public void SustainsysSaml2Section_Attributes_LoadedFromConfig()
{
var expected = new AttributeConsumingService("SP")
{
IsDefault = true
};
expected.RequestedAttributes.Add(
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
NameFormat = RequestedAttribute.AttributeNameFormatUri,
IsRequired = true
});
expected.RequestedAttributes.Add(
new RequestedAttribute("Minimal")
{
FriendlyName = null,
NameFormat = RequestedAttribute.AttributeNameFormatUnspecified,
IsRequired = false
});
var subject = SustainsysSaml2Section.Current.AttributeConsumingServices.Single();
subject.ShouldBeEquivalentTo(expected);
}
private static void AddAttributeConsumingServices(SPOptions options)
{
var a1 = new RequestedAttribute("urn:attributeName")
{
FriendlyName = "friendlyName",
NameFormat = RequestedAttribute.AttributeNameFormatUri,
AttributeValueXsiType = ClaimValueTypes.String,
IsRequired = true
};
a1.Values.Add("value1");
a1.Values.Add("value2");
var a2 = new RequestedAttribute("someName");
var acs = new AttributeConsumingService("attributeServiceName")
{
IsDefault = true
};
acs.RequestedAttributes.Add(a1);
acs.RequestedAttributes.Add(a2);
options.AttributeConsumingServices.Add(acs);
}
private static SPOptions CreateSPOptions()
{
var swedish = CultureInfo.GetCultureInfo("sv-se");
var organization = new Organization();
organization.Names.Add(new LocalizedName("Kentor", swedish));
organization.DisplayNames.Add(new LocalizedName("Kentor IT AB", swedish));
organization.Urls.Add(new LocalizedUri(new Uri("http://www.kentor.se"), swedish));
var spOptions = new SPOptions
{
EntityId = new EntityId("http://*****:*****@example.com");
spOptions.Contacts.Add(techContact);
var supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
var attributeConsumingService = new AttributeConsumingService("AuthServices")
{
IsDefault = true,
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode
= AudienceUriMode.Never;
spOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx"));
return(spOptions);
}
AttributeConsumingService GetAttributeService()
{
var attributeConsumingService = new AttributeConsumingService("AuthServices")
{
IsDefault = true,
};
//ePPN
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.6")
{
FriendlyName = "eduPersonPrincipalName",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
//AttributeValueXsiType = "ScopedAttributeDecoder"
//IsRequired = true
});
//Affiliation
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.9")
{
FriendlyName = "eduPersonScopedAffiliation",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
});
//SN (surname)
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:2.5.4.4")
{
FriendlyName = "sn",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
});
//givenName
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:2.5.4.42")
{
FriendlyName = "givenName",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
});
//eduPersonNickname
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.2")
{
FriendlyName = "eduPersonNickname",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
});
//mail
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:0.9.2342.19200300.100.1.3")
{
FriendlyName = "mail",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
});
//displayName
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:2.16.840.1.113730.3.1.241")
{
FriendlyName = "displayName",
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
});
return(attributeConsumingService);
}
private static SPOptions CreateSPOptions()
{
var swedish = "sv-se";
var organization = new Organization();
organization.Names.Add(new LocalizedName("Sustainsys", swedish));
organization.DisplayNames.Add(new LocalizedName("Sustainsys AB", swedish));
organization.Urls.Add(new LocalizedUri(new Uri("http://www.Sustainsys.se"), swedish));
var spOptions = new SPOptions
{
EntityId = new EntityId("https://*****:*****@example.com");
spOptions.Contacts.Add(techContact);
var supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
var attributeConsumingService = new AttributeConsumingService
{
IsDefault = true,
ServiceNames = { new LocalizedName("Saml2", "en") }
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx"));
return(spOptions);
}
public static AttributeConsumingService RequestEmail(this AttributeConsumingService service)
{
return(service.RequestAttribute(new RequestedAttribute("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")
{
FriendlyName = "E-Mail-Addresses",
