/// <summary> /// Ensures configuration is valid to proceed /// </summary> /// <returns></returns> public virtual ConfigStatus ValidatePrerequisite() { Status = ConfigStatus.AllGood; if (PersistedObject == null) { Status |= ConfigStatus.PersistedObjectNotFound; } if (CurrentTrustedLoginProvider == null) { CurrentTrustedLoginProvider = LDAPCP.GetSPTrustAssociatedWithCP(LDAPCP._ProviderInternalName); if (CurrentTrustedLoginProvider == null) { Status |= ConfigStatus.NoSPTrustAssociation; } } if (IdentityClaim == null && Status == ConfigStatus.AllGood) { IdentityClaim = this.IdentityClaim = PersistedObject.AttributesListProp.Find(x => String.Equals(CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType, x.ClaimType, StringComparison.InvariantCultureIgnoreCase) && !x.CreateAsIdentityClaim); if (IdentityClaim == null) { Status |= ConfigStatus.NoIdentityClaimType; } } if (PersistedObjectVersion != PersistedObject.Version) { Status |= ConfigStatus.PersistedObjectStale; } if (Status != ConfigStatus.AllGood) { LdapcpLogging.Log(String.Format(MostImportantError), TraceSeverity.High, EventSeverity.Information, LdapcpLogging.Categories.Configuration); } return(Status); }
protected void Page_Load(object sender, EventArgs e) { this.LabelVersion.Text = typeof(ConfigurationRepository).Assembly.GetName().Version.ToString(); // Get trust currently associated with Auth0, if any this.currentTrustedLoginProvider = Utils.GetSPTrustedLoginProviderForClaimsProvider(CustomClaimsProvider.ProviderInternalName); if (this.currentTrustedLoginProvider == null) { // Claim provider is currently not associated with any trust. // Display a message in the page and disable controls this.LabelErrorMessage.Text = TextErrorNoTrustAssociation; this.BtnOK.Enabled = false; return; } if (!this.IsPostBack) { try { this.PopulateFields(); } catch (Exception ex) { this.LabelErrorMessage.Text = ex.Message; } } }
protected void Page_Load(object sender, EventArgs e) { if (!this.IsPostBack) { FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location); LblTitle.Text = String.Format("AzureCP v{0} - <a href=\"https://github.com/Yvand/AzureCP\" target=\"_blank\">GitHub.com/Yvand/AzureCP</a>", fvi.FileVersion); } // Get trust currently associated with AzureCP, if any CurrentTrustedLoginProvider = AzureCP.GetSPTrustAssociatedWithCP(AzureCP._ProviderInternalName); if (null == CurrentTrustedLoginProvider) { // Claim provider is currently not associated with any trust. // Display a message in the page and disable controls this.LabelErrorMessage.Text = TextErrorNoTrustAssociation; this.BtnOK.Enabled = this.BtnOKTop.Enabled = this.BtnAddLdapConnection.Enabled = this.BtnTestAzureTenantConnection.Enabled = false; this.AllowPersistedObjectUpdate = false; return; } SPSecurity.RunWithElevatedPrivileges(delegate() { // Get SPPersisted Object and create it if it doesn't exist PersistedObject = AzureCPConfig.GetFromConfigDB(); if (PersistedObject == null) { this.Web.AllowUnsafeUpdates = true; PersistedObject = AzureCPConfig.CreatePersistedObject(); this.Web.AllowUnsafeUpdates = false; } }); this.IdentityClaim = PersistedObject.AzureADObjects.Find(x => String.Equals(CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType, x.ClaimType, StringComparison.InvariantCultureIgnoreCase) && !x.CreateAsIdentityClaim); if (null == this.IdentityClaim) { // Identity claim type is missing in the attributes list this.LabelErrorMessage.Text = String.Format(this.TextErrorNoIdentityClaimType, CurrentTrustedLoginProvider.DisplayName, CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType); this.BtnOK.Enabled = this.BtnOKTop.Enabled = this.BtnAddLdapConnection.Enabled = this.BtnTestAzureTenantConnection.Enabled = false; return; } if (ViewState["PersistedObjectVersion"] == null) { ViewState.Add("PersistedObjectVersion", PersistedObject.Version); } if ((long)ViewState["PersistedObjectVersion"] != PersistedObject.Version) { // PersistedObject changed since last time. Should not allow any update this.LabelErrorMessage.Text = TextErrorPersistedObjectStale; this.AllowPersistedObjectUpdate = false; return; } if (!this.IsPostBack) { PopulateFields(); } }
