/// <summary> /// Create a Facebook identity provider with associated keys and permissions configured. /// </summary> /// <param name="applicationId">The Facebook Application ID</param> /// <param name="applicationSecret">The Facebook Application Secret</param> /// <param name="applicationPermissions">The permissions to request from Facebook</param> /// <returns></returns> public static IdentityProvider CreateFacebookIdentityProvider(this ManagementService svc, string applicationId, string applicationSecret, string applicationPermissions) { string name = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId); Issuer issuer = new Issuer() { Name = name }; svc.AddToIssuers(issuer); // // Create the Identity Provider // IdentityProvider identityProvider = new IdentityProvider() { DisplayName = name, LoginParameters = applicationPermissions, WebSSOProtocolType = IdentityProviderProtocolType.Facebook.ToString(), }; svc.AddObject("IdentityProviders", identityProvider); svc.SetLink(identityProvider, "Issuer", issuer); // // Create the application Id and application secret keys for this facebook application. // IdentityProviderKey applicationIdKey = new IdentityProviderKey() { DisplayName = "Facebook application ID", Type = IdentityProviderKeyType.ApplicationKey.ToString(), Usage = IdentityProviderKeyUsage.ApplicationId.ToString(), Value = Encoding.UTF8.GetBytes(applicationId), StartDate = DateTime.UtcNow, EndDate = DateTime.MaxValue, }; svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationIdKey); IdentityProviderKey applicationSecretKey = new IdentityProviderKey() { DisplayName = "Facebook application Secret", Type = IdentityProviderKeyType.ApplicationKey.ToString(), Usage = IdentityProviderKeyUsage.ApplicationSecret.ToString(), Value = Encoding.UTF8.GetBytes(applicationSecret), StartDate = DateTime.UtcNow, EndDate = DateTime.MaxValue, }; svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationSecretKey); identityProvider.Issuer = issuer; return(identityProvider); }
/// <summary> /// Create a WS-Federation identity provider with associated keys and addresses. /// </summary> public static IdentityProvider CreateWsFederationIdentityProvider(this ManagementService svc, string name, byte[] signingCertificateValue, DateTime keyStartDate, DateTime keyEndDate, string signInUrl) { Issuer issuer = new Issuer() { Name = name }; svc.AddToIssuers(issuer); // // Create the Identity Provider // IdentityProvider identityProvider = new IdentityProvider() { DisplayName = name, WebSSOProtocolType = IdentityProviderProtocolType.WsFederation.ToString(), }; svc.AddObject("IdentityProviders", identityProvider); svc.SetLink(identityProvider, "Issuer", issuer); // // Create the Identity Provider key used to validate the signature of IDP-signed tokens. // IdentityProviderKey signingKey = new IdentityProviderKey() { DisplayName = "SampleIdentityProviderKeyDisplayName", Type = IdentityProviderKeyType.X509Certificate.ToString(), Usage = IdentityProviderKeyUsage.Signing.ToString(), Value = signingCertificateValue, StartDate = keyStartDate.ToUniversalTime(), EndDate = keyEndDate.ToUniversalTime() }; svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", signingKey); // Create the sign-in address for Identity Provider IdentityProviderAddress signInAddress = new IdentityProviderAddress() { Address = signInUrl, EndpointType = IdentityProviderEndpointType.SignIn.ToString(), }; svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress); identityProvider.Issuer = issuer; return(identityProvider); }
/// <summary> /// Create an OpenID identity provider with the associated sign-in address /// </summary> /// <param name="name">The name of the issuer to create.</param> /// <param name="signInUrl">The post-discovery OpenID endpoint URL of the provider.</param> /// <returns>The created identity provider.</returns> public static IdentityProvider CreateOpenIdIdentityProvider(this ManagementService svc, string name, string signInUrl) { Issuer issuer = new Issuer() { Name = name }; svc.AddToIssuers(issuer); // // Create the Identity Provider // IdentityProvider identityProvider = new IdentityProvider() { DisplayName = name, WebSSOProtocolType = IdentityProviderProtocolType.OpenId.ToString(), }; svc.AddObject("IdentityProviders", identityProvider); svc.SetLink(identityProvider, "Issuer", issuer); // // Create the sign-in address for Identity Provider // IdentityProviderAddress signInAddress = new IdentityProviderAddress() { Address = signInUrl, EndpointType = IdentityProviderEndpointType.SignIn.ToString(), }; svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress); identityProvider.Issuer = issuer; return(identityProvider); }
