public static CertificatePlainConf ToPlainConf(this CertificateElement element)
{
return(new CertificatePlainConf(
element.Id,
element.FilePath,
element.Password,
element.Domains
.Cast <DomainElement>()
.Select(x => x.ToPlainConf())
.ToArray()));
}
private static void WriteIdPSettings(string samlLoginUrl, string samlThumbprint, string idp, IdentityProviderElement newProvider, CertificateElement newCert)
{
var providerReadonly = typeof(IdentityProviderElement).GetField("isReadOnly", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);
providerReadonly.SetValue(newProvider, false);
var providerIndexer = typeof(IdentityProviderElement).GetProperties(System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)
.First(p => p.GetIndexParameters().Select(i => i.ParameterType).SequenceEqual(new[] { typeof(string) }));
providerIndexer.SetValue(newProvider, idp, new[] { "entityId" });
providerIndexer.SetValue(newProvider, new System.Uri(samlLoginUrl), new[] { "signOnUrl" });
providerIndexer.SetValue(newProvider, true, new[] { "allowUnsolicitedAuthnResponse" });
providerIndexer.SetValue(newProvider, Saml2BindingType.HttpRedirect, new[] { "binding" });
var certReadonly = typeof(CertificateElement).GetField("isReadOnly", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);
certReadonly.SetValue(newCert, false);
var certIndexer = typeof(IdentityProviderElement).GetProperties(System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)
.First(p => p.GetIndexParameters().Select(i => i.ParameterType).SequenceEqual(new[] { typeof(string) }));
certIndexer.SetValue(newCert, StoreName.My, new[] { "storeName" });
certIndexer.SetValue(newCert, StoreLocation.CurrentUser, new[] { "storeLocation" });
certIndexer.SetValue(newCert, X509FindType.FindByThumbprint, new[] { "x509FindType" });
certIndexer.SetValue(newCert, samlThumbprint, new[] { "findValue" });
providerIndexer.SetValue(newProvider, newCert, new[] { "signingCertificate" });
}
public static string SetIdpConfiguration(Context context, int tenantId, bool startup = false)
{
var contractSettings = TenantUtilities.GetContractSettings(context, tenantId);
if (contractSettings == null ||
contractSettings.SamlCompanyCode.IsNullOrEmpty() ||
contractSettings.SamlLoginUrl.IsNullOrEmpty() ||
contractSettings.SamlThumbprint.IsNullOrEmpty())
{
return(null);
}
if (!FindCert(context, contractSettings.SamlThumbprint))
{
return(null);
}
try
{
var section = (SustainsysSaml2Section)ConfigurationManager.GetSection("sustainsys.saml2");
var loginUrl = contractSettings.SamlLoginUrl;
var idp = loginUrl.TrimEnd(new[] { '/' }).Substring(0, loginUrl.LastIndexOf('/') + 1);
if (processing)
{
System.Threading.Thread.Sleep(300);
}
if (processing == false)
{
processing = true;
try
{
IdentityProviderElement newProvider = null;
CertificateElement newCert = null;
var provider = section.IdentityProviders.FirstOrDefault(p => p.EntityId == idp);
if (provider != null)
{
string signOnUrl = provider.SignOnUrl.ToString();
string findValue = provider.SigningCertificate.FindValue;
if (signOnUrl == contractSettings.SamlLoginUrl &&
findValue == contractSettings.SamlThumbprint)
{
return($"~/Saml2/SignIn?idp={idp}");
}
else
{
newProvider = provider;
newCert = provider.SigningCertificate;
WriteIdPSettings(contractSettings?.SamlLoginUrl, contractSettings?.SamlThumbprint, idp, newProvider, newCert);
try
{
var spOptions = new SPOptions(SustainsysSaml2Section.Current);
var options = new Options(spOptions);
SustainsysSaml2Section.Current.IdentityProviders.RegisterIdentityProviders(options);
SustainsysSaml2Section.Current.Federations.RegisterFederations(options);
var optionsFromConfiguration = typeof(Options).GetField("optionsFromConfiguration",
System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static);
optionsFromConfiguration.SetValue(null, new Lazy <Options>(() => options, true));
Sustainsys.Saml2.Mvc.Saml2Controller.Options = Options.FromConfiguration;
}
catch
{
WriteIdPSettings(signOnUrl, findValue, idp, newProvider, newCert);
throw;
}
}
}
else
{
newProvider = new IdentityProviderElement();
newCert = new CertificateElement();
WriteIdPSettings(contractSettings?.SamlLoginUrl, contractSettings?.SamlThumbprint, idp, newProvider, newCert);
AddIdP(section, newProvider);
if (startup == false)
{
var spOptions = new SPOptions(SustainsysSaml2Section.Current);
var options = new Options(spOptions);
SustainsysSaml2Section.Current.IdentityProviders.RegisterIdentityProviders(options);
SustainsysSaml2Section.Current.Federations.RegisterFederations(options);
var optionsFromConfiguration = typeof(Options).GetField("optionsFromConfiguration",
System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static);
optionsFromConfiguration.SetValue(null, new Lazy <Options>(() => options, true));
Sustainsys.Saml2.Mvc.Saml2Controller.Options = Options.FromConfiguration;
}
}
}
finally
{
processing = false;
}
}
return($"~/Saml2/SignIn?idp={idp}");
}
catch (System.Exception e)
{
new SysLogModel(context, e);
return(null);
}
}
private X509Certificate2 ToX509Certificate2(CertificateElement clientCertificate)
{
return(clientCertificate.GetCertificate());
}
private X509Certificate2 ToX509Certificate2(CertificateElement clientCertificate)
{
return clientCertificate.GetCertificate();
}
public static X509Certificate2 CreateInstance(this CertificateElement el)
{
return(new X509Certificate2(Convert.FromBase64String(el.EncodedValue)));
}