/// <summary>
/// Update the relying party rules to pass through any claim issued by an identity provider.
/// </summary>
/// <param name="relyingPartyName">The name of the relying party.</param>
/// <param name="identityProvider">The identity provider whose issued claims must be passed through.</param>
public void UpdateRelyingPartyRule(string relyingPartyName, string identityProvider)
{
ManagementService svc = CreateManagementServiceClient();
RelyingParty rp = svc.RelyingParties.Where(r => r.Name == relyingPartyName).FirstOrDefault();
if (rp == null)
{
throw new ConfigurationErrorsException("The relying party of name " + relyingPartyName + " could not be found.");
}
Issuer newIssuer = AddIssuer(identityProvider);
if (newIssuer != null)
{
RelyingPartyRuleGroup rpRuleGroup = svc.RelyingPartyRuleGroups.Where(m => m.RelyingPartyId == rp.Id).FirstOrDefault();
Rule rule = new Rule()
{
IssuerId = newIssuer.Id, RuleGroupId = rpRuleGroup.RuleGroupId
};
svc.AddToRules(rule);
svc.SaveChanges(SaveChangesOptions.Batch);
}
}
/// <summary>
/// Generates under the <paramref name="ruleGroup"/> passthrough rules for the <paramref name="identityProders"/> claim types
/// </summary>
/// <remarks>
/// The <paramref name="identityProviders"/> should have Issuer expanded.
/// </remarks>
/// <param name="svc"></param>
/// <param name="ruleGroup">Rule group to add the rules</param>
/// <param name="identityProviders">Identity Provides which provide the claim types</param>
public static void GenerateRules(this ManagementService svc, RuleGroup ruleGroup, IEnumerable <IdentityProvider> identityProviders)
{
foreach (IdentityProvider identityProvider in identityProviders)
{
IEnumerable <string> claimTypes = svc.GetIdentityProviderClaimTypes(identityProvider);
// For each claim type generate a passthrough rule
foreach (string claimType in claimTypes)
{
Rule rule = new Rule()
{
InputClaimType = claimType,
};
rule.Description = string.Format(CultureInfo.InvariantCulture,
"Passthrough claim from {0} with type: {1}, and any value",
identityProvider.DisplayName,
claimType);
svc.AddToRules(rule);
svc.SetLink(rule, "Issuer", identityProvider.Issuer);
svc.SetLink(rule, "RuleGroup", ruleGroup);
}
}
}
/// <summary>
/// Creates a rule and adds it to the given RuleGroup.
/// </summary>
/// <param name = "issuer">The input issuer for which to apply the rule.</param>
/// <param name = "inputClaimType">The input claim type. Null for "all claim types".</param>
/// <param name = "inputClaimValue">The input claim value. Null for "all claim values".</param>
/// <param name = "outputClaimType">The output claim type. Null for "pass through input type".</param>
/// <param name = "outputClaimValue">The output claim value. Null for "pass through input value".</param>
/// <param name = "ruleGroup">The rule group to which the rule should be added.</param>
/// <param name = "description">Optional human-readable rule description.</param>
/// <returns></returns>
public static Rule CreateRule(
this ManagementService svc,
Issuer issuer,
string inputClaimType,
string inputClaimValue,
string outputClaimType,
string outputClaimValue,
RuleGroup ruleGroup,
string description)
{
var rule = new Rule
{
Description = description,
InputClaimType = inputClaimType,
InputClaimValue = inputClaimValue,
OutputClaimType = outputClaimType,
OutputClaimValue = outputClaimValue,
};
svc.AddToRules(rule);
svc.SetLink(rule, "Issuer", issuer);
svc.SetLink(rule, "RuleGroup", ruleGroup);
return(rule);
}
public static RuleGroup AddPassthroughRule(this ManagementService svc,
RelyingParty relyingParty, string ruleGroupName)
{
Contract.Requires(svc != null);
Contract.Requires(relyingParty != null);
Contract.Requires(!string.IsNullOrWhiteSpace(ruleGroupName));
var ruleGroup = new RuleGroup()
{
Name = ruleGroupName
};
svc.AddToRuleGroups(ruleGroup);
svc.SaveChanges(SaveChangesOptions.Batch);
var localAuthority = svc.Issuers.Where(
m => m.Name == "LOCAL AUTHORITY").FirstOrDefault();
var passthrough = new Rule();
passthrough.Description = "Passthough all ACS claims";
svc.AddToRules(passthrough);
svc.SetLink(passthrough, "RuleGroup", ruleGroup);
