// This method demonstrates loading configuration programmatically by calling the SAML configuration API.
// Alternatively, configuration may be loaded programmatically by implementing the ISAMLConfigurationResolver interface.
// Either of these approaches may be used if you wish to store configuration in a custom database, for example.
// If not configured programmatically, configuration is loaded automatically from the saml.config file
// in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration()
{
LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificateFile = @"certificates\sp.pfx",
LocalCertificatePassword = "******"
}
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp.cer"
});
SAMLController.Configuration = samlConfiguration;
}
private static void ConfigureIdentityProvidersUsingRepository(
SAMLConfiguration samlConfiguration,
SamlIdentityProvidersRepository repository)
{
SamlPocTraceListener.Log("SAML", "SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Loading Identity Providers");
var providers = repository.GetRegisteredIdentityProviders();
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: {providers.Count()} Identity Providers loaded:");
var providersConfig = Utils.SerializeToJson(providers);
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Identity Providers configuration:\r\n{providersConfig}");
foreach (var provider in providers)
{
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = provider.Name,
Description = provider.Description,
SignAuthnRequest = provider.SignAuthnRequest,
SingleSignOnServiceUrl = provider.SingleSignOnUrl,
SingleLogoutServiceUrl = provider.SingleLogoutUrl,
PartnerCertificateFile = provider.CertificateFile,
UseEmbeddedCertificate = provider.UseEmbeddedCertificate,
DisableInboundLogout = !provider.SingleLogoutSupported,
DisableOutboundLogout = !provider.SingleLogoutSupported
});
}
}
// This method demonstrates loading configuration programmatically.
// This is useful if you wish to store configuration in a custom database, for example.
// Alternatively, configuration is loaded automatically from the saml.config file in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration()
{
Name = "urn:componentspace:ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
CertificateFile = "sp.pfx",
CertificatePassword = "******"
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "urn:componentspace:ExampleIdentityProvider",
SignAuthnRequest = false,
WantSAMLResponseSigned = true,
WantAssertionSigned = false,
WantAssertionEncrypted = false,
SingleSignOnServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SSOService.aspx",
SingleLogoutServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SLOService.aspx",
CertificateFile = "idp.cer"
});
SAMLConfiguration.Current = samlConfiguration;
}
// This method demonstrates loading configuration programmatically.
// This is useful if you wish to store configuration in a custom database, for example.
// Alternatively, configuration is loaded automatically from the saml.config file in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration() {
Name = "urn:componentspace:ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
CertificateFile = "sp.pfx",
CertificatePassword = "******"
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration() {
Name = "urn:componentspace:ExampleIdentityProvider",
SignAuthnRequest = false,
WantSAMLResponseSigned = true,
WantAssertionSigned = false,
WantAssertionEncrypted = false,
SingleSignOnServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SSOService.aspx",
SingleLogoutServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SLOService.aspx",
CertificateFile = "idp.cer"
});
SAMLConfiguration.Current = samlConfiguration;
}
private static void ConfigureIdentityProvidersUsingHardcodedConfiguration(SAMLConfiguration samlConfiguration)
{
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://cone-idp",
Description = "Cone Identity Provider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://cone-idp/SAML/SSOService",
SingleLogoutServiceUrl = "http://cone-idp/SAML/SLOService",
PartnerCertificateFile = "Certificates\\idp.cer"
});
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "https://shib-idp/",
Description = "Shibboleth Identity Provider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "https://shib-idp/SAML/SSOService.aspx?binding=redirect",
PartnerCertificateFile = "Certificates\\idp.cer",
DisableInboundLogout = true,
DisableOutboundLogout = true
});
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://kentor-idp/Metadata",
Description = "Kentor Identity Provider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://kentor-idp/",
SingleLogoutServiceUrl = "http://kentor-idp/Logout",
UseEmbeddedCertificate = true
});
}
// This method demonstrates loading multi-tenanted configuration programmatically by calling the SAML configuration API.
// Alternatively, configuration is loaded automatically from the multi-tenanted saml.config file in the application's directory.
private static void LoadMultiTenantedSAMLConfigurationProgrammatically()
{
SAMLConfigurations samlConfigurations = new SAMLConfigurations();
SAMLConfiguration samlConfiguration = new SAMLConfiguration()
{
ID = "tenant1",
LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificates = new List <CertificateConfiguration>()
{
new CertificateConfiguration()
{
FileName = @"certificates\sp.pfx",
Password = "******"
}
}
}
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp.cer",
}
}
});
samlConfigurations.AddConfiguration(samlConfiguration);
samlConfiguration = new SAMLConfiguration()
{
ID = "tenant2",
LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider2",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificates = new List <CertificateConfiguration>()
{
new CertificateConfiguration()
{
FileName = @"certificates\sp2.pfx",
Password = "******"
}
}
}
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider2",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp2.cer",
}
}
});
samlConfigurations.AddConfiguration(samlConfiguration);
SAMLController.Configurations = samlConfigurations;
}
