private static void UpdateWSFederationIdentityProvider(string identityProviderName)
{
Console.WriteLine("Updating identity provider properties...");
Console.WriteLine();
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
// Retrieve Identity Provider
IdentityProvider identityProvider = svc.GetIdentityProviderByName(identityProviderName, true);
if (identityProvider != null)
{
// update DisplayName
identityProvider.DisplayName = "*SampleIdentityProviderNewDisplayName*";
//update sign-in address
IdentityProviderAddress signInAddress = identityProvider.IdentityProviderAddresses.Where(m => m.EndpointType == IdentityProviderEndpointType.SignIn.ToString()).FirstOrDefault();
if (signInAddress != null)
{
signInAddress.Address = "http://SampleIdentityProvider/New-Sign-In";
svc.UpdateObject(signInAddress);
}
svc.UpdateObject(identityProvider);
svc.SaveChangesBatch();
}
}
private static void DisplayIdentityProviderAddress(IdentityProviderAddress identityProviderAddress)
{
if (identityProviderAddress == null)
{
return;
}
Console.WriteLine("\tIdentity Provider Address (Id = {0})\n", identityProviderAddress.Id);
Console.WriteLine("\t\tId = {0}\n", identityProviderAddress.Id);
Console.WriteLine("\t\tAddress = {0}\n", identityProviderAddress.Address);
Console.WriteLine("\t\tEndpointType = {0}\n", identityProviderAddress.EndpointType);
}
/// <summary>
/// Create a WS-Federation identity provider with associated keys and addresses.
/// </summary>
public static IdentityProvider CreateWsFederationIdentityProvider(this ManagementService svc, string name, byte[] signingCertificateValue, DateTime keyStartDate, DateTime keyEndDate, string signInUrl)
{
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
WebSSOProtocolType = IdentityProviderProtocolType.WsFederation.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the Identity Provider key used to validate the signature of IDP-signed tokens.
//
IdentityProviderKey signingKey = new IdentityProviderKey()
{
DisplayName = "SampleIdentityProviderKeyDisplayName",
Type = IdentityProviderKeyType.X509Certificate.ToString(),
Usage = IdentityProviderKeyUsage.Signing.ToString(),
Value = signingCertificateValue,
StartDate = keyStartDate.ToUniversalTime(),
EndDate = keyEndDate.ToUniversalTime()
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", signingKey);
// Create the sign-in address for Identity Provider
IdentityProviderAddress signInAddress = new IdentityProviderAddress()
{
Address = signInUrl,
EndpointType = IdentityProviderEndpointType.SignIn.ToString(),
};
svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress);
identityProvider.Issuer = issuer;
return(identityProvider);
}
/// <summary>
/// Create an OpenID identity provider with the associated sign-in address
/// </summary>
/// <param name="name">The name of the issuer to create.</param>
/// <param name="signInUrl">The post-discovery OpenID endpoint URL of the provider.</param>
/// <returns>The created identity provider.</returns>
public static IdentityProvider CreateOpenIdIdentityProvider(this ManagementService svc, string name, string signInUrl)
{
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
WebSSOProtocolType = IdentityProviderProtocolType.OpenId.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the sign-in address for Identity Provider
//
IdentityProviderAddress signInAddress = new IdentityProviderAddress()
{
Address = signInUrl,
EndpointType = IdentityProviderEndpointType.SignIn.ToString(),
};
svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress);
identityProvider.Issuer = issuer;
return(identityProvider);
}
public Issuer AddIdentityProviderManually(string displayName, string federationUrl, WebSSOProtocolType protocolType, byte[] signingValidationCert = null, string[] allowedRelyingParties = null)
{
try
{
var client = this.CreateManagementServiceClient();
var defaultStartDate = DateTime.UtcNow;
var defaultEndDate = defaultStartDate.AddYears(1);
var issuer = new Issuer
{
Name = displayName
};
var oldIssuer = client.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
client.DeleteObject(oldIssuer);
}
client.AddToIssuers(issuer);
