdentityProviderId.Should().NotBe(default);
private IdentityProviderDto ViewToDto()
{
var isAd = (cbIdentitySourceType.SelectedValue.ToString() == "IDENTITY_STORE_TYPE_ACTIVE_DIRECTORY");
var attributes = GetAttributes();
var attrmap = GetAttributeMap();
var providerDto = new IdentityProviderDto
{
DomainType = DomainType.EXTERNAL_DOMAIN.ToString(),
Name = txtDomainName.Text,
Alias = isAd ? null : txtDomainAlias.Text,
Type = cbIdentitySourceType.SelectedValue.ToString(),
AuthenticationType = cboAuthenticationType.Text.ToUpper(),
FriendlyName = isAd ? null : txtFriendlyName.Text,
SearchTimeOutInSeconds = isAd ? 0 : (long)txtSearchTimeoutSeconds.Value,
Username = isAd ? (rdoSpn.Checked ? txtADUsername.Text : null) : txtUserName.Text,
Password = isAd ? (rdoSpn.Checked ? txtADPassword.Text : null) : txtPassword.Text,
UserMachineAccount = isAd ? rdoMachineAccount.Checked : false,
ServicePrincipalName = isAd ? txtADSpn.Text : null,
UserBaseDN = isAd ? null : txtUserBaseDN.Text,
GroupBaseDN = isAd ? null : txtGroupBaseDN.Text,
ConnectionStrings = isAd ? null : new List <string> {
txtPrimaryURL.Text
},
SiteAffinityEnabled = cbSiteAffinity.Checked,
BaseDnForNestedGroupsEnabled = cbDNForNestedGroups.Checked,
DirectGroupsSearchEnabled = cbGroupSearch.Checked,
MatchingRuleInChainEnabled = cbMatchRuleInChain.Checked,
Schema = new Dictionary <string, SchemaObjectMappingDto>(attributes),
AttributesMap = new Dictionary <string, string>(attrmap)
};
return(providerDto);
}
public ExternalDomainAuthProperty(IPropertyDataManager dataManager, IdentityProviderDto dto)
{
_providerDto = dto;
_dataManager = dataManager;
InitializeComponent();
PropertyPageInit();
}
//[AuthorizeRbac("accounts:write")]
public async Task <IActionResult> AddIdentityProvider(int accountId, IdentityProviderDto identityProviderDto)
{
identityProviderDto = await _createIdentityProvider.CreateIdentityProvider(accountId, identityProviderDto);
var baseUrl = $"{Request.Scheme}://{Request.Host}{Request.PathBase}{Request.Path}/{identityProviderDto.IdentityProviderId}";
return(Created(baseUrl, identityProviderDto));
}
public ExternalIdentityProviderNode(string tenantName, IdentityProviderDto provider)
: base(false)
{
_tenantName = tenantName;
_provider = provider;
this.DisplayName = _provider.Name;
this.EnabledStandardVerbs = StandardVerbs.Properties | StandardVerbs.Delete;
ImageIndex = SelectedImageIndex = (int)TreeImageIndex.ExternalDomain;
}
public UsersAndGroupsNode(ServerDto dto, string tenantName, IdentityProviderDto provider, bool systemDomain)
{
_tenantName = tenantName;
_domainName = provider.Name;
_systemDomain = systemDomain;
_serverDto = dto;
DisplayName = "Users and Groups";
Refresh(this, EventArgs.Empty);
}
public IdentityProviderDto Probe(ServerDto server, string tenant, IdentityProviderDto provider, Token token)
{
var schemaSerialized = SerializeSchema(provider.Schema);
var attributeSerailized = SerializeAttributes(provider.AttributesMap, "attributesMap");
provider.Schema = null;
provider.AttributesMap = null;
tenant = Uri.EscapeDataString(tenant);
var url = string.Format(ServiceConfigManager.IdentityProvidersEndPoint, server.Protocol, server.ServerName, server.Port, tenant);
url += "?probe=true";
var dto = typeof(IdentityProviderDto).Assembly;
var json = JsonConvert.Serialize(provider, "root", dto.GetTypes(), true);
json = SerializationJsonHelper.Cleanup(json);
