internal IdentityProvider(IdentityProviderElement config, ISPOptions spOptions)
{
singleSignOnServiceUrl = config.DestinationUrl;
EntityId = new EntityId(config.EntityId);
binding = config.Binding;
AllowUnsolicitedAuthnResponse = config.AllowUnsolicitedAuthnResponse;
metadataUrl = config.MetadataUrl;
LoadMetadata = config.LoadMetadata;
this.spOptions = spOptions;
var certificate = config.SigningCertificate.LoadCertificate();
if (certificate != null)
{
signingKey = certificate.PublicKey.Key;
}
try
{
if (LoadMetadata)
{
DoLoadMetadata();
}
Validate();
}
catch (WebException)
{
// If we had a web exception, the metadata failed. It will
// be automatically retried.
}
}
internal IdentityProvider(IdentityProviderElement config, ISPOptions spOptions)
{
singleSignOnServiceUrl = config.DestinationUrl;
EntityId = new EntityId(config.EntityId);
binding = config.Binding;
AllowUnsolicitedAuthnResponse = config.AllowUnsolicitedAuthnResponse;
metadataUrl = config.MetadataUrl;
var certificate = config.SigningCertificate.LoadCertificate();
if (certificate != null)
{
signingKeys.AddConfiguredItem(certificate.PublicKey.Key);
}
// If configured to load metadata, this will immediately do the load.
LoadMetadata = config.LoadMetadata;
this.spOptions = spOptions;
// Validate if values are only from config. If metadata is loaded, validation
// is done on metadata load.
if (!LoadMetadata)
{
Validate();
}
}
internal IdentityProvider(IdentityProviderElement config, SPOptions spOptions)
{
singleSignOnServiceUrl = config.SignOnUrl;
SingleLogoutServiceUrl = config.LogoutUrl;
EntityId = new EntityId(config.EntityId);
binding = config.Binding;
AllowUnsolicitedAuthnResponse = config.AllowUnsolicitedAuthnResponse;
metadataLocation = string.IsNullOrEmpty(config.MetadataLocation)
? null : config.MetadataLocation;
WantAuthnRequestsSigned = config.WantAuthnRequestsSigned;
DisableOutboundLogoutRequests = config.DisableOutboundLogoutRequests;
var certificate = config.SigningCertificate.LoadCertificate();
if (certificate != null)
{
signingKeys.AddConfiguredKey(
new X509RawDataKeyIdentifierClause(certificate));
}
foreach (var ars in config.ArtifactResolutionServices)
{
ArtifactResolutionServiceUrls[ars.Index] = ars.Location;
}
// If configured to load metadata, this will immediately do the load.
this.spOptions = spOptions;
LoadMetadata = config.LoadMetadata;
// Validate if values are only from config. If metadata is loaded, validation
// is done on metadata load.
if (!LoadMetadata)
{
Validate();
}
}
internal IdentityProvider(IdentityProviderElement config, ISPOptions spOptions)
{
singleSignOnServiceUrl = config.DestinationUrl;
EntityId = new EntityId(config.EntityId);
binding = config.Binding;
AllowUnsolicitedAuthnResponse = config.AllowUnsolicitedAuthnResponse;
metadataUrl = config.MetadataUrl;
ShowNameIdPolicy = config.ShowNameIdPolicy;
// If configured to load metadata, this will immediately do the load.
VerifyCertificate = config.VerifyCertificate;
LoadMetadata = config.LoadMetadata;
this.spOptions = spOptions;
// Certificates from metadata already present, add eventual other certificates
// from web.config.
var certificate = config.SigningCertificate.LoadCertificate();
if (certificate != null)
{
signingKeys = new ConfiguredAndLoadedCollection<AsymmetricAlgorithm>();
signingKeys.AddConfiguredItem(certificate.PublicKey.Key);
}
// Validate if values are only from config. If metadata is loaded, validation
// is done on metadata load.
if (!LoadMetadata)
{
Validate();
}
}
public IdentityProvider(IdentityProviderElement config)
{
DestinationUri = config.DestinationUri;
Issuer = config.Issuer;
Binding = config.Binding;
certificate = config.SigningCertificate.LoadCertificate();
}
internal IdentityProvider(IdentityProviderElement config, ISPOptions spOptions)
{
singleSignOnServiceUrl = config.DestinationUrl;
EntityId = new EntityId(config.EntityId);
binding = config.Binding;
AllowUnsolicitedAuthnResponse = config.AllowUnsolicitedAuthnResponse;
metadataLocation = string.IsNullOrEmpty(config.MetadataLocation)
? null : config.MetadataLocation;
WantAuthnRequestsSigned = config.WantAuthnRequestsSigned;
var certificate = config.SigningCertificate.LoadCertificate();
if (certificate != null)
{
signingKeys.AddConfiguredKey(
new X509RawDataKeyIdentifierClause(certificate));
}
// If configured to load metadata, this will immediately do the load.
LoadMetadata = config.LoadMetadata;
this.spOptions = spOptions;
// Validate if values are only from config. If metadata is loaded, validation
// is done on metadata load.
if (!LoadMetadata)
{
Validate();
}
}
private IdentityProviderElement CreateConfig()
{
var config = new IdentityProviderElement();
config.AllowConfigEdit(true);
config.Binding = Saml2BindingType.HttpPost;
config.SigningCertificate = new CertificateElement();
config.SigningCertificate.AllowConfigEdit(true);
config.SigningCertificate.FileName = "Kentor.AuthServices.Tests.pfx";
config.SignOnUrl = new Uri("http://idp.example.com/acs");
config.EntityId = "http://idp.example.com";
return config;
}
private static void TestMissingConfig(IdentityProviderElement config, string missingElement)
{
Action a = () => new IdentityProvider(config, Options.FromConfiguration.SPOptions);
string expectedMessage = "Missing " + missingElement + " configuration on Idp " + config.EntityId + ".";
a.ShouldThrow<ConfigurationErrorsException>(expectedMessage);
}
