private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
var svc = DependencyResolver.Current.GetService<IAuthorizationServerAdministratorsService>();
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new SubjectClaimsTransformer(svc);
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new AuthorizationManager();
}
private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
List <CookieTransform> sessionTransforms = new List <CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
// Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/
var sessionTransforms = new List<CookieTransform>(new CookieTransform[] {
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
// Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/
var sessionTransforms = new List <CookieTransform>(new CookieTransform[] {
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate)
});
var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string domain = "";
const bool requireSsl = false;
const string authCookieName = "StsAuth";
e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
{Domain = domain,
Name = authCookieName,
RequireSsl = requireSsl,
PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
}
private static void FederatedAuthentication_FederationConfigurationCreated(
object sender,
FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string domain = "";
const bool requireSsl = false;
const string authCookieName = "Sidekick.StsAuth";
e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
{
Domain = domain,
Name = authCookieName,
RequireSsl = requireSsl,
PersistentSessionLifetime =
new TimeSpan(0, 0, 30, 0)
};
}
private static void FederatedAuthentication_FederationConfigurationCreated(
object sender,
FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string Domain = "";
const bool RequireSsl = false;
const string CertThumbprint = "8ce44a2192da7d0265f207f5dfa7b8809ec87b04";
const string AuthCookieName = "RP1Auth";
e.FederationConfiguration = FederationConfigurationFactory.Create(
InfrastructureConstants.Rp1Url,
InfrastructureConstants.StsUrl + "token/get",
Domain,
CertThumbprint,
AuthCookieName,
RequireSsl);
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender();
}
static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
if (IsEmbeddedSts(e.FederationConfiguration.WsFederationConfiguration.Issuer))
{
var inr = new ConfigurationBasedIssuerNameRegistry();
inr.AddTrustedIssuer(EmbeddedStsConstants.SigningCertificate.Thumbprint,
EmbeddedStsConstants.TokenIssuerName);
var config = e.FederationConfiguration;
config.IdentityConfiguration.IssuerNameRegistry = inr;
var rpRealm = new Uri(config.WsFederationConfiguration.Realm);
if (!config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(rpRealm))
{
config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(rpRealm);
}
config.IdentityConfiguration.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
config.IdentityConfiguration.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
}
}
private static void FederatedAuthentication_FederationConfigurationCreated(
object sender,
FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string domain = "";
const bool requireSsl = false;
const string certThumbprint = "b4f5aa91cc5110ae69eda952a4ab5a024c1dd764";
const string authCookieName = "RP1Auth";
e.FederationConfiguration = FederationConfigurationFactory.Create(
//InfrastructureConstants.Rp1Url,
"http://localhost/SsoClient/", // the '/' is very necessary at the end. DON'T remove it
//InfrastructureConstants.StsUrl + "token/get",
"http://sidekick.local/sso/token",
domain,
certThumbprint,
authCookieName,
requireSsl);
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender();
}
private static void FederatedAuthentication_FederationConfigurationCreated(
object sender,
FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string domain = "";
const bool requireSsl = false;
const string certThumbprint = "b4f5aa91cc5110ae69eda952a4ab5a024c1dd764";
const string authCookieName = "RP1Auth";
e.FederationConfiguration = FederationConfigurationFactory.Create(
//InfrastructureConstants.Rp1Url,
"http://localhost/SsoClient/", // the '/' is very necessary at the end. DON'T remove it
//InfrastructureConstants.StsUrl + "token/get",
"http://sidekick.local/sso/token",
domain,
certThumbprint,
authCookieName,
requireSsl);
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender();
}
private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
//e.FederationConfiguration.IdentityConfiguration.
// set e.FederationConfiguration
// dynamic config
}
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string domain = "";
const bool requireSsl = false;
const string authCookieName = "YourSiteAuth"; //default is fedauth, i normally create my own name as it is easier to identify when you have a lot of cookies.
e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
{
Domain = domain,
Name = authCookieName,
RequireSsl = requireSsl,
PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
};
}
void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
//from appsettings...
const string allowedAudience = "http://audience1/user/get";
const string rpRealm = "http://audience1/";
const string domain = "";
const bool requireSsl = false;
const string issuer = "http://sts/token/create;
const string certThumbprint = " mythumbprint ";
const string authCookieName = " StsAuth ";
var federationConfiguration = new FederationConfiguration();
federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));
var issuingAuthority = new IssuingAuthority(internalSts);
issuingAuthority.Thumbprints.Add(certThumbprint);
issuingAuthority.Issuers.Add(internalSts);
var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};
var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
federationConfiguration.CookieHandler = chunkedCookieHandler;
federationConfiguration.WsFederationConfiguration.Issuer = issuer;
federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;
e.FederationConfiguration = federationConfiguration;
}
private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
log.Info("Configuring WSFederation");
log.Info($"ClientApplicationUri: {MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri}");
log.Info($"SecurityTokenIssuerUri: {MortysMixedAuthenticationConfiguration.Settings.SecurityTokenIssuerUri}");
log.Info($"TokenIssuingAuthorityUri: {MortysMixedAuthenticationConfiguration.Settings.TokenIssuingAuthorityUri}");
log.Info($"TokenSigningSertificateThumbprint: {MortysMixedAuthenticationConfiguration.Settings.TokenSigningSertificateThumbprint}");
e.FederationConfiguration = FederationAuthenticationModule.LoadConfigurationSection();
}
static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
if (IsEmbeddedSts(e.FederationConfiguration.WsFederationConfiguration.Issuer))
{
var inr = new ConfigurationBasedIssuerNameRegistry();
inr.AddTrustedIssuer(EmbeddedStsConstants.SigningCertificate.Thumbprint,
EmbeddedStsConstants.TokenIssuerName);
var config = e.FederationConfiguration;
config.IdentityConfiguration.IssuerNameRegistry = inr;
var rpRealm = new Uri(config.WsFederationConfiguration.Realm);
if (!config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(rpRealm))
{
config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(rpRealm);
}
config.IdentityConfiguration.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
config.IdentityConfiguration.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
}
}
private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new AuthorizationManager();
}
private static void FederatedAuthenticationFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
const bool RequireSsl = false;
const string AuthCookieName = "AppliedAuth";
e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler
{
Domain = string.Empty,
Name = AuthCookieName,
RequireSsl = RequireSsl,
PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)
};
e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsTransformer();
}
void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
