private static void UpdateWSFederationIdentityProvider(string identityProviderName) { Console.WriteLine("Updating identity provider properties..."); Console.WriteLine(); ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); // Retrieve Identity Provider IdentityProvider identityProvider = svc.GetIdentityProviderByName(identityProviderName, true); if (identityProvider != null) { // update DisplayName identityProvider.DisplayName = "*SampleIdentityProviderNewDisplayName*"; //update sign-in address IdentityProviderAddress signInAddress = identityProvider.IdentityProviderAddresses.Where(m => m.EndpointType == IdentityProviderEndpointType.SignIn.ToString()).FirstOrDefault(); if (signInAddress != null) { signInAddress.Address = "http://SampleIdentityProvider/New-Sign-In"; svc.UpdateObject(signInAddress); } svc.UpdateObject(identityProvider); svc.SaveChangesBatch(); } }
private static void DisplayIdentityProviderAddress(IdentityProviderAddress identityProviderAddress) { if (identityProviderAddress == null) { return; } Console.WriteLine("\tIdentity Provider Address (Id = {0})\n", identityProviderAddress.Id); Console.WriteLine("\t\tId = {0}\n", identityProviderAddress.Id); Console.WriteLine("\t\tAddress = {0}\n", identityProviderAddress.Address); Console.WriteLine("\t\tEndpointType = {0}\n", identityProviderAddress.EndpointType); }
/// <summary> /// Create a WS-Federation identity provider with associated keys and addresses. /// </summary> public static IdentityProvider CreateWsFederationIdentityProvider(this ManagementService svc, string name, byte[] signingCertificateValue, DateTime keyStartDate, DateTime keyEndDate, string signInUrl) { Issuer issuer = new Issuer() { Name = name }; svc.AddToIssuers(issuer); // // Create the Identity Provider // IdentityProvider identityProvider = new IdentityProvider() { DisplayName = name, WebSSOProtocolType = IdentityProviderProtocolType.WsFederation.ToString(), }; svc.AddObject("IdentityProviders", identityProvider); svc.SetLink(identityProvider, "Issuer", issuer); // // Create the Identity Provider key used to validate the signature of IDP-signed tokens. // IdentityProviderKey signingKey = new IdentityProviderKey() { DisplayName = "SampleIdentityProviderKeyDisplayName", Type = IdentityProviderKeyType.X509Certificate.ToString(), Usage = IdentityProviderKeyUsage.Signing.ToString(), Value = signingCertificateValue, StartDate = keyStartDate.ToUniversalTime(), EndDate = keyEndDate.ToUniversalTime() }; svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", signingKey); // Create the sign-in address for Identity Provider IdentityProviderAddress signInAddress = new IdentityProviderAddress() { Address = signInUrl, EndpointType = IdentityProviderEndpointType.SignIn.ToString(), }; svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress); identityProvider.Issuer = issuer; return(identityProvider); }
/// <summary> /// Create an OpenID identity provider with the associated sign-in address /// </summary> /// <param name="name">The name of the issuer to create.</param> /// <param name="signInUrl">The post-discovery OpenID endpoint URL of the provider.</param> /// <returns>The created identity provider.</returns> public static IdentityProvider CreateOpenIdIdentityProvider(this ManagementService svc, string name, string signInUrl) { Issuer issuer = new Issuer() { Name = name }; svc.AddToIssuers(issuer); // // Create the Identity Provider // IdentityProvider identityProvider = new IdentityProvider() { DisplayName = name, WebSSOProtocolType = IdentityProviderProtocolType.OpenId.ToString(), }; svc.AddObject("IdentityProviders", identityProvider); svc.SetLink(identityProvider, "Issuer", issuer); // // Create the sign-in address for Identity Provider // IdentityProviderAddress signInAddress = new IdentityProviderAddress() { Address = signInUrl, EndpointType = IdentityProviderEndpointType.SignIn.ToString(), }; svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress); identityProvider.Issuer = issuer; return(identityProvider); }