IsRequired = false,
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
}));
}
public static AttributeConsumingService RequestPersistentNameId(this AttributeConsumingService service)
{
return(service.RequestAttribute(new RequestedAttribute("nameid:persistent")
{
FriendlyName = "mail",
IsRequired = false,
NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
}));
}
private static SPOptions CreateSPOptions()
{
//var swedish = CultureInfo.GetCultureInfo("sv-se");
var swedish = "sv-se";
var organization = new Organization();
organization.Names.Add(new LocalizedName("Edubase", swedish));
organization.DisplayNames.Add(new LocalizedName("Edubase", swedish));
organization.Urls.Add(new LocalizedUri(new Uri("http://www.edubase.gov.uk"), swedish));
var spOptions = new SPOptions
{
EntityId = new EntityId("http://edubase.gov"),
Organization = organization,
ReturnUrl = StartupSecureAccess.ExternalAuthDefaultCallbackUrl,
MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
};
var techContact = new ContactPerson
{
Type = ContactType.Technical
};
techContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(techContact);
var supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
var attributeConsumingService = new AttributeConsumingService()
{
ServiceNames = { new LocalizedName("AuthServices", "en") },
IsDefault = true,
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
return(spOptions);
}
private static SPOptions CreateSPOptions()
{
var swedish = "sv-se";
var organization = new Organization();
organization.Names.Add(new LocalizedName("Sustainsys", swedish));
organization.DisplayNames.Add(new LocalizedName("Sustainsys AB", swedish));
organization.Urls.Add(new LocalizedUri(new Uri("http://www.Sustainsys.se"), swedish));
var spOptions = new SPOptions
{
EntityId = new EntityId(ConnectedAppIdentityId),
Organization = organization,
MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
Logger = new SomeLogger()
};
var techContact = new ContactPerson
{
Type = ContactType.Technical
};
techContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(techContact);
var supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
var attributeConsumingService = new AttributeConsumingService
{
IsDefault = true,
ServiceNames = { new LocalizedName("Saml2", "en") }
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
return(spOptions);
}
private static SPOptions CreateSPOptions(string optionName)
{
var spOptions = new SPOptions
{
EntityId = new EntityId(ConfigurationManager.AppSettings["saml:baseurl"] + "/Saml2"),
ReturnUrl = new Uri(ConfigurationManager.AppSettings["saml:baseurl"] + "/Account/ExternalLoginCallback"),
ModulePath = string.Format("/{0}", optionName)
};
var techContact = new ContactPerson
{
Type = ContactType.Technical
};
techContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(techContact);
var supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
var attributeConsumingService = new AttributeConsumingService(optionName)
{
IsDefault = true,
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:Email")
{
FriendlyName = "Email",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx", string.Empty,
X509KeyStorageFlags.MachineKeySet));
var adsa = "fdsafdsa";
return(spOptions);
}
public static SPOptions WithService(this SPOptions providerOptions, string serviceName, string language, bool isDefault, Action <AttributeConsumingService>?configureService = null)
{
var svc = new AttributeConsumingService();
svc.ServiceNames.Add(new LocalizedName(serviceName, language));
svc.IsDefault = isDefault;
if (configureService != null)
{
configureService(svc);
}
else
{
svc.RequestName().RequestEmail().RequestPersistentNameId();
}
providerOptions.AttributeConsumingServices.Add(svc);
return(providerOptions);
}
private Saml2AuthenticationOptions CreateSaml2Options()
{
var spOptions = new SPOptions
{
EntityId = new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"),
ReturnUrl = new Uri("https://localhost:44358/"),
};
var attributeConsumingService = new AttributeConsumingService
{
IsDefault = true,
ServiceNames = { new LocalizedName("Saml2", "en") }
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:password")
{
FriendlyName = "AzureADTest",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
var Saml2Options = new Saml2AuthenticationOptions(false)
{
SPOptions = spOptions
};
