コード例 #1
0
        /// <summary>
        /// Update the relying party rules to pass through any claim issued by an identity provider.
        /// </summary>
        /// <param name="relyingPartyName">The name of the relying party.</param>
        /// <param name="identityProvider">The identity provider whose issued claims must be passed through.</param>
        public void UpdateRelyingPartyRule(string relyingPartyName, string identityProvider)
        {
            ManagementService svc = CreateManagementServiceClient();

            RelyingParty rp = svc.RelyingParties.Where(r => r.Name == relyingPartyName).FirstOrDefault();

            if (rp == null)
            {
                throw new ConfigurationErrorsException("The relying party of name " + relyingPartyName + " could not be found.");
            }

            Issuer newIssuer = AddIssuer(identityProvider);

            if (newIssuer != null)
            {
                RelyingPartyRuleGroup rpRuleGroup = svc.RelyingPartyRuleGroups.Where(m => m.RelyingPartyId == rp.Id).FirstOrDefault();

                Rule rule = new Rule()
                {
                    IssuerId = newIssuer.Id, RuleGroupId = rpRuleGroup.RuleGroupId
                };

                svc.AddToRules(rule);

                svc.SaveChanges(SaveChangesOptions.Batch);
            }
        }
コード例 #2
0
        /// <summary>
        /// Generates under the <paramref name="ruleGroup"/> passthrough rules for the <paramref name="identityProders"/> claim types
        /// </summary>
        /// <remarks>
        /// The <paramref name="identityProviders"/> should have Issuer expanded.
        /// </remarks>
        /// <param name="svc"></param>
        /// <param name="ruleGroup">Rule group to add the rules</param>
        /// <param name="identityProviders">Identity Provides which provide the claim types</param>
        public static void GenerateRules(this ManagementService svc, RuleGroup ruleGroup, IEnumerable <IdentityProvider> identityProviders)
        {
            foreach (IdentityProvider identityProvider in identityProviders)
            {
                IEnumerable <string> claimTypes = svc.GetIdentityProviderClaimTypes(identityProvider);

                // For each claim type generate a passthrough rule
                foreach (string claimType in claimTypes)
                {
                    Rule rule = new Rule()
                    {
                        InputClaimType = claimType,
                    };

                    rule.Description = string.Format(CultureInfo.InvariantCulture,
                                                     "Passthrough claim from {0} with type: {1}, and any value",
                                                     identityProvider.DisplayName,
                                                     claimType);

                    svc.AddToRules(rule);
                    svc.SetLink(rule, "Issuer", identityProvider.Issuer);
                    svc.SetLink(rule, "RuleGroup", ruleGroup);
                }
            }
        }
        /// <summary>
        ///   Creates a rule and adds it to the given RuleGroup.
        /// </summary>
        /// <param name = "issuer">The input issuer for which to apply the rule.</param>
        /// <param name = "inputClaimType">The input claim type. Null for "all claim types".</param>
        /// <param name = "inputClaimValue">The input claim value. Null for "all claim values".</param>
        /// <param name = "outputClaimType">The output claim type. Null for "pass through input type".</param>
        /// <param name = "outputClaimValue">The output claim value. Null for "pass through input value".</param>
        /// <param name = "ruleGroup">The rule group to which the rule should be added.</param>
        /// <param name = "description">Optional human-readable rule description.</param>
        /// <returns></returns>
        public static Rule CreateRule(
            this ManