private void LinkExistingRuleGroups(ManagementService client, Action <LogInfo> logAction)
{
foreach (var linkedRuleGroup in this.relyingPartySpec.LinkedRuleGroups())
{
var @group = linkedRuleGroup;
var ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(group)).Single();
var relyingParty = client.RelyingParties.Where(rp => rp.Name.Equals(this.relyingPartySpec.Name())).Single();
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
this.LogMessage(logAction, string.Format("Linking Relying Party '{0}' to Rule Group '{1}'", this.relyingPartySpec.Name(), linkedRuleGroup));
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
if (this.relyingPartySpec.LinkedRuleGroups().Any())
{
client.SaveChanges(SaveChangesOptions.Batch);
this.LogSavingChangesMessage(logAction);
}
}
/// <summary>
/// Update the relying party rules to pass through any claim issued by an identity provider.
/// </summary>
/// <param name="relyingPartyName">The name of the relying party.</param>
/// <param name="identityProvider">The identity provider whose issued claims must be passed through.</param>
public void UpdateRelyingPartyRule(string relyingPartyName, string identityProvider)
{
ManagementService svc = CreateManagementServiceClient();
RelyingParty rp = svc.RelyingParties.Where(r => r.Name == relyingPartyName).FirstOrDefault();
if (rp == null)
{
throw new ConfigurationErrorsException("The relying party of name " + relyingPartyName + " could not be found.");
}
Issuer newIssuer = AddIssuer(identityProvider);
if (newIssuer != null)
{
RelyingPartyRuleGroup rpRuleGroup = svc.RelyingPartyRuleGroups.Where(m => m.RelyingPartyId == rp.Id).FirstOrDefault();
Rule rule = new Rule()
{
IssuerId = newIssuer.Id, RuleGroupId = rpRuleGroup.RuleGroupId
};
svc.AddToRules(rule);
svc.SaveChanges(SaveChangesOptions.Batch);
}
}
/// <summary>
/// Assigns the <paramref name="ruleGroup"/> to the <paramref name="relyingParty"/>
/// </summary>
/// <param name="svc"></param>
/// <param name="ruleGroup">Relying party</param>
/// <param name="relyingParty">Rule group</param>
public static void AssignRuleGroupToRelyingParty(this ManagementService svc, RuleGroup ruleGroup, RelyingParty relyingParty)
{
RelyingPartyRuleGroup relyingPartyRuleGroup = new RelyingPartyRuleGroup();
svc.AddToRelyingPartyRuleGroups(relyingPartyRuleGroup);
svc.AddLink(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
svc.AddLink(ruleGroup, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
private static void CreateFacebookRules(ServiceManagementWrapper acsWrapper, RelyingPartyRuleGroup defaultRuleGroup)
{
Console.Write("Creating Facebook mapping rules....");
var name = "Facebook";
// pass name
acsWrapper.AddPassThroughRuleToRuleGroup(defaultRuleGroup.RuleGroup.Name, name, ClaimTypes.Name);
// pass nameidentifier
acsWrapper.AddPassThroughRuleToRuleGroup(defaultRuleGroup.RuleGroup.Name, name, ClaimTypes.NameIdentifier);
Console.WriteLine("done.");
}
private static void CreateYahooRules(ServiceManagementWrapper acsWrapper, RelyingPartyRuleGroup defaultRuleGroup)
{
Console.Write("Creating Yahoo! mapping rules....");
var name = SocialIdentityProviders.Yahoo.HomeRealm;
// pass name
acsWrapper.AddPassThroughRuleToRuleGroup(defaultRuleGroup.RuleGroup.Name, name, ClaimTypes.Name);
