public void EntityDescriptorExtensions_ToXElement_Nodes() { EntityId entityId = new EntityId("http://dummyentityid.com"); var entityDescriptor = new EntityDescriptor(entityId); var spsso = new ServiceProviderSingleSignOnDescriptor(); string sampleAcsUri = "https://some.uri.example.com/acs"; var acs = new IndexedProtocolEndpoint() { IsDefault = false, Index = 17, Binding = Saml2Binding.HttpPostUri, Location = new Uri(sampleAcsUri) }; spsso.AssertionConsumerServices.Add(1, acs); entityDescriptor.RoleDescriptors.Add(spsso); var rootName = Saml2Namespaces.Saml2Metadata + "EntityDescriptor"; var elementName = Saml2Namespaces.Saml2Metadata + "SPSSODescriptor"; var subject = entityDescriptor.ToXElement(); subject.Name.Should().Be(rootName); subject.Elements().Single().Name.Should().Be(elementName); subject.Attribute("entityId").Value.Should().Be("http://dummyentityid.com"); }
public EntityDescriptor Generate(string wsfedEndpoint) { var tokenServiceDescriptor = GetTokenServiceDescriptor(wsfedEndpoint); var id = new EntityId(_options.IssuerUri); var entity = new EntityDescriptor(id); entity.SigningCredentials = new X509SigningCredentials(_options.SigningCertificate); entity.RoleDescriptors.Add(tokenServiceDescriptor); return entity; }
public string Generate() { var tokenServiceDescriptor = GetTokenServiceDescriptor(); var id = new EntityId(ConfigurationRepository.Global.IssuerUri); var entity = new EntityDescriptor(id); entity.SigningCredentials = new X509SigningCredentials(ConfigurationRepository.Keys.SigningCertificate); entity.RoleDescriptors.Add(tokenServiceDescriptor); var ser = new MetadataSerializer(); var sb = new StringBuilder(512); ser.WriteMetadata(XmlWriter.Create(new StringWriter(sb), new XmlWriterSettings { OmitXmlDeclaration = true }), entity); return sb.ToString(); }
private string GenerateMetadata(params RoleDescriptor[] roles) { var id = new EntityId(ConfigurationRepository.Global.IssuerUri); var entity = new EntityDescriptor(id); entity.SigningCredentials = new X509SigningCredentials(ConfigurationRepository.Keys.SigningCertificate); foreach (var roleDescriptor in roles) { entity.RoleDescriptors.Add(roleDescriptor); } var ser = new MetadataSerializer(); var sb = new StringBuilder(512); ser.WriteMetadata(XmlWriter.Create(new StringWriter(sb), new XmlWriterSettings { OmitXmlDeclaration = true }), entity); return sb.ToString(); }
public string GetFederationMetadata(Uri endpoint) { // hostname var passiveEndpoint = new EndpointReference(endpoint.AbsoluteUri); var activeEndpoint = new EndpointReference(endpoint.AbsoluteUri); // metadata document var entity = new EntityDescriptor(new EntityId(TwitterClaims.IssuerName)); var sts = new SecurityTokenServiceDescriptor(); entity.RoleDescriptors.Add(sts); // signing key var signingKey = new KeyDescriptor(SigningCredentials.SigningKeyIdentifier) { Use = KeyType.Signing }; sts.Keys.Add(signingKey); // claim types sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name, "Name", "User name")); sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.NameIdentifier, "Name Identifier", "User name identifier")); sts.ClaimTypesOffered.Add(new DisplayClaim(TwitterClaims.TwitterToken, "Token", "Service token")); sts.ClaimTypesOffered.Add(new DisplayClaim(TwitterClaims.TwitterTokenSecret, "Token Secret", "Service token secret")); // passive federation endpoint sts.PassiveRequestorEndpoints.Add(passiveEndpoint); // supported protocols //Inaccessable due to protection level //sts.ProtocolsSupported.Add(new Uri(WSFederationConstants.Namespace)); sts.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706")); // add passive STS endpoint sts.SecurityTokenServiceEndpoints.Add(activeEndpoint); // metadata signing entity.SigningCredentials = SigningCredentials; // serialize var serializer = new MetadataSerializer(); using (var memoryStream = new MemoryStream()) { serializer.WriteMetadata(memoryStream, entity); return Encoding.UTF8.GetString(memoryStream.ToArray()); } }
private EntityDescriptor GenerateEntities() { if (_entity != null) return _entity; var sts = new SecurityTokenServiceDescriptor(); //FillOfferedClaimTypes(sts.ClaimTypesOffered); FillEndpoints(sts); FillSupportedProtocols(sts); FillSigningKey(sts); _entity = new EntityDescriptor(new EntityId(Host)) { SigningCredentials = SigningCredentials }; _entity.RoleDescriptors.Add(sts); return _entity; }
