/// <summary>
/// Create a Facebook identity provider with associated keys and permissions configured.
/// </summary>
/// <param name="applicationId">The Facebook Application ID</param>
/// <param name="applicationSecret">The Facebook Application Secret</param>
/// <param name="applicationPermissions">The permissions to request from Facebook</param>
/// <returns></returns>
public static IdentityProvider CreateFacebookIdentityProvider(this ManagementService svc, string applicationId, string applicationSecret, string applicationPermissions)
{
string name = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId);
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
LoginParameters = applicationPermissions,
WebSSOProtocolType = IdentityProviderProtocolType.Facebook.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the application Id and application secret keys for this facebook application.
//
IdentityProviderKey applicationIdKey = new IdentityProviderKey()
{
DisplayName = "Facebook application ID",
Type = IdentityProviderKeyType.ApplicationKey.ToString(),
Usage = IdentityProviderKeyUsage.ApplicationId.ToString(),
Value = Encoding.UTF8.GetBytes(applicationId),
StartDate = DateTime.UtcNow,
EndDate = DateTime.MaxValue,
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationIdKey);
IdentityProviderKey applicationSecretKey = new IdentityProviderKey()
{
DisplayName = "Facebook application Secret",
Type = IdentityProviderKeyType.ApplicationKey.ToString(),
Usage = IdentityProviderKeyUsage.ApplicationSecret.ToString(),
Value = Encoding.UTF8.GetBytes(applicationSecret),
StartDate = DateTime.UtcNow,
EndDate = DateTime.MaxValue,
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationSecretKey);
identityProvider.Issuer = issuer;
return(identityProvider);
}
/// <summary>
/// Create a WS-Federation identity provider with associated keys and addresses.
/// </summary>
public static IdentityProvider CreateWsFederationIdentityProvider(this ManagementService svc, string name, byte[] signingCertificateValue, DateTime keyStartDate, DateTime keyEndDate, string signInUrl)
{
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
WebSSOProtocolType = IdentityProviderProtocolType.WsFederation.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the Identity Provider key used to validate the signature of IDP-signed tokens.
//
IdentityProviderKey signingKey = new IdentityProviderKey()
{
DisplayName = "SampleIdentityProviderKeyDisplayName",
Type = IdentityProviderKeyType.X509Certificate.ToString(),
Usage = IdentityProviderKeyUsage.Signing.ToString(),
Value = signingCertificateValue,
StartDate = keyStartDate.ToUniversalTime(),
EndDate = keyEndDate.ToUniversalTime()
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", signingKey);
// Create the sign-in address for Identity Provider
IdentityProviderAddress signInAddress = new IdentityProviderAddress()
{
Address = signInUrl,
EndpointType = IdentityProviderEndpointType.SignIn.ToString(),
};
svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress);
identityProvider.Issuer = issuer;
return(identityProvider);
}
private static void DisplayIdentityProviderKey(IdentityProviderKey identityProviderKey)
{
// Display the values of returned Identity Provider
if (identityProviderKey != null)
{
//
// Values for Application keys should be displayed as UTF-8. Symmetric keys and certificates are Base64.
//
string keyValue = identityProviderKey.Type == IdentityProviderKeyType.ApplicationKey.ToString() ?
Encoding.ASCII.GetString(identityProviderKey.Value) : Convert.ToBase64String(identityProviderKey.Value);
Console.WriteLine("\tIdentity Provider Key (Id = {0})\n", identityProviderKey.Id);
Console.WriteLine("\t\tId = {0}\n", identityProviderKey.Id);
Console.WriteLine("\t\tDisplayName = {0}\n", identityProviderKey.DisplayName);
Console.WriteLine("\t\tType = {0}\n", identityProviderKey.Type);
Console.WriteLine("\t\tUsage = {0}\n", identityProviderKey.Usage);
Console.WriteLine("\t\tStartDate = {0}\n", identityProviderKey.StartDate);
Console.WriteLine("\t\tEndDate = {0}\n", identityProviderKey.EndDate);
Console.WriteLine("\t\tValue = {0}\n", keyValue);
}
}
/// <summary>
/// Insert keys for an identity provider.
/// </summary>
/// <param name="svc">ManagementService instance.</param>
/// <param name="idpKeys">List of keys to insert.</param>
/// <param name="identityProvider">Identity Provider associated with the keys.</param>
private static void InsertIdentityProviderSigningKeysFromMetadata(ManagementService svc, List <X509Certificate2> idpKeys, IdentityProvider identityProvider)
{
foreach (X509Certificate2 certificate in idpKeys)
{
IdentityProviderKey keyFromMetadata = new IdentityProviderKey()
{
Usage = IdentityProviderKeyUsage.Signing.ToString(),
DisplayName = string.Format(CultureInfo.InvariantCulture, "{0} Signing Key", identityProvider.DisplayName),
//
// As a security best practice, set the start and end dates on the data entry
// to be the same value as the dates on the certificate.