json = json.Substring(0, json.Length - 1);
var attributeString = "\"attributesMap\":null,";
if (json.Contains(attributeString))
{
json = json.Replace(attributeString, attributeSerailized + (string.IsNullOrEmpty(attributeSerailized)? string.Empty : ","));
}
else
{
json += attributeSerailized;
}
var schemaString = "\"schema\":null,";
if (json.Contains(schemaString))
{
json = json.Replace(schemaString, schemaSerialized + (string.IsNullOrEmpty(schemaSerialized)? string.Empty : ","));
}
else
{
json += schemaSerialized;
}
json += "}";
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
var requestConfig = new RequestSettings
{
Method = HttpMethod.Post
};
var headers = ServiceHelper.AddHeaders(ServiceConfigManager.JsonContentType);
json = "access_token=" + token.AccessToken + "&token_type=" + token.TokenType.ToString().ToLower() + "&" + json;
var response = _webRequestManager.GetResponse(url, requestConfig, headers, null, json);
response = SerializationJsonHelper.JsonToDictionary("attributesMap", response);
response = CleanupSchemaJson(response);
return(JsonConvert.Deserialize <IdentityProviderDto>(response, "root", dto.GetTypes(), true));
}
public async Task <ActionResult <IdentityProviderDto> > AddNewIdentityProviderAsync(
[FromBody] IdentityProviderDto identityProviderDto)
{
var identityProvider = _mapper.Map <OspIdentityProvider>(identityProviderDto);
await HandleWriteExceptionAsync(async() => await _identityProviderStore.StoreAsync(identityProvider));
await ClearCacheAsync();
return(_mapper.Map <IdentityProviderDto>(identityProvider));
}
public UsersAndGroupsNode(ServerDto dto, string tenantName, IdentityProviderDto provider, bool systemDomain)
: base(false)
{
ImageIndex = SelectedImageIndex = (int)TreeImageIndex.Group;
_tenantName = tenantName;
_domainName = provider.Name;
_systemDomain = systemDomain;
_serverDto = dto;
DisplayName = "Users and Groups";
}
public IdentitySourceNode(IdentityProviderDto provider, string tenantName, bool systemDomain, string displayName, TenantConfigurationDto tenantConfigDto)
{
_provider = provider;
_tenantName = tenantName;
_systemDomain = systemDomain;
_tenantConfigDto = tenantConfigDto;
var isDefault = _tenantConfigDto.ProviderPolicy != null && _tenantConfigDto.ProviderPolicy.DefaultProvider == provider.Name;
DisplayName = isDefault ? displayName + " (Default)" : displayName;
IsDefaultDomain = isDefault;
}
public ExternalDomainNode(string tenantName, IdentityProviderDto provider)
: base(false)
{
_tenantName = tenantName;
_provider = provider;
this.DisplayName = _provider.Name;
this.EnabledStandardVerbs = StandardVerbs.Delete;
var action1 = new Action("Properties", "Properties", 1, ExternalDomainNodeAction.ActionProperties);
ActionsPaneItems.Add(action1);
ImageIndex = SelectedImageIndex = (int)TreeImageIndex.ExternalDomain;
}
public async Task CreateIdentityProvider(IdentityProviderDto identityProvider)
{
ArgumentValidation.Validate(nameof(identityProvider), identityProvider);
var request = new RestRequest("identityProviders", Method.POST);
request.AddJsonBody(identityProvider);
IRestResponse response = await Client.ExecuteAsync(request);
ValidateResponse(response);
}
public async Task UpdateIdentityProvider(string id, IdentityProviderDto identityProvider)
{
ArgumentValidation.ValidateString(nameof(id), id);
ArgumentValidation.Validate(nameof(identityProvider), identityProvider);
