private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            var svc = DependencyResolver.Current.GetService<IAuthorizationServerAdministratorsService>();

            e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new SubjectClaimsTransformer(svc);
            e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new AuthorizationManager();
        }
 private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
 {
     List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[]
     {
         new DeflateCookieTransform(),
         new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
         new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
     });
     SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
     e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
 }
        private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            List <CookieTransform> sessionTransforms = new List <CookieTransform>(new CookieTransform[]
            {
                new DeflateCookieTransform(),
                new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
                new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
            });
            SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());

            e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
        }
Example #4
0
        void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            // Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/
            var sessionTransforms = new List<CookieTransform>(new CookieTransform[] {
                new DeflateCookieTransform(),
                new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
                new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
            });

            var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
            e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
        }
Example #5
0
        void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            // Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/
            var sessionTransforms = new List <CookieTransform>(new CookieTransform[] {
                new DeflateCookieTransform(),
                new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
                new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
            });

            var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());

            e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
        }
        private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            //from appsettings...
            const string domain = "";
            const bool requireSsl = false;
            const string authCookieName = "StsAuth";

            e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
                {Domain = domain,
                 Name = authCookieName,
                 RequireSsl = requireSsl,
                 PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
        }
Example #7
0
        private static void FederatedAuthentication_FederationConfigurationCreated(
            object sender,
            FederationConfigurationCreatedEventArgs e)
        {
            //from appsettings...
            const string domain         = "";
            const bool   requireSsl     = false;
            const string authCookieName = "Sidekick.StsAuth";

            e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
            {
                Domain     = domain,
                Name       = authCookieName,
                RequireSsl = requireSsl,
                PersistentSessionLifetime =
                    new TimeSpan(0, 0, 30, 0)
            };
        }
        private static void FederatedAuthentication_FederationConfigurationCreated(
            object sender,
            FederationConfigurationCreatedEventArgs e)
        {
            //from appsettings...
            const string Domain = "";
            const bool RequireSsl = false;
            const string CertThumbprint = "8ce44a2192da7d0265f207f5dfa7b8809ec87b04";
            const string AuthCookieName = "RP1Auth";

            e.FederationConfiguration = FederationConfigurationFactory.Create(
                InfrastructureConstants.Rp1Url,
                InfrastructureConstants.StsUrl + "token/get",
                Domain,
                CertThumbprint,
                AuthCookieName,
                RequireSsl);
            e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender();
        }
        static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            if (IsEmbeddedSts(e.FederationConfiguration.WsFederationConfiguration.Issuer))
            {
                var inr = new ConfigurationBasedIssuerNameRegistry();
                inr.AddTrustedIssuer(EmbeddedStsConstants.SigningCertificate.Thumbprint,
                                     EmbeddedStsConstants.TokenIssuerName);
                
                var config = e.FederationConfiguration;
                config.IdentityConfiguration.IssuerNameRegistry = inr;

                var rpRealm = new Uri(config.WsFederationConfiguration.Realm);
                if (!config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(rpRealm))
                {
                    config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(rpRealm);
                }
                config.IdentityConfiguration.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
                config.IdentityConfiguration.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
            }
        }
Example #10
0
        private static void FederatedAuthentication_FederationConfigurationCreated(
           object sender,
           FederationConfigurationCreatedEventArgs e)
        {
            //from appsettings...
            const string domain = "";
            const bool requireSsl = false;
            const string certThumbprint = "‎‎b4f5aa91cc5110ae69eda952a4ab5a024c1dd764";
            const string authCookieName = "RP1Auth";

            e.FederationConfiguration = FederationConfigurationFactory.Create(
                //InfrastructureConstants.Rp1Url,
                "http://localhost/SsoClient/", // the '/' is very necessary at the end. DON'T remove it
                                               //InfrastructureConstants.StsUrl + "token/get",
                "http://sidekick.local/sso/token",
                domain,
                certThumbprint,
                authCookieName,
                requireSsl);