var idp = new IdentityProvider(new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), spOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = new Uri("https://localhost:44358/")
};
idp.SigningKeys.AddConfiguredKey(new X509Certificate2(HostingEnvironment.MapPath("~/App_Data/AzureADTest.cer") ?? throw new InvalidOperationException()));
Saml2Options.IdentityProviders.Add(idp);
return(Saml2Options);
}
private static SPOptions CreateSPOptions()
{
string strEntityID = "https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/";
string strServiceProviderReturnUrl = "https://ramesh.knowledgeowl.com/help/saml-login";
string strPfxFilePath = "/App_Data/Sustainsys.Saml2.Tests.pfx";
string strSamlIdpOrgName = "AzureADTest";
string strSamlIdpOrgDisplayName = "AzureADTest";
var swedish = "sv-se";
var organization = new Organization();
organization.Names.Add(new LocalizedName(strSamlIdpOrgName, swedish));
organization.DisplayNames.Add(new LocalizedName(strSamlIdpOrgDisplayName, swedish));
organization.Urls.Add(new LocalizedUri(new Uri("http://www.Sustainsys.se"), swedish));
var spOptions = new SPOptions
{
EntityId = new EntityId(strEntityID),
ReturnUrl = new Uri(strServiceProviderReturnUrl),
Organization = organization
};
var attributeConsumingService = new AttributeConsumingService
{
IsDefault = true,
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:someName")
{
FriendlyName = "Some Name",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + strPfxFilePath));
return(spOptions);
}
private static SPOptions CreateSPOptions(string optionName)
{
var spOptions = new SPOptions
{
EntityId = new EntityId("https://*****:*****@gmail.com");
spOptions.Contacts.Add(techContact);
var supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
var attributeConsumingService = new AttributeConsumingService(optionName)
{
IsDefault = true,
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("urn:Email")
{
FriendlyName = "Email",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUri
});
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));
return(spOptions);
}
public void SPOptionsExtensions_CreateMetadata_IncludeAttributeConsumingService()
{
var spOptions = StubFactory.CreateSPOptions();
var urls = StubFactory.CreateAuthServicesUrls();
var attributeConsumingService = new AttributeConsumingService("Name");
spOptions.AttributeConsumingServices.Clear();
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("AttributeName"));
var subject = spOptions
.CreateMetadata(urls)
.RoleDescriptors
.Cast <ExtendedServiceProviderSingleSignOnDescriptor>()
.First();
subject.AttributeConsumingServices.First().Should().BeSameAs(attributeConsumingService);
}
public void SPOptionsExtensions_CreateMetadata_IncludeAttributeConsumingService()
{
var spOptions = StubFactory.CreateSPOptions();
var urls = StubFactory.CreateSaml2Urls();
var attributeConsumingService = new AttributeConsumingService();
attributeConsumingService.ServiceNames.Add(
new LocalizedName("Name", "en"));
spOptions.AttributeConsumingServices.Clear();
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("AttributeName"));
var subject = spOptions
.CreateMetadata(urls)
.RoleDescriptors
.Cast <SpSsoDescriptor>()
.First();
subject.AttributeConsumingServices.Values.First().Should().BeSameAs(attributeConsumingService);
}
/// <summary>
/// Takes the configuration class and converts it to a SAML2.0 metadata document.
/// </summary>
/// <param name="config">The config.</param>
/// <param name="keyInfo">The keyInfo.</param>
private void ConvertToMetadata(Saml2Configuration config, KeyInfo keyInfo)
{
var entity = CreateDefaultEntity();
entity.EntityID = config.ServiceProvider.Id;
entity.ValidUntil = DateTime.Now.AddDays(7);
var serviceProviderDescriptor = new SpSsoDescriptor
{
ProtocolSupportEnumeration = new[] { Saml20Constants.Protocol },
AuthnRequestsSigned = XmlConvert.ToString(true),
WantAssertionsSigned = XmlConvert.ToString(true)
};
if (config.ServiceProvider.NameIdFormats.Count > 0)
{
serviceProviderDescriptor.NameIdFormat = new string[config.ServiceProvider.NameIdFormats.Count];
var count = 0;
foreach (var elem in config.ServiceProvider.NameIdFormats)
{
serviceProviderDescriptor.NameIdFormat[count++] = elem.Format;
}
}
var baseUrl = new Uri(config.ServiceProvider.Server);
var logoutServiceEndpoints = new List <Endpoint>();
var signonServiceEndpoints = new List <IndexedEndpoint>();
var artifactResolutionEndpoints = new List <IndexedEndpoint>(2);
// Include endpoints.
