/// <summary> /// Replace the IdentityProvider signing keys with a new set of keys from a metadata update. /// </summary> static void UpdateIdentityProviderMetadata() { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); Console.WriteLine(String.Format("Reading metadata from file '{0}'...\n", IDPMetadataForUpdate)); using (FileStream fileStream = new FileStream(IDPMetadataForUpdate, FileMode.Open)) { // // Note that this sample uses EntityID to correlate between the identity provider originally imported // and the identity provider to update. // EntityDescriptor metadata = ReadMetadata(fileStream); List <X509Certificate2> idpKeys = ExtractX509CertificatesFromMetadata <SecurityTokenServiceDescriptor>(metadata, KeyType.Signing); string issuerName = GetEntityName(metadata); IdentityProvider identityProvider = svc.GetIdentityProviderByName(issuerName, true); Console.WriteLine(String.Format("Updating metadata for issuer '{0}'...\n", issuerName)); // // For the sake of simplicity, the existing keys are simply deleted and new ones added. // Metadata contains more information such as endpoint addresses, claim types issued, etc. // Updating the remainder of these attributes is left as an exercise to the reader. // DeleteExistingIdentityProviderSigningKeys(svc, identityProvider); InsertIdentityProviderSigningKeysFromMetadata(svc, idpKeys, identityProvider); // // SaveChangesOptions.Batch guarantees a transaction across all operations prior to this call. This // is important because on a running service, the update must happen atomically or service calls may fail. // svc.SaveChangesBatch(); } }
static void Main(string[] args) { // // Create a SAML token signed with the given certificate // byte[] clientCertificateBytes = ManagementServiceHelper.ReadBytesFromPfxFile(ClientCertificateFilePath, ClientCertificatePassword); Saml2SecurityToken token = SelfSignedSaml2TokenGenerator.GetSamlAssertionSignedWithCertificate(ClientName, clientCertificateBytes, ClientCertificatePassword); // // Encode the SAML token into an OAuth request to ACS. // Dictionary <string, string> requestParameters = new Dictionary <string, string>(); requestParameters[OAuth2Constants.Scope] = ConfigurationManager.AppSettings.Get("RelyingPartyScope"); requestParameters[OAuth2Constants.GrantType] = WifTokenTypes.Saml2TokenProfile11; requestParameters[OAuth2Constants.Assertion] = GetSaml2TokenString(token); Dictionary <string, string> acsResponse = GetOAuth2ResponseFromAcs(requestParameters); // // Pass the access token returned by ACS to the protected resource. // Console.WriteLine(GetProtectedResource(acsResponse[OAuth2Constants.AccessToken])); Console.WriteLine("Press <ENTER> to exit..."); Console.ReadLine(); }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "Federation Sample RP"; const string rpRealm = "http://*****:*****@"..\..\..\Certificates\ACS2SigningCertificate.pfx", "password"); byte[] decryptionCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(@"..\..\..\Certificates\ACS2DecryptionCert.pfx", "password"); byte[] encryptionCertificate = new X509Certificate2(@"..\..\..\Certificates\WcfServiceCertificate.cer").RawData; svc.CreateRelyingPartyKey(relyingParty, signingCertificate, "password", RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true); svc.CreateRelyingPartyKey(relyingParty, encryptionCertificate, null, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Encrypting, true); svc.CreateIdentityProviderDecryptionKey(decryptionKeyName, decryptionCertificate, "password", true); svc.ImportIdentityProviderFromMetadataUrl(new Uri(IdentityProviderMetadataUrl)); svc.AssociateIdentityProvidersWithRelyingParties(new[] { svc.GetIdentityProviderByName(entityId) }, new[] { relyingParty }); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.GenerateRules(ruleGroup, new[] { svc.GetIdentityProviderByName(entityId) }); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
/// <summary> /// Replace the RelyingParty encryption keys with a new set of keys from a metadata update. /// </summary> static void UpdateRelyingPartyMetadata() { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); Console.WriteLine(String.Format("Reading metadata from file '{0}'...\n", RPMetadataForUpdate)); using (FileStream fileStream = new FileStream(RPMetadataForUpdate, FileMode.Open)) { // // Note that this sample uses EntityID to correlate between the relying party originally imported // and the relying party to update. // EntityDescriptor metadata = ReadMetadata(fileStream); List <X509Certificate2> rpKeys = ExtractX509CertificatesFromMetadata <ApplicationServiceDescriptor>(metadata, KeyType.Encryption); string relyingPartyName = GetEntityName(metadata); RelyingParty relyingParty = svc.GetRelyingPartyByName(relyingPartyName, true); Console.WriteLine(String.Format("Updating metadata for relying party '{0}'...\n", relyingPartyName)); // // For the purposes of this sample, the existing keys are simply deleted and new ones added. // Metadata contains more information such as endpoint addresses. // Updating the remainder of these attributes is left as an exercise to the reader. // DeleteExistingRelyingPartyEncryptingKeys(svc, relyingParty); InsertRelyingPartyEncryptingKeysFromMetadata(svc, rpKeys, relyingParty); // // SaveChangesOptions.Batch guarantees a transaction across all operations prior to this call. This // is important because on a running service, the update must happen atomically or service calls may fail. // svc.SaveChangesBatch(); } }
private ManagementService GetAccessControlManagementService(string ns, string acs, string acsSecret) { var acsConfig = new AccessControlConfiguration(ns, acs, acsSecret); var mgmtService = new ManagementServiceHelper(acsConfig); return(mgmtService.CreateManagementServiceClient()); }
/// <summary> /// CRUD for service key of 'X509Certificate' key type. /// </summary> private static void CertificateServiceKeyCRUD() { string displayName = "Certificate for signing tokens to RPs"; // Add a signing certificate. { string pfxFileName = "SampleCert.pfx"; string protectionPassword = @"pass@word1"; byte[] signingCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(pfxFileName, protectionPassword); EnumerateServiceKeys(); DeleteServiceKeyByDisplayNameIfExists(displayName); EnumerateServiceKeys(); AddServiceKey(displayName, signingCertificate, protectionPassword, ServiceKeyType.X509Certificate, ServiceKeyUsage.Signing); EnumerateServiceKeys(); } // Update and delete the signing certificate. { string pfxFileName2 = "TenantSigningCert.pfx"; string protectionPassword2 = @"TenantSigningCert"; byte[] updatedSigningCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(pfxFileName2, protectionPassword2); UpdateServiceKey(displayName, updatedSigningCertificate, protectionPassword2, ServiceKeyType.X509Certificate); EnumerateServiceKeys(); DeleteServiceKeyByDisplayNameIfExists(displayName); EnumerateServiceKeys(); } }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET Simple MVC Sample"; const string rpRealm = "http://localhost:63000/"; const string rpErrorUrl = "http://localhost:63000/Error"; const string ruleGroupName = "Default rule group for ASPNET Simple MVC Sample"; const string googleIdpName = "Google"; const string yahooIdpName = "Yahoo!"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteRuleGroupByNameIfExists(ruleGroupName); svc.DeleteIdentityProviderIfExists(googleIdpName); svc.DeleteIdentityProviderIfExists(yahooIdpName); svc.SaveChangesBatch(); IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID"); IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud"); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth"); IdentityProvider[] associatedProviders = new[] { live, google, yahoo }; // // Create the relying party. In this case, the Realm and the ReplyTo are the same address. // RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SAML_2_0, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); // // Configure the error URL. // RelyingPartyAddress errorUrl = new RelyingPartyAddress() { Address = rpErrorUrl, EndpointType = RelyingPartyAddressType.Error.ToString() }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", errorUrl); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
static void DeleteServiceIdentity(string name) { AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey); ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings); serviceClient.DeleteServiceIdentityIfExists(name); serviceClient.SaveChanges(); Console.WriteLine("Deleted."); }
