public Issuer AddFacebookIdentityProvider(string displayName, string facebookAppId, string facebookAppSecret, string[] loginParameters)
{
try
{
var client = this.CreateManagementServiceClient();
var issuer = new Issuer
{
Name = string.Format(CultureInfo.InvariantCulture, "{0}-{1}", "Facebook", facebookAppId)
};
client.AddToIssuers(issuer);
client.SaveChanges(SaveChangesOptions.Batch);
var facebook = new IdentityProvider
{
DisplayName = displayName,
LoginLinkName = "Facebook",
LoginParameters = String.Join(",", loginParameters),
WebSSOProtocolType = WebSSOProtocolType.Facebook.ToString(),
IssuerId = issuer.Id
};
client.AddObject("IdentityProviders", facebook);
var facebookKeys = new[]
{
new IdentityProviderKey
{
IdentityProvider = facebook,
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddYears(1),
Type = KeyType.ApplicationKey.ToString(),
Usage = KeyUsage.ApplicationId.ToString(),
Value = Encoding.Default.GetBytes(facebookAppId)
},
new IdentityProviderKey
{
IdentityProvider = facebook,
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddYears(1),
Type = KeyType.ApplicationKey.ToString(),
Usage = KeyUsage.ApplicationSecret.ToString(),
Value = Encoding.Default.GetBytes(facebookAppSecret)
}
};
foreach (var key in facebookKeys)
{
client.AddRelatedObject(facebook, "IdentityProviderKeys", key);
}
client.SaveChanges(SaveChangesOptions.Batch);
return issuer;
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
public Issuer AddIdentityProviderManually(string displayName, string federationUrl, WebSSOProtocolType protocolType, byte[] signingValidationCert = null, string[] allowedRelyingParties = null)
{
try
{
var client = this.CreateManagementServiceClient();
var defaultStartDate = DateTime.UtcNow;
var defaultEndDate = defaultStartDate.AddYears(1);
var issuer = new Issuer
{
Name = displayName
};
var oldIssuer = client.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
client.DeleteObject(oldIssuer);
}
client.AddToIssuers(issuer);
client.SaveChanges(SaveChangesOptions.Batch);
var identityProvider = new IdentityProvider
{
DisplayName = displayName,
WebSSOProtocolType = protocolType.ToString(),
LoginLinkName = displayName,
IssuerId = issuer.Id
};
var oldIdentityProvider = client.IdentityProviders.Where(ip => ip.DisplayName.Equals(identityProvider.DisplayName, StringComparison.OrdinalIgnoreCase))
.FirstOrDefault();
if (oldIdentityProvider != null)
{
client.DeleteObject(oldIdentityProvider);
client.SaveChanges();
}
client.AddToIdentityProviders(identityProvider);
client.SaveChanges(SaveChangesOptions.Batch);
// Identity provider public key to verify the signature
if (signingValidationCert != null)
{
var key = new IdentityProviderKey
{
IdentityProviderId = identityProvider.Id,
DisplayName = "Signing Key for " + displayName,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = signingValidationCert
};
client.AddToIdentityProviderKeys(key);
client.SaveChanges(SaveChangesOptions.Batch);
}
// WS-Federation sign-in URL
var federationSignInAddress = new IdentityProviderAddress
{
IdentityProviderId = identityProvider.Id,
EndpointType = EndpointType.SignIn.ToString(),
Address = federationUrl
};
client.AddToIdentityProviderAddresses(federationSignInAddress);
client.SaveChanges(SaveChangesOptions.Batch);
return issuer;
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
public void AddPassThroughRuleToRuleGroup(string ruleGroupName, Issuer issuer, string inputClaimType = null, string outputClaimType = null)
{
try
{
var rule = new Rule
{
InputClaimType = inputClaimType,
OutputClaimType = outputClaimType
};
this.AddRuleToRuleGroup(ruleGroupName, issuer, rule);
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
private void AddRuleToRuleGroup(string ruleGroupName, Issuer issuer, Rule rule)
{
var client = this.CreateManagementServiceClient();
RuleGroup ruleGroup = client.RuleGroups.AddQueryOption("$filter", "Name eq '" + ruleGroupName + "'").FirstOrDefault();
if (ruleGroup == null)
{
throw new InvalidOperationException("Rule Group: " + ruleGroupName + " does not exist");
}
rule.IssuerId = issuer.Id;
rule.RuleGroup = ruleGroup;
client.AddRelatedObject(ruleGroup, "Rules", rule);
client.SaveChanges();
}