foreach (var endpoint in config.ServiceProvider.Endpoints)
{
if (endpoint.Type == EndpointType.SignOn)
{
var loginEndpoint = new IndexedEndpoint
{
Index = endpoint.Index,
IsDefault = true,
Location = new Uri(baseUrl, endpoint.LocalPath).ToString(),
Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost)
};
signonServiceEndpoints.Add(loginEndpoint);
var artifactSignonEndpoint = new IndexedEndpoint
{
Binding = Saml20Constants.ProtocolBindings.HttpSoap,
Index = loginEndpoint.Index,
Location = loginEndpoint.Location
};
artifactResolutionEndpoints.Add(artifactSignonEndpoint);
continue;
}
if (endpoint.Type == EndpointType.Logout)
{
var logoutEndpoint = new Endpoint
{
Location = new Uri(baseUrl, endpoint.LocalPath).ToString()
};
logoutEndpoint.ResponseLocation = logoutEndpoint.Location;
logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost);
logoutServiceEndpoints.Add(logoutEndpoint);
// TODO: Look at this...
logoutEndpoint = new Endpoint
{
Location = new Uri(baseUrl, endpoint.LocalPath).ToString()
};
logoutEndpoint.ResponseLocation = logoutEndpoint.Location;
logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpRedirect);
logoutServiceEndpoints.Add(logoutEndpoint);
var artifactLogoutEndpoint = new IndexedEndpoint
{
Binding = Saml20Constants.ProtocolBindings.HttpSoap,
Index = endpoint.Index,
Location = logoutEndpoint.Location
};
artifactResolutionEndpoints.Add(artifactLogoutEndpoint);
continue;
}
}
serviceProviderDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray();
serviceProviderDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray();
// Attribute consuming service.
if (config.Metadata.RequestedAttributes.Count > 0)
{
var attConsumingService = new AttributeConsumingService();
serviceProviderDescriptor.AttributeConsumingService = new[] { attConsumingService };
attConsumingService.Index = signonServiceEndpoints[0].Index;
attConsumingService.IsDefault = true;
attConsumingService.ServiceName = new[] { new LocalizedName("SP", "en") };
attConsumingService.RequestedAttribute = new RequestedAttribute[config.Metadata.RequestedAttributes.Count];
for (var i = 0; i < config.Metadata.RequestedAttributes.Count; i++)
{
attConsumingService.RequestedAttribute[i] = new RequestedAttribute
{
Name = config.Metadata.RequestedAttributes[i].Name
};
if (config.Metadata.RequestedAttributes[i].IsRequired)
{
attConsumingService.RequestedAttribute[i].IsRequired = true;
}
attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NameformatBasic;
}
}
else
{
serviceProviderDescriptor.AttributeConsumingService = new AttributeConsumingService[0];
}
if (config.Metadata == null || !config.Metadata.ExcludeArtifactEndpoints)
{
serviceProviderDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray();
}
entity.Items = new object[] { serviceProviderDescriptor };
// Keyinfo
var keySigning = new KeyDescriptor();
var keyEncryption = new KeyDescriptor();
serviceProviderDescriptor.KeyDescriptor = new[] { keySigning, keyEncryption };
keySigning.Use = KeyTypes.Signing;
keySigning.UseSpecified = true;
keyEncryption.Use = KeyTypes.Encryption;
keyEncryption.UseSpecified = true;
// Ugly conversion between the .Net framework classes and our classes ... avert your eyes!!
keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyInfo.GetXml().OuterXml);
keyEncryption.KeyInfo = keySigning.KeyInfo;
// apply the <Organization> element
if (config.Metadata.Organization != null)
{
entity.Organization = new Schema.Metadata.Organization
{
OrganizationName = new[] { new LocalizedName {
Value = config.Metadata.Organization.Name
} },
OrganizationDisplayName = new[] { new LocalizedName {
Value = config.Metadata.Organization.DisplayName
} },
OrganizationURL = new[] { new LocalizedURI {
Value = config.Metadata.Organization.Url
} }
};
}
if (config.Metadata.Contacts != null && config.Metadata.Contacts.Any())
{
entity.ContactPerson = config.Metadata.Contacts.Select(x => new Schema.Metadata.Contact
{
ContactType =
(Schema.Metadata.ContactType)
((int)x.Type),
Company = x.Company,
GivenName = x.GivenName,
SurName = x.SurName,
EmailAddress = new[] { x.Email },
TelephoneNumber = new[] { x.Phone }
}).ToArray();
}
}
public async Task <IActionResult> SpMetadataAsync(string partyId)
{
logger.ScopeTrace(() => "Up, SP Metadata request.");
logger.SetScopeProperty(Constants.Logs.UpPartyId, partyId);
var party = RouteBinding.UpParty != null ? await tenantRepository.GetAsync <SamlUpParty>(partyId) : null;
var signMetadata = party != null ? party.SignMetadata : false;
var samlConfig = await saml2ConfigurationLogic.GetSamlUpConfigAsync(party, includeSigningAndDecryptionCertificate : signMetadata, includeSignatureValidationCertificates : false);
var acsDestination = new Uri(UrlCombine.Combine(HttpContext.GetHostWithTenantAndTrack(), RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlAcs));
var singleLogoutDestination = new Uri(UrlCombine.Combine(HttpContext.GetHostWithTenantAndTrack(), RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlSingleLogout));
var entityDescriptor = new EntityDescriptor(samlConfig, signMetadata);
if (party != null)
{
entityDescriptor.ValidUntil = new TimeSpan(0, 0, settings.SamlMetadataLifetime).Days;
}
var trackCertificates = GetTrackCertificates();
entityDescriptor.SPSsoDescriptor = new SPSsoDescriptor
{
//AuthnRequestsSigned = true,
//WantAssertionsSigned = true,
SigningCertificates = trackCertificates,
AssertionConsumerServices = new AssertionConsumerService[]
{
new AssertionConsumerService {
Binding = ToSamleBindingUri(party?.AuthnBinding?.ResponseBinding), Location = acsDestination
},
},
};
entityDescriptor.SPSsoDescriptor.SingleLogoutServices = new SingleLogoutService[]
{
new SingleLogoutService {
Binding = ToSamleBindingUri(party?.LogoutBinding?.ResponseBinding), Location = singleLogoutDestination
},
};
if (party?.MetadataIncludeEncryptionCertificates == true)
{
entityDescriptor.SPSsoDescriptor.EncryptionCertificates = trackCertificates;
entityDescriptor.SPSsoDescriptor.SetDefaultEncryptionMethods();
}
if (party?.MetadataNameIdFormats?.Count > 0)
{
entityDescriptor.SPSsoDescriptor.NameIDFormats = party.MetadataNameIdFormats.Select(nf => new Uri(nf));
}
if (party?.MetadataAttributeConsumingServices?.Count() > 0)
{
var attributeConsumingServices = new List <AttributeConsumingService>();
foreach (var aItem in party.MetadataAttributeConsumingServices)
{
var attributeConsumingService = new AttributeConsumingService {
ServiceName = new ServiceName(aItem.ServiceName.Name, aItem.ServiceName.Lang)
};
attributeConsumingService.RequestedAttributes = aItem.RequestedAttributes.Select(ra => string.IsNullOrEmpty(ra.NameFormat) ? new RequestedAttribute(ra.Name, ra.IsRequired) : new RequestedAttribute(ra.Name, ra.IsRequired, ra.NameFormat));
attributeConsumingServices.Add(attributeConsumingService);
}
entityDescriptor.SPSsoDescriptor.AttributeConsumingServices = attributeConsumingServices;
}
if (party?.MetadataContactPersons?.Count() > 0)
{
entityDescriptor.ContactPersons = GetContactPersons(party.MetadataContactPersons);
}
return(new Saml2Metadata(entityDescriptor).CreateMetadata().ToActionResult());
}
/// <summary>
/// Takes the Safewhere configuration class and converts it to a SAML2.0 metadata document.