var request = new RestRequest("identityProviders/{id}", Method.PUT);
request.AddUrlSegment("id", id);
request.AddJsonBody(identityProvider);
IRestResponse response = await Client.ExecuteAsync(request);
ValidateResponse(response);
}
private void NewExternalDomain_Load(object sender, EventArgs e)
{
if (IdentityProviderDto == null)
{
IdentityProviderDto = new IdentityProviderDto();
}
else
{
DtoToView();
}
cbDNForNestedGroups.Visible = !IsAD;
cbGroupSearch.Visible = !IsAD;
cbMatchRuleInChain.Visible = !IsAD;
lblSettings.Visible = !IsAD;
}
public async Task <ActionResult <IdentityProviderDto> > ReplaceProviderAsync([FromRoute][Required] string id,
[FromBody][Required] IdentityProviderDto identityProviderDto)
{
if (identityProviderDto == null)
{
throw new ArgumentNullException(nameof(identityProviderDto));
}
var identityProvider = _mapper.Map <OspIdentityProvider>(identityProviderDto);
identityProvider.Id = id;
await HandleWriteExceptionAsync(async() => await _identityProviderStore.StoreAsync(identityProvider));
await ClearCacheAsync();
return(Ok(identityProviderDto));
}
public IdentityProviderNode(IdentityProviderDto provider, string tenantName, bool systemDomain, string displayName, TenantConfigurationDto tenantConfigDto)
: base(false)
{
_provider = provider;
_tenantName = tenantName;
_systemDomain = systemDomain;
_tenantConfigDto = tenantConfigDto;
var isDefault = _tenantConfigDto.ProviderPolicy != null && _tenantConfigDto.ProviderPolicy.DefaultProvider == provider.Name;
if (!isDefault)
{
var action = new Action("Set as default domain", "Set as default domain", -1, IdentityProviderNodeAction.ActionSetDefault);
ActionsPaneItems.Add(action);
}
DisplayName = isDefault ? displayName + " (Default)" : displayName;
ImageIndex = SelectedImageIndex = systemDomain ? (int)TreeImageIndex.SystemDomain : (int)TreeImageIndex.LocalOs;
}
private void AddExternalDomain_Load(object sender, EventArgs e)
{
advancedSettings = new AdvancedExternalDomain();
_createNew = IdentityProviderDto == null;
if (_createNew)
{
rdoADWindowsAuth.Checked = false;
rdoADLdap.Checked = true;
rdoAnyDomain.Checked = true;
IdentityProviderDto = new IdentityProviderDto();
}
else
{
DtoToView();
}
button11.Enabled = false;
button1.Enabled = false;
button2.Enabled = false;
_current = Steps.One;
StepShow();
}
private IdentityProviderDto ViewToDto()
{
var isAd = rdoADWindowsAuth.Checked;
var providerDto = new IdentityProviderDto
{
DomainType = DomainType.EXTERNAL_DOMAIN.ToString(),
Name = isAd ? radioButton1.Checked ? _domainName : txtSPN.Text.Substring(txtSPN.Text.LastIndexOf("/") + 1) : txtDomainName.Text,
Alias = isAd ? null : txtDomainAlias.Text,
FriendlyName = isAd ? null : txtFriendlyName.Text,
Type = GetSourceType(),
AuthenticationType = isAd ? "USE_KERBEROS" : "PASSWORD",
Username = isAd && radioButton1.Checked ? null : txtUsername.Text,
Password = isAd && radioButton1.Checked ? null : txtPassword.Text,
UserMachineAccount = isAd && radioButton1.Checked,
ServicePrincipalName = isAd && radioButton1.Checked ? null : txtSPN.Text,
UserBaseDN = isAd ? null : txtUserDN.Text,
GroupBaseDN = isAd ? null : txtGroupDN.Text,
ConnectionStrings = GetConnectionString(isAd),
Certificates = isAd ? null : GetCertificates()
};
if (advancedSettings.IdentityProviderDto != null)
{
if (advancedSettings.IdentityProviderDto.Schema != null)
{
