Example #1
0
        /// <summary>
        /// Construct the options from the given configuration section
        /// </summary>
        /// <param name="configSection"></param>
        public SPOptions(KentorAuthServicesSection configSection)
        {
            if (configSection == null)
            {
                throw new ArgumentNullException(nameof(configSection));
            }
            systemIdentityModelIdentityConfiguration = new IdentityConfiguration(true);

            ReturnUrl = configSection.ReturnUrl;
            MetadataCacheDuration = configSection.Metadata.CacheDuration;
            MetadataValidDuration = configSection.Metadata.ValidUntil;
            WantAssertionsSigned = configSection.Metadata.WantAssertionsSigned;
            ValidateCertificates = configSection.ValidateCertificates;
            DiscoveryServiceUrl = configSection.DiscoveryServiceUrl;
            EntityId = configSection.EntityId;
            ModulePath = configSection.ModulePath;
            PublicOrigin = configSection.PublicOrigin;
            Organization = configSection.Organization;
            AuthenticateRequestSigningBehavior = configSection.AuthenticateRequestSigningBehavior;
            NameIdPolicy = new Saml2NameIdPolicy(
                configSection.NameIdPolicyElement.AllowCreate, configSection.NameIdPolicyElement.Format);
            RequestedAuthnContext = new Saml2RequestedAuthnContext(configSection.RequestedAuthnContext);

            configSection.ServiceCertificates.RegisterServiceCertificates(this);

            foreach (var acs in configSection.AttributeConsumingServices)
            {
                AttributeConsumingServices.Add(acs);
            }

            foreach (var contact in configSection.Contacts)
            {
                Contacts.Add(contact);
            }
        }
Example #2
0
        /// <summary>
        /// Construct the options from the given configuration section
        /// </summary>
        /// <param name="configSection"></param>
        public SPOptions(KentorAuthServicesSection configSection)
        {
            if (configSection == null)
            {
                throw new ArgumentNullException(nameof(configSection));
            }
            systemIdentityModelIdentityConfiguration = new IdentityConfiguration(true);

            ReturnUrl = configSection.ReturnUrl;
            MetadataCacheDuration = configSection.MetadataCacheDuration;
            DiscoveryServiceUrl = configSection.DiscoveryServiceUrl;
            EntityId = configSection.EntityId;
            ModulePath = configSection.ModulePath;
            Organization = configSection.Organization;
            AuthenticateRequestSigningBehavior = configSection.AuthenticateRequestSigningBehavior;

            configSection.ServiceCertificates.RegisterServiceCertificates(this);

            foreach (var acs in configSection.AttributeConsumingServices)
            {
                AttributeConsumingServices.Add(acs);
            }

            foreach (var contact in configSection.Contacts)
            {
                Contacts.Add(contact);
            }
        }
        public static void PreAppStart()
        {
            FederatedAuthentication.FederationConfigurationCreated += (sender, args) =>
            {
                // Load config
                var audience = ConfigurationManager.AppSettings["Auth.AudienceUrl"];
                var realm = ConfigurationManager.AppSettings["Auth.AuthenticationRealm"];
                var issuer = ConfigurationManager.AppSettings["Auth.AuthenticationIssuer"];
                var thumbprint = ConfigurationManager.AppSettings["Auth.AuthenticationIssuerThumbprint"];
                
                var idconfig = new IdentityConfiguration();
                idconfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audience));

                var registry = new ConfigurationBasedIssuerNameRegistry();
                registry.AddTrustedIssuer(thumbprint, issuer);
                idconfig.IssuerNameRegistry = registry;
                
                var sessionTransforms = new List<CookieTransform>() {
                    new DeflateCookieTransform(),
                    new MachineKeyTransform()
                };
                idconfig.SecurityTokenHandlers.AddOrReplace(new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()));

                var wsfedconfig = new WsFederationConfiguration(issuer, realm);
                wsfedconfig.PersistentCookiesOnPassiveRedirects = true;
                wsfedconfig.PassiveRedirectEnabled = true;

                args.FederationConfiguration.IdentityConfiguration = idconfig;
                args.FederationConfiguration.WsFederationConfiguration = wsfedconfig;
                args.FederationConfiguration.CookieHandler = new ChunkedCookieHandler();
            };
        }
        protected override void ValidateTestCase( string testVariation )
        {
            IdentityConfiguration identityConfig = new IdentityConfiguration( IdentityConfiguration.DefaultServiceName );