public byte[] GetFederationMetadata(Uri passiveSignInUrl, Uri identifier, X509Certificate2 signingCertificate) { var credentials = new X509SigningCredentials(signingCertificate); // Figure out the hostname exposed from Azure and what port the service is listening on var realm = new EndpointAddress(identifier); var passiveEndpoint = new EndpointReference(passiveSignInUrl.AbsoluteUri); // Create metadata document for relying party EntityDescriptor entity = new EntityDescriptor(new EntityId(realm.Uri.AbsoluteUri)); SecurityTokenServiceDescriptor sts = new SecurityTokenServiceDescriptor(); entity.RoleDescriptors.Add(sts); // Add STS's signing key KeyDescriptor signingKey = new KeyDescriptor(credentials.SigningKeyIdentifier); signingKey.Use = KeyType.Signing; sts.Keys.Add(signingKey); // Add offered claim types sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.AuthenticationMethod)); sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.AuthenticationInstant)); sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name)); // Add passive federation endpoint sts.PassiveRequestorEndpoints.Add(passiveEndpoint); // Add supported protocols sts.ProtocolsSupported.Add(new Uri(WSFederationConstants.Namespace)); // Add passive STS endpoint sts.SecurityTokenServiceEndpoints.Add(passiveEndpoint); // Set credentials with which to sign the metadata entity.SigningCredentials = credentials; // Serialize the metadata and convert it to an XElement MetadataSerializer serializer = new MetadataSerializer(); MemoryStream stream = new MemoryStream(); serializer.WriteMetadata(stream, entity); stream.Flush(); return stream.ToArray(); }
// Helpers private string Generate() { var tokenServiceDescriptor = GetTokenServiceDescriptor(); var id = new EntityId("https://tugberk.me"); var entity = new EntityDescriptor(id); var certificate = GetSigningCertificate(); entity.SigningCredentials = new X509SigningCredentials(certificate); entity.RoleDescriptors.Add(tokenServiceDescriptor); var ser = new MetadataSerializer(); var sb = new StringBuilder(512); using (var sr = new StringWriter(sb)) using (var xmlWriter = XmlWriter.Create(sr, new XmlWriterSettings { OmitXmlDeclaration = true })) { ser.WriteMetadata(xmlWriter, entity); return sb.ToString(); } }
public ActionResult FederationMetadata() { var endpoint = Request.Url.Scheme + "://" + Request.Url.Host + ":" + Request.Url.Port; var entityDescriptor = new EntityDescriptor(new EntityId(ConfigurationManager.AppSettings["stsName"])) { SigningCredentials = CertificateFactory.GetSigningCredentials() }; var roleDescriptor = new SecurityTokenServiceDescriptor(); roleDescriptor.Contacts.Add(new ContactPerson(ContactType.Administrative)); var clause = new X509RawDataKeyIdentifierClause(CertificateFactory.GetCertificate()); var securityKeyIdentifier = new SecurityKeyIdentifier(clause); var signingKey = new KeyDescriptor(securityKeyIdentifier) {Use = KeyType.Signing}; roleDescriptor.Keys.Add(signingKey); var endpointAddress = new System.IdentityModel.Protocols.WSTrust.EndpointReference(endpoint + "/Security/Authorize"); roleDescriptor.PassiveRequestorEndpoints.Add(endpointAddress); roleDescriptor.SecurityTokenServiceEndpoints.Add(endpointAddress); roleDescriptor.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706")); entityDescriptor.RoleDescriptors.Add(roleDescriptor); var serializer = new MetadataSerializer(); var settings = new XmlWriterSettings {Encoding = Encoding.UTF8}; var memoryStream = new MemoryStream(); var writer = XmlWriter.Create(memoryStream, settings); serializer.WriteMetadata(writer,entityDescriptor); writer.Flush(); var content = Content(Encoding.UTF8.GetString(memoryStream.GetBuffer()), "text/xml"); writer.Dispose(); return content; }
public MetadataResult(EntityDescriptor entity) { _entity = entity; }
static List<X509SecurityToken> ReadSigningCertsFromMetadata(EntityDescriptor entityDescriptor) { List<X509SecurityToken> stsSigningTokens = new List<X509SecurityToken>(); SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First(); if (stsd != null && stsd.Keys != null) { IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses = stsd.Keys.Where(key => key.KeyInfo != null && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified)). Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First()); stsSigningTokens.AddRange(x509DataClauses.Select(clause => new X509SecurityToken(new X509Certificate2(clause.GetX509RawData())))); } else { throw new InvalidOperationException("There is no RoleDescriptor of type SecurityTokenServiceType in the metadata"); } return stsSigningTokens; }