public List <IdentityProvider> getIdentityProviders() { UPSBrowserLogger.LogDebug(loggingCategory, "getIdentityProviders invoked"); List <IdentityProvider> identityProvidersToReturn = new List <IdentityProvider>(); try { SPSecurity.RunWithElevatedPrivileges(delegate() { UPSBrowserLogger.LogDebug(loggingCategory, "Running with elevated privileges"); try { SPContext spContext = Microsoft.SharePoint.SPContext.Current; SPWebApplication webApp = spContext.Site.WebApplication; SPUrlZone spUrlZone = spContext.Site.Zone; SPIisSettings spIisSettings = webApp.GetIisSettingsWithFallback(spUrlZone); SPSecurityTokenServiceManager sptMgr = SPSecurityTokenServiceManager.Local; foreach (SPAuthenticationProvider prov in spIisSettings.ClaimsAuthenticationProviders) { if (prov.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider)) { var lp = from SPTrustedLoginProvider spt in sptMgr.TrustedLoginProviders where spt.DisplayName == prov.DisplayName select spt; if ((lp != null) && (lp.Count() > 0)) { SPTrustedLoginProvider loginProv = lp.First(); identityProvidersToReturn.Add(new IdentityProvider { Name = loginProv.Name, DisplayName = loginProv.DisplayName, Description = loginProv.Description, }); } } } } catch (Exception e) { UPSBrowserLogger.LogError(loggingCategory, e.Message); }; }); } catch (System.Exception e) { UPSBrowserLogger.LogError(loggingCategory, $"Error while trying to elevate privileges: {e.Message}"); }; return(identityProvidersToReturn); }
private void button3_Click(object sender, EventArgs e) { SPSecurityTokenServiceManager manager = SPSecurityTokenServiceManager.Local; string providerName = (string)listBox1.SelectedItem; SPTrustedLoginProvider provider = manager.TrustedLoginProviders[providerName]; manager.TrustedLoginProviders.Remove(provider.Id); manager.Update(); }
private static void Main() { SPSecurity.RunWithElevatedPrivileges(delegate { var farm = SPFarm.Local; var service = farm.Services.GetValue <SPWebService>(""); SPSecurityTokenServiceManager sptMgr = SPSecurityTokenServiceManager.Local; Console.WriteLine("list of authentication providers"); foreach (SPWebApplication spWebApplication in service.WebApplications) { Console.WriteLine(""); Console.WriteLine(""); Console.WriteLine("----------------------------------------"); Console.WriteLine("Web Application name : " + spWebApplication.Name); Console.WriteLine(""); foreach (KeyValuePair <SPUrlZone, SPIisSettings> spIisSettingse in spWebApplication.IisSettings) { Console.WriteLine(spIisSettingse.Key + " : " + spWebApplication.IisSettings[spIisSettingse.Key].AuthenticationMode.ToString()); SPIisSettings theSettings = spWebApplication.GetIisSettingsWithFallback(spIisSettingse.Key); //Console.WriteLine("IsTrustedClaimsAuthenticationProvider : " + theSettings.UseTrustedClaimsAuthenticationProvider); if (theSettings.ClaimsAuthenticationProviders != null) //&& theSettings.UseTrustedClaimsAuthenticationProvider { //get the list of authentication providers associated with the zone foreach (SPAuthenticationProvider prov in theSettings.ClaimsAuthenticationProviders) { //get the SPTrustedLoginProvider using the DisplayName SPAuthenticationProvider prov1 = prov; var lp = from SPTrustedLoginProvider spt in sptMgr.TrustedLoginProviders where spt.DisplayName == prov1.DisplayName select spt; //there should only be one match, so retrieve that var loginProviders = lp as SPTrustedLoginProvider[] ?? lp.ToArray(); if ((loginProviders.Any())) { //get the login provider SPTrustedLoginProvider provider = loginProviders.First(); Console.WriteLine("Claims provider name : " + provider.ClaimProviderName); } } } } Console.WriteLine("----------------------------------------"); } Console.ReadLine(); Console.ReadKey(); }); }
private void button4_Click(object sender, EventArgs e) { SPSecurityTokenServiceManager manager = SPSecurityTokenServiceManager.Local; string providerName = (string)listBox1.SelectedItem; SPTrustedLoginProvider provider = manager.TrustedLoginProviders[providerName]; provider.UseWReplyParameter = true; provider.ProviderRealm = "https://spdev0223/_trust/"; provider.ProviderUri = new Uri("http://localhost:48924/WingtipSTS/default.aspx"); provider.Update(); manager.Update(); }
protected void Page_Load(object sender, EventArgs e) { // Get trust currently associated with Auth0, if any this.currentTrustedLoginProvider = Utils.GetSPTrustAssociatedWithCP(CustomClaimsProvider.ProviderInternalName); if (this.currentTrustedLoginProvider == null) { // Claim provider is currently not associated with any trust. // Display a message in the page and disable controls this.LabelErrorMessage.Text = TextErrorNoTrustAssociation; this.BtnOK.Enabled = false; return; } if (!this.IsPostBack) { this.PopulateFields(); } }
private void DoFederatedSignOut() { string providerName = GetProviderNameFromCookie(); SPTrustedLoginProvider loginProvider = null; SPSecurity.RunWithElevatedPrivileges(delegate() { loginProvider = GetLoginProvider(providerName); }); if (loginProvider != null) { string returnUrl = string.Format( System.Globalization.CultureInfo.InvariantCulture, "{0}://{1}/_layouts/SignOut.aspx", HttpContext.Current.Request.Url.Scheme, HttpContext.Current.Request.Url.Host); HttpCookie signOutExpiredCookie = new HttpCookie(SignOutCookieName, string.Empty); signOutExpiredCookie.Expires = new DateTime(1970, 1, 1); HttpContext.Current.Response.Cookies.Remove(SignOutCookieName); HttpContext.Current.Response.Cookies.Add(signOutExpiredCookie); WSFederationAuthenticationModule.FederatedSignOut(loginProvider.ProviderUri, new Uri(returnUrl)); } }
