/// <summary> /// Update the relying party rules to pass through any claim issued by an identity provider. /// </summary> /// <param name="relyingPartyName">The name of the relying party.</param> /// <param name="identityProvider">The identity provider whose issued claims must be passed through.</param> public void UpdateRelyingPartyRule(string relyingPartyName, string identityProvider) { ManagementService svc = CreateManagementServiceClient(); RelyingParty rp = svc.RelyingParties.Where(r => r.Name == relyingPartyName).FirstOrDefault(); if (rp == null) { throw new ConfigurationErrorsException("The relying party of name " + relyingPartyName + " could not be found."); } Issuer newIssuer = AddIssuer(identityProvider); if (newIssuer != null) { RelyingPartyRuleGroup rpRuleGroup = svc.RelyingPartyRuleGroups.Where(m => m.RelyingPartyId == rp.Id).FirstOrDefault(); Rule rule = new Rule() { IssuerId = newIssuer.Id, RuleGroupId = rpRuleGroup.RuleGroupId }; svc.AddToRules(rule); svc.SaveChanges(SaveChangesOptions.Batch); } }
/// <summary> /// Generates under the <paramref name="ruleGroup"/> passthrough rules for the <paramref name="identityProders"/> claim types /// </summary> /// <remarks> /// The <paramref name="identityProviders"/> should have Issuer expanded. /// </remarks> /// <param name="svc"></param> /// <param name="ruleGroup">Rule group to add the rules</param> /// <param name="identityProviders">Identity Provides which provide the claim types</param> public static void GenerateRules(this ManagementService svc, RuleGroup ruleGroup, IEnumerable <IdentityProvider> identityProviders) { foreach (IdentityProvider identityProvider in identityProviders) { IEnumerable <string> claimTypes = svc.GetIdentityProviderClaimTypes(identityProvider); // For each claim type generate a passthrough rule foreach (string claimType in claimTypes) { Rule rule = new Rule() { InputClaimType = claimType, }; rule.Description = string.Format(CultureInfo.InvariantCulture, "Passthrough claim from {0} with type: {1}, and any value", identityProvider.DisplayName, claimType); svc.AddToRules(rule); svc.SetLink(rule, "Issuer", identityProvider.Issuer); svc.SetLink(rule, "RuleGroup", ruleGroup); } } }
/// <summary> /// Creates a rule and adds it to the given RuleGroup. /// </summary> /// <param name = "issuer">The input issuer for which to apply the rule.</param> /// <param name = "inputClaimType">The input claim type. Null for "all claim types".</param> /// <param name = "inputClaimValue">The input claim value. Null for "all claim values".</param> /// <param name = "outputClaimType">The output claim type. Null for "pass through input type".</param> /// <param name = "outputClaimValue">The output claim value. Null for "pass through input value".</param> /// <param name = "ruleGroup">The rule group to which the rule should be added.</param> /// <param name = "description">Optional human-readable rule description.</param> /// <returns></returns> public static Rule CreateRule( this ManagementService svc, Issuer issuer, string inputClaimType, string inputClaimValue, string outputClaimType, string outputClaimValue, RuleGroup ruleGroup, string description) { var rule = new Rule { Description = description, InputClaimType = inputClaimType, InputClaimValue = inputClaimValue, OutputClaimType = outputClaimType, OutputClaimValue = outputClaimValue, }; svc.AddToRules(rule); svc.SetLink(rule, "Issuer", issuer); svc.SetLink(rule, "RuleGroup", ruleGroup); return(rule); }
public static RuleGroup AddPassthroughRule(this ManagementService svc, RelyingParty relyingParty, string ruleGroupName) { Contract.Requires(svc != null); Contract.Requires(relyingParty != null); Contract.Requires(!string.IsNullOrWhiteSpace(ruleGroupName)); var ruleGroup = new RuleGroup() { Name = ruleGroupName }; svc.AddToRuleGroups(ruleGroup); svc.SaveChanges(SaveChangesOptions.Batch); var localAuthority = svc.Issuers.Where( m => m.Name == "LOCAL AUTHORITY").FirstOrDefault(); var passthrough = new Rule(); passthrough.Description = "Passthough all ACS claims"; svc.AddToRules(passthrough); svc.SetLink(passthrough, "RuleGroup", ruleGroup); svc.SetLink(passthrough, "Issuer", localAuthority); var rprg = new RelyingPartyRuleGroup(); svc.AddToRelyingPartyRuleGroups(rprg); svc.AddLink(relyingParty, "RelyingPartyRuleGroups", rprg); svc.AddLink(ruleGroup, "RelyingPartyRuleGroups", rprg); svc.SaveChanges(SaveChangesOptions.Batch); return(ruleGroup); }