client.SaveChanges(SaveChangesOptions.Batch);
var identityProvider = new IdentityProvider
{
DisplayName = displayName,
WebSSOProtocolType = protocolType.ToString(),
LoginLinkName = displayName,
IssuerId = issuer.Id
};
var oldIdentityProvider = client.IdentityProviders.Where(ip => ip.DisplayName.Equals(identityProvider.DisplayName, StringComparison.OrdinalIgnoreCase))
.FirstOrDefault();
if (oldIdentityProvider != null)
{
client.DeleteObject(oldIdentityProvider);
client.SaveChanges();
}
client.AddToIdentityProviders(identityProvider);
client.SaveChanges(SaveChangesOptions.Batch);
// Identity provider public key to verify the signature
if (signingValidationCert != null)
{
var key = new IdentityProviderKey
{
IdentityProviderId = identityProvider.Id,
DisplayName = "Signing Key for " + displayName,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = signingValidationCert
};
client.AddToIdentityProviderKeys(key);
client.SaveChanges(SaveChangesOptions.Batch);
}
// WS-Federation sign-in URL
var federationSignInAddress = new IdentityProviderAddress
{
IdentityProviderId = identityProvider.Id,
EndpointType = EndpointType.SignIn.ToString(),
Address = federationUrl
};
client.AddToIdentityProviderAddresses(federationSignInAddress);
client.SaveChanges(SaveChangesOptions.Batch);
return(issuer);
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
/// <summary>
/// Add an Identity Provider
/// </summary>
private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName)
{
var issuer = new Issuer
{
Name = idpName
};
// Check the Issuer does not exist previouly (if it exists, delete it)
var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
svc0.DeleteObject(oldIssuer);
svc0.SaveChanges();
}
// Add Issuer
svc0.AddToIssuers(issuer);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Issuer created: {0}", idpName);
var idp = new IdentityProvider
{
DisplayName = idpDisplayName,
LoginLinkName = idpDisplayName,
WebSSOProtocolType = "WsFederation",
IssuerId = issuer.Id
};
// Check the IP does not exist previouly (if it exists, delete it)
var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault();
if (oldIdentityProvider != null)
{
svc0.DeleteObject(oldIdentityProvider);
svc0.SaveChanges();
}
// Add the new IP to ACS
svc0.AddObject("IdentityProviders", idp);
// Console.WriteLine("Info: Identity Provider created: {0}", idp.Name);
Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName);
// Identity provider public key to verify the signature
var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer");
var key = new IdentityProviderKey
{
IdentityProvider = idp,
DisplayName = idpKeyDisplayName,
EndDate = endDate,
StartDate = startDate,
Type = "X509Certificate",
Usage = "Signing",
Value = cert
};
svc0.AddRelatedObject(idp, "IdentityProviderKeys", key);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName);
// WS-Federation sign-in URL
var idpaSignIn = new IdentityProviderAddress
{
IdentityProviderId = idp.Id,
EndpointType = "SignIn",
Address = idpAddress
};
svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress);
string labRelyingPartyName = "WebSiteAdvancedACS";
// Relying Party related to the Identity Provider
foreach (var existingRelyingParty in svc0.RelyingParties)
{
var rpid = new RelyingPartyIdentityProvider
{
IdentityProviderId = idp.Id,
RelyingPartyId = existingRelyingParty.Id
};
existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid);
idp.RelyingPartyIdentityProviders.Add(rpid);
svc0.AddToRelyingPartyIdentityProviders(rpid);
}
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName);
return(issuer);
}
public void AddToIdentityProviderAddresses(IdentityProviderAddress identityProviderAddress)
{
base.AddObject("IdentityProviderAddresses", identityProviderAddress);
}
public static IdentityProviderAddress CreateIdentityProviderAddress(long ID, long identityProviderId, bool systemReserved)
{
IdentityProviderAddress identityProviderAddress = new IdentityProviderAddress();
identityProviderAddress.Id = ID;
identityProviderAddress.IdentityProviderId = identityProviderId;
identityProviderAddress.SystemReserved = systemReserved;
return identityProviderAddress;
}