svc.SetLink(passthrough, "Issuer", localAuthority);
var rprg = new RelyingPartyRuleGroup();
svc.AddToRelyingPartyRuleGroups(rprg);
svc.AddLink(relyingParty, "RelyingPartyRuleGroups", rprg);
svc.AddLink(ruleGroup, "RelyingPartyRuleGroups", rprg);
svc.SaveChanges(SaveChangesOptions.Batch);
return(ruleGroup);
}
/// <summary>
/// Copies the <paramref name="source"/> into a new rule group with name <paramref name="newRuleGroupName"/>
/// </summary>
/// <param name="svc"></param>
/// <param name="source">Source rule group</param>
/// <param name="newRuleGroupName">Name of the new rule group</param>
public static void CopyRuleGroup(this ManagementService svc, RuleGroup source, string newRuleGroupName)
{
RuleGroup newRuleGroup = new RuleGroup()
{
Name = newRuleGroupName,
};
svc.AddToRuleGroups(newRuleGroup);
foreach (Rule rule in svc.Rules.Expand("Issuer").Where(r => r.RuleGroupId == source.Id))
{
Rule newRule = new Rule();
newRule.Description = rule.Description;
newRule.InputClaimType = rule.InputClaimType;
newRule.InputClaimValue = rule.InputClaimValue;
newRule.OutputClaimType = rule.OutputClaimType;
newRule.OutputClaimValue = rule.OutputClaimValue;
svc.AddToRules(newRule);
svc.SetLink(newRule, "Issuer", rule.Issuer);
svc.SetLink(newRule, "RuleGroup", newRuleGroup);
}
}
/// <summary>
/// Add rules to a rule group.
/// </summary>
private static void AddRulesToRuleGroup(string ruleGroupName)
{
Console.WriteLine("\nAdding rules in rule group (Name = {0})\n", ruleGroupName);
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
RuleGroup rg = svc.RuleGroups.Where(g => g.Name == ruleGroupName).FirstOrDefault();
// "LOCAL AUTHORITY" is a built-in issuer name, representing the service namespace itself.
Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY");
Rule basicRule = new Rule()
{
InputClaimType = "https://acs/your-input-type",
InputClaimValue = "inputValue",
OutputClaimType = "https://acs/your-output-type",
OutputClaimValue = "outputValue",
};
basicRule.Description = string.Format(CultureInfo.InvariantCulture,
"Transforms claim from {0} with type: {1}, value: {2}, into a new claim with type: {3}, value:{4}",
"ACS",
basicRule.InputClaimType,
basicRule.InputClaimValue,
basicRule.OutputClaimType,
basicRule.OutputClaimValue);
svc.AddToRules(basicRule);
svc.SetLink(basicRule, "RuleGroup", rg);
svc.SetLink(basicRule, "Issuer", localAuthority);
Rule passthroughSpecificClaimRule = new Rule()
{
InputClaimType = "https://acs/your-input-type2",
InputClaimValue = "inputValue2",
};
passthroughSpecificClaimRule.Description = string.Format(CultureInfo.InvariantCulture,
"Passthrough claim from {0} with type: {1}, value: {2}",
"ACS",
passthroughSpecificClaimRule.InputClaimType,
passthroughSpecificClaimRule.InputClaimValue);
svc.AddToRules(passthroughSpecificClaimRule);
svc.SetLink(passthroughSpecificClaimRule, "RuleGroup", rg);
svc.SetLink(passthroughSpecificClaimRule, "Issuer", localAuthority);
Rule passthroughAnyClaimWithSpecificTypeRule = new Rule()
{
InputClaimType = "https://acs/your-input-type3",
};
passthroughAnyClaimWithSpecificTypeRule.Description = string.Format(CultureInfo.InvariantCulture,
"Passthrough claim from {0} with type: {1}, and any value",
"ACS",
passthroughSpecificClaimRule.InputClaimType);
svc.AddToRules(passthroughAnyClaimWithSpecificTypeRule);
svc.SetLink(passthroughAnyClaimWithSpecificTypeRule, "RuleGroup", rg);
svc.SetLink(passthroughAnyClaimWithSpecificTypeRule, "Issuer", localAuthority);
Rule complexTransformationRule = new Rule()
{
InputClaimType = "https://acs/your-input-type4",
OutputClaimType = "https://acs/your-output-type2",
};
complexTransformationRule.Description = string.Format(CultureInfo.InvariantCulture,
"Transforms claim from {0} with type: {1}, and any value, into a new claim with type: {2}, keeping(passingthrough) old value",
"ACS",
complexTransformationRule.InputClaimType,
complexTransformationRule.OutputClaimType);
svc.AddToRules(complexTransformationRule);
svc.SetLink(complexTransformationRule, "RuleGroup", rg);
svc.SetLink(complexTransformationRule, "Issuer", localAuthority);
svc.SaveChangesBatch();
}