// pass nameidentifier
acsWrapper.AddPassThroughRuleToRuleGroup(defaultRuleGroup.RuleGroup.Name, name, ClaimTypes.NameIdentifier);
Console.WriteLine("done.");
}
private static void LinkRuleGroupToRelyingParty(ManagementService client, RuleGroup ruleGroup, RelyingParty relyingParty)
{
Guard.NotNull(() => ruleGroup, ruleGroup);
Guard.NotNull(() => relyingParty, relyingParty);
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
client.SaveChanges(SaveChangesOptions.Batch);
}
public static RuleGroup AddPassthroughRule(this ManagementService svc,
RelyingParty relyingParty, string ruleGroupName)
{
Contract.Requires(svc != null);
Contract.Requires(relyingParty != null);
Contract.Requires(!string.IsNullOrWhiteSpace(ruleGroupName));
var ruleGroup = new RuleGroup()
{
Name = ruleGroupName
};
svc.AddToRuleGroups(ruleGroup);
svc.SaveChanges(SaveChangesOptions.Batch);
var localAuthority = svc.Issuers.Where(
m => m.Name == "LOCAL AUTHORITY").FirstOrDefault();
var passthrough = new Rule();
passthrough.Description = "Passthough all ACS claims";
svc.AddToRules(passthrough);
svc.SetLink(passthrough, "RuleGroup", ruleGroup);
svc.SetLink(passthrough, "Issuer", localAuthority);
var rprg = new RelyingPartyRuleGroup();
svc.AddToRelyingPartyRuleGroups(rprg);
svc.AddLink(relyingParty, "RelyingPartyRuleGroups", rprg);
svc.AddLink(ruleGroup, "RelyingPartyRuleGroups", rprg);
svc.SaveChanges(SaveChangesOptions.Batch);
return(ruleGroup);
}
private static void CreateRelyingParty(ManagementService client, string relyingPartyName, string ruleGroupName, string realmAddress, string replyAddress, TokenType tokenType, int tokenLifetime, bool asymmetricTokenEncryptionRequired, out RelyingParty relyingParty)
{
// Create Relying Party
relyingParty = new RelyingParty
{
Name = relyingPartyName,
DisplayName = relyingPartyName,
Description = relyingPartyName,
TokenType = tokenType.ToString(),
TokenLifetime = tokenLifetime,
AsymmetricTokenEncryptionRequired = asymmetricTokenEncryptionRequired
};
client.AddObject("RelyingParties", relyingParty);
client.SaveChanges();
if (!string.IsNullOrWhiteSpace(ruleGroupName))
{
RuleGroup ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(ruleGroupName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (ruleGroup == null)
{
ruleGroup = new RuleGroup
{
Name = ruleGroupName
};
client.AddToRuleGroups(ruleGroup);
client.SaveChanges();
}
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
// Create the Realm for Relying Party
var realm = new RelyingPartyAddress
{
Address = realmAddress,
EndpointType = RelyingPartyAddressEndpointType.Realm.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realm);
if (!string.IsNullOrEmpty(replyAddress))
{
var reply = new RelyingPartyAddress
{
Address = replyAddress,
EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply);
}
client.SaveChanges(SaveChangesOptions.Batch);
}
private static void CreateWindowsLiveRules(ServiceManagementWrapper acsWrapper, RelyingPartyRuleGroup defaultRuleGroup)
{
Console.Write("Creating Windows Live ID mapping rules....");
var name = SocialIdentityProviders.WindowsLiveId.DisplayName;
// pass nameidentifier
acsWrapper.AddPassThroughRuleToRuleGroup(defaultRuleGroup.RuleGroup.Name, name, ClaimTypes.NameIdentifier);
// pass name