/// </summary>
private void ConvertToMetadata(SAML20FederationConfig config, KeyInfo keyinfo)
{
EntityDescriptor entity = CreateDefaultEntity();
entity.entityID = config.ServiceProvider.ID;
entity.validUntil = DateTime.Now.AddDays(7);
SPSSODescriptor spDescriptor = new SPSSODescriptor();
spDescriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL };
spDescriptor.AuthnRequestsSigned = XmlConvert.ToString(true);
spDescriptor.WantAssertionsSigned = XmlConvert.ToString(true);
if (config.ServiceProvider.NameIdFormats.All)
{
spDescriptor.NameIDFormat = new string[] { Saml20Constants.NameIdentifierFormats.Email,
Saml20Constants.NameIdentifierFormats.Entity,
Saml20Constants.NameIdentifierFormats.Kerberos,
Saml20Constants.NameIdentifierFormats.Persistent,
Saml20Constants.NameIdentifierFormats.Transient,
Saml20Constants.NameIdentifierFormats.Unspecified,
Saml20Constants.NameIdentifierFormats.Windows,
Saml20Constants.NameIdentifierFormats.X509SubjectName };
}
else
{
spDescriptor.NameIDFormat = new string[config.ServiceProvider.NameIdFormats.NameIdFormats.Count];
int count = 0;
foreach (NameIdFormatElement elem in config.ServiceProvider.NameIdFormats.NameIdFormats)
{
spDescriptor.NameIDFormat[count++] = elem.NameIdFormat;
}
}
Uri baseURL = new Uri(config.ServiceProvider.Server);
List <Endpoint> logoutServiceEndpoints = new List <Endpoint>();
List <IndexedEndpoint> signonServiceEndpoints = new List <IndexedEndpoint>();
List <IndexedEndpoint> artifactResolutionEndpoints = new List <IndexedEndpoint>(2);
// Include endpoints.
foreach (Saml20ServiceEndpoint endpoint in config.ServiceProvider.serviceEndpoints)
{
if (endpoint.endpointType == EndpointType.SIGNON)
{
IndexedEndpoint loginEndpoint = new IndexedEndpoint();
loginEndpoint.index = endpoint.endPointIndex;
loginEndpoint.isDefault = true;
loginEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString();
loginEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Post);
signonServiceEndpoints.Add(loginEndpoint);
IndexedEndpoint artifactSignonEndpoint = new IndexedEndpoint();
artifactSignonEndpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_SOAP;
artifactSignonEndpoint.index = loginEndpoint.index;
artifactSignonEndpoint.Location = loginEndpoint.Location;
artifactResolutionEndpoints.Add(artifactSignonEndpoint);
continue;
}
if (endpoint.endpointType == EndpointType.LOGOUT)
{
Endpoint logoutEndpoint = new Endpoint();
logoutEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString();
logoutEndpoint.ResponseLocation = logoutEndpoint.Location;
logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Post);
logoutServiceEndpoints.Add(logoutEndpoint);
logoutEndpoint = new Endpoint();
logoutEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString();
logoutEndpoint.ResponseLocation = logoutEndpoint.Location;
logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Redirect);
logoutServiceEndpoints.Add(logoutEndpoint);
IndexedEndpoint artifactLogoutEndpoint = new IndexedEndpoint();
artifactLogoutEndpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_SOAP;
artifactLogoutEndpoint.index = endpoint.endPointIndex;
artifactLogoutEndpoint.Location = logoutEndpoint.Location;
artifactResolutionEndpoints.Add(artifactLogoutEndpoint);
continue;
}
}
spDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray();
spDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray();
// NameIdFormat
if (!string.IsNullOrEmpty(config.NameIdFormat))
{
spDescriptor.NameIDFormat = new string[] { config.NameIdFormat };
}
// Attribute consuming service.
