protected override RoleDescriptorType GetDescriptor(IMetadataConfiguration configuration)
{
var spConfiguration = configuration as ISPSSOMetadataConfiguration;
if (spConfiguration == null)
{
throw new InvalidCastException(string.Format("Expected type: {0} but was: {1}", typeof(SPSSOMetadataConfiguration).Name, configuration.GetType().Name));
}
var descriptor = new SpSsoDescriptor
{
ID = configuration.DescriptorId,
AuthnRequestsSigned = spConfiguration.AuthnRequestsSigned,
ProtocolSupportEnumeration = spConfiguration.SupportedProtocols.ToArray()[0]
};
foreach (var cs in spConfiguration.ConsumerServices)
{
var consumerService = new AssertionConsumerService();
consumerService.Index = cs.Index;
consumerService.Location = cs.Location;
consumerService.Binding = cs.Binding;
descriptor.AssertionConsumerServices.Add(consumerService);
}
return(descriptor);
}
protected override RoleDescriptorType GetDescriptor(IMetadataConfiguration configuration)
{
var idpConfiguration = configuration as IIdpSSOMetadataConfiguration;
if (idpConfiguration == null)
{
throw new InvalidCastException(string.Format("Expected type: {0} but was: {1}", typeof(IdpSSOMetadataConfiguration).Name, configuration.GetType().Name));
}
var descriptor = new IdpSsoDescriptor
{
ID = configuration.DescriptorId,
WantAuthnRequestsSigned = idpConfiguration.WantAuthnRequestsSigned,
ProtocolSupportEnumeration = idpConfiguration.SupportedProtocols.ToArray()[0]
};
foreach (var sso in idpConfiguration.SingleSignOnServices)
{
var singleSignOnService = new SingleSignOnService()
{
Location = sso.Location,
Binding = sso.Binding
};
descriptor.SingleSignOnServices.Add(singleSignOnService);
}
return(descriptor);
}
public static MetadataEnum[] GetMetadataEnums(this IMetadataConfiguration metadata)
{
var result = new List<MetadataEnum>();
foreach (var e in metadata.Enums)
{
var value = new MetadataEnum();
value.Comment = e.Comment;
value.FullName = e.FullName();
value.Name = e.Name;
value.Synonym = e.Synonym;
var enumItems = new List<MetadataEnumItem>();
var i = 0;
foreach (var ei in e.EnumValues)
{
var enumItemValue = new MetadataEnumItem();
enumItemValue.Id = i++;
enumItemValue.Comment = ei.Comment;
enumItemValue.FullName = ei.FullName();
enumItemValue.Name = ei.Name;
enumItemValue.Synonym = ei.Synonym;
enumItems.Add(enumItemValue);
}
value.Items = enumItems.ToArray();
result.Add(value);
}
return result.ToArray();
}
protected virtual EntityDescriptor BuildEntityDesciptor(IMetadataConfiguration configuration, RoleDescriptorType descriptor)
{
var entityDescriptor = new EntityDescriptor()
{
EntityID = new EntityIDType {
Uri = configuration.EntityId.AbsoluteUri
},
ID = "84CCAA9F05EE4BA1B13F8943FDF1D320"
};
AssignmentAction(entityDescriptor, (T)descriptor);
return(entityDescriptor);
}
protected void SignMetadata(IMetadataConfiguration configuration, XmlElement xml)
{
var signMetadataKey = configuration.Keys.Where(k => k.DefaultForMetadataSigning)
.FirstOrDefault();
if (signMetadataKey == null)
{
throw new Exception("No default certificate found");
}
var certificate = _certificateManager.GetCertificate(signMetadataKey.SertificateFilePath, signMetadataKey.CertificatePassword);
this._xmlSignatureManager.Generate(xml, certificate.PrivateKey, null, certificate, null, null, null);
}
protected void ProcessKeys(IMetadataConfiguration configuration, RoleDescriptorType Descriptor)
{
foreach (var k in configuration.Keys)
{
var certificate = _certificateManager.GetCertificate(k.SertificateFilePath, k.CertificatePassword);
var keyDescriptor = new KeyDescriptor();
keyDescriptor.Use = k.Usage;
var keyInfo = _xmlSignatureManager.CreateKeyInfo(certificate);
var xElement = keyInfo.GetXml().OuterXml;
keyDescriptor.KeyInfo = XElement.Parse(xElement);
Descriptor.KeyDescriptors.Add(keyDescriptor);
}
}
public static MetadataEnum GetEnumMetadata(this IMetadataConfiguration metadata, string enumName)
{
int hash = metadata.GlobalContext.GetHashCode();
Dictionary <string, MetadataEnum> enums;
// chec group
if (!enumCashe.TryGetValue(hash, out enums))
{
enums = new Dictionary <string, MetadataEnum>();
enumCashe.Add(hash, enums);
}
// check value
MetadataEnum result;
if (!enums.TryGetValue(enumName, out result))
{
return(result);
}
var e = metadata.Enums[enumName];
result = new MetadataEnum();
result.Comment = e.Comment;
result.FullName = e.FullName();
result.Name = e.Name;
