private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { var svc = DependencyResolver.Current.GetService<IAuthorizationServerAdministratorsService>(); e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new SubjectClaimsTransformer(svc); e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new AuthorizationManager(); }
private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate) }); SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()); e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler); }
private static void OnFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { List <CookieTransform> sessionTransforms = new List <CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate) }); SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()); e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler); }
void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { // Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/ var sessionTransforms = new List<CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate) }); var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()); e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler); }
void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { // Change cookie encryption type from DPAPI to RSA. This avoids a security exception due to a cookie size limit with the SSO cookie. See http://fabriccontroller.net/blog/posts/key-not-valid-for-use-in-specified-state-exception-when-working-with-the-access-control-service/ var sessionTransforms = new List <CookieTransform>(new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform(e.FederationConfiguration.ServiceCertificate), new RsaSignatureCookieTransform(e.FederationConfiguration.ServiceCertificate) }); var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()); e.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler); }
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string domain = ""; const bool requireSsl = false; const string authCookieName = "StsAuth"; e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler {Domain = domain, Name = authCookieName, RequireSsl = requireSsl, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)}; }
private static void FederatedAuthentication_FederationConfigurationCreated( object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string domain = ""; const bool requireSsl = false; const string authCookieName = "Sidekick.StsAuth"; e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler { Domain = domain, Name = authCookieName, RequireSsl = requireSsl, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0) }; }
private static void FederatedAuthentication_FederationConfigurationCreated( object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string Domain = ""; const bool RequireSsl = false; const string CertThumbprint = "8ce44a2192da7d0265f207f5dfa7b8809ec87b04"; const string AuthCookieName = "RP1Auth"; e.FederationConfiguration = FederationConfigurationFactory.Create( InfrastructureConstants.Rp1Url, InfrastructureConstants.StsUrl + "token/get", Domain, CertThumbprint, AuthCookieName, RequireSsl); e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender(); }
static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { if (IsEmbeddedSts(e.FederationConfiguration.WsFederationConfiguration.Issuer)) { var inr = new ConfigurationBasedIssuerNameRegistry(); inr.AddTrustedIssuer(EmbeddedStsConstants.SigningCertificate.Thumbprint, EmbeddedStsConstants.TokenIssuerName); var config = e.FederationConfiguration; config.IdentityConfiguration.IssuerNameRegistry = inr; var rpRealm = new Uri(config.WsFederationConfiguration.Realm); if (!config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(rpRealm)) { config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(rpRealm); } config.IdentityConfiguration.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; config.IdentityConfiguration.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; } }
private static void FederatedAuthentication_FederationConfigurationCreated( object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string domain = ""; const bool requireSsl = false; const string certThumbprint = "b4f5aa91cc5110ae69eda952a4ab5a024c1dd764"; const string authCookieName = "RP1Auth"; e.FederationConfiguration = FederationConfigurationFactory.Create( //InfrastructureConstants.Rp1Url, "http://localhost/SsoClient/", // the '/' is very necessary at the end. DON'T remove it //InfrastructureConstants.StsUrl + "token/get", "http://sidekick.local/sso/token", domain, certThumbprint, authCookieName, requireSsl); e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender(); }
private static void FederatedAuthentication_FederationConfigurationCreated( object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string domain = ""; const bool requireSsl = false; const string certThumbprint = "b4f5aa91cc5110ae69eda952a4ab5a024c1dd764"; const string authCookieName = "RP1Auth"; e.FederationConfiguration = FederationConfigurationFactory.Create( //InfrastructureConstants.Rp1Url, "http://localhost/SsoClient/", // the '/' is very necessary at the end. DON'T remove it //InfrastructureConstants.StsUrl + "token/get", "http://sidekick.local/sso/token", domain, certThumbprint, authCookieName, requireSsl); e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAppender(); }
private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { //e.FederationConfiguration.IdentityConfiguration. // set e.FederationConfiguration // dynamic config }
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string domain = ""; const bool requireSsl = false; const string authCookieName = "YourSiteAuth"; //default is fedauth, i normally create my own name as it is easier to identify when you have a lot of cookies. e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler { Domain = domain, Name = authCookieName, RequireSsl = requireSsl, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0) }; }
void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { }
private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string allowedAudience = "http://audience1/user/get"; const string rpRealm = "http://audience1/"; const string domain = ""; const bool requireSsl = false; const string issuer = "http://sts/token/create; const string certThumbprint = " mythumbprint "; const string authCookieName = " StsAuth "; var federationConfiguration = new FederationConfiguration(); federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience)); var issuingAuthority = new IssuingAuthority(internalSts); issuingAuthority.Thumbprints.Add(certThumbprint); issuingAuthority.Issuers.Add(internalSts); var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority}; var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities}; federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry; federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)}; federationConfiguration.CookieHandler = chunkedCookieHandler; federationConfiguration.WsFederationConfiguration.Issuer = issuer; federationConfiguration.WsFederationConfiguration.Realm = rpRealm; federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl; e.FederationConfiguration = federationConfiguration; }
private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { log.Info("Configuring WSFederation"); log.Info($"ClientApplicationUri: {MortysMixedAuthenticationConfiguration.Settings.ClientApplicationUri}"); log.Info($"SecurityTokenIssuerUri: {MortysMixedAuthenticationConfiguration.Settings.SecurityTokenIssuerUri}"); log.Info($"TokenIssuingAuthorityUri: {MortysMixedAuthenticationConfiguration.Settings.TokenIssuingAuthorityUri}"); log.Info($"TokenSigningSertificateThumbprint: {MortysMixedAuthenticationConfiguration.Settings.TokenSigningSertificateThumbprint}"); e.FederationConfiguration = FederationAuthenticationModule.LoadConfigurationSection(); }
static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { if (IsEmbeddedSts(e.FederationConfiguration.WsFederationConfiguration.Issuer)) { var inr = new ConfigurationBasedIssuerNameRegistry(); inr.AddTrustedIssuer(EmbeddedStsConstants.SigningCertificate.Thumbprint, EmbeddedStsConstants.TokenIssuerName); var config = e.FederationConfiguration; config.IdentityConfiguration.IssuerNameRegistry = inr; var rpRealm = new Uri(config.WsFederationConfiguration.Realm); if (!config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(rpRealm)) { config.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(rpRealm); } config.IdentityConfiguration.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; config.IdentityConfiguration.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; } }
private void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { e.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager = new AuthorizationManager(); }
private static void FederatedAuthenticationFederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { const bool RequireSsl = false; const string AuthCookieName = "AppliedAuth"; e.FederationConfiguration.CookieHandler = new ChunkedCookieHandler { Domain = string.Empty, Name = AuthCookieName, RequireSsl = RequireSsl, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0) }; e.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager = new ClaimsTransformer(); }
void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { }