private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions()
{
var spOptions = CreateSPOptions();
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = spOptions
};
var idp = new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se")
};
idp.SigningKeys.AddConfiguredItem(
new X509Certificate2(HostingEnvironment.MapPath("~/App_Data/Kentor.AuthServices.StubIdp.pfx")).PublicKey
.Key);
authServicesOptions.IdentityProviders.Add(idp);
// It's enough to just create the federation and associate it
// with the options. The federation will load the metadata and
// update the options with any identity providers found.
new Federation(new Uri("http://localhost:52071/Federation"), true, authServicesOptions);
return authServicesOptions;
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = CreateSPOptions()
//SPOptions = new SPOptions
//{
// EntityId = new EntityId(localMetaUri),
// ReturnUrl = returnUrl,
// WantAssertionsSigned = true
//},
//AuthenticationType = adfsType,
//Caption = adfsType,
};
Uri metadataURI = new Uri(metaUri);
var idp = new IdentityProvider(new EntityId(entityId), authServicesOptions.SPOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
MetadataLocation = metadataURI.ToString(),
LoadMetadata = true
};
//idp.SigningKeys.AddConfiguredKey(
// new X509Certificate2(
// HostingEnvironment.MapPath(
// "~/App_Data/AzureApp_signing.cer")));
authServicesOptions.IdentityProviders.Add(idp);
app.UseKentorAuthServicesAuthentication(authServicesOptions);
}
private IdentityProvider Idp()
{
// var ipd = new IdentityProvider(new EntityId("http://localhost:52071/Metadata"), null);
var spOptions = CreateSPOptions();
var idp = new IdentityProvider(new EntityId("http://localhost:52071/Metadata"), spOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se")
};
idp.SigningKeys.AddConfiguredItem(certificate.PublicKey.Key);
return idp;
}
private void LoadMetadata()
{
lock (metadataLoadLock)
{
try
{
var metadata = MetadataLoader.LoadFederation(metadataUrl);
var identityProvidersMetadata = metadata.ChildEntities.Cast<ExtendedEntityDescriptor>()
.Where(ed => ed.RoleDescriptors.OfType<IdentityProviderSingleSignOnDescriptor>().Any());
var identityProviders = new List<IdentityProvider>();
foreach(var idpMetadata in identityProvidersMetadata)
{
var idp = new IdentityProvider(idpMetadata.EntityId, options.SPOptions)
{
AllowUnsolicitedAuthnResponse = allowUnsolicitedAuthnResponse
};
idp.ReadMetadata(idpMetadata);
identityProviders.Add(idp);
}
RegisterIdentityProviders(identityProviders);
MetadataValidUntil = metadata.CalculateMetadataValidUntil();
LastMetadataLoadException = null;
}
catch (WebException ex)
{
var now = DateTime.UtcNow;
if (MetadataValidUntil < now)
{
// If download failed, ignore the error and trigger a scheduled reload.
RemoveAllRegisteredIdentityProviders();
MetadataValidUntil = DateTime.MinValue;
}
else
{
ScheduleMetadataReload();
}
LastMetadataLoadException = ex;
}
}
}