/// <summary> /// Downloads the metadata from the federation service and returns the current primary token signing certificate. /// </summary> /// <param name="provider"></param> /// <returns></returns> private X509Certificate2 GetCurrentADFSCertificate(SPTrustedLoginProvider provider) { // The metadata is a XML document we get from the federation metadata endpoint var metadataUrl = String.Format("https://{0}/federationmetadata/2007-06/federationmetadata.xml", provider.ProviderUri.Host); var request = WebRequest.Create(metadataUrl); WebResponse response = null; try { response = request.GetResponse(); } catch (Exception exc) { Logger.Unexpected(Logger.CategoryFederationMetadata, "Exception downloading metadata: " + exc.Message); return null; } // Once we have downloaded the XML find the primary token signing cert var reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8); var xmlDocument = new XmlDocument(); xmlDocument.Load(reader); var nsManager = new XmlNamespaceManager(xmlDocument.NameTable); nsManager.AddNamespace("xsi", "http://www.w3.org/2001/XMLSchema-instance"); nsManager.AddNamespace("fed", "http://docs.oasis-open.org/wsfed/federation/200706"); nsManager.AddNamespace("x", "urn:oasis:names:tc:SAML:2.0:metadata"); nsManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); var certs = xmlDocument.SelectNodes("/x:EntityDescriptor/x:RoleDescriptor[@xsi:type = 'fed:SecurityTokenServiceType']/x:KeyDescriptor[@use = 'signing']", nsManager); Logger.Verbose(Logger.CategoryFederationMetadata, String.Format("Found {0} signing certs", certs.Count)); var primaryBase64 = xmlDocument.SelectSingleNode("/x:EntityDescriptor/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate", nsManager).InnerText; var primaryCert = new X509Certificate2(Encoding.UTF8.GetBytes(primaryBase64)); Logger.Medium(Logger.CategoryFederationMetadata, String.Format("Primary signing certificate: {0}", primaryCert.Subject)); return primaryCert; }
protected virtual bool SetSPTrustInCurrentContext(Uri context) { var webApp = SPWebApplication.Lookup(context); if (webApp == null) { return(false); } SPSite site = null; try { site = new SPSite(context.AbsoluteUri); } catch (Exception) { // The root site doesn't exist this.associatedSPTrustedLoginProvider = Utils.GetSPTrustAssociatedWithCP(ProviderInternalName); if (this.associatedSPTrustedLoginProvider != null && this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation != null) { this.identifierClaimType = this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation.InputClaimType; } return(this.associatedSPTrustedLoginProvider != null); } if (site == null) { return(false); } SPUrlZone currentZone = site.Zone; SPIisSettings iisSettings = webApp.GetIisSettingsWithFallback(currentZone); site.Dispose(); if (!iisSettings.UseTrustedClaimsAuthenticationProvider) { return(false); } // Get the list of authentication providers associated with the zone foreach (SPAuthenticationProvider prov in iisSettings.ClaimsAuthenticationProviders) { if (prov.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider)) { // Check if the current SPTrustedAuthenticationProvider is associated with the claim provider if (prov.ClaimProviderName == ProviderInternalName) { this.associatedSPTrustedLoginProvider = Utils.GetSPTrustAssociatedWithCP(ProviderInternalName); if (this.associatedSPTrustedLoginProvider != null && this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation != null) { this.identifierClaimType = this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation.InputClaimType; } return(this.associatedSPTrustedLoginProvider != null); } } } return(false); }
private void button1_Click(object sender, EventArgs e) { List <SPTrustedClaimTypeInformation> claimMapping = new List <SPTrustedClaimTypeInformation>(); List <string> strClaimMapping = new List <string>(); SPTrustedClaimTypeInformation idClaim = new SPTrustedClaimTypeInformation("EmailAddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"); SPTrustedClaimTypeInformation titleClaim = new SPTrustedClaimTypeInformation("Title", "http://schemas.wingtip.com/sharepoint/2009/08/claims/title", "http://schemas.wingtip.com/sharepoint/2009/08/claims/title"); titleClaim.AcceptOnlyKnownClaimValues = true; idClaim.AddKnownClaimValue("*****@*****.**"); idClaim.AddKnownClaimValue("*****@*****.**"); idClaim.AddKnownClaimValue("*****@*****.