            Assert.IsNotNull( identityConfig.IssuerTokenResolver );

            Assert.IsFalse( identityConfig.IssuerTokenResolver.GetType() != typeof( NamedKeyIssuerTokenResolver ) , string.Format( "Expected identityConfiguration.IsuerTokenResolver.GetType() == typeof( NamedKeyIssuerTokenResolver ), was: '{0}'", identityConfig.IssuerTokenResolver.GetType() ) );

            NamedKeyIssuerTokenResolver resolver = identityConfig.IssuerTokenResolver as NamedKeyIssuerTokenResolver;

            Assert.IsTrue( resolver.SecurityKeys.Count == 0 );
            Assert.IsTrue( IssuerTokenResolver.DefaultStoreName == StoreName.TrustedPeople );
            Assert.IsTrue( IssuerTokenResolver.DefaultStoreLocation == StoreLocation.LocalMachine );

            // Should not find key
            SecurityKey key = null;
            NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause( "keyName", "KeyingMaterial.SymmetricKeyBytes_256" );

            Assert.IsFalse( resolver.TryResolveSecurityKey( clause, out key ) );
            Assert.IsNull( key );

            // Should not find token
            SecurityToken token = null;
            Assert.IsFalse( resolver.TryResolveToken( clause, out token ) );
            Assert.IsNull( token );
        }
Example #5
0
        private void SetupFederatedLogin()
        {
            FederatedAuthentication.FederationConfigurationCreated += (sender, args) =>
            {
                var config = Kernel.Get<IConfigurationService>();
                var idconfig = new IdentityConfiguration();
                idconfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(config.Auth.AudienceUrl));

                var registry = new ConfigurationBasedIssuerNameRegistry();
                registry.AddTrustedIssuer(config.Auth.TokenCertificateThumbprint, config.Auth.AuthenticationIssuer);
                idconfig.IssuerNameRegistry = registry;
                idconfig.CertificateValidationMode = X509CertificateValidationMode.None;

                var sessionTransforms = new List<CookieTransform>() {
                    new DeflateCookieTransform(),
                    new MachineKeyTransform()
                };
                idconfig.SecurityTokenHandlers.AddOrReplace(new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()));

                var wsfedconfig = new WsFederationConfiguration(config.Auth.AuthenticationIssuer, config.Auth.AuthenticationRealm);
                wsfedconfig.PersistentCookiesOnPassiveRedirects = true;

                args.FederationConfiguration.IdentityConfiguration = idconfig;
                args.FederationConfiguration.WsFederationConfiguration = wsfedconfig;
                args.FederationConfiguration.CookieHandler = new ChunkedCookieHandler();
            };
        }
Example #6
0
 public override void Initialize()
 {
     IdentityConfiguration = new IdentityConfiguration
         {
             ClaimsAuthorizationManager = new MyClaimsAuthorizationManager(),
         };
     IsInitialized = true;
 }
        static IdentityConfiguration CreateIdentityConfiguration()
        {
            var identityConfiguration = new IdentityConfiguration();

            identityConfiguration.SecurityTokenHandlers.Clear();
            identityConfiguration.SecurityTokenHandlers.Add(new IdentityServerWrappedJwtHandler("https://localhost:44333/core", "write"));
            identityConfiguration.ClaimsAuthorizationManager = new RequireAuthenticationAuthorizationManager();

