static void Main(string[] args) { const string RPRealm = "http://ContosoContacts/"; const string RPName = "ContosoContacts"; const string RuleGroupName = "Default rule group for ContosoContacts"; const string googleIdpName = "Google"; const string yahooIdpName = "Yahoo!"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(RPRealm); svc.DeleteRuleGroupByNameIfExists(RuleGroupName); svc.DeleteIdentityProviderIfExists(googleIdpName); svc.DeleteIdentityProviderIfExists(yahooIdpName); svc.SaveChangesBatch(); // // Create Google and Yahoo! as identity providers. LiveID is already configured. // IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID"); IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud"); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth"); IdentityProvider[] associatedProviders = new[] { live, google, yahoo }; // // Create the relying party and its associated key. // RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true); Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value)); RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample configured successfully. Press <ENTER> to exit..."); Console.ReadLine(); }
public static RelyingParty AddRelyingParty(this ManagementService svc, Uri realm, string relyingPartyName, DateTime startDate, DateTime endDate, byte[] tokenSigningKey, int tokenLifetime) { Contract.Requires(svc != null); Contract.Requires(realm != null); Contract.Requires(realm.IsAbsoluteUri); Contract.Requires(realm.AbsolutePath == "/"); Contract.Requires(!string.IsNullOrWhiteSpace(relyingPartyName)); Contract.Requires(startDate != default(DateTime)); Contract.Requires(endDate > startDate); Contract.Requires(tokenSigningKey != null); Contract.Requires(tokenLifetime >= 1); var relyingParty = new RelyingParty() { Name = relyingPartyName, AsymmetricTokenEncryptionRequired = false, TokenType = "SWT", TokenLifetime = tokenLifetime }; svc.AddToRelyingParties(relyingParty); var relyingPartyAddress = new RelyingPartyAddress() { Address = realm.AbsoluteUri, EndpointType = "Realm" }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", relyingPartyAddress); var relyingPartyKey = new RelyingPartyKey() { StartDate = startDate, EndDate = endDate, Type = "Symmetric", Usage = "Signing", IsPrimary = true, Value = tokenSigningKey }; svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); svc.SaveChanges(SaveChangesOptions.Batch); return(relyingParty); }
static void DisplayRelyingPartyKey(RelyingPartyKey relyingPartyKey) { // Display the values of returned Relying Party if (relyingPartyKey != null) { Console.WriteLine("\tRelying Party Key (Id = {0})\n", relyingPartyKey.Id); Console.WriteLine("\t\tId = {0}\n", relyingPartyKey.Id); Console.WriteLine("\t\tDisplayName = {0}\n", relyingPartyKey.DisplayName); Console.WriteLine("\t\tPassword = {0}\n", relyingPartyKey.Password == null ? "" : Encoding.UTF8.GetString(relyingPartyKey.Password)); Console.WriteLine("\t\tType = {0}\n", relyingPartyKey.Type); Console.WriteLine("\t\tUsage = {0}\n", relyingPartyKey.Usage); Console.WriteLine("\t\tStartDate = {0}\n", relyingPartyKey.StartDate); Console.WriteLine("\t\tEndDate = {0}\n", relyingPartyKey.EndDate); Console.WriteLine("\t\tValue = {0}\n", Convert.ToBase64String(relyingPartyKey.Value)); } }
private static void AddEncryptionKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] encryptionCert, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty) { var relyingPartyKey = new RelyingPartyKey { DisplayName = "Encryption Certificate for " + relyingPartyName, Type = KeyType.X509Certificate.ToString(), Usage = KeyUsage.Encrypting.ToString(), Value = encryptionCert, RelyingParty = relyingParty, StartDate = defaultStartDate, EndDate = defaultEndDate }; client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); client.SaveChanges(); }
