public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace) { string text = accountNamespace.ToString(); string wkgDomain = FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(text); AppIdInfo appIdInfo = null; ManageDelegation2Client client = this.GetManageDelegation(wkgDomain); try { appIdInfo = client.CreateAppId(wkgDomain); } catch (LiveDomainServicesException ex) { if (ex.DomainError != null && ex.DomainError.Value == DomainError.ProofOfOwnershipNotValid) { throw new DomainProofOwnershipException(Strings.ErrorManageDelegation2ProofDomainOwnership, ex); } throw new ProvisioningFederatedExchangeException(ex.LocalizedString, ex); } if (string.IsNullOrEmpty(federationTrust.ApplicationIdentifier)) { if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId)) { throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId)); } base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), appIdInfo.AppId)); federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim(); } base.ReserveDomain(wkgDomain, federationTrust.ApplicationIdentifier, client, Strings.ErrorManageDelegation2ProofDomainOwnership, () => LiveFederationProvision2.GetDomainStateFromDomainInfo(client.GetDomainInfo(federationTrust.ApplicationIdentifier, wkgDomain))); using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(text)) { manageDelegation.AddUri(appIdInfo.AppId, text); } }
private void ValidateDelegationFederationTrustParameter() { if (this.DelegationFederationTrust != null) { ADObjectId descendantId = base.RootOrgContainerId.GetDescendantId(FederationTrust.FederationTrustsContainer); IConfigDataProvider configDataProvider = ((IConfigurationSession)base.DataSession).SessionSettings.PartitionId.ForestFQDN.Equals(TopologyProvider.LocalForestFqdn, StringComparison.OrdinalIgnoreCase) ? base.DataSession : base.RootOrgGlobalConfigSession; IEnumerable <FederationTrust> objects = this.DelegationFederationTrust.GetObjects <FederationTrust>(descendantId, configDataProvider); ADObjectId identity = null; using (IEnumerator <FederationTrust> enumerator = objects.GetEnumerator()) { if (!enumerator.MoveNext()) { base.WriteError(new ManagementObjectNotFoundException(Strings.ErrorFederationTrustNotFound(this.DelegationFederationTrust.ToString())), ErrorCategory.ObjectNotFound, null); } identity = (ADObjectId)enumerator.Current.Identity; if (enumerator.MoveNext()) { base.WriteError(new ManagementObjectAmbiguousException(Strings.ErrorFederationTrustNotUnique(this.DelegationFederationTrust.ToString())), ErrorCategory.InvalidData, null); } } FederationTrust federationTrust = (FederationTrust)configDataProvider.Read <FederationTrust>(identity); if (federationTrust == null) { base.WriteError(new ManagementObjectNotFoundException(Strings.ErrorFederationTrustNotFound(this.delegationTrustId.ToDNString())), ErrorCategory.ObjectNotFound, null); } this.delegationTrustId = identity; this.federationTrust = federationTrust; } }
public override void OnPublishFederationCertificate(FederationTrust federationTrust) { X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose); string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData()); using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(federationTrust.ApplicationUri.OriginalString)) { manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, rawBase64Certificate); } }
public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace) { LiveFederationProvision1.< > c__DisplayClass1 CS$ < > 8__locals1 = new LiveFederationProvision1.< > c__DisplayClass1(); CS$ < > 8__locals1.< > 4__this = this; CS$ < > 8__locals1.domain = accountNamespace.ToString(); using (ManageDelegation1Client client = this.GetManageDelegation()) { base.ReserveDomain(CS$ < > 8__locals1.domain, base.ApplicationIdentifier, client, Strings.ErrorManageDelegation1ProofDomainOwnership, () => LiveFederationProvision1.GetDomainStateFromDomainInfo(client.GetDomainInfo(CS$ < > 8__locals1.< > 4__this.ApplicationIdentifier, CS$ < > 8__locals1.domain))); base.AddUri(CS$ < > 8__locals1.domain, federationTrust.ApplicationIdentifier, client, Strings.ErrorManageDelegation1ProofDomainOwnership); } }