//
StartDate = certificate.NotBefore.ToUniversalTime(),
EndDate = certificate.NotAfter.ToUniversalTime(),
Type = IdentityProviderKeyType.X509Certificate.ToString(),
Value = certificate.GetRawCertData()
};
Console.WriteLine(String.Format("Adding new identity provider key with subject: '{0}'.", GetSubjectFromCertificate(keyFromMetadata.Value)));
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", keyFromMetadata);
}
}
public Issuer AddIdentityProviderManually(string displayName, string federationUrl, WebSSOProtocolType protocolType, byte[] signingValidationCert = null, string[] allowedRelyingParties = null)
{
try
{
var client = this.CreateManagementServiceClient();
var defaultStartDate = DateTime.UtcNow;
var defaultEndDate = defaultStartDate.AddYears(1);
var issuer = new Issuer
{
Name = displayName
};
var oldIssuer = client.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
client.DeleteObject(oldIssuer);
}
client.AddToIssuers(issuer);
client.SaveChanges(SaveChangesOptions.Batch);
var identityProvider = new IdentityProvider
{
DisplayName = displayName,
WebSSOProtocolType = protocolType.ToString(),
LoginLinkName = displayName,
IssuerId = issuer.Id
};
var oldIdentityProvider = client.IdentityProviders.Where(ip => ip.DisplayName.Equals(identityProvider.DisplayName, StringComparison.OrdinalIgnoreCase))
.FirstOrDefault();
if (oldIdentityProvider != null)
{
client.DeleteObject(oldIdentityProvider);
client.SaveChanges();
}
client.AddToIdentityProviders(identityProvider);
client.SaveChanges(SaveChangesOptions.Batch);
// Identity provider public key to verify the signature
if (signingValidationCert != null)
{
var key = new IdentityProviderKey
{
IdentityProviderId = identityProvider.Id,
DisplayName = "Signing Key for " + displayName,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = signingValidationCert
};
client.AddToIdentityProviderKeys(key);
client.SaveChanges(SaveChangesOptions.Batch);
}
// WS-Federation sign-in URL
var federationSignInAddress = new IdentityProviderAddress
{
IdentityProviderId = identityProvider.Id,
EndpointType = EndpointType.SignIn.ToString(),
Address = federationUrl
};
client.AddToIdentityProviderAddresses(federationSignInAddress);
client.SaveChanges(SaveChangesOptions.Batch);
return(issuer);
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
/// <summary>
/// Add an Identity Provider
/// </summary>
private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName)
{
var issuer = new Issuer
{
Name = idpName
};
// Check the Issuer does not exist previouly (if it exists, delete it)
var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
svc0.DeleteObject(oldIssuer);
svc0.SaveChanges();
}
// Add Issuer
svc0.AddToIssuers(issuer);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Issuer created: {0}", idpName);
var idp = new IdentityProvider
{
DisplayName = idpDisplayName,
LoginLinkName = idpDisplayName,
WebSSOProtocolType = "WsFederation",
IssuerId = issuer.Id
};
// Check the IP does not exist previouly (if it exists, delete it)
var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault();
if (oldIdentityProvider != null)
{
svc0.DeleteObject(oldIdentityProvider);
svc0.SaveChanges();
}
// Add the new IP to ACS
svc0.AddObject("IdentityProviders", idp);
// Console.WriteLine("Info: Identity Provider created: {0}", idp.Name);
Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName);
// Identity provider public key to verify the signature
var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer");
var key = new IdentityProviderKey
{
IdentityProvider = idp,
DisplayName = idpKeyDisplayName,
EndDate = endDate,
StartDate = startDate,
Type = "X509Certificate",
Usage = "Signing",
Value = cert
};
svc0.AddRelatedObject(idp, "IdentityProviderKeys", key);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName);
// WS-Federation sign-in URL
var idpaSignIn = new IdentityProviderAddress
{
IdentityProviderId = idp.Id,
EndpointType = "SignIn",
Address = idpAddress
};
svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress);
string labRelyingPartyName = "WebSiteAdvancedACS";
// Relying Party related to the Identity Provider
foreach (var existingRelyingParty in svc0.RelyingParties)
{
var rpid = new RelyingPartyIdentityProvider
{
IdentityProviderId = idp.Id,
RelyingPartyId = existingRelyingParty.Id
};
existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid);
idp.RelyingPartyIdentityProviders.Add(rpid);
svc0.AddToRelyingPartyIdentityProviders(rpid);
}
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName);
return(issuer);
}
public void AddToIdentityProviderKeys(IdentityProviderKey identityProviderKey)
{
base.AddObject("IdentityProviderKeys", identityProviderKey);
}
public static IdentityProviderKey CreateIdentityProviderKey(long ID, long identityProviderId, bool systemReserved, global::System.DateTime startDate, global::System.DateTime endDate)
{
IdentityProviderKey identityProviderKey = new IdentityProviderKey();
identityProviderKey.Id = ID;
identityProviderKey.IdentityProviderId = identityProviderId;
identityProviderKey.SystemReserved = systemReserved;
identityProviderKey.StartDate = startDate;
identityProviderKey.EndDate = endDate;
return identityProviderKey;
}