if (config.RequestedAttributes.Attributes.Count > 0)
{
AttributeConsumingService attConsumingService = new AttributeConsumingService();
spDescriptor.AttributeConsumingService = new AttributeConsumingService[] { attConsumingService };
attConsumingService.index = signonServiceEndpoints[0].index;
attConsumingService.isDefault = true;
attConsumingService.ServiceName = new LocalizedName[] { new LocalizedName("SP", "da") };
attConsumingService.RequestedAttribute =
new RequestedAttribute[config.RequestedAttributes.Attributes.Count];
for (int i = 0; i < config.RequestedAttributes.Attributes.Count; i++)
{
attConsumingService.RequestedAttribute[i] = new RequestedAttribute();
attConsumingService.RequestedAttribute[i].Name = config.RequestedAttributes.Attributes[i].name;
if (config.RequestedAttributes.Attributes[i].IsRequired)
{
attConsumingService.RequestedAttribute[i].isRequired = true;
}
attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
}
}
else
{
spDescriptor.AttributeConsumingService = new AttributeConsumingService[0];
}
if (config.Metadata != null && config.Metadata.IncludeArtifactEndpoints)
{
spDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray();
}
entity.Items = new object[] { spDescriptor };
// Keyinfo
KeyDescriptor keySigning = new KeyDescriptor();
KeyDescriptor keyEncryption = new KeyDescriptor();
spDescriptor.KeyDescriptor = new KeyDescriptor[] { keySigning, keyEncryption };
keySigning.use = KeyTypes.signing;
keySigning.useSpecified = true;
keyEncryption.use = KeyTypes.encryption;
keyEncryption.useSpecified = true;
// Ugly conversion between the .Net framework classes and our classes ... avert your eyes!!
keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyinfo.GetXml().OuterXml);
keyEncryption.KeyInfo = keySigning.KeyInfo;
// apply the <Organization> element
if (config.ServiceProvider.Organization != null)
{
entity.Organization = config.ServiceProvider.Organization;
}
if (config.ServiceProvider.ContactPerson != null && config.ServiceProvider.ContactPerson.Count > 0)
{
entity.ContactPerson = config.ServiceProvider.ContactPerson.ToArray();
}
}
private static SPOptions CreateSPOptions()
{
string english = "en-us";
Organization organization = new Organization();
organization.Names.Add(new LocalizedName("OhioPublicDefender", english));
organization.DisplayNames.Add(new LocalizedName("OhioPublicDefender", english));
organization.Urls.Add(new LocalizedUri(new Uri("http://online.opd.ohio.gov"), english));
SPOptions spOptions = new SPOptions
{
EntityId = new EntityId("http://*****:*****@example.com");
spOptions.Contacts.Add(techContact);
ContactPerson supportContact = new ContactPerson
{
Type = ContactType.Support
};
supportContact.EmailAddresses.Add("*****@*****.**");
spOptions.Contacts.Add(supportContact);
AttributeConsumingService attributeConsumingService = new AttributeConsumingService
{
IsDefault = true,
ServiceNames = { new LocalizedName("Saml2", "en") }
};
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("email")
{
FriendlyName = "email",
IsRequired = true,
NameFormat = RequestedAttribute.AttributeNameFormatUnspecified
});
attributeConsumingService.RequestedAttributes.Add(
new RequestedAttribute("Minimal"));
spOptions.AttributeConsumingServices.Add(attributeConsumingService);
spOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx"));
spOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
return(spOptions);
}
public static AttributeConsumingService RequestAttribute(this AttributeConsumingService service, RequestedAttribute attribute)
{
service.RequestedAttributes.Add(attribute);
return(service);
}