private static void CreateRelyingParty(ManagementService client, string relyingPartyName, string ruleGroupName, string realmAddress, string replyAddress, TokenType tokenType, int tokenLifetime, bool asymmetricTokenEncryptionRequired, out RelyingParty relyingParty) { // Create Relying Party relyingParty = new RelyingParty { Name = relyingPartyName, DisplayName = relyingPartyName, Description = relyingPartyName, TokenType = tokenType.ToString(), TokenLifetime = tokenLifetime, AsymmetricTokenEncryptionRequired = asymmetricTokenEncryptionRequired }; client.AddObject("RelyingParties", relyingParty); client.SaveChanges(); if (!string.IsNullOrWhiteSpace(ruleGroupName)) { RuleGroup ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(ruleGroupName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault(); if (ruleGroup == null) { ruleGroup = new RuleGroup { Name = ruleGroupName }; client.AddToRuleGroups(ruleGroup); client.SaveChanges(); } var relyingPartyRuleGroup = new RelyingPartyRuleGroup { RuleGroupId = ruleGroup.Id, RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup); } // Create the Realm for Relying Party var realm = new RelyingPartyAddress { Address = realmAddress, EndpointType = RelyingPartyAddressEndpointType.Realm.ToString(), RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realm); if (!string.IsNullOrEmpty(replyAddress)) { var reply = new RelyingPartyAddress { Address = replyAddress, EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(), RelyingParty = relyingParty }; client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply); } client.SaveChanges(SaveChangesOptions.Batch); }
/// <summary> /// Add an Identity Provider /// </summary> private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName) { var issuer = new Issuer { Name = idpName }; // Check the Issuer does not exist previouly (if it exists, delete it) var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault(); if (oldIssuer != null) { svc0.DeleteObject(oldIssuer); svc0.SaveChanges(); } // Add Issuer svc0.AddToIssuers(issuer); svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Issuer created: {0}", idpName); var idp = new IdentityProvider { DisplayName = idpDisplayName, LoginLinkName = idpDisplayName, WebSSOProtocolType = "WsFederation", IssuerId = issuer.Id }; // Check the IP does not exist previouly (if it exists, delete it) var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault(); if (oldIdentityProvider != null) { svc0.DeleteObject(oldIdentityProvider); svc0.SaveChanges(); } // Add the new IP to ACS svc0.AddObject("IdentityProviders", idp); // Console.WriteLine("Info: Identity Provider created: {0}", idp.Name); Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName); // Identity provider public key to verify the signature var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer"); var key = new IdentityProviderKey { IdentityProvider = idp, DisplayName = idpKeyDisplayName, EndDate = endDate, StartDate = startDate, Type = "X509Certificate", Usage = "Signing", Value = cert }; svc0.AddRelatedObject(idp, "IdentityProviderKeys", key); svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName); // WS-Federation sign-in URL var idpaSignIn = new IdentityProviderAddress { IdentityProviderId = idp.Id, EndpointType = "SignIn", Address = idpAddress }; svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn); svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress); string labRelyingPartyName = "WebSiteAdvancedACS"; // Relying Party related to the Identity Provider foreach (var existingRelyingParty in svc0.RelyingParties) { var rpid = new RelyingPartyIdentityProvider { IdentityProviderId = idp.Id, RelyingPartyId = existingRelyingParty.Id }; existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid); idp.RelyingPartyIdentityProviders.Add(rpid); svc0.AddToRelyingPartyIdentityProviders(rpid); } svc0.SaveChanges(SaveChangesOptions.Batch); Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName); return(issuer); }