            return identityConfiguration;
        }
 protected ServiceCredentials(ServiceCredentials other)
 {
     if (other == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("other");
     }
     this.userName = new UserNamePasswordServiceCredential(other.userName);
     this.clientCertificate = new X509CertificateInitiatorServiceCredential(other.clientCertificate);
     this.serviceCertificate = new X509CertificateRecipientServiceCredential(other.serviceCertificate);
     this.windows = new WindowsServiceCredential(other.windows);
     this.issuedToken = new IssuedTokenServiceCredential(other.issuedToken);
     this.peer = new PeerCredential(other.peer);
     this.secureConversation = new SecureConversationServiceCredential(other.secureConversation);
     this.identityConfiguration = other.identityConfiguration;
     this.saveBootstrapTokenInSession = other.saveBootstrapTokenInSession;
     this.exceptionMapper = other.exceptionMapper;
     this.UseIdentityConfiguration = other.useIdentityConfiguration;
 }
        public ActionResult ProcessWSFedResponse()
        {
            var fam = new WSFederationAuthenticationModule();
            fam.FederationConfiguration = new FederationConfiguration();

            if (ConfigurationRepository.Keys.DecryptionCertificate != null)
            {
                var idConfig = new IdentityConfiguration();
                
                idConfig.ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
                     new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false);
                fam.FederationConfiguration.IdentityConfiguration = idConfig;
            }

            if (fam.CanReadSignInResponse(Request))
            {
                var token = fam.GetSecurityToken(Request);
                return ProcessWSFedSignInResponse(fam.GetSignInResponseMessage(Request), token);
            }

            return View("Error");
        }
Example #10
0
 /// <summary>
 /// Ctor
 /// </summary>
 public SPOptions()
 {
     systemIdentityModelIdentityConfiguration = new IdentityConfiguration(false);
     MetadataCacheDuration = new TimeSpan(1, 0, 0);
 }
        public static string Write(this Saml2SecurityToken token, IdentityConfiguration configuration)
        {
            if (configuration == null)
                throw new ArgumentException("Identity configuration cannot be null", "configuration");

            var settings = new XmlWriterSettings {Indent = false, Encoding = Encoding.Default};
            var sbuilder = new StringBuilder();
            using (var writer = XmlWriter.Create(sbuilder, settings))
            {
                if (token != null) configuration.SecurityTokenHandlers.WriteToken(writer, token);
            }
            var tokenString = sbuilder.ToString();
            return tokenString;
        }
 private void VerifyConfig(IdentityConfiguration identityconfig, ExpectedJwtSecurityTokenRequirement variation)
 {
     JwtSecurityTokenHandler handler = identityconfig.SecurityTokenHandlers[typeof(JwtSecurityToken)] as JwtSecurityTokenHandler;
     Assert.IsFalse(!variation.AsExpected(handler.JwtSecurityTokenRequirement), "JwtSecurityTokenRequirement was not as expected");
 }
 protected override void ValidateTestCase(string variationId)
 {
     ExpectedJwtSecurityTokenRequirement variation = JwtHandlerConfigVariation.Variation(variationId);
     try
     {
         IdentityConfiguration identityConfig = new IdentityConfiguration(IdentityConfiguration.DefaultServiceName);
         variation.ExpectedException.ProcessNoException();
         VerifyConfig(identityConfig, variation);
     }
     catch (Exception ex)
     {
         try
         {
             variation.ExpectedException.ProcessException(ex);
         }
         catch (Exception innerException)
         {
             Assert.Fail("\nConfig case failed:\n'{0}'\nConfig:\n'{1}'\nException:\n'{2}'.", variationId, variation.Config, innerException.ToString());
         }
     }
 }
 protected override void ValidateTestCase( string testCase )
 {
     try
     {
         IdentityConfiguration identityConfig = new IdentityConfiguration( IdentityConfiguration.DefaultServiceName );
         Assert.Fail( string.Format( "Expected Exception of type '{0}'", typeof( ConfigurationErrorsException ) ) );
     }
     catch ( Exception ex )
     {
         Assert.IsTrue( ex.GetType() == typeof( ConfigurationErrorsException ) );
     }
 }