// Creates an IdP SSO descriptor private static IDPSSODescriptor CreateIDPSSODescriptor( X509Certificate2 idpCertificate, Uri artifactResolutionServiceUrl, Uri singleSignOnServiceUrl, Uri singleLogoutServiceUrl ) { IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor(); idpSSODescriptor.WantAuthnRequestsSigned = true; idpSSODescriptor.ProtocolSupportEnumeration = ComponentSpace.SAML2.Utility.SAML.NamespaceURIs.Protocol; idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(idpCertificate)); IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true); artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP; artifactResolutionService.Location = artifactResolutionServiceUrl.ToString(); idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService); //idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient); idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Unspecified); EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, singleSignOnServiceUrl.ToString(), null); idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService); EndpointType singleLogoutService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, singleLogoutServiceUrl.ToString(), null); idpSSODescriptor.SingleLogoutServices.Add(singleLogoutService); return(idpSSODescriptor); }
// Creates an IdP SSO descriptor private static IDPSSODescriptor CreateIDPSSODescriptor() { IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor(); idpSSODescriptor.WantAuthnRequestsSigned = true; idpSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol; X509Certificate2 x509Certificate = new X509Certificate2(idpCertificateFileName); idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate)); IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true); artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP; artifactResolutionService.Location = "https://www.idp.com/ArtifactResolutionService"; idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService); idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient); EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, "https://www.idp.com/SSOService", null); idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService); return(idpSSODescriptor); }
private void ExtractEndpoints() { if (_entity != null) { _SSOEndpoints = new List <IDPEndPointElement>(); _SLOEndpoints = new List <IDPEndPointElement>(); _ARSEndpoints = new Dictionary <ushort, IndexedEndpoint>(); _AssertionConsumerServiceEndpoints = new List <IDPEndPointElement>(); _attributeQueryEndpoints = new List <Endpoint>(); foreach (object item in _entity.Items) { if (item is IDPSSODescriptor) { IDPSSODescriptor descriptor = (IDPSSODescriptor)item; foreach (Endpoint endpoint in descriptor.SingleSignOnService) { _SSOEndpoints.Add(new IDPEndPointElement(endpoint)); } } if (item is SSODescriptor) { SSODescriptor descriptor = (SSODescriptor)item; if (descriptor.SingleLogoutService != null) { foreach (Endpoint endpoint in descriptor.SingleLogoutService) { _SLOEndpoints.Add(new IDPEndPointElement(endpoint)); } } if (descriptor.ArtifactResolutionService != null) { foreach (IndexedEndpoint ie in descriptor.ArtifactResolutionService) { _ARSEndpoints.Add(ie.index, ie); } } } if (item is SPSSODescriptor) { SPSSODescriptor descriptor = (SPSSODescriptor)item; foreach (IndexedEndpoint endpoint in descriptor.AssertionConsumerService) { _AssertionConsumerServiceEndpoints.Add(new IDPEndPointElement(endpoint)); } } if (item is AttributeAuthorityDescriptor) { AttributeAuthorityDescriptor aad = (AttributeAuthorityDescriptor)item; _attributeQueryEndpoints.AddRange(aad.AttributeService); } } } }
private void GenerateMetadataDocument(HttpContext context) { EntityDescriptor metadata = new EntityDescriptor(); metadata.entityID = IDPConfig.ServerBaseUrl; metadata.ID = "id" + Guid.NewGuid().ToString("N"); IDPSSODescriptor descriptor = new IDPSSODescriptor(); metadata.Items = new object[] { descriptor }; descriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL }; descriptor.KeyDescriptor = CreateKeyDescriptors(); { // Signon endpoint Endpoint endpoint = new Endpoint(); endpoint.Location = IDPConfig.ServerBaseUrl + "Signon.ashx"; endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect; descriptor.SingleSignOnService = new Endpoint[] { endpoint }; } { // Logout endpoint Endpoint endpoint = new Endpoint(); endpoint.Location = IDPConfig.ServerBaseUrl + "Logout.ashx"; endpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_Redirect; descriptor.SingleLogoutService = new Endpoint[] { endpoint }; } // Create the list of attributes offered. List <SamlAttribute> atts = new List <SamlAttribute>(IDPConfig.attributes.Length); foreach (string name in IDPConfig.attributes) { SamlAttribute att = new SamlAttribute(); att.NameFormat = SamlAttribute.NAMEFORMAT_BASIC; att.Name = name; atts.Add(att); } descriptor.Attributes = atts.ToArray(); XmlDocument doc = new XmlDocument(); doc.XmlResolver = null; doc.PreserveWhitespace = true; doc.LoadXml(Serialization.SerializeToXmlString(metadata)); var signatureProvider = SignatureProviderFactory.CreateFromShaHashingAlgorithmName(ShaHashingAlgorithm.SHA256); X509Certificate2 cert = IDPConfig.IDPCertificate; var id = doc.DocumentElement.GetAttribute("ID"); signatureProvider.SignMetaData(doc, id, cert); context.Response.Write(doc.OuterXml); }
// Creates an IdP SSO descriptor private static IDPSSODescriptor CreateIDPSSODescriptor() { IDPSSODescriptor idpSSODescriptor = new IDPSSODescriptor(); idpSSODescriptor.WantAuthnRequestsSigned = true; idpSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol; X509Certificate2 x509Certificate = new X509Certificate2(idpCertificateFileName); idpSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate)); IndexedEndpointType artifactResolutionService = new IndexedEndpointType(1, true); artifactResolutionService.Binding = SAMLIdentifiers.BindingURIs.SOAP; artifactResolutionService.Location = "https://www.idp.com/ArtifactResolutionService"; idpSSODescriptor.ArtifactResolutionServices.Add(artifactResolutionService); idpSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient); EndpointType singleSignOnService = new EndpointType(SAMLIdentifiers.BindingURIs.HTTPRedirect, "https://www.idp.com/SSOService", null); idpSSODescriptor.SingleSignOnServices.Add(singleSignOnService); return idpSSODescriptor; }