public static FederationProvision Create(FederationTrust federationTrust, Task task) { switch (federationTrust.NamespaceProvisioner) { case FederationTrust.NamespaceProvisionerType.LiveDomainServices: return(new LiveFederationProvision1(federationTrust.OrgPrivCertificate, federationTrust.ApplicationIdentifier, task)); case FederationTrust.NamespaceProvisionerType.LiveDomainServices2: return(new LiveFederationProvision2(federationTrust.OrgPrivCertificate, federationTrust.ApplicationIdentifier, task)); default: return(new CustomFederationProvision()); } }
public override void OnPublishFederationCertificate(FederationTrust federationTrust) { if (string.IsNullOrEmpty(federationTrust.AdministratorProvisioningId)) { throw new NoAdministratorKeyFoundException(federationTrust.Name); } X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose); string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData()); using (ManageDelegation1Client manageDelegation = this.GetManageDelegation()) { manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, federationTrust.AdministratorProvisioningId, rawBase64Certificate); } }
public override void OnNewFederationTrust(FederationTrust federationTrust) { X509Certificate x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgPrivCertificate, base.WriteVerbose); string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData()); AppIdInfo appIdInfo = null; using (ManageDelegation1Client manageDelegation = this.GetManageDelegation()) { appIdInfo = manageDelegation.CreateAppId(rawBase64Certificate); } if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId)) { throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId)); } federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim(); federationTrust.AdministratorProvisioningId = appIdInfo.AdminKey.Trim(); base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), federationTrust.ApplicationIdentifier)); }
protected override void InternalProcessRecord() { TaskLogger.LogEnter(); base.InternalProcessRecord(); if (!string.IsNullOrEmpty(this.Thumbprint)) { this.ProcessForCertificate(this.Thumbprint, null); } else { FederationTrust federationTrust = this.GetFederationTrust(); var array = new < > f__AnonymousType25 <string, string>[] { new { PropertyName = "OrgNextPrivCertificate", Thumbprint = federationTrust.OrgNextPrivCertificate }, new { PropertyName = "OrgPrivCertificate", Thumbprint = federationTrust.OrgPrivCertificate }, new { PropertyName = "OrgPrevPrivCertificate", Thumbprint = federationTrust.OrgPrevPrivCertificate } }; var array2 = array; for (int i = 0; i < array2.Length; i++) { var <> f__AnonymousType = array2[i]; if (!string.IsNullOrEmpty(< > f__AnonymousType.Thumbprint)) { this.ProcessForCertificate(< > f__AnonymousType.Thumbprint, <> f__AnonymousType.PropertyName); } } } TaskLogger.LogExit(); }
internal static void AddEndpointEnabledHeaders(HttpResponse response) { if (AutodiscoverEwsWebConfiguration.SoapEndpointEnabled) { response.AddHeader("X-SOAP-Enabled", bool.TrueString); } response.AddHeader("X-WSSecurity-Enabled", AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString); string value; if ((HttpProxyGlobals.IsPartnerHostedOnly || VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled) && AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled) { value = "Logon"; } else { value = "None"; } response.AddHeader("X-WSSecurity-For", value); FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline"); if (federationTrust != null) { response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString()); } if (AutodiscoverEwsWebConfiguration.WsSecuritySymmetricKeyEndpointEnabled) { response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString); } if (AutodiscoverEwsWebConfiguration.WsSecurityX509CertEndpointEnabled) { response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString); } HttpApplication applicationInstance = HttpContext.Current.ApplicationInstance; IHttpModule httpModule = applicationInstance.Modules["OAuthAuthModule"]; response.AddHeader("X-OAuth-Enabled", (httpModule != null) ? bool.TrueString : bool.FalseString); }