private static void AddSigningKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] symmetricKey, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty) { var relyingPartyKey = new RelyingPartyKey { DisplayName = "Signing Key for " + relyingPartyName, Type = KeyType.Symmetric.ToString(), Usage = KeyUsage.Signing.ToString(), Value = symmetricKey, RelyingParty = relyingParty, StartDate = defaultStartDate, EndDate = defaultEndDate, IsPrimary = true }; client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); client.SaveChanges(); }
private static void AddSigningKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] signingCert, string signingCertPassword, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty) { var relyingPartyKey = new RelyingPartyKey { DisplayName = "Signing Certificate for " + relyingPartyName, Type = KeyType.X509Certificate.ToString(), Usage = KeyUsage.Signing.ToString(), Value = signingCert, Password = string.IsNullOrEmpty(signingCertPassword) ? null : new UTF8Encoding().GetBytes(signingCertPassword), RelyingParty = relyingParty, StartDate = defaultStartDate, EndDate = defaultEndDate, IsPrimary = true }; client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); client.SaveChanges(); }
private void RemoveRelatedKeys(RelyingParty rpToRemove, ManagementService client, Action <LogInfo> logAction) { var pendingChanges = false; foreach (var key in rpToRemove.RelyingPartyKeys) { RelyingPartyKey keyLocal = key; var keyToRemove = client.RelyingPartyKeys.Where( k => k.DisplayName.Equals(keyLocal.DisplayName)).Single(); this.LogMessage(logAction, string.Format("Removing Key '{0}'", keyLocal.DisplayName)); client.DeleteObject(keyToRemove); pendingChanges = true; } if (pendingChanges) { client.SaveChanges(SaveChangesOptions.Batch); this.LogSavingChangesMessage(logAction); } }
/// <summary> /// Insert relying party encrypting keys. /// </summary> /// <param name="svc">Management service instance.</param> /// <param name="rpKeys">List of keys to insert.</param> /// <param name="relyingParty">Relying Party associated with the keys.</param> private static void InsertRelyingPartyEncryptingKeysFromMetadata(ManagementService svc, List <X509Certificate2> rpKeys, RelyingParty relyingParty) { foreach (X509Certificate2 certificate in rpKeys) { RelyingPartyKey keyFromMetadata = new RelyingPartyKey() { Usage = RelyingPartyKeyUsage.Encrypting.ToString(), DisplayName = string.Format(CultureInfo.InvariantCulture, "{0} Encrypting Key", relyingParty.Name), // // As a security best practice, set the start and end dates on the data entry // to be the same value as the dates on the certificate. // StartDate = certificate.NotBefore.ToUniversalTime(), EndDate = certificate.NotAfter.ToUniversalTime(), Type = RelyingPartyKeyType.X509Certificate.ToString(), Value = certificate.GetRawCertData() }; Console.WriteLine(String.Format("Adding new relying party key with subject: '{0}'.\n", GetSubjectFromCertificate(keyFromMetadata.Value))); svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", keyFromMetadata); } }
/// <summary> /// Generate a symmetric RelyingPartyKey and associcate it with the given relying party. /// </summary> public static RelyingPartyKey GenerateRelyingPartySymmetricKey(this ManagementService svc, RelyingParty relyingParty, DateTime startDate, DateTime endDate, bool isPrimary) { // // Symmetric keys used by ACS are 256-bits, which equals 32 bytes. // byte[] keyValue = new byte[32]; new RNGCryptoServiceProvider().GetBytes(keyValue); RelyingPartyKey relyingPartyKey = new RelyingPartyKey() { DisplayName = String.Format(CultureInfo.InvariantCulture, "Default signing key for {0}", relyingParty.Name), EndDate = endDate.ToUniversalTime(), IsPrimary = isPrimary, StartDate = startDate.ToUniversalTime(), Type = RelyingPartyKeyType.Symmetric.ToString(), Usage = RelyingPartyKeyUsage.Signing.ToString(), Value = keyValue }; svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); return(relyingPartyKey); }