            e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender();
        }
Example #11
0
        private static void FederatedAuthentication_FederationConfigurationCreated(
            object sender,
            FederationConfigurationCreatedEventArgs e)
        {
            //from appsettings...
            const string domain         = "";
            const bool   requireSsl     = false;
            const string certThumbprint = "‎‎b4f5aa91cc5110ae69eda952a4ab5a024c1dd764";
            const string authCookieName = "RP1Auth";



            e.FederationConfiguration = FederationConfigurationFactory.Create(
                //InfrastructureConstants.Rp1Url,
                "http://localhost/SsoClient/", // the '/' is very necessary at the end. DON'T remove it
                                               //InfrastructureConstants.StsUrl + "token/get",
                "http://sidekick.local/sso/token",
                domain,
                certThumbprint,
                authCookieName,
                requireSsl);

            e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender();
        }
Example #12
0
 private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
 {
     //e.FederationConfiguration.IdentityConfiguration.
     // set e.FederationConfiguration
     // dynamic config
 }
 private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
 {
     //from appsettings...
     const string domain = "";
     const bool requireSsl = false;
     const string authCookieName = "YourSiteAuth"; //default is fedauth, i normally create my own name as it is easier to identify when you have a lot of cookies.
     e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
         {
             Domain = domain,
             Name = authCookieName,
             RequireSsl = requireSsl,
             PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
         };
 }
 void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
 {
     
 }
            private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
            {
                //from appsettings...
                const string allowedAudience = "http://audience1/user/get";
                const string rpRealm         = "http://audience1/";
                const string domain          = "";
                const bool   requireSsl      = false;
                const string issuer          = "http://sts/token/create;
        const string certThumbprint = " mythumbprint ";
        const string authCookieName = " StsAuth ";

        var federationConfiguration = new FederationConfiguration();
                                 federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

        var issuingAuthority = new IssuingAuthority(internalSts);
        issuingAuthority.Thumbprints.Add(certThumbprint);
        issuingAuthority.Issuers.Add(internalSts);
        var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};

        var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
        federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
        federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

        var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
        federationConfiguration.CookieHandler = chunkedCookieHandler;
        federationConfiguration.WsFederationConfiguration.Issuer = issuer;
        federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
        federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

        e.FederationConfiguration = federationConfiguration;
                  }
        private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            log.Info("Configuring WSFederation");

            log.Info($"ClientApplicationUri:  {MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri}");
            log.Info($"SecurityTokenIssuerUri:  {MortysMixedAuthenticationConfiguration.Settings.SecurityTokenIssuerUri}");
            log.Info($"TokenIssuingAuthorityUri:  {MortysMixedAuthenticationConfiguration.Settings.TokenIssuingAuthorityUri}");
            log.Info($"TokenSigningSertificateThumbprint:  {MortysMixedAuthenticationConfiguration.Settings.TokenSigningSertificateThumbprint}");

            e.FederationConfiguration = FederationAuthenticationModule.LoadConfigurationSection();
        }
        static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            if (IsEmbeddedSts(e.FederationConfiguration.WsFederationConfiguration.Issuer))
            {
                var inr = new ConfigurationBasedIssuerNameRegistry();
                inr.AddTrustedIssuer(EmbeddedStsConstants.SigningCertificate.Thumbprint,
                                     EmbeddedStsConstants.TokenIssuerName);

                var config = e.FederationConfiguration;
                config.IdentityConfiguration.IssuerNameRegistry = inr;

                var rpRealm = new Uri(config.WsFederationConfiguration.Realm);
                if (!config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(rpRealm))
                {
                    config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(rpRealm);
                }
                config.IdentityConfiguration.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
                config.IdentityConfiguration.RevocationMode            = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
            }
        }
Example #18
0
 private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
 {
     e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new AuthorizationManager();
 }
Example #19
0
        private static void FederatedAuthenticationFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
        {
            const bool   RequireSsl     = false;
            const string AuthCookieName = "AppliedAuth";

            e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
            {
                Domain     = string.Empty,
                Name       = AuthCookieName,
                RequireSsl = RequireSsl,
                PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
            };

            e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsTransformer();
        }
Example #20
0
 void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
 {
 }