protected void AddEndpointEnabledHeaders(HttpResponse response) { if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.SoapEndpointEnabled) { response.AddHeader("X-SOAP-Enabled", bool.TrueString); } response.AddHeader("X-WSSecurity-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString); response.AddHeader("X-WSSecurity-For", (VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled && AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled) ? "Logon" : "None"); FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline"); if (federationTrust != null) { response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString()); } if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecuritySymmetricKeyEndpointEnabled) { response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString); } if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityX509CertEndpointEnabled) { response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString); } response.AddHeader("X-OAuth-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.OAuthEndpointEnabled ? bool.TrueString : bool.FalseString); }
private bool ProcessFederationTrust(FederationTrust federationTrust) { PartnerFederationMetadata partnerFederationMetadata = null; try { partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(federationTrust.TokenIssuerMetadataEpr, null); } catch (FederationMetadataException ex) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[] { ex.Message, federationTrust.TokenIssuerMetadataEpr.OriginalString, federationTrust.Name }); } catch (Exception ex2) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[] { AnchorLogger.GetDiagnosticInfo(ex2, null), federationTrust.TokenIssuerMetadataEpr.OriginalString, federationTrust.Name }); } if (partnerFederationMetadata == null) { return(false); } List <LocalizedString> warningMessages = new List <LocalizedString>(); try { LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(federationTrust, partnerFederationMetadata, delegate(LocalizedString localizedString) { warningMessages.Add(localizedString); }); } catch (FederationMetadataException ex3) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_CorruptMetadata, new string[] { ex3.Message, federationTrust.TokenIssuerMetadataEpr.OriginalString, federationTrust.Name }); } catch (Exception ex4) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[] { AnchorLogger.GetDiagnosticInfo(ex4, null), federationTrust.TokenIssuerMetadataEpr.OriginalString, federationTrust.Name }); } if (warningMessages.Count > 0) { StringBuilder stringBuilder = new StringBuilder(); foreach (LocalizedString localizedString2 in warningMessages) { stringBuilder.AppendFormat("{0};", localizedString2.ToString()); } this.Context.Logger.LogTerseEvent(MigrationEventType.Warning, MSExchangeAuthAdminEventLogConstants.Tuple_Warning, new string[] { federationTrust.Name, stringBuilder.ToString() }); } return(federationTrust.ObjectState == ObjectState.Changed); }
public override void OnNewFederationTrust(FederationTrust federationTrust) { }
public override void OnPublishFederationCertificate(FederationTrust federationTrust) { }
public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace) { }
private FederatedOrganizationIdWithDomainStatus CreatePresentationObject(FederatedOrganizationId fedOrgId, bool includeExtendedDomainInfo) { FederatedOrganizationIdWithDomainStatus federatedOrganizationIdWithDomainStatus = new FederatedOrganizationIdWithDomainStatus(fedOrgId); if (fedOrgId.DelegationTrustLink == null) { return(federatedOrganizationIdWithDomainStatus); } FederationTrust federationTrust = this.ConfigurationSession.Read <FederationTrust>(fedOrgId.DelegationTrustLink); if (federationTrust == null) { fedOrgId.DelegationTrustLink = ADObjectIdResolutionHelper.ResolveDN(fedOrgId.DelegationTrustLink); ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(ADSystemConfigurationSession.GetRootOrgContainerIdForLocalForest(), OrganizationId.ForestWideOrgId, null, false); ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 147, "CreatePresentationObject", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\GetFederatedOrganizationIdentifier.cs"); federationTrust = topologyConfigurationSession.Read <FederationTrust>(fedOrgId.DelegationTrustLink); if (federationTrust == null) { return(federatedOrganizationIdWithDomainStatus); } } List <AcceptedDomain> allFederatedDomains = this.GetAllFederatedDomains(fedOrgId); if (allFederatedDomains.Count == 0) { return(federatedOrganizationIdWithDomainStatus); } foreach (AcceptedDomain acceptedDomain in allFederatedDomains) { if (acceptedDomain.IsDefaultFederatedDomain) { federatedOrganizationIdWithDomainStatus.DefaultDomain = new SmtpDomain(acceptedDomain.DomainName.Domain); break; } } MultiValuedProperty <FederatedDomain> multiValuedProperty = new MultiValuedProperty <FederatedDomain>(); if (!includeExtendedDomainInfo) { foreach (AcceptedDomain acceptedDomain2 in allFederatedDomains) { multiValuedProperty.Add(new FederatedDomain(new SmtpDomain(acceptedDomain2.DomainName.Domain))); } federatedOrganizationIdWithDomainStatus.Domains = multiValuedProperty; return(federatedOrganizationIdWithDomainStatus); } FederationProvision federationProvision = FederationProvision.Create(federationTrust, this); base.WriteVerbose(Strings.GetFedDomainStatusInfo(FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(fedOrgId.AccountNamespace.Domain))); DomainState state = DomainState.Unknown; try { state = federationProvision.GetDomainState(FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(fedOrgId.AccountNamespace.Domain)); } catch (LocalizedException ex) { this.WriteError(new CannotGetDomainStatusFromPartnerSTSException(fedOrgId.AccountNamespace.ToString(), federationTrust.ApplicationIdentifier, ex.Message), ErrorCategory.ResourceUnavailable, null, false); } multiValuedProperty.Add(new FederatedDomain(fedOrgId.AccountNamespace, state)); foreach (AcceptedDomain acceptedDomain3 in allFederatedDomains) { SmtpDomain smtpDomain = new SmtpDomain(acceptedDomain3.DomainName.Domain); if (!smtpDomain.Equals(fedOrgId.AccountNamespace)) { multiValuedProperty.Add(new FederatedDomain(smtpDomain)); } } federatedOrganizationIdWithDomainStatus.Domains = multiValuedProperty; return(federatedOrganizationIdWithDomainStatus); }
public static void InitializeDataObjectFromMetadata(FederationTrust federationTrust, PartnerFederationMetadata partnerFederationMetadata, WriteWarningDelegate writeWarning) { if (writeWarning == null) { writeWarning = new WriteWarningDelegate(LivePartnerFederationMetadata.NullWriteWarning); } federationTrust.PolicyReferenceUri = partnerFederationMetadata.PolicyReferenceUri; federationTrust.TokenIssuerMetadataEpr = partnerFederationMetadata.TokenIssuerMetadataEpr; federationTrust.TokenIssuerUri = partnerFederationMetadata.TokenIssuerUri; federationTrust.TokenIssuerEpr = partnerFederationMetadata.TokenIssuerEpr; federationTrust.WebRequestorRedirectEpr = partnerFederationMetadata.WebRequestorRedirectEpr; federationTrust.TokenIssuerCertReference = partnerFederationMetadata.TokenIssuerCertReference; federationTrust.TokenIssuerPrevCertReference = partnerFederationMetadata.TokenIssuerPrevCertReference; if (partnerFederationMetadata.TokenIssuerCertificate != null && partnerFederationMetadata.TokenIssuerPrevCertificate != null && partnerFederationMetadata.TokenIssuerPrevCertificate.NotAfter > partnerFederationMetadata.TokenIssuerCertificate.NotAfter) { X509Certificate2 tokenIssuerCertificate = partnerFederationMetadata.TokenIssuerCertificate; partnerFederationMetadata.TokenIssuerCertificate = partnerFederationMetadata.TokenIssuerPrevCertificate; partnerFederationMetadata.TokenIssuerPrevCertificate = tokenIssuerCertificate; } if (partnerFederationMetadata.TokenIssuerCertificate != null) { if (partnerFederationMetadata.TokenIssuerCertificate.NotAfter > DateTime.UtcNow) { if (federationTrust.TokenIssuerCertificate == null || !federationTrust.TokenIssuerCertificate.Thumbprint.Equals(partnerFederationMetadata.TokenIssuerCertificate.Thumbprint, StringComparison.OrdinalIgnoreCase)) { federationTrust.TokenIssuerCertificate = partnerFederationMetadata.TokenIssuerCertificate; } } else { writeWarning(Strings.WarningIssuerCertificateExpired(partnerFederationMetadata.TokenIssuerCertificate.Thumbprint)); if (federationTrust.TokenIssuerCertificate != null) { federationTrust.TokenIssuerCertificate = null; } } } if (partnerFederationMetadata.TokenIssuerPrevCertificate != null) { if (partnerFederationMetadata.TokenIssuerPrevCertificate.NotAfter > DateTime.UtcNow) { if (federationTrust.TokenIssuerPrevCertificate == null || !federationTrust.TokenIssuerPrevCertificate.Thumbprint.Equals(partnerFederationMetadata.TokenIssuerPrevCertificate.Thumbprint, StringComparison.OrdinalIgnoreCase)) { federationTrust.TokenIssuerPrevCertificate = partnerFederationMetadata.TokenIssuerPrevCertificate; } } else { writeWarning(Strings.WarningIssuerCertificateExpired(partnerFederationMetadata.TokenIssuerPrevCertificate.Thumbprint)); if (federationTrust.TokenIssuerPrevCertificate != null) { federationTrust.TokenIssuerPrevCertificate = null; } } } if (federationTrust.TokenIssuerCertificate == null && federationTrust.TokenIssuerPrevCertificate != null) { federationTrust.TokenIssuerCertificate = federationTrust.TokenIssuerPrevCertificate; federationTrust.TokenIssuerPrevCertificate = null; } if (federationTrust.TokenIssuerCertificate == null && federationTrust.TokenIssuerPrevCertificate == null) { throw new FederationMetadataException(Strings.NoValidIssuerCertificate); } }