/// <summary> /// Copies the <paramref name="source"/> into a new rule group with name <paramref name="newRuleGroupName"/> /// </summary> /// <param name="svc"></param> /// <param name="source">Source rule group</param> /// <param name="newRuleGroupName">Name of the new rule group</param> public static void CopyRuleGroup(this ManagementService svc, RuleGroup source, string newRuleGroupName) { RuleGroup newRuleGroup = new RuleGroup() { Name = newRuleGroupName, }; svc.AddToRuleGroups(newRuleGroup); foreach (Rule rule in svc.Rules.Expand("Issuer").Where(r => r.RuleGroupId == source.Id)) { Rule newRule = new Rule(); newRule.Description = rule.Description; newRule.InputClaimType = rule.InputClaimType; newRule.InputClaimValue = rule.InputClaimValue; newRule.OutputClaimType = rule.OutputClaimType; newRule.OutputClaimValue = rule.OutputClaimValue; svc.AddToRules(newRule); svc.SetLink(newRule, "Issuer", rule.Issuer); svc.SetLink(newRule, "RuleGroup", newRuleGroup); } }
/// <summary> /// Add rules to a rule group. /// </summary> private static void AddRulesToRuleGroup(string ruleGroupName) { Console.WriteLine("\nAdding rules in rule group (Name = {0})\n", ruleGroupName); ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient(); RuleGroup rg = svc.RuleGroups.Where(g => g.Name == ruleGroupName).FirstOrDefault(); // "LOCAL AUTHORITY" is a built-in issuer name, representing the service namespace itself. Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY"); Rule basicRule = new Rule() { InputClaimType = "https://acs/your-input-type", InputClaimValue = "inputValue", OutputClaimType = "https://acs/your-output-type", OutputClaimValue = "outputValue", }; basicRule.Description = string.Format(CultureInfo.InvariantCulture, "Transforms claim from {0} with type: {1}, value: {2}, into a new claim with type: {3}, value:{4}", "ACS", basicRule.InputClaimType, basicRule.InputClaimValue, basicRule.OutputClaimType, basicRule.OutputClaimValue); svc.AddToRules(basicRule); svc.SetLink(basicRule, "RuleGroup", rg); svc.SetLink(basicRule, "Issuer", localAuthority); Rule passthroughSpecificClaimRule = new Rule() { InputClaimType = "https://acs/your-input-type2", InputClaimValue = "inputValue2", }; passthroughSpecificClaimRule.Description = string.Format(CultureInfo.InvariantCulture, "Passthrough claim from {0} with type: {1}, value: {2}", "ACS", passthroughSpecificClaimRule.InputClaimType, passthroughSpecificClaimRule.InputClaimValue); svc.AddToRules(passthroughSpecificClaimRule); svc.SetLink(passthroughSpecificClaimRule, "RuleGroup", rg); svc.SetLink(passthroughSpecificClaimRule, "Issuer", localAuthority); Rule passthroughAnyClaimWithSpecificTypeRule = new Rule() { InputClaimType = "https://acs/your-input-type3", }; passthroughAnyClaimWithSpecificTypeRule.Description = string.Format(CultureInfo.InvariantCulture, "Passthrough claim from {0} with type: {1}, and any value", "ACS", passthroughSpecificClaimRule.InputClaimType); svc.AddToRules(passthroughAnyClaimWithSpecificTypeRule); svc.SetLink(passthroughAnyClaimWithSpecificTypeRule, "RuleGroup", rg); svc.SetLink(passthroughAnyClaimWithSpecificTypeRule, "Issuer", localAuthority); Rule complexTransformationRule = new Rule() { InputClaimType = "https://acs/your-input-type4", OutputClaimType = "https://acs/your-output-type2", }; complexTransformationRule.Description = string.Format(CultureInfo.InvariantCulture, "Transforms claim from {0} with type: {1}, and any value, into a new claim with type: {2}, keeping(passingthrough) old value", "ACS", complexTransformationRule.InputClaimType, complexTransformationRule.OutputClaimType); svc.AddToRules(complexTransformationRule); svc.SetLink(complexTransformationRule, "RuleGroup", rg); svc.SetLink(complexTransformationRule, "Issuer", localAuthority); svc.SaveChangesBatch(); }