/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "Federation Sample RP"; const string rpRealm = "http://*****:*****@"..\..\..\Certificates\ACS2SigningCertificate.pfx", "password"); byte[] decryptionCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(@"..\..\..\Certificates\ACS2DecryptionCert.pfx", "password"); byte[] encryptionCertificate = new X509Certificate2(@"..\..\..\Certificates\WcfServiceCertificate.cer").RawData; svc.CreateRelyingPartyKey(relyingParty, signingCertificate, "password", RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true); svc.CreateRelyingPartyKey(relyingParty, encryptionCertificate, null, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Encrypting, true); svc.CreateIdentityProviderDecryptionKey(decryptionKeyName, decryptionCertificate, "password", true); svc.ImportIdentityProviderFromMetadataUrl(new Uri(IdentityProviderMetadataUrl)); svc.AssociateIdentityProvidersWithRelyingParties(new[] { svc.GetIdentityProviderByName(entityId) }, new[] { relyingParty }); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.GenerateRules(ruleGroup, new[] { svc.GetIdentityProviderByName(entityId) }); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET Simple MVC Sample"; const string rpRealm = "http://localhost:63000/"; const string rpErrorUrl = "http://localhost:63000/Error"; const string ruleGroupName = "Default rule group for ASPNET Simple MVC Sample"; const string googleIdpName = "Google"; const string yahooIdpName = "Yahoo!"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteRuleGroupByNameIfExists(ruleGroupName); svc.DeleteIdentityProviderIfExists(googleIdpName); svc.DeleteIdentityProviderIfExists(yahooIdpName); svc.SaveChangesBatch(); IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID"); IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud"); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth"); IdentityProvider[] associatedProviders = new[] { live, google, yahoo }; // // Create the relying party. In this case, the Realm and the ReplyTo are the same address. // RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SAML_2_0, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); // // Configure the error URL. // RelyingPartyAddress errorUrl = new RelyingPartyAddress() { Address = rpErrorUrl, EndpointType = RelyingPartyAddressType.Error.ToString() }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", errorUrl); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
static void Main(string[] args) { const string RPRealm = "http://ContosoContacts/"; const string RPName = "ContosoContacts"; const string RuleGroupName = "Default rule group for ContosoContacts"; const string googleIdpName = "Google"; const string yahooIdpName = "Yahoo!"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(RPRealm); svc.DeleteRuleGroupByNameIfExists(RuleGroupName); svc.DeleteIdentityProviderIfExists(googleIdpName); svc.DeleteIdentityProviderIfExists(yahooIdpName); svc.SaveChangesBatch(); // // Create Google and Yahoo! as identity providers. LiveID is already configured. // IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID"); IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud"); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth"); IdentityProvider[] associatedProviders = new[] { live, google, yahoo }; // // Create the relying party and its associated key. // RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true); Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value)); RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample configured successfully. Press <ENTER> to exit..."); Console.ReadLine(); }
/// <summary> /// Adds a relying party /// </summary> private static void AddRelyingParty(string relyingPartyName) { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); RelyingParty relyingParty = svc.CreateRelyingParty(relyingPartyName, "http://localhost", "http://localhost", RelyingPartyTokenType.SAML_2_0, false); // Associate this new relying party with all identity providers svc.AssociateIdentityProvidersWithRelyingParties(svc.IdentityProviders, new [] { relyingParty }); svc.SaveChangesBatch(); }
private static void CreateSampleWSFederationIdentityProvider(string identityProviderName) { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); DateTime startDate = DateTime.UtcNow; DateTime endDate = startDate.AddYears(1); // Signing certificates can be found in a WSFederation IdP's fed-metadata. const string signingCertFileName = "identitykey.cer"; IdentityProvider idp = svc.CreateWsFederationIdentityProvider(identityProviderName, X509Certificate.CreateFromCertFile(signingCertFileName).GetRawCertData(), startDate, endDate, "http://SampleIdentityProvider.com/sign-in/"); // Do not include the ACS Management Relying Party svc.AssociateIdentityProvidersWithRelyingParties(new[] { idp }, svc.RelyingParties.Where(rp => rp.Name != "AccessControlManagement")); svc.SaveChangesBatch(); }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET MVC3 Custom Sign-In Page Sample"; const string rpRealm = "http://localhost:64000/"; const string rpReplyTo = "http://localhost:64000/Account/SignIn"; const string facebookName = "Facebook"; const string yahooName = "Yahoo!"; const string defaultRuleGroupName = "Default rule group for ASPNET MVC3 Custom Sign-In Page Sample"; // Please update these with your own Facebook application information const string applicationId = "applicationid"; const string applicationSecret = "applicationsecret"; string facebookIdpName = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId); ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); // // Clean up pre-existing configuration // svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteRuleGroupByNameIfExists(defaultRuleGroupName); svc.DeleteIdentityProviderIfExists(facebookIdpName); svc.DeleteIdentityProviderIfExists(yahooName); svc.SaveChangesBatch(); // // Create Identity Providers // IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID");; IdentityProvider facebook = svc.CreateFacebookIdentityProvider(applicationId, applicationSecret, "email,user_events"); SetSignInInformation(svc, facebook, facebookName); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooName, "https://open.login.yahooapis.com/openid/op/auth"); SetSignInInformation(svc, yahoo, yahooName); IdentityProvider[] associatedProviders = new[] { live, facebook, yahoo }; // // Create Relying Party // RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpReplyTo, RelyingPartyTokenType.SAML_2_0, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); RuleGroup ruleGroup = svc.CreateRuleGroup(defaultRuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = string.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
static void Main(string[] args) { // // This is the OpenID identifier of the identity provider. // This could be changed to be any OpenID provider. // const string siteIdentifier = "myopenid.com"; const string providerName = "MyOpenID"; Console.WriteLine("Attempting OpenID discovery for identifier '{0}'", siteIdentifier); try { IdentityProviderYadisDocument discoveryDocument = OpenIdDiscovery.DiscoverIdentityProvider(siteIdentifier); if (discoveryDocument != null && !string.IsNullOrEmpty(discoveryDocument.OpenIdEndpoint)) { Console.WriteLine("Successfully discovered OpenID sign-in address: '{0}'.", discoveryDocument.OpenIdEndpoint); Console.WriteLine("Provider supports attribute exchange? {0}", discoveryDocument.SupportsAttributeExchange); // // OpenID discovery was successful. Add the discovered IdentityProvider to ACS. // ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteIdentityProviderIfExists(providerName); svc.SaveChangesBatch(); IdentityProvider idp = svc.CreateOpenIdIdentityProvider(providerName, discoveryDocument.OpenIdEndpoint); // // Associate this identity provider with all relying parties. // svc.AssociateIdentityProvidersWithRelyingParties(new[] { idp }, svc.RelyingParties.Where(rp => rp.Name != "AccessControlManagement")); svc.SaveChangesBatch(); Console.WriteLine("\nSuccessfully added identity provider '{0}' to ACS.", providerName); Console.WriteLine("Press ENTER to continue....\n"); Console.ReadLine(); // // Deleting the issuer also causes the identity provider and any associated objects to be deleted. // svc.DeleteObject(idp.Issuer); svc.SaveChanges(); Console.WriteLine("\nSuccessfully deleted identity provider."); } else { Console.WriteLine("OpenID discovery failed. Ensure that the identifier is valid."); } } catch (Exception e) { Console.WriteLine("Exception was thrown: " + e.ToString()); } Console.WriteLine("Done. Press ENTER to continue....\n"); Console.ReadLine(); }