static void Main(string[] args) { const string RPRealm = "http://ContosoContacts/"; const string RPName = "ContosoContacts"; const string RuleGroupName = "Default rule group for ContosoContacts"; const string googleIdpName = "Google"; const string yahooIdpName = "Yahoo!"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(RPRealm); svc.DeleteRuleGroupByNameIfExists(RuleGroupName); svc.DeleteIdentityProviderIfExists(googleIdpName); svc.DeleteIdentityProviderIfExists(yahooIdpName); svc.SaveChangesBatch(); // // Create Google and Yahoo! as identity providers. LiveID is already configured. // IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID"); IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud"); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth"); IdentityProvider[] associatedProviders = new[] { live, google, yahoo }; // // Create the relying party and its associated key. // RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true); Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value)); RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample configured successfully. Press <ENTER> to exit..."); Console.ReadLine(); }
/// <summary> /// Update the service key value and the protection password. /// </summary> private static void UpdateServiceKey(string displayName, byte[] keyValue, string protectionPassword, ServiceKeyType keyType) { UTF8Encoding enc = new UTF8Encoding(); ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); ServiceKey serviceKey = svc.ServiceKeys.Where(sk => sk.DisplayName == displayName && sk.Type == keyType.ToString()).First(); serviceKey.Value = keyValue; serviceKey.Password = string.IsNullOrEmpty(protectionPassword) ? null : enc.GetBytes(protectionPassword); svc.UpdateObject(serviceKey); svc.SaveChangesBatch(); }
private static void CreateIdentityProviderWithRules() { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); // Create Identity Provider var issuer = CreateIdpManually(DateTime.UtcNow, DateTime.UtcNow.AddYears(1), svc, "SelfSTS2", "SelfSTS2", "http://localhost:9000/STS/Issue/", "IdentityTKStsCertForSigning"); // Add the Rules string ruleGroupname = "Default Rule Group for WebSiteAdvancedACS"; AddRulesToRuleGroup(ruleGroupname, issuer.Name); Console.WriteLine("Done!"); }
/// <summary> /// Enumerate all service keys. /// </summary> private static void EnumerateServiceKeys() { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); Console.WriteLine("Service Keys:\n"); foreach (ServiceKey key in svc.ServiceKeys) { Console.WriteLine("Name : " + key.DisplayName); Console.WriteLine("Type : " + key.Type); Console.WriteLine("Password : "******"" : Encoding.UTF8.GetString(key.Password))); Console.WriteLine("Usage : " + key.Usage); Console.WriteLine("Key : " + Convert.ToBase64String(key.Value) + "\n"); } }
/// <summary> /// Delete a service key by its display name. /// </summary> private static void DeleteServiceKeyByDisplayNameIfExists(string displayName) { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); IQueryable <ServiceKey> serviceKeys = svc.ServiceKeys.Where(e => e.DisplayName == displayName); if (serviceKeys.Count() != 0) { foreach (ServiceKey sk in serviceKeys) { svc.DeleteObject(sk); } svc.SaveChangesBatch(); } }
static void GetServiceIdentity(string name) { AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey); ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings); ServiceIdentity si = serviceClient.GetServiceIdentityByName(name); if (si != null) { ServiceIdentityKey symmKey = (from sk in si.ServiceIdentityKeys where sk.Type == ServiceIdentityKeyType.Symmetric.ToString() select sk).FirstOrDefault(); if (symmKey != null) { Console.WriteLine("Name: {0}\nKey: {1}", si.Name, Convert.ToBase64String(symmKey.Value)); return; } } Console.Error.WriteLine("Service identity '{0}' not found or key not found", name); }
/// <summary> /// Import the relying party from metadata using a call to the management service. /// </summary> static void ImportRelyingPartyMetadata() { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); Console.WriteLine(String.Format("Reading metadata from file '{0}'...\n", RPMetadataForImport)); using (FileStream fileStream = new FileStream(RPMetadataForImport, FileMode.Open)) { EntityDescriptor metadata = ReadMetadata(fileStream); string relyingPartyName = GetEntityName(metadata); svc.DeleteRelyingPartyByNameIfExists(relyingPartyName); svc.SaveChangesBatch(); // Import the relying party from metadata. Console.WriteLine(String.Format("Importing metadata for relying party '{0}'...\n", relyingPartyName)); fileStream.Seek(0, SeekOrigin.Begin); svc.ImportRelyingPartyFromStream(fileStream); } }
/// <summary> /// Import the identity provider from metadata using a call to the management service. /// </summary> static void ImportIdentityProviderMetadata() { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); Console.WriteLine(String.Format("Reading metadata from file '{0}'...\n", IDPMetadataForImport)); using (FileStream fileStream = new FileStream(IDPMetadataForImport, FileMode.Open)) { EntityDescriptor metadata = ReadMetadata(fileStream); string issuerName = GetEntityName(metadata); svc.DeleteIdentityProviderIfExists(issuerName); svc.SaveChangesBatch(); // Import the identity provider from metadata. Console.WriteLine(String.Format("Importing metadata for issuer '{0}'...\n", issuerName)); fileStream.Seek(0, SeekOrigin.Begin); svc.ImportIdentityProviderFromStream(fileStream); } }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "Certificate Binding Sample RP"; const string rpRealm = "http://*****:*****@"..\..\..\Certificates\ACS2SigningCertificate.pfx", "password"); byte[] encryptionCertificate = new X509Certificate2(@"..\..\..\Certificates\WcfServiceCertificate.cer").RawData; svc.CreateRelyingPartyKey(relyingParty, signingCertificate, "password", RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true); svc.CreateRelyingPartyKey(relyingParty, encryptionCertificate, null, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Encrypting, true); byte[] clientCertificate = new X509Certificate2(@"..\..\..\Certificates\ACS2ClientCertificate.cer").RawData; svc.CreateServiceIdentity(serviceIdentityName, clientCertificate, ServiceIdentityKeyType.X509Certificate, ServiceIdentityKeyUsage.Signing); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Add a rule to pass through all ACS-issued claims. These are represented by an issuer called "LOCAL AUTHORITY" // Null input and output claim types and values mean to pass-through all. // svc.CreateRule(svc.GetIssuerByName("LOCAL AUTHORITY"), null, null, null, null, ruleGroup, "Pass through all claims issued by ACS."); svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
/// <summary> /// Add a service key. /// </summary> private static void AddServiceKey(string displayName, byte[] keyValue, string protectionPassword, ServiceKeyType keyType, ServiceKeyUsage keyUsage) { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); UTF8Encoding enc = new UTF8Encoding(); ServiceKey serviceKey = new ServiceKey() { DisplayName = displayName, Type = keyType.ToString(), Usage = keyUsage.ToString(), Value = keyValue, Password = string.IsNullOrEmpty(protectionPassword) ? null : enc.GetBytes(protectionPassword), StartDate = defaultStartTime, EndDate = defaultEndTime }; svc.AddToServiceKeys(serviceKey); svc.SaveChangesBatch(); }
static void Main(string[] args) { const string ClientName = "OAuth2SampleX509Identity"; const string RPRealm = "https://oauth2RelyingParty/"; const string RPName = "OAuth2 RP"; const string RuleGroupName = "Default rule group for OAuth2 RP"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteServiceIdentityIfExists(ClientName); svc.DeleteRelyingPartyByRealmIfExists(RPRealm); svc.DeleteRuleGroupByNameIfExists(RuleGroupName); svc.SaveChangesBatch(); X509Certificate2 clientCertificate = new X509Certificate2(@"..\..\..\Certificates\ACS2ClientCertificate.cer"); svc.CreateServiceIdentity(ClientName, clientCertificate.RawData, ServiceIdentityKeyType.X509Certificate, ServiceIdentityKeyUsage.Signing); RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true); Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value)); Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY"); RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); svc.CreateRule(localAuthority, null, null, null, null, ruleGroup, "Pass through claims issued by ACS"); svc.SaveChangesBatch(); Console.WriteLine("Sample configured successfully. Press <ENTER> to exit..."); Console.ReadLine(); }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET Simple Service"; const string rpRealm = "http://localhost:8000/Service/"; const string serviceIdentityName = "acssample"; const string serviceIdentityPassword = "******"; const string ruleGroupName = "Default rule group for ASPNET Simple Service"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteServiceIdentityIfExists(serviceIdentityName); svc.DeleteRuleGroupByNameIfExists(ruleGroupName); svc.SaveChangesBatch(); RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SWT, false); RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.UtcNow.AddYears(1), true); Console.WriteLine("Generated symmetric key value: {0}", Convert.ToBase64String(relyingPartyKey.Value)); svc.CreateServiceIdentity(serviceIdentityName, Encoding.UTF8.GetBytes(serviceIdentityPassword), ServiceIdentityKeyType.Password, ServiceIdentityKeyUsage.Password); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Add a rule to issue the "action=reverse" claim. // svc.CreateRule(svc.GetIssuerByName("LOCAL AUTHORITY"), null, null, "action", "reverse", ruleGroup, "Issue action=reverse claim."); svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET MVC3 Custom Sign-In Page Sample"; const string rpRealm = "http://localhost:64000/"; const string rpReplyTo = "http://localhost:64000/Account/SignIn"; const string facebookName = "Facebook"; const string yahooName = "Yahoo!"; const string defaultRuleGroupName = "Default rule group for ASPNET MVC3 Custom Sign-In Page Sample"; // Please update these with your own Facebook application information const string applicationId = "applicationid"; const string applicationSecret = "applicationsecret"; string facebookIdpName = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId); ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); // // Clean up pre-existing configuration // svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteRuleGroupByNameIfExists(defaultRuleGroupName); svc.DeleteIdentityProviderIfExists(facebookIdpName); svc.DeleteIdentityProviderIfExists(yahooName); svc.SaveChangesBatch(); // // Create Identity Providers // IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID");; IdentityProvider facebook = svc.CreateFacebookIdentityProvider(applicationId, applicationSecret, "email,user_events"); SetSignInInformation(svc, facebook, facebookName); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooName, "https://open.login.yahooapis.com/openid/op/auth"); SetSignInInformation(svc, yahoo, yahooName); IdentityProvider[] associatedProviders = new[] { live, facebook, yahoo }; // // Create Relying Party // RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpReplyTo, RelyingPartyTokenType.SAML_2_0, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); RuleGroup ruleGroup = svc.CreateRuleGroup(defaultRuleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = string.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
/// <summary> /// Add the Rules into a Rule Group. /// </summary> private static void AddRulesToRuleGroup(string ruleGroupName, string issuerName) { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); RuleGroup rg = svc.RuleGroups.AddQueryOption("$filter", "Name eq '" + ruleGroupName + "'").FirstOrDefault(); Issuer issuer = svc.Issuers.Where(i => i.Name == issuerName).ToArray()[0]; Rule namePassthroughRule = new Rule() { Issuer = issuer, IssuerId = issuer.Id, // InputClaimIssuerId = issuer.Id, InputClaimType = "http://www.theselfsts2.net/claims/nome", OutputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", RuleGroup = rg, Description = "Passthrough \"nome\" claim from SelfSTS2 as \"name\"" }; svc.AddRelatedObject(rg, "Rules", namePassthroughRule); Rule emailPassthroughRule = new Rule() { Issuer = issuer, IssuerId = issuer.Id, InputClaimType = "http://www.theselfsts2.net/claims/postaelettronica", OutputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", RuleGroup = rg, Description = "Passthrough \"postaelettronica\" claim from SelfSTS2 as \"emailaddress\"" }; svc.AddRelatedObject(rg, "Rules", emailPassthroughRule); Rule goldenRule = new Rule() { Issuer = issuer, IssuerId = issuer.Id, InputClaimType = "http://www.theselfsts2.net/claims/gruppo", InputClaimValue = "Amministratori", OutputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role", OutputClaimValue = "Gold", RuleGroup = rg, Description = "Map Gold Role SelfSTS2" }; svc.AddRelatedObject(rg, "Rules", goldenRule); Rule silverRule = new Rule() { Issuer = issuer, IssuerId = issuer.Id, InputClaimType = "http://www.theselfsts2.net/claims/gruppo", InputClaimValue = "Utenti", OutputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role", OutputClaimValue = "Silver", RuleGroup = rg, Description = "Map Silver Role SelfSTS2" }; svc.AddRelatedObject(rg, "Rules", silverRule); svc.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine(); Console.WriteLine("-----------------------------------"); Console.WriteLine("Info: Passthrough Rules:"); Console.WriteLine("Info: Passthrough Name Rule created: {0}", namePassthroughRule.Description); Console.WriteLine("Info: Passthrough Email Rule created: {0}", emailPassthroughRule.Description); Console.WriteLine(); Console.WriteLine("-----------------------------------"); Console.WriteLine("Info: Roles Rules:"); Console.WriteLine("Info: Golden Rule created: {0}", goldenRule.Description); Console.WriteLine("Info: Silver Rule created: {0}", silverRule.Description); }