acsWrapper.AddPassThroughRuleToRuleGroup(defaultRuleGroup.RuleGroup.Name, name, ClaimTypes.NameIdentifier, ClaimTypes.Name);
Console.WriteLine("done.");
}
public static RelyingPartyRuleGroup CreateRelyingPartyRuleGroup(long ID, long relyingPartyId, long ruleGroupId, bool systemReserved)
{
RelyingPartyRuleGroup relyingPartyRuleGroup = new RelyingPartyRuleGroup();
relyingPartyRuleGroup.Id = ID;
relyingPartyRuleGroup.RelyingPartyId = relyingPartyId;
relyingPartyRuleGroup.RuleGroupId = ruleGroupId;
relyingPartyRuleGroup.SystemReserved = systemReserved;
return relyingPartyRuleGroup;
}
public void AddToRelyingPartyRuleGroups(RelyingPartyRuleGroup relyingPartyRuleGroup)
{
base.AddObject("RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
public void SaveChanges()
{
foreach (var segmentRuleGroup in this.ruleGroups)
{
if (segmentRuleGroup.RuleGroup == null)
{
segmentRuleGroup.RuleGroup = this.serviceClient.CreateRuleGroup(segmentRuleGroup.Uri.AbsoluteUri);
this.serviceClient.SaveChanges();
}
}
var ruleGroup = this.ruleGroups.Last().RuleGroup;
foreach (var accessControlRule in this.localRules)
{
if (accessControlRule.Deleted)
{
if (accessControlRule.Rule != null)
{
this.serviceClient.DeleteObject(accessControlRule.Rule);
}
}
else if (accessControlRule.Rule != null)
{
if (accessControlRule.PrepareChanges())
{
this.serviceClient.UpdateObject(accessControlRule.Rule);
}
}
else
{
this.serviceClient.CreateRule(
this.serviceClient.GetIssuerByName(accessControlRule.Condition.IssuerName),
accessControlRule.Condition.ClaimType,
accessControlRule.Condition.ClaimValue,
accessControlRule.Right.ClaimType,
accessControlRule.Right.ClaimValue,
ruleGroup,
accessControlRule.Description);
}
}
this.serviceClient.SaveChanges();
if (this.newRelyingPartyRequired)
{
var rpaddress = this.relyingPartyUri.AbsoluteUri;
var rp = this.serviceClient.GetRelyingPartyByName(rpaddress, true);
if (rp == null)
{
rp = new RelyingParty();
rp.DisplayName = rp.Name = rpaddress;
rp.Description = String.Empty;
rp.TokenLifetime = this.relyingParty.TokenLifetime;
rp.TokenType = this.relyingParty.TokenType;
rp.AsymmetricTokenEncryptionRequired = this.relyingParty.AsymmetricTokenEncryptionRequired;
this.serviceClient.AddToRelyingParties(rp);
}
if (rp.RelyingPartyAddresses.Count == 0)
{
var rpa = new RelyingPartyAddress {
Address = rpaddress, EndpointType = "Realm"
};
this.serviceClient.AddRelatedObject(rp, "RelyingPartyAddresses", rpa);
}
this.serviceClient.SaveChanges();
foreach (var segmentRuleGroup in this.ruleGroups)
{
var relyingPartyRuleGroup = new RelyingPartyRuleGroup();
relyingPartyRuleGroup.RelyingPartyId = rp.Id;
relyingPartyRuleGroup.RuleGroupId = segmentRuleGroup.RuleGroup.Id;
this.serviceClient.AddToRelyingPartyRuleGroups(relyingPartyRuleGroup);
}
this.serviceClient.SaveChanges();
}
else
{
foreach (var segmentRuleGroup in this.ruleGroups)
{
var grpid = segmentRuleGroup.RuleGroup.Id;
if (!this.relyingParty.RelyingPartyRuleGroups.Any(i => i.RuleGroupId == grpid))
{
var relyingPartyRuleGroup = new RelyingPartyRuleGroup();
relyingPartyRuleGroup.RelyingPartyId = this.relyingParty.Id;
relyingPartyRuleGroup.RuleGroupId = segmentRuleGroup.RuleGroup.Id;
this.serviceClient.AddToRelyingPartyRuleGroups(relyingPartyRuleGroup);
}
}
this.serviceClient.SaveChanges();
}
}