private static void AddIdentityProviderToRelyingParty(ManagementService client, string[] allowedIdentityProviders, RelyingParty relyingParty)
{
// if no allowed identity providers were set, allow all
if (allowedIdentityProviders == null)
{
allowedIdentityProviders = client.IdentityProviders.ToList().Select(idp => idp.DisplayName).ToArray();
}
foreach (var allowedIdp in allowedIdentityProviders)
{
var idp = client.IdentityProviders
.Where(i => i.DisplayName.Equals(allowedIdp, StringComparison.OrdinalIgnoreCase))
.FirstOrDefault();
if (idp != null)
{
var rpidp = new RelyingPartyIdentityProvider
{
IdentityProviderId = idp.Id,
RelyingPartyId = relyingParty.Id
};
client.AddToRelyingPartyIdentityProviders(rpidp);
client.SaveChanges();
}
}
}
/// <summary>
/// Associate the given identity provider with all relying parties.
/// </summary>
/// <param name="identityProviders">The identity providers to associate.</param>
/// <param name="relyingParties">The relying parties to associate with</param>
public static void AssociateIdentityProvidersWithRelyingParties(this ManagementService svc, IEnumerable <IdentityProvider> identityProviders, IEnumerable <RelyingParty> relyingParties)
{
foreach (RelyingParty rp in relyingParties)
{
foreach (IdentityProvider identityProvider in identityProviders)
{
RelyingPartyIdentityProvider rpIdp = new RelyingPartyIdentityProvider();
svc.AddToRelyingPartyIdentityProviders(rpIdp);
svc.SetLink(rpIdp, "IdentityProvider", identityProvider);
svc.SetLink(rpIdp, "RelyingParty", rp);
}
}
}
/// <summary>
/// Add an Identity Provider
/// </summary>
private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName)
{
var issuer = new Issuer
{
Name = idpName
};
// Check the Issuer does not exist previouly (if it exists, delete it)
var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
svc0.DeleteObject(oldIssuer);
svc0.SaveChanges();
}
// Add Issuer
svc0.AddToIssuers(issuer);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Issuer created: {0}", idpName);
var idp = new IdentityProvider
{
DisplayName = idpDisplayName,
LoginLinkName = idpDisplayName,
WebSSOProtocolType = "WsFederation",
IssuerId = issuer.Id
};
// Check the IP does not exist previouly (if it exists, delete it)
var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault();
if (oldIdentityProvider != null)
{
svc0.DeleteObject(oldIdentityProvider);
svc0.SaveChanges();
}
// Add the new IP to ACS
svc0.AddObject("IdentityProviders", idp);
// Console.WriteLine("Info: Identity Provider created: {0}", idp.Name);
Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName);
// Identity provider public key to verify the signature
var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer");
var key = new IdentityProviderKey
{
IdentityProvider = idp,
DisplayName = idpKeyDisplayName,
EndDate = endDate,
StartDate = startDate,
Type = "X509Certificate",
Usage = "Signing",
Value = cert
};
svc0.AddRelatedObject(idp, "IdentityProviderKeys", key);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName);
// WS-Federation sign-in URL
var idpaSignIn = new IdentityProviderAddress
{
IdentityProviderId = idp.Id,
EndpointType = "SignIn",
Address = idpAddress
};
svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress);
string labRelyingPartyName = "WebSiteAdvancedACS";
// Relying Party related to the Identity Provider
foreach (var existingRelyingParty in svc0.RelyingParties)
{
var rpid = new RelyingPartyIdentityProvider
{
IdentityProviderId = idp.Id,
RelyingPartyId = existingRelyingParty.Id
};
existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid);
idp.RelyingPartyIdentityProviders.Add(rpid);
svc0.AddToRelyingPartyIdentityProviders(rpid);
}
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName);
return(issuer);
}