providerDto.Schema = new Dictionary <string, SchemaObjectMappingDto>(advancedSettings.IdentityProviderDto.Schema);
}
if (advancedSettings.IdentityProviderDto.AttributesMap != null)
{
providerDto.AttributesMap = new Dictionary <string, string>(advancedSettings.IdentityProviderDto.AttributesMap);
}
providerDto.SiteAffinityEnabled = rdoADLdap.Checked && rdoAnyDomain.Checked;
providerDto.BaseDnForNestedGroupsEnabled = advancedSettings.IdentityProviderDto.BaseDnForNestedGroupsEnabled;
providerDto.DirectGroupsSearchEnabled = advancedSettings.IdentityProviderDto.DirectGroupsSearchEnabled;
providerDto.MatchingRuleInChainEnabled = advancedSettings.IdentityProviderDto.MatchingRuleInChainEnabled;
}
return(providerDto);
}
public override void AwakeFromNib()
{
base.AwakeFromNib();
_certificates = new List <CertificateDto> ();
var title = string.Empty;
if (IdentityProviderDto != null)
{
var tag = GetIdFromIdentitySourceType(IdentityProviderDto.Type);
if (tag == 1)
{
title = VMIdentityConstants.AD_WIN_AUTH_TITLE;
_currentStep = WizardSteps.Four;
}
else
{
if (tag == 2)
{
title = VMIdentityConstants.AD_AS_LDAP_TITLE;
}
else
{
title = VMIdentityConstants.OPEN_LDAP_TITLE;
}
_currentStep = WizardSteps.Two;
}
isUpdate = true;
}
else
{
title = VMIdentityConstants.NEW_EXTERNAL_DOMAIN_TITLE;
_currentStep = WizardSteps.One;
isUpdate = false;
}
this.Window.Title = (NSString)title;
SetWizardStep();
ReloadCertificates();
//Events
this.BtnTestConnection.Activated += TestConnection;
this.BtnNext.Activated += OnClickNextButton;
this.BtnBack.Activated += OnClickBackButton;
this.BtnAddCertificate.Activated += (object sender, EventArgs e) => {
var openPanel = new NSOpenPanel();
openPanel.ReleasedWhenClosed = true;
openPanel.Prompt = "Select file";
var result = openPanel.RunModal();
if (result == 1)
{
var filePath = openPanel.Url.AbsoluteString.Replace("file://", string.Empty);
var cert = new X509Certificate2();
ActionHelper.Execute(delegate() {
cert.Import(filePath);
var certfificateDto = new CertificateDto {
Encoded = cert.ExportToPem(), Chain = cert.GetFormattedThumbPrint()
};
_certificates.Add(certfificateDto);
ReloadCertificates();
});
}
};
this.RdoIdentitySource.Activated += (object sender, EventArgs e) =>
{
SetSpnControls();
};
this.RdoDomainController.Activated += (object sender, EventArgs e) =>
{
var anyDc = RdoDomainController.SelectedTag == 1;
if (anyDc)
{
SetConnectionString();
}
else
{
TxtLdapConnection.StringValue = (NSString)string.Empty;
}
ChkProtect.Enabled = anyDc;
EnableDisableConnectionString(!anyDc);
};
this.BtnRemoveCertificate.Activated += (object sender, EventArgs e) => {
if (LstCertificates.SelectedRows.Count > 0)
{
foreach (var row in LstCertificates.SelectedRows)
{
_certificates.RemoveAt((int)row);
}
ReloadCertificates();
}
};
this.BtnPrimaryImport.Activated += (object sender, EventArgs e) => {
};
this.BtnSecondaryImport.Activated += (object sender, EventArgs e) => {
};
this.TxtDomainName.Changed += (object sender, EventArgs e) => {
SetConnectionString();
};
this.ChkProtect.Activated += (object sender, EventArgs e) => {
SetConnectionString();
};
this.RdoSpn.Activated += (object sender, EventArgs e) => {
SetSpnControls();
};
BtnPrimaryImport.Enabled = false;
BtnSecondaryImport.Enabled = false;
this.TxtPrimaryUrl.Activated += (object sender, EventArgs e) =>
{
BtnPrimaryImport.Enabled = this.TxtPrimaryUrl.StringValue != null && this.TxtPrimaryUrl.StringValue.StartsWith("ldaps://");