public abstract void OnNewFederationTrust(FederationTrust federationTrust);
public abstract void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace);
private static ExternalAuthentication.FederationTrustResults TryCreateSecurityTokenService(FederationTrust federationTrust, WebProxy webProxy) { if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerUri, "TokenIssuerUri")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerUri }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerEpr, "TokenIssuerEpr")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerEpr }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.ApplicationUri, "ApplicationUri")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingApplicationUri }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerCertificate, "TokenIssuerCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerCertificate }); } X509Certificate2[] tokenSignatureCertificates = (federationTrust.TokenIssuerPrevCertificate != null) ? new X509Certificate2[] { federationTrust.TokenIssuerCertificate, federationTrust.TokenIssuerPrevCertificate } : new X509Certificate2[] { federationTrust.TokenIssuerCertificate }; if (!ExternalAuthentication.HasAtLeastOneValidCertificate(tokenSignatureCertificates, federationTrust.Id, "TokenIssuerCertificate and TokenIssuerPrevCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.InvalidTokenIssuerCertificate, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoSubCode }); } if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.OrgPrivCertificate, "OrgPrivCertificate")) { return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingOrgPrivCertificate }); } X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine); x509Store.Open(OpenFlags.ReadOnly); X509Certificate2 certificate; X509Certificate2[] tokenDecryptionCertificates; try { ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType; certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrivCertificate, federationTrust.Id, "OrgPrivCertificate", true, out externalAuthenticationSubFailureType); if (certificate == null) { ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Federation trust is misconfigured. Unable to find certificate corresponding to OrgPrivCertificate={0}", federationTrust.OrgPrivCertificate); return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust, SubFailureType = externalAuthenticationSubFailureType }); } X509Certificate2 x509Certificate = null; if (!string.IsNullOrEmpty(federationTrust.OrgPrevPrivCertificate)) { x509Certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrevPrivCertificate, federationTrust.Id, "OrgPrevPrivCertificate", false, out externalAuthenticationSubFailureType); } tokenDecryptionCertificates = ((x509Certificate != null) ? new X509Certificate2[] { certificate, x509Certificate } : new X509Certificate2[] { certificate }); } finally { x509Store.Close(); } SecurityTokenService securityTokenService = new SecurityTokenService(federationTrust.TokenIssuerEpr, webProxy, certificate, federationTrust.TokenIssuerUri, federationTrust.PolicyReferenceUri, federationTrust.ApplicationUri.OriginalString); ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "New instance of SecurityTokenService successfully built."); return(new ExternalAuthentication.FederationTrustResults { FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure, SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure, SecurityTokenService = securityTokenService, TokenSignatureCertificates = tokenSignatureCertificates, TokenDecryptionCertificates = tokenDecryptionCertificates }); }
public abstract void OnPublishFederationCertificate(FederationTrust federationTrust);