/// <summary> /// Creates a new <see cref = " RelyingParty" />. /// </summary> /// <param name = "name">Name of this new <see cref = " RelyingParty" />.</param> /// <param name = "realm">Realm of the relying party.</param> /// <param name = "reply">ReplyTo address for the relying party. May be null.</param> /// <param name = "tokenType">The type of token that the relying party consumes.</param> /// <param name = "requireEncryption">Whether to require asymmetric token encryption.</param> /// <returns>The new <see cref = " RelyingParty" /> created.</returns> public static RelyingParty CreateRelyingParty( this ManagementService svc, string name, string realm, string reply, RelyingPartyTokenType tokenType, bool requireEncryption) { svc.DeleteRelyingPartyByRealmIfExists(realm); var relyingParty = new RelyingParty { AsymmetricTokenEncryptionRequired = requireEncryption, Name = name, TokenType = tokenType.ToString(), TokenLifetime = 3600, }; svc.AddToRelyingParties(relyingParty); // // Create the Realm address // var realmAddress = new RelyingPartyAddress { Address = realm, EndpointType = RelyingPartyAddressType.Realm.ToString(), }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realmAddress); if (!string.IsNullOrEmpty(reply)) { // // Create the ReplyTo address // var replyAddress = new RelyingPartyAddress { Address = reply, EndpointType = RelyingPartyAddressType.Reply.ToString(), }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", replyAddress); } return(relyingParty); }
public void ExecuteCmdletBase(PSCmdlet callingCmdlet) { ManagementService client = CreateManagementServiceClient(); var relyingParties = client.RelyingParties; if (relyingParties != null) { foreach (var relyingParty in relyingParties) { string name = relyingParty.Name; if (name == RelyingParty) { RelyingPartyAddress address = new RelyingPartyAddress(); address.Address = RelyingPartyRelayAddress; address.EndpointType = "Reply"; client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", address); client.SaveChanges(SaveChangesOptions.Batch); } } } else { throw new Exception("Failed to get the Relying Parties list from the ACS Management Service."); } }
/// <summary> /// Configures the ACS service namespace with the proper objects for this sample. /// </summary> /// <remarks> /// Existing objects that are needed for this sample will be deleted and recreated. /// </remarks> static void Main(string[] args) { const string rpName = "ASPNET Simple MVC Sample"; const string rpRealm = "http://localhost:63000/"; const string rpErrorUrl = "http://localhost:63000/Error"; const string ruleGroupName = "Default rule group for ASPNET Simple MVC Sample"; const string googleIdpName = "Google"; const string yahooIdpName = "Yahoo!"; ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); svc.DeleteRelyingPartyByRealmIfExists(rpRealm); svc.DeleteRuleGroupByNameIfExists(ruleGroupName); svc.DeleteIdentityProviderIfExists(googleIdpName); svc.DeleteIdentityProviderIfExists(yahooIdpName); svc.SaveChangesBatch(); IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID"); IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud"); IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth"); IdentityProvider[] associatedProviders = new[] { live, google, yahoo }; // // Create the relying party. In this case, the Realm and the ReplyTo are the same address. // RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SAML_2_0, false); svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty }); // // Configure the error URL. // RelyingPartyAddress errorUrl = new RelyingPartyAddress() { Address = rpErrorUrl, EndpointType = RelyingPartyAddressType.Error.ToString() }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", errorUrl); RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName); svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty); // // Create simple rules to pass through all claims from each issuer. // foreach (IdentityProvider identityProvider in associatedProviders) { string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name); svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription); } svc.SaveChangesBatch(); Console.WriteLine("Sample successfully configured. Press ENTER to continue ..."); Console.ReadLine(); }
/// <summary> /// Deletes a RelyingParty having the given name, if it exists. /// </summary> public static void DeleteRelyingPartyByRealmIfExists(this ManagementService svc, string realm) { // Retrieve Relying Party and then delete it if it exists. RelyingPartyAddress rpAddress = svc.RelyingPartyAddresses.Expand("RelyingParty").Where(addr => addr.Address == realm && addr.EndpointType == RelyingPartyAddressType.Realm.ToString()).FirstOrDefault(); if (rpAddress != null) { svc.DeleteObject(rpAddress.RelyingParty); } }
static void DisplayRelyingPartyAddress(RelyingPartyAddress relyingPartyAddress) { if (relyingPartyAddress != null) { Console.WriteLine("\tRelying Party Address (Id = {0})\n", relyingPartyAddress.Id); Console.WriteLine("\t\tId = {0}\n", relyingPartyAddress.Id); Console.WriteLine("\t\tAddress = {0}\n", relyingPartyAddress.Address); Console.WriteLine("\t\tEndpointType = {0}\n", relyingPartyAddress.EndpointType); } }
public void AddRelyingPartyWithKey(string relyingPartyName, string realmAddress, string replyAddress, byte[] symmetricKey, TokenType tokenType, int tokenLifetime, byte[] signingCert, string signingCertPassword, DateTime?signingStartDate, DateTime?signingEndDate, byte[] encryptionCert, string ruleGroupName, string[] allowedIdentityProviders) { try { var client = this.CreateManagementServiceClient(); var defaultStartDate = DateTime.UtcNow; var defaultEndDate = defaultStartDate.AddYears(1); var asymmetricTokenEncryptionRequired = encryptionCert != null; RelyingParty relyingParty; CreateRelyingParty(client, relyingPartyName, ruleGroupName, realmAddress, string.Empty, tokenType, tokenLifetime, asymmetricTokenEncryptionRequired, out relyingParty); // Create the Reply for Relying Party var reply = new RelyingPartyAddress { Address = replyAddress, EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(), RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply); client.SaveChanges(); if (signingCert != null) { AddSigningKeyToRelyingParty(client, relyingPartyName, signingCert, signingCertPassword, signingStartDate.Value, signingEndDate.Value, relyingParty); } if (symmetricKey != null) { AddSigningKeyToRelyingParty(client, relyingPartyName, symmetricKey, defaultStartDate, defaultEndDate, relyingParty); } if (asymmetricTokenEncryptionRequired) { AddEncryptionKeyToRelyingParty(client, relyingPartyName, encryptionCert, defaultStartDate, defaultEndDate, relyingParty); } client.SaveChanges(); AddIdentityProviderToRelyingParty(client, allowedIdentityProviders, relyingParty); } catch (Exception ex) { throw TryGetExceptionDetails(ex); } }
public static RelyingParty AddRelyingParty(this ManagementService svc, Uri realm, string relyingPartyName, DateTime startDate, DateTime endDate, byte[] tokenSigningKey, int tokenLifetime) { Contract.Requires(svc != null); Contract.Requires(realm != null); Contract.Requires(realm.IsAbsoluteUri); Contract.Requires(realm.AbsolutePath == "/"); Contract.Requires(!string.IsNullOrWhiteSpace(relyingPartyName)); Contract.Requires(startDate != default(DateTime)); Contract.Requires(endDate > startDate); Contract.Requires(tokenSigningKey != null); Contract.Requires(tokenLifetime >= 1); var relyingParty = new RelyingParty() { Name = relyingPartyName, AsymmetricTokenEncryptionRequired = false, TokenType = "SWT", TokenLifetime = tokenLifetime }; svc.AddToRelyingParties(relyingParty); var relyingPartyAddress = new RelyingPartyAddress() { Address = realm.AbsoluteUri, EndpointType = "Realm" }; svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", relyingPartyAddress); var relyingPartyKey = new RelyingPartyKey() { StartDate = startDate, EndDate = endDate, Type = "Symmetric", Usage = "Signing", IsPrimary = true, Value = tokenSigningKey }; svc.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey); svc.SaveChanges(SaveChangesOptions.Batch); return(relyingParty); }
static void UpdateSampleRelyingParty(string relyingPartyName) { ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); // Retrieve Relying Party and then delete it RelyingParty relyingParty = svc.RelyingParties.Expand("RelyingPartyAddresses").Where(m => m.Name == relyingPartyName).FirstOrDefault(); if (relyingParty != null) { // update DisplayName relyingParty.DisplayName = "TestRelyingPartyNewDisplayName"; //update Realm RelyingPartyAddress realm = relyingParty.RelyingPartyAddresses.Where(m => m.EndpointType == "Realm").FirstOrDefault(); if (realm != null) { realm.Address = "http://TestRelyingParty/NewRealm"; svc.UpdateObject(realm); } svc.UpdateObject(relyingParty); svc.SaveChangesBatch(); } }
public static AccessControlList GetAccessControlList(Uri relyingPartyUri, AccessControlSettings settings) { string localPath = relyingPartyUri.LocalPath; relyingPartyUri = new UriBuilder(relyingPartyUri) { Scheme = "http", Port = -1, Path = localPath.Substring(0, localPath.EndsWith("/") ? localPath.Length - 1 : localPath.Length) }.Uri; string relyingPartyAddress = relyingPartyUri.AbsoluteUri; ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings); RelyingPartyAddress longestPrefixRpAddress = GetLongestPrefixRelyingPartyAddress(serviceClient, relyingPartyAddress); if (longestPrefixRpAddress != null) { RelyingParty relyingParty = GetRelyingPartyByAddress(serviceClient, longestPrefixRpAddress); if (relyingParty != null) { return(new AccessControlList(relyingPartyUri, relyingParty, serviceClient)); } } throw new InvalidOperationException(); }
private static void CreateRelyingParty(ManagementService client, string relyingPartyName, string ruleGroupName, string realmAddress, string replyAddress, TokenType tokenType, int tokenLifetime, bool asymmetricTokenEncryptionRequired, out RelyingParty relyingParty) { // Create Relying Party relyingParty = new RelyingParty { Name = relyingPartyName, DisplayName = relyingPartyName, Description = relyingPartyName, TokenType = tokenType.ToString(), TokenLifetime = tokenLifetime, AsymmetricTokenEncryptionRequired = asymmetricTokenEncryptionRequired }; client.AddObject("RelyingParties", relyingParty); client.SaveChanges(); if (!string.IsNullOrWhiteSpace(ruleGroupName)) { RuleGroup ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(ruleGroupName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault(); if (ruleGroup == null) { ruleGroup = new RuleGroup { Name = ruleGroupName }; client.AddToRuleGroups(ruleGroup); client.SaveChanges(); } var relyingPartyRuleGroup = new RelyingPartyRuleGroup { RuleGroupId = ruleGroup.Id, RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup); } // Create the Realm for Relying Party var realm = new RelyingPartyAddress { Address = realmAddress, EndpointType = RelyingPartyAddressEndpointType.Realm.ToString(), RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realm); if (!string.IsNullOrEmpty(replyAddress)) { var reply = new RelyingPartyAddress { Address = replyAddress, EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(), RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply); } client.SaveChanges(SaveChangesOptions.Batch); }
static RelyingParty GetRelyingPartyByAddress(ManagementService serviceClient, RelyingPartyAddress longestPrefixRpAddress) { return((from rp in serviceClient.RelyingParties.Expand("RelyingPartyAddresses,RelyingPartyIdentityProviders,RelyingPartyRuleGroups") where rp.Id == longestPrefixRpAddress.RelyingPartyId select rp).FirstOrDefault()); }
public static RelyingPartyAddress CreateRelyingPartyAddress(long ID, long relyingPartyId, bool systemReserved) { RelyingPartyAddress relyingPartyAddress = new RelyingPartyAddress(); relyingPartyAddress.Id = ID; relyingPartyAddress.RelyingPartyId = relyingPartyId; relyingPartyAddress.SystemReserved = systemReserved; return relyingPartyAddress; }
public void AddToRelyingPartyAddresses(RelyingPartyAddress relyingPartyAddress) { base.AddObject("RelyingPartyAddresses", relyingPartyAddress); }
public void SaveChanges() { foreach (var segmentRuleGroup in this.ruleGroups) { if (segmentRuleGroup.RuleGroup == null) { segmentRuleGroup.RuleGroup = this.serviceClient.CreateRuleGroup(segmentRuleGroup.Uri.AbsoluteUri); this.serviceClient.SaveChanges(); } } var ruleGroup = this.ruleGroups.Last().RuleGroup; foreach (var accessControlRule in this.localRules) { if (accessControlRule.Deleted) { if (accessControlRule.Rule != null) { this.serviceClient.DeleteObject(accessControlRule.Rule); } } else if (accessControlRule.Rule != null) { if (accessControlRule.PrepareChanges()) { this.serviceClient.UpdateObject(accessControlRule.Rule); } } else { this.serviceClient.CreateRule( this.serviceClient.GetIssuerByName(accessControlRule.Condition.IssuerName), accessControlRule.Condition.ClaimType, accessControlRule.Condition.ClaimValue, accessControlRule.Right.ClaimType, accessControlRule.Right.ClaimValue, ruleGroup, accessControlRule.Description); } } this.serviceClient.SaveChanges(); if (this.newRelyingPartyRequired) { var rpaddress = this.relyingPartyUri.AbsoluteUri; var rp = this.serviceClient.GetRelyingPartyByName(rpaddress, true); if (rp == null) { rp = new RelyingParty(); rp.DisplayName = rp.Name = rpaddress; rp.Description = String.Empty; rp.TokenLifetime = this.relyingParty.TokenLifetime; rp.TokenType = this.relyingParty.TokenType; rp.AsymmetricTokenEncryptionRequired = this.relyingParty.AsymmetricTokenEncryptionRequired; this.serviceClient.AddToRelyingParties(rp); } if (rp.RelyingPartyAddresses.Count == 0) { var rpa = new RelyingPartyAddress { Address = rpaddress, EndpointType = "Realm" }; this.serviceClient.AddRelatedObject(rp, "RelyingPartyAddresses", rpa); } this.serviceClient.SaveChanges(); foreach (var segmentRuleGroup in this.ruleGroups) { var relyingPartyRuleGroup = new RelyingPartyRuleGroup(); relyingPartyRuleGroup.RelyingPartyId = rp.Id; relyingPartyRuleGroup.RuleGroupId = segmentRuleGroup.RuleGroup.Id; this.serviceClient.AddToRelyingPartyRuleGroups(relyingPartyRuleGroup); } this.serviceClient.SaveChanges(); } else { foreach (var segmentRuleGroup in this.ruleGroups) { var grpid = segmentRuleGroup.RuleGroup.Id; if (!this.relyingParty.RelyingPartyRuleGroups.Any(i => i.RuleGroupId == grpid)) { var relyingPartyRuleGroup = new RelyingPartyRuleGroup(); relyingPartyRuleGroup.RelyingPartyId = this.relyingParty.Id; relyingPartyRuleGroup.RuleGroupId = segmentRuleGroup.RuleGroup.Id; this.serviceClient.AddToRelyingPartyRuleGroups(relyingPartyRuleGroup); } } this.serviceClient.SaveChanges(); } }