result.Synonym = e.Synonym;
var enumItems = new List <MetadataEnumItem>();
var i = 0;
foreach (var ei in e.EnumValues)
{
var enumItemValue = new MetadataEnumItem();
enumItemValue.Id = i++;
enumItemValue.Comment = ei.Comment;
enumItemValue.FullName = ei.FullName();
enumItemValue.Name = ei.Name;
enumItemValue.Synonym = ei.Synonym;
enumItems.Add(enumItemValue);
}
result.Items = enumItems.ToArray();
enums.Add(enumName, result);
return(result);
}
protected override SecurityTokenServiceDescriptor BuildDescriptorInternal(IMetadataConfiguration configuration)
{
var tokenService = new SecurityTokenServiceDescriptor();
tokenService.ServiceDescription = "http://localhost:8080/idp/status";
//tokenService.Keys.Add(GetSigningKeyDescriptor());
//tokenService.PassiveRequestorEndpoints.Add(new EndpointReference(passiveRequestorEndpoint));
//tokenService.TokenTypesOffered.Add(new Uri(TokenTypes.OasisWssSaml11TokenProfile11));
//tokenService.TokenTypesOffered.Add(new Uri(TokenTypes.OasisWssSaml2TokenProfile11));
//ClaimsRepository.GetSupportedClaimTypes().ToList().ForEach(claimType => tokenService.ClaimTypesOffered.Add(new DisplayClaim(claimType)));
tokenService.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706"));
//if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMessageSecurity)
//{
// var addressMessageUserName = new EndpointAddress(_endpoints.WSTrustMessageUserName, null, null, CreateMetadataReader(_endpoints.WSTrustMex), null);
// tokenService.SecurityTokenServiceEndpoints.Add(new EndpointReference(addressMessageUserName.Uri.AbsoluteUri));
// if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication)
// {
// var addressMessageCertificate = new EndpointAddress(_endpoints.WSTrustMessageCertificate, null, null, CreateMetadataReader(_endpoints.WSTrustMex), null);
// tokenService.SecurityTokenServiceEndpoints.Add(new EndpointReference(addressMessageCertificate.Uri.AbsoluteUri));
// }
//}
//if (ConfigurationRepository.WSTrust.Enabled && ConfigurationRepository.WSTrust.EnableMixedModeSecurity)
//{
// var addressMixedUserName = new EndpointAddress(_endpoints.WSTrustMixedUserName, null, null, CreateMetadataReader(_endpoints.WSTrustMex), null);
tokenService.SecurityTokenServiceEndpoints.Add(new EndpointReference("http://localhost:8080/idp/status"));
// if (ConfigurationRepository.WSTrust.EnableClientCertificateAuthentication)
// {
// var addressMixedCertificate = new EndpointAddress(_endpoints.WSTrustMixedCertificate, null, null, CreateMetadataReader(_endpoints.WSTrustMex), null);
// tokenService.SecurityTokenServiceEndpoints.Add(new EndpointReference(addressMixedCertificate.Uri.AbsoluteUri));
// }
//}
//if (tokenService.SecurityTokenServiceEndpoints.Count == 0)
// tokenService.SecurityTokenServiceEndpoints.Add(new EndpointReference(_endpoints.WSFederation.AbsoluteUri));
return(tokenService);
}
public Task CreateMetadata(IMetadataConfiguration configuration)
{
try
{
var descriptor = GetDescriptor(configuration);
ProcessKeys(configuration, descriptor);
var entityDescriptor = BuildEntityDesciptor(configuration, descriptor);
var xMetadata = entityDescriptor.ToXml();
var xmldoc = new XmlDocument();
xmldoc.Load(xMetadata.CreateReader());
var metadata = xmldoc.DocumentElement;
SignMetadata(configuration, metadata);
_federationMetadataWriter.Write(metadata, configuration);
return(Task.CompletedTask);
}
catch (Exception ex)
{
throw ex;
}
}
protected abstract RoleDescriptorType GetDescriptor(IMetadataConfiguration configuration);
public MetadataTests(ConnectionFixture connection)
{
_connection = connection;
_metadata = _connection.GlobalContext.MetaData;
}
protected override IdentityProviderSingleSignOnDescriptor BuildDescriptorInternal(IMetadataConfiguration configuration)
{
var idpConfiguration = configuration as IIdpSSOMetadataConfiguration;
if (idpConfiguration == null)
{
throw new InvalidCastException(string.Format("Expected type: {0} but was: {1}", typeof(IdpSSOMetadataConfiguration).Name, configuration.GetType().Name));
}
var descriptor = new IdentityProviderSingleSignOnDescriptor();
descriptor.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706"));
foreach (var sso in idpConfiguration.SingleSignOnServices)
{
var singleSignOnService = new ProtocolEndpoint(new Uri(sso.Binding), new Uri(sso.Location));
descriptor.SingleSignOnServices.Add(singleSignOnService);
}
return(descriptor);
}
