// Creates an IdP SSO descriptor
private static IDPSSODescriptor CreateIDPSSODescriptor(
X509Certificate2 idpCertificate,
Uri artifactResolutionServiceUrl,
Uri singleSignOnServiceUrl,
Uri singleLogoutServiceUrl
)
{
IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor();
idpSSODescriptor.WantAuthnRequestsSigned = true;
idpSSODescriptor.ProtocolSupportEnumeration = ComponentSpace.SAML2.Utility.SAML.NamespaceURIs.Protocol;
idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(idpCertificate));
IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true);
artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP;
artifactResolutionService.Location = artifactResolutionServiceUrl.ToString();
idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService);
//idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Unspecified);
EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, singleSignOnServiceUrl.ToString(), null);
idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService);
EndpointType singleLogoutService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, singleLogoutServiceUrl.ToString(), null);
idpSSODescriptor.SingleLogoutServices.Add(singleLogoutService);
return(idpSSODescriptor);
}
// Creates an IdP SSO descriptor
private static IDPSSODescriptor CreateIDPSSODescriptor()
{
IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor();
idpSSODescriptor.WantAuthnRequestsSigned = true;
idpSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol;
X509Certificate2 x509Certificate = new X509Certificate2(idpCertificateFileName);
idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate));
IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true);
artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP;
artifactResolutionService.Location = "https://www.idp.com/ArtifactResolutionService";
idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService);
idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, "https://www.idp.com/SSOService", null);
idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService);
return(idpSSODescriptor);
}
private void ExtractEndpoints()
{
if (_entity != null)
{
_SSOEndpoints = new List <IDPEndPointElement>();
_SLOEndpoints = new List <IDPEndPointElement>();
_ARSEndpoints = new Dictionary <ushort, IndexedEndpoint>();
_AssertionConsumerServiceEndpoints = new List <IDPEndPointElement>();
_attributeQueryEndpoints = new List <Endpoint>();
foreach (object item in _entity.Items)
{
if (item is IDPSSODescriptor)
{
IDPSSODescriptor descriptor = (IDPSSODescriptor)item;
foreach (Endpoint endpoint in descriptor.SingleSignOnService)
{
_SSOEndpoints.Add(new IDPEndPointElement(endpoint));
}
}
if (item is SSODescriptor)
{
SSODescriptor descriptor = (SSODescriptor)item;
if (descriptor.SingleLogoutService != null)
{
foreach (Endpoint endpoint in descriptor.SingleLogoutService)
{
_SLOEndpoints.Add(new IDPEndPointElement(endpoint));
}
}
if (descriptor.ArtifactResolutionService != null)
{
foreach (IndexedEndpoint ie in descriptor.ArtifactResolutionService)
{
_ARSEndpoints.Add(ie.index, ie);
}
}
}
if (item is SPSSODescriptor)
{
SPSSODescriptor descriptor = (SPSSODescriptor)item;
foreach (IndexedEndpoint endpoint in descriptor.AssertionConsumerService)
{
_AssertionConsumerServiceEndpoints.Add(new IDPEndPointElement(endpoint));
}
}
if (item is AttributeAuthorityDescriptor)
{
AttributeAuthorityDescriptor aad = (AttributeAuthorityDescriptor)item;
_attributeQueryEndpoints.AddRange(aad.AttributeService);
}
}
}
}
private void GenerateMetadataDocument(HttpContext context)
{
EntityDescriptor metadata = new EntityDescriptor();
metadata.entityID = IDPConfig.ServerBaseUrl;
metadata.ID = "id" + Guid.NewGuid().ToString("N");
IDPSSODescriptor descriptor = new IDPSSODescriptor();
metadata.Items = new object[] { descriptor };
descriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL };
descriptor.KeyDescriptor = CreateKeyDescriptors();
{ // Signon endpoint
Endpoint endpoint = new Endpoint();
endpoint.Location = IDPConfig.ServerBaseUrl + "Signon.ashx";
endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect;
descriptor.SingleSignOnService = new Endpoint[] { endpoint };
}
{ // Logout endpoint
Endpoint endpoint = new Endpoint();
endpoint.Location = IDPConfig.ServerBaseUrl + "Logout.ashx";
endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect;
descriptor.SingleLogoutService = new Endpoint[] { endpoint };
}
// Create the list of attributes offered.
List <SamlAttribute> atts = new List <SamlAttribute>(IDPConfig.attributes.Length);
foreach (string name in IDPConfig.attributes)
{
SamlAttribute att = new SamlAttribute();
att.NameFormat = SamlAttribute.NAMEFORMAT_BASIC;
att.Name = name;
atts.Add(att);
}
descriptor.Attributes = atts.ToArray();
XmlDocument doc = new XmlDocument();
doc.XmlResolver = null;
doc.PreserveWhitespace = true;
doc.LoadXml(Serialization.SerializeToXmlString(metadata));
var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256);
X509Certificate2 cert = IDPConfig.IDPCertificate;
var id = doc.DocumentElement.GetAttribute("ID");
signatureProvider.SignMetaData(doc, id, cert);
context.Response.Write(doc.OuterXml);
}
// Creates an IdP SSO descriptor
private static IDPSSODescriptor CreateIDPSSODescriptor()
{
IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor();
idpSSODescriptor.WantAuthnRequestsSigned = true;
idpSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol;
X509Certificate2 x509Certificate = new X509Certificate2(idpCertificateFileName);
idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate));
IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true);
artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP;
artifactResolutionService.Location = "https://www.idp.com/ArtifactResolutionService";
idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService);
idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient);
EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, "https://www.idp.com/SSOService", null);
idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService);
return idpSSODescriptor;
}