/// <summary> /// Create a RelyingPartyKey with the given value, type, and usage, and associate it with the given relying party. /// </summary> public static RelyingPartyKey CreateRelyingPartyKey(this ManagementService svc, RelyingParty relyingParty, byte[] keyValue, string password, RelyingPartyKeyType keyType, RelyingPartyKeyUsage keyUsage, bool isPrimary) { DateTime startDate, endDate; if (keyType == RelyingPartyKeyType.X509Certificate) { // // ACS requires that the key start and end dates be within the certificate's validity period. // X509Certificate2 cert = new X509Certificate2(keyValue, password); startDate = cert.NotBefore.ToUniversalTime(); endDate = cert.NotAfter.ToUniversalTime(); } else { startDate = DateTime.UtcNow; endDate = DateTime.MaxValue; } RelyingPartyKey relyingPartyKey = new RelyingPartyKey() { DisplayName = String.Format(CultureInfo.InvariantCulture, "Default {0} key for {1}", keyType, relyingParty.Name), EndDate = endDate, IsPrimary = isPrimary, Password = string.IsNullOrEmpty(password) ? null : Encoding.UTF8.GetBytes(password), StartDate = startDate, Type = keyType.ToString(), Usage = keyUsage.ToString(), Value = keyValue, }; svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); return(relyingPartyKey); }
static void Main(string[] args) { const string ClientName = "OAuth2SampleX509Identity"; const string RPRealm = "https://oauth2RelyingParty/"; const string RPName = "OAuth2 RP"; const string RuleGroupName = "Default rule group for OAuth2 RP"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteServiceIdentityIfExists(ClientName); svc.DeleteRelyingPartyByRealmIfExists(RPRealm); svc.DeleteRuleGroupByNameIfExists(RuleGroupName); svc.SaveChangesBatch(); X509Certificate2 clientCertificate = new X509Certificate2(@"..\..\..\Certificates\ACS2ClientCertificate.cer"); svc.CreateServiceIdentity(ClientName, clientCertificate.RawData, ServiceIdentityKeyType.X509Certificate, ServiceIdentityKeyUsage.Signing); RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true); Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value)); Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY"); RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); svc.CreateRule(localAuthority, null, null, null, null, ruleGroup, "Pass through claims issued by ACS"); svc.SaveChangesBatch(); Console.WriteLine("Sample configured successfully. Press <ENTER> to exit..."); Console.ReadLine(); }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET Simple Service"; const string rpRealm = "http://localhost:8000/Service/"; const string serviceIdentityName = "acssample"; const string serviceIdentityPassword = "******"; const string ruleGroupName = "Default rule group for ASPNET Simple Service"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteServiceIdentityIfExists(serviceIdentityName); svc.DeleteRuleGroupByNameIfExists(ruleGroupName); svc.SaveChangesBatch(); RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SWT, false); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.UtcNow.AddYears(1), true); Console.WriteLine("Generated symmetric key value: {0}", Convert.ToBase64String(relyingPartyKey.Value)); svc.CreateServiceIdentity(serviceIdentityName, Encoding.UTF8.GetBytes(serviceIdentityPassword), ServiceIdentityKeyType.Password, ServiceIdentityKeyUsage.Password); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Add a rule to issue the "action=reverse" claim. // svc.CreateRule(svc.GetIssuerByName("LOCAL AUTHORITY"), null, null, "action", "reverse", ruleGroup, "Issue action=reverse claim."); svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
public static RelyingPartyKey CreateRelyingPartyKey(long ID, long relyingPartyId, bool isPrimary, bool systemReserved, global::System.DateTime startDate, global::System.DateTime endDate) { RelyingPartyKey relyingPartyKey = new RelyingPartyKey(); relyingPartyKey.Id = ID; relyingPartyKey.RelyingPartyId = relyingPartyId; relyingPartyKey.IsPrimary = isPrimary; relyingPartyKey.SystemReserved = systemReserved; relyingPartyKey.StartDate = startDate; relyingPartyKey.EndDate = endDate; return relyingPartyKey; }
public void AddToRelyingPartyKeys(RelyingPartyKey relyingPartyKey) { base.AddObject("RelyingPartyKeys", relyingPartyKey); }