**"); titleClaim.AddKnownClaimValue("Engineer"); titleClaim.AddKnownClaimValue("Manager"); titleClaim.AddKnownClaimValue("CEO"); //creating the string[] for all claims, this is required for the construction of SPTrustedLoginProvider strClaimMapping.Add(idClaim.InputClaimType); strClaimMapping.Add(titleClaim.InputClaimType); X509Certificate2 ImportTrustCertificate = new X509Certificate2(@"C:\StudentFiles\LabFiles\Module_6\Resources\STSTestCertPub.cer"); claimMapping.Add(idClaim); claimMapping.Add(titleClaim); SPSecurityTokenServiceManager manager = SPSecurityTokenServiceManager.Local; SPTrustedLoginProvider provider = new SPTrustedLoginProvider( manager, "WingtipSTS", "WingtipSTS", new Uri("http://localhost:48924/WingtipSTS/default.aspx"), "https://spdev0223/_trust/", strClaimMapping.ToArray(), idClaim); foreach (SPTrustedClaimTypeInformation claimTypeInfo in claimMapping) { if (claimTypeInfo.InputClaimType == provider.IdentityClaimTypeInformation.InputClaimType) { continue; } provider.AddClaimTypeInformation(claimTypeInfo); } if (ImportTrustCertificate != null) { provider.SigningCertificate = ImportTrustCertificate; } //provider.ClaimProviderName = "ContosoCRMClaimProvider"; provider.UseWReplyParameter = true; manager.TrustedLoginProviders.Add(provider); manager.Update(); }
protected void Page_Load(object sender, EventArgs e) { if (!this.IsPostBack) { FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location); LblTitle.Text = String.Format("AzureCP v{0} - <a href=\"https://github.com/Yvand/AzureCP\" target=\"_blank\">GitHub.com/Yvand/AzureCP</a>", fvi.FileVersion); } // Get trust currently associated with AzureCP, if any CurrentTrustedLoginProvider = AzureCP.GetSPTrustAssociatedWithCP(AzureCP._ProviderInternalName); if (null == CurrentTrustedLoginProvider) { // Claim provider is currently not associated with any trust. // Display a message in the page and disable controls this.LabelErrorMessage.Text = TextErrorNoTrustAssociation; this.BtnOK.Enabled = this.BtnOKTop.Enabled = this.BtnAddLdapConnection.Enabled = this.BtnTestAzureTenantConnection.Enabled = false; this.AllowPersistedObjectUpdate = false; return; } SPSecurity.RunWithElevatedPrivileges(delegate () { // Get SPPersisted Object and create it if it doesn't exist PersistedObject = AzureCPConfig.GetFromConfigDB(); if (PersistedObject == null) { this.Web.AllowUnsafeUpdates = true; PersistedObject = AzureCPConfig.CreatePersistedObject(); this.Web.AllowUnsafeUpdates = false; } }); this.IdentityClaim = PersistedObject.AzureADObjects.Find(x => String.Equals(CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType, x.ClaimType, StringComparison.InvariantCultureIgnoreCase) && !x.CreateAsIdentityClaim); if (null == this.IdentityClaim) { // Identity claim type is missing in the attributes list this.LabelErrorMessage.Text = String.Format(this.TextErrorNoIdentityClaimType, CurrentTrustedLoginProvider.DisplayName, CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType); this.BtnOK.Enabled = this.BtnOKTop.Enabled = this.BtnAddLdapConnection.Enabled = this.BtnTestAzureTenantConnection.Enabled = false; return; } if (ViewState["PersistedObjectVersion"] == null) ViewState.Add("PersistedObjectVersion", PersistedObject.Version); if ((long)ViewState["PersistedObjectVersion"] != PersistedObject.Version) { // PersistedObject changed since last time. Should not allow any update this.LabelErrorMessage.Text = TextErrorPersistedObjectStale; this.AllowPersistedObjectUpdate = false; return; } if (!this.IsPostBack) { PopulateFields(); } }
/// <summary> /// Initializes claim provider. This method is reserved for internal use and is not intended to be called from external code or changed /// </summary> public bool Initialize(Uri context, string[] entityTypes) { // Ensures thread safety to initialize class variables lock (Sync_Init) { // 1ST PART: GET CONFIGURATION OBJECT AzureCPConfig globalConfiguration = null; bool refreshConfig = false; bool success = true; bool initializeFromPersistedObject = true; try { if (SPTrust == null) { SPTrust = GetSPTrustAssociatedWithCP(ProviderInternalName); if (SPTrust == null) return false; } if (!CheckIfShouldProcessInput(context)) return false; // Should not try to get PersistedObject if not OOB AzureCP since with current design it works correctly only for OOB AzureCP if (String.Equals(ProviderInternalName, AzureCP._ProviderInternalName, StringComparison.InvariantCultureIgnoreCase)) { globalConfiguration = AzureCPConfig.GetFromConfigDB(); if (globalConfiguration == null) { AzureCPLogging.Log(String.Format("[{0}] AzureCPConfig PersistedObject not found. Visit AzureCP admin pages in central administration to create it.", ProviderInternalName), TraceSeverity.Unexpected, EventSeverity.Error, AzureCPLogging.Categories.Core); // Cannot continue since it's not inherited and no persisted object exists success = false; } else if (globalConfiguration.AzureADObjects == null || globalConfiguration.AzureADObjects.Count == 0) { AzureCPLogging.Log(String.Format("[{0}] AzureCPConfig PersistedObject was found but there are no AzureADObject set. Visit AzureCP admin pages in central administration to create it.", ProviderInternalName), TraceSeverity.Unexpected, EventSeverity.Error, AzureCPLogging.Categories.Core); // Cannot continue success = false; } else if (globalConfiguration.AzureTenants == null || globalConfiguration.AzureTenants.Count == 0) { AzureCPLogging.Log(String.Format("[{0}] AzureCPConfig PersistedObject was found but there are no Azure tenant set. Visit AzureCP admin pages in central administration to add one.", ProviderInternalName), TraceSeverity.Unexpected, EventSeverity.Error, AzureCPLogging.Categories.Core); // Cannot continue success = false; } else { // Persisted object is found and seems valid AzureCPLogging.Log(String.Format("[{0}] AzureCPConfig PersistedObject found, version: {1}, previous version: {2}", ProviderInternalName, globalConfiguration.Version.ToString(), this.AzureCPConfigVersion.ToString()), TraceSeverity.Verbose, EventSeverity.Information, AzureCPLogging.Categories.Core); if (this.AzureCPConfigVersion != globalConfiguration.Version) { refreshConfig = true; this.AzureCPConfigVersion = globalConfiguration.Version; AzureCPLogging.Log(String.Format("[{0}] AzureCPConfig PersistedObject changed, refreshing configuration", ProviderInternalName), TraceSeverity.Medium, EventSeverity.Information, AzureCPLogging.Categories.Core); } } } else { // AzureCP class inherited, refresh config // Configuration will be retrieved in SetCustomSettings method initializeFromPersistedObject = false; refreshConfig = true; AzureCPLogging.Log(String.Format("[{0}] AzureCP class inherited", ProviderInternalName), TraceSeverity.Verbose, EventSeverity.Information, AzureCPLogging.Categories.Core); } } catch (Exception ex) { success = false; AzureCPLogging.LogException(ProviderInternalName, "in Initialize", AzureCPLogging.Categories.Core, ex); } finally { } if (!success) return success; if (!refreshConfig) return success; // 2ND PART: APPLY CONFIGURATION // Configuration needs to be refreshed, lock current thread in write mode Lock_Config.EnterWriteLock(); try { AzureCPLogging.Log(String.Format("[{0}] Refreshing configuration", ProviderInternalName), TraceSeverity.Verbose, EventSeverity.Information, AzureCPLogging.Categories.Core); // Create local persisted object that will never be saved in config DB, it's just a local copy this.CurrentConfiguration = new AzureCPConfig(); if (initializeFromPersistedObject) { // All settings come from persisted object this.CurrentConfiguration.AlwaysResolveUserInput = globalConfiguration.AlwaysResolveUserInput; this.CurrentConfiguration.FilterExactMatchOnly = globalConfiguration.FilterExactMatchOnly; this.CurrentConfiguration.AugmentAADRoles = globalConfiguration.AugmentAADRoles; // Retrieve AzureADObjects // A copy of collection AzureADObjects must be created because SetActualAADObjectCollection() may change it and it should be made in a copy totally independant from the persisted object this.CurrentConfiguration.AzureADObjects = new List<AzureADObject>(); foreach (AzureADObject currentObject in globalConfiguration.AzureADObjects) { // Create a new AzureADObject this.CurrentConfiguration.AzureADObjects.Add(currentObject.CopyPersistedProperties()); } // Retrieve AzureTenants // Create a copy of the collection to work in an copy separated from persisted object this.CurrentConfiguration.AzureTenants = new List<AzureTenant>(); foreach (AzureTenant currentObject in globalConfiguration.AzureTenants) { // Create a copy from persisted object this.CurrentConfiguration.AzureTenants.Add(currentObject.CopyPersistedProperties()); } } else { // All settings come from overriden SetCustomConfiguration method SetCustomConfiguration(context, entityTypes); // Ensure we get what we expect if (this.CurrentConfiguration.AzureADObjects == null || this.CurrentConfiguration.AzureADObjects.Count == 0) { AzureCPLogging.Log(String.Format("[{0}] AzureADObjects was not set. Override method SetCustomConfiguration to set it.", ProviderInternalName), TraceSeverity.Unexpected, EventSeverity.Error, AzureCPLogging.Categories.Core); return false; } if (this.CurrentConfiguration.AzureTenants == null || this.CurrentConfiguration.AzureTenants.Count == 0) { AzureCPLogging.Log(String.Format("[{0}] AzureTenants was not set. Override method SetCustomConfiguration to set it.", ProviderInternalName), TraceSeverity.Unexpected, EventSeverity.Error, AzureCPLogging.Categories.Core); return false; } } success = this.ProcessAzureADObjectCollection(this.CurrentConfiguration.AzureADObjects); } catch (Exception ex) { success = false; AzureCPLogging.LogException(ProviderInternalName, "in Initialize, while refreshing configuration", AzureCPLogging.Categories.Core, ex); } finally { Lock_Config.ExitWriteLock(); } return success; } }
public UPSClaimProvider(string displayName) : base(displayName) { usersDAL = new UPSUsersDAL(); SPTrust = GetSPTrustAssociatedWithCP(ProviderInternalName); }
private void ProcessTrustedProvider(ChosenTrustedProvider ctp, SPTrustedLoginProvider provider) { Logger.Medium(Logger.CategoryGeneral, "Begin processing trusted provider " + provider.Name); ctp.LastLog = new List<string>(); ctp.Success = false; // Get current ADFS certificate var adfsCertificate = GetCurrentADFSCertificate(provider); if (adfsCertificate == null) { Logger.Unexpected(Logger.CategoryFederationMetadata, "Didn't get any token signing certificate. Skipping this provider"); ctp.LastLog.Add("Didn't get any token signing certificate from federation metadata."); return; } // Check if the certificate has changed if (adfsCertificate.Thumbprint.Equals(provider.SigningCertificate.Thumbprint)) { Logger.Medium(Logger.CategoryProviderCertificate, "The signing certificate has not changed. Skipping this provider"); ctp.LastLog.Add("The signing certificate has not changed."); return; } Logger.Medium(Logger.CategoryGeneral, "The primary certificate has changed"); ctp.LastLog.Add("New primary certificate found: " + adfsCertificate.Subject); // Add the certificate of the trusted store bool added = AddCertificateToTrust(adfsCertificate); // Change the certficate in the provider if (added) { ctp.LastLog.Add("Added the certificate as a trusted authority (or it was already)."); bool updated = UpdateProviderCertificate(provider, adfsCertificate); if (updated) { ctp.LastLog.Add("Updated the signing certificate in the provider."); } } ctp.Success = true; Logger.Medium(Logger.CategoryGeneral, "Finished processing trusted provider " + provider.Name); }
/// <summary> /// Change the token signing certificate in the trusted identity provider. /// </summary> /// <param name="provider"></param> /// <param name="adfsCertificate"></param> /// <returns></returns> private bool UpdateProviderCertificate(SPTrustedLoginProvider provider, X509Certificate2 adfsCertificate) { try { provider.SigningCertificate = adfsCertificate; provider.Update(); Logger.Medium( Logger.CategoryProviderCertificate, String.Format("Configured the token signing certificate to {0}", adfsCertificate.Subject)); return true; } catch (Exception exc) { Logger.Unexpected(Logger.CategoryProviderCertificate, "Error changing the signing certificate: " + exc.Message); } return false; }
/// <summary> /// Get SP Trusted Login Provider. /// </summary> /// <param name="context"></param> /// <returns></returns> protected virtual bool SetLoginProviderForCurrentContext(Uri context) { var webApplication = SPWebApplication.Lookup(context); if (webApplication == null) { ClaimsProviderEventSource.Log.SetLoginProviderForCurrentContextFailed(context.ToString(), "WebApplication is null."); return(false); } SPSite site = null; try { site = new SPSite(context.AbsoluteUri); } catch (Exception ex) { ClaimsProviderEventSource.Log.SetLoginProviderForCurrentContextFailed(context.ToString(), "Error loading site: " + ex.Message); this.associatedLoginProvider = Utils.GetSPTrustedLoginProviderForClaimsProvider(ProviderInternalName); if (this.associatedLoginProvider != null && this.associatedLoginProvider.IdentityClaimTypeInformation != null) { this.identifierClaimType = this.associatedLoginProvider.IdentityClaimTypeInformation.InputClaimType; } if (this.associatedLoginProvider == null) { ClaimsProviderEventSource.Log.SetLoginProviderForCurrentContextFailed(context.ToString(), "Associated login provider is null"); } return(this.associatedLoginProvider != null); } if (site == null) { ClaimsProviderEventSource.Log.SetLoginProviderForCurrentContextFailed(context.ToString(), "Site is null."); return(false); } using (site) { var iisSettings = webApplication.GetIisSettingsWithFallback(site.Zone); if (!iisSettings.UseTrustedClaimsAuthenticationProvider) { ClaimsProviderEventSource.Log.SetLoginProviderForCurrentContextFailed(context.ToString(), site.Zone + " is not enabled with UseTrustedClaimsAuthenticationProvider"); return(false); } // Figure out if we have a trusted login provider. foreach (var provider in iisSettings.ClaimsAuthenticationProviders) { if (provider.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider)) { if (provider.ClaimProviderName == ProviderInternalName) { this.associatedLoginProvider = Utils.GetSPTrustedLoginProviderForClaimsProvider(ProviderInternalName); if (this.associatedLoginProvider != null && this.associatedLoginProvider.IdentityClaimTypeInformation != null) { this.identifierClaimType = this.associatedLoginProvider.IdentityClaimTypeInformation.InputClaimType; } return(this.associatedLoginProvider != null); } } } if (this.associatedLoginProvider == null) { ClaimsProviderEventSource.Log.SetLoginProviderForCurrentContextFailed(context.ToString(), "Associated login provider not found for zone."); } return(false); } }
protected virtual bool SetSPTrustInCurrentContext(Uri context) { var webApp = SPWebApplication.Lookup(context); if (webApp == null) { return false; } SPSite site = null; try { site = new SPSite(context.AbsoluteUri); } catch (Exception) { // The root site doesn't exist this.associatedSPTrustedLoginProvider = Utils.GetSPTrustAssociatedWithCP(ProviderInternalName); if (this.associatedSPTrustedLoginProvider != null && this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation != null) { this.identifierClaimType = this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation.InputClaimType; } return this.associatedSPTrustedLoginProvider != null; } if (site == null) { return false; } SPUrlZone currentZone = site.Zone; SPIisSettings iisSettings = webApp.GetIisSettingsWithFallback(currentZone); site.Dispose(); if (!iisSettings.UseTrustedClaimsAuthenticationProvider) { return false; } // Get the list of authentication providers associated with the zone foreach (SPAuthenticationProvider prov in iisSettings.ClaimsAuthenticationProviders) { if (prov.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider)) { // Check if the current SPTrustedAuthenticationProvider is associated with the claim provider if (prov.ClaimProviderName == ProviderInternalName) { this.associatedSPTrustedLoginProvider = Utils.GetSPTrustAssociatedWithCP(ProviderInternalName); if (this.associatedSPTrustedLoginProvider != null && this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation != null) { this.identifierClaimType = this.associatedSPTrustedLoginProvider.IdentityClaimTypeInformation.InputClaimType; } return this.associatedSPTrustedLoginProvider != null; } } } return false; }
protected void Page_Load(object sender, EventArgs e) { // Get trust currently associated with AzureCP, if any CurrentTrustedLoginProvider = AzureCP.GetSPTrustAssociatedWithCP(AzureCP._ProviderInternalName); if (null == CurrentTrustedLoginProvider) { // Claim provider is currently not associated with any trust. // Display a message in the page and disable controls this.LabelErrorMessage.Text = TextErrorNoTrustAssociation; this.HideAllContent = true; this.BtnCreateNewItem.Visible = false; return; } SPSecurity.RunWithElevatedPrivileges(delegate() { // Get SPPersisted Object and create it if it doesn't exist PersistedObject = AzureCPConfig.GetFromConfigDB(); if (PersistedObject == null) { this.Web.AllowUnsafeUpdates = true; PersistedObject = AzureCPConfig.CreatePersistedObject(); this.Web.AllowUnsafeUpdates = false; } }); if (ViewState["PersistedObjectVersion"] == null) { ViewState.Add("PersistedObjectVersion", PersistedObject.Version); } if ((long)ViewState["PersistedObjectVersion"] != PersistedObject.Version) { // PersistedObject changed since last time. Should not allow any update this.LabelErrorMessage.Text = TextErrorPersistedObjectStale; this.AllowPersistedObjectUpdate = false; return; } TrustName = CurrentTrustedLoginProvider.Name; if (!this.IsPostBack) { New_DdlPermissionMetadata.Items.Add(String.Empty); foreach (object field in typeof(PeopleEditorEntityDataKeys).GetFields()) { New_DdlPermissionMetadata.Items.Add(((System.Reflection.FieldInfo)field).Name); } New_DdlGraphProperty.Items.Add(String.Empty); New_DdlGraphPropertyToDisplay.Items.Add(String.Empty); foreach (object field in typeof(GraphProperty).GetFields()) { string prop = ((System.Reflection.FieldInfo)field).Name; if (AzureCP.GetGraphPropertyValue(new User(), prop) == null) { continue; } //if (AzureCP.GetGraphPropertyValue(new Group(), prop) == null) continue; //if (AzureCP.GetGraphPropertyValue(new Role(), prop) == null) continue; New_DdlGraphProperty.Items.Add(prop); New_DdlGraphPropertyToDisplay.Items.Add(prop); } } BuildAttributesListTable(this.IsPostBack); }
