// Creates an IdP SSO descriptor
private static IDPSSODescriptor CreateIDPSSODescriptor(
X509Certificate2 idpCertificate,
Uri artifactResolutionServiceUrl,
Uri singleSignOnServiceUrl,
Uri singleLogoutServiceUrl
)
{
IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor();
idpSSODescriptor.WantAuthnRequestsSigned = true;
idpSSODescriptor.ProtocolSupportEnumeration = ComponentSpace.SAML2.Utility.SAML.NamespaceURIs.Protocol;
idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(idpCertificate));
IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true);
artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP;
artifactResolutionService.Location = artifactResolutionServiceUrl.ToString();
idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService);
//idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Unspecified);
EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, singleSignOnServiceUrl.ToString(), null);
idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService);
EndpointType singleLogoutService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, singleLogoutServiceUrl.ToString(), null);
idpSSODescriptor.SingleLogoutServices.Add(singleLogoutService);
return(idpSSODescriptor);
}
// Creates an IdP SSO descriptor
private static IDPSSODescriptor CreateIDPSSODescriptor()
{
IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor();
idpSSODescriptor.WantAuthnRequestsSigned = true;
idpSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol;
X509Certificate2 x509Certificate = new X509Certificate2(idpCertificateFileName);
idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate));
IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true);
artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP;
artifactResolutionService.Location = "https://www.idp.com/ArtifactResolutionService";
idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService);
idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, "https://www.idp.com/SSOService", null);
idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService);
return(idpSSODescriptor);
}
// Creates an SP SSO descriptor
private static SPSSODescriptor CreateSPSSODescriptor()
{
SPSSODescriptor spSSODescriptor = new SPSSODescriptor();
spSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol;
X509Certificate2 x509Certificate = new X509Certificate2(spCertificateFileName);
spSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate));
IndexedEndpointType assertionConsumerService1 = new IndexedEndpointType(1, true);
assertionConsumerService1.Binding = SAMLIdentifiers.BindingURIs.HTTPPost;
assertionConsumerService1.Location = "https://www.idp.com/AssertionConsumerService/POST";
spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService1);
IndexedEndpointType assertionConsumerService2 = new IndexedEndpointType(2, false);
assertionConsumerService2.Binding = SAMLIdentifiers.BindingURIs.HTTPArtifact;
assertionConsumerService2.Location = "https://www.idp.com/AssertionConsumerService/Artifact";
spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService2);
spSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
return(spSSODescriptor);
}
/// <summary>
/// Location to which the IdP will eventually send the user at the SP.
/// </summary>
/// <param name="binding"></param>
/// <param name="location"></param>
/// <returns></returns>
public SPSSODescriptorBuilder AddAssertionConsumerService(string binding, string location)
{
var assertionConsumer = new IndexedEndpointType
{
Binding = binding,
Location = location
};
_spSSODescriptorType.AssertionConsumerService = _spSSODescriptorType.AssertionConsumerService.Add(assertionConsumer);
return(this);
}
// Creates an IdP SSO descriptor
private static IDPSSODescriptor CreateIDPSSODescriptor()
{
IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor();
idpSSODescriptor.WantAuthnRequestsSigned = true;
idpSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol;
X509Certificate2 x509Certificate = new X509Certificate2(idpCertificateFileName);
idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate));
IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true);
artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP;
artifactResolutionService.Location = "https://www.idp.com/ArtifactResolutionService";
idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService);
idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, "https://www.idp.com/SSOService", null);
idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService);
return idpSSODescriptor;
}
// Creates an SP SSO descriptor
private static SPSSODescriptor CreateSPSSODescriptor()
{
SPSSODescriptor spSSODescriptor = new SPSSODescriptor();
spSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol;
X509Certificate2 x509Certificate = new X509Certificate2(spCertificateFileName);
spSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate));
IndexedEndpointType assertionConsumerService1 = new IndexedEndpointType(1, true);
assertionConsumerService1.Binding = SAMLIdentifiers.BindingURIs.HTTPPost;
assertionConsumerService1.Location = "https://www.idp.com/AssertionConsumerService/POST";
spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService1);
IndexedEndpointType assertionConsumerService2 = new IndexedEndpointType(2, false);
assertionConsumerService2.Binding = SAMLIdentifiers.BindingURIs.HTTPArtifact;
assertionConsumerService2.Location = "https://www.idp.com/AssertionConsumerService/Artifact";
spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService2);
spSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
return spSSODescriptor;
}