};
this.TxtSecondaryConnection.Activated += (object sender, EventArgs e) =>
{
BtnSecondaryImport.Enabled = this.TxtSecondaryConnection.StringValue != null && this.TxtSecondaryConnection.StringValue.StartsWith("ldaps://");
};
BtnPrimaryImport.Activated += (object sender, EventArgs e) =>
{
ImportCertificates(TxtPrimaryUrl.StringValue);
};
BtnSecondaryImport.Activated += (object sender, EventArgs e) =>
{
ImportCertificates(TxtSecondaryConnection.StringValue);
};
if (IdentityProviderDto != null)
{
DtoToView();
}
else
{
IdentityProviderDto = new IdentityProviderDto();
}
this.BtnAdvanced.Activated += (object sender, EventArgs e) =>
{
var form = new ExternalDomainAdvancedSettingsController()
{
IdentityProviderDto = new IdentityProviderDto
{
Schema = IdentityProviderDto.Schema == null ? new Dictionary <string, SchemaObjectMappingDto>() :new Dictionary <string, SchemaObjectMappingDto>(IdentityProviderDto.Schema),
AttributesMap = IdentityProviderDto.AttributesMap == null ? new Dictionary <string, string>() : new Dictionary <string, string>(IdentityProviderDto.AttributesMap),
BaseDnForNestedGroupsEnabled = IdentityProviderDto.BaseDnForNestedGroupsEnabled,
MatchingRuleInChainEnabled = IdentityProviderDto.MatchingRuleInChainEnabled,
DirectGroupsSearchEnabled = IdentityProviderDto.DirectGroupsSearchEnabled
}
};
var result = NSApplication.SharedApplication.RunModalForWindow(form.Window);
if (result == 1)
{
IdentityProviderDto.Schema = GetSchema(form.IdentityProviderDto.Schema);
IdentityProviderDto.AttributesMap = new Dictionary <string, string>(form.IdentityProviderDto.AttributesMap);
IdentityProviderDto.BaseDnForNestedGroupsEnabled = form.IdentityProviderDto.BaseDnForNestedGroupsEnabled;
IdentityProviderDto.MatchingRuleInChainEnabled = form.IdentityProviderDto.MatchingRuleInChainEnabled;
IdentityProviderDto.DirectGroupsSearchEnabled = form.IdentityProviderDto.DirectGroupsSearchEnabled;
}
};
SetSpnControls();
}
public ExternalDomainNode(string tenantName, IdentityProviderDto provider)
{
_tenantName = tenantName;
_provider = provider;
this.DisplayName = _provider.Name;
}
public async Task <IdentityProviderDto> CreateIdentityProvider(int accountId, IdentityProviderDto identityProviderDto)
{
var errors = new List <ValidationResult>();
Utils.ValidateDto(identityProviderDto, errors);
Utils.ThrowAggregateExceptionOnValidationErrors(errors);
try
{
var account = (from a in _db.Accounts where a.AccountId == accountId select a).FirstOrDefault();
if (account == null)
{
throw new AccountNotFoundException($"An account with {nameof(AccountDto.AccountId)} = {accountId} could not be found");
}
if (account.IdentityProviders.Any(p => string.Equals(p.Name, identityProviderDto.Name, StringComparison.OrdinalIgnoreCase)))
{
throw new MalformedAccountException($"An identity provider with the same name [{identityProviderDto.Name}] already exists.");
}
var newIdentityProvider = new IdentityProvider
{
Name = identityProviderDto.Name,
Account = account,
AccountId = accountId
};
account.IdentityProviders.Add(newIdentityProvider);
await _db.SaveChangesAsync();
return(_mapper.Map <IdentityProviderDto>(newIdentityProvider));
}
catch (DbException e)
{
throw new PersistenceException($"An error occurred while creating the IdentityProvider ({nameof(accountId)} = {accountId}, {nameof(identityProviderDto)} = {JsonConvert.SerializeObject(identityProviderDto)})", e);
}
}