/// <summary> /// Ensures configuration is valid to proceed /// </summary> /// <returns></returns> public virtual ConfigStatus ValidatePrerequisite() { if (!this.IsPostBack) { // DataBind() must be called to bind attributes that are set as "<%# #>"in .aspx // But only during initial page load, otherwise it would reset bindings in other controls like SPGridView DataBind(); ViewState.Add("ClaimsProviderName", ClaimsProviderName); ViewState.Add("PersistedObjectName", PersistedObjectName); ViewState.Add("PersistedObjectID", PersistedObjectID); } else { ClaimsProviderName = ViewState["ClaimsProviderName"].ToString(); PersistedObjectName = ViewState["PersistedObjectName"].ToString(); PersistedObjectID = ViewState["PersistedObjectID"].ToString(); } Status = ConfigStatus.AllGood; if (String.IsNullOrEmpty(ClaimsProviderName)) { Status |= ConfigStatus.ClaimsProviderNamePropNotSet; } if (String.IsNullOrEmpty(PersistedObjectName)) { Status |= ConfigStatus.PersistedObjectNamePropNotSet; } if (String.IsNullOrEmpty(PersistedObjectID)) { Status |= ConfigStatus.PersistedObjectIDPropNotSet; } if (Status != ConfigStatus.AllGood) { ClaimsProviderLogging.Log($"[{ClaimsProviderName}] {MostImportantError}", TraceSeverity.Unexpected, EventSeverity.Error, TraceCategory.Configuration); // Should not go further if those requirements are not met return(Status); } if (CurrentTrustedLoginProvider == null) { CurrentTrustedLoginProvider = AzureCP.GetSPTrustAssociatedWithCP(this.ClaimsProviderName); if (CurrentTrustedLoginProvider == null) { Status |= ConfigStatus.NoSPTrustAssociation; return(Status); } } if (PersistedObject == null) { Status |= ConfigStatus.PersistedObjectNotFound; } if (Status != ConfigStatus.AllGood) { ClaimsProviderLogging.Log($"[{ClaimsProviderName}] {MostImportantError}", TraceSeverity.Unexpected, EventSeverity.Error, TraceCategory.Configuration); // Should not go further if those requirements are not met return(Status); } // AzureCPConfig.GetConfiguration will call method AzureCPConfig.CheckAndCleanConfiguration(); //PersistedObject.CheckAndCleanConfiguration(CurrentTrustedLoginProvider.Name); PersistedObject.ClaimTypes.SPTrust = CurrentTrustedLoginProvider; if (IdentityCTConfig == null && Status == ConfigStatus.AllGood) { IdentityCTConfig = PersistedObject.ClaimTypes.FirstOrDefault(x => String.Equals(CurrentTrustedLoginProvider.IdentityClaimTypeInformation.MappedClaimType, x.ClaimType, StringComparison.InvariantCultureIgnoreCase) && !x.UseMainClaimTypeOfDirectoryObject) as IdentityClaimTypeConfig; if (IdentityCTConfig == null) { Status |= ConfigStatus.NoIdentityClaimType; } } if (PersistedObjectVersion != PersistedObject.Version) { Status |= ConfigStatus.PersistedObjectStale; } if (Status != ConfigStatus.AllGood) { ClaimsProviderLogging.Log($"[{ClaimsProviderName}] {MostImportantError}", TraceSeverity.Unexpected, EventSeverity.Error, TraceCategory.Configuration); } return(Status); }
protected void Page_Load(object sender, EventArgs e) { // Get trust currently associated with AzureCP, if any CurrentTrustedLoginProvider = AzureCP.GetSPTrustAssociatedWithCP(AzureCP._ProviderInternalName); if (null == CurrentTrustedLoginProvider) { // Claim provider is currently not associated with any trust. // Display a message in the page and disable controls this.LabelErrorMessage.Text = TextErrorNoTrustAssociation; this.HideAllContent = true; this.BtnCreateNewItem.Visible = false; return; } SPSecurity.RunWithElevatedPrivileges(delegate() { // Get SPPersisted Object and create it if it doesn't exist PersistedObject = AzureCPConfig.GetFromConfigDB(); if (PersistedObject == null) { this.Web.AllowUnsafeUpdates = true; PersistedObject = AzureCPConfig.CreatePersistedObject(); this.Web.AllowUnsafeUpdates = false; } }); if (ViewState["PersistedObjectVersion"] == null) ViewState.Add("PersistedObjectVersion", PersistedObject.Version); if ((long)ViewState["PersistedObjectVersion"] != PersistedObject.Version) { // PersistedObject changed since last time. Should not allow any update this.LabelErrorMessage.Text = TextErrorPersistedObjectStale; this.AllowPersistedObjectUpdate = false; return; } TrustName = CurrentTrustedLoginProvider.Name; if (!this.IsPostBack) { New_DdlPermissionMetadata.Items.Add(String.Empty); foreach (object field in typeof(PeopleEditorEntityDataKeys).GetFields()) { New_DdlPermissionMetadata.Items.Add(((System.Reflection.FieldInfo)field).Name); } New_DdlGraphProperty.Items.Add(String.Empty); New_DdlGraphPropertyToDisplay.Items.Add(String.Empty); foreach (object field in typeof(GraphProperty).GetFields()) { string prop = ((System.Reflection.FieldInfo)field).Name; if (AzureCP.GetGraphPropertyValue(new User(), prop) == null) continue; //if (AzureCP.GetGraphPropertyValue(new Group(), prop) == null) continue; //if (AzureCP.GetGraphPropertyValue(new Role(), prop) == null) continue; New_DdlGraphProperty.Items.Add(prop); New_DdlGraphPropertyToDisplay.Items.Add(prop); } } BuildAttributesListTable(this.IsPostBack); }