public Issuer AddIdentityProviderManually(string displayName, string federationUrl, WebSSOProtocolType protocolType, byte[] signingValidationCert = null, string[] allowedRelyingParties = null) { try { var client = this.CreateManagementServiceClient(); var defaultStartDate = DateTime.UtcNow; var defaultEndDate = defaultStartDate.AddYears(1); var issuer = new Issuer { Name = displayName }; var oldIssuer = client.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault(); if (oldIssuer != null) { client.DeleteObject(oldIssuer); } client.AddToIssuers(issuer); client.SaveChanges(SaveChangesOptions.Batch); var identityProvider = new IdentityProvider { DisplayName = displayName, WebSSOProtocolType = protocolType.ToString(), LoginLinkName = displayName, IssuerId = issuer.Id }; var oldIdentityProvider = client.IdentityProviders.Where(ip => ip.DisplayName.Equals(identityProvider.DisplayName, StringComparison.OrdinalIgnoreCase)) .FirstOrDefault(); if (oldIdentityProvider != null) { client.DeleteObject(oldIdentityProvider); client.SaveChanges(); } client.AddToIdentityProviders(identityProvider); client.SaveChanges(SaveChangesOptions.Batch); // Identity provider public key to verify the signature if (signingValidationCert != null) { var key = new IdentityProviderKey { IdentityProviderId = identityProvider.Id, DisplayName = "Signing Key for " + displayName, StartDate = defaultStartDate, EndDate = defaultEndDate, Type = KeyType.X509Certificate.ToString(), Usage = KeyUsage.Signing.ToString(), Value = signingValidationCert }; client.AddToIdentityProviderKeys(key); client.SaveChanges(SaveChangesOptions.Batch); } // WS-Federation sign-in URL var federationSignInAddress = new IdentityProviderAddress { IdentityProviderId = identityProvider.Id, EndpointType = EndpointType.SignIn.ToString(), Address = federationUrl }; client.AddToIdentityProviderAddresses(federationSignInAddress); client.SaveChanges(SaveChangesOptions.Batch); return(issuer); } catch (Exception ex) { throw TryGetExceptionDetails(ex); } }
/// <summary> /// Add an Identity Provider /// </summary> private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName) { var issuer = new Issuer { Name = idpName }; // Check the Issuer does not exist previouly (if it exists, delete it) var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault(); if (oldIssuer != null) { svc0.DeleteObject(oldIssuer); svc0.SaveChanges(); } // Add Issuer svc0.AddToIssuers(issuer); svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Issuer created: {0}", idpName); var idp = new IdentityProvider { DisplayName = idpDisplayName, LoginLinkName = idpDisplayName, WebSSOProtocolType = "WsFederation", IssuerId = issuer.Id }; // Check the IP does not exist previouly (if it exists, delete it) var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault(); if (oldIdentityProvider != null) { svc0.DeleteObject(oldIdentityProvider); svc0.SaveChanges(); } // Add the new IP to ACS svc0.AddObject("IdentityProviders", idp); // Console.WriteLine("Info: Identity Provider created: {0}", idp.Name); Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName); // Identity provider public key to verify the signature var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer"); var key = new IdentityProviderKey { IdentityProvider = idp, DisplayName = idpKeyDisplayName, EndDate = endDate, StartDate = startDate, Type = "X509Certificate", Usage = "Signing", Value = cert }; svc0.AddRelatedObject(idp, "IdentityProviderKeys", key); svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName); // WS-Federation sign-in URL var idpaSignIn = new IdentityProviderAddress { IdentityProviderId = idp.Id, EndpointType = "SignIn", Address = idpAddress }; svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn); svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress); string labRelyingPartyName = "WebSiteAdvancedACS"; // Relying Party related to the Identity Provider foreach (var existingRelyingParty in svc0.RelyingParties) { var rpid = new RelyingPartyIdentityProvider { IdentityProviderId = idp.Id, RelyingPartyId = existingRelyingParty.Id }; existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid); idp.RelyingPartyIdentityProviders.Add(rpid); svc0.AddToRelyingPartyIdentityProviders(rpid); } svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName); return(issuer); }
public void AddToIdentityProviderAddresses(IdentityProviderAddress identityProviderAddress) { base.AddObject("IdentityProviderAddresses", identityProviderAddress); }
public static IdentityProviderAddress CreateIdentityProviderAddress(long ID, long identityProviderId, bool systemReserved) { IdentityProviderAddress identityProviderAddress = new IdentityProviderAddress(); identityProviderAddress.Id = ID; identityProviderAddress.IdentityProviderId = identityProviderId; identityProviderAddress.SystemReserved = systemReserved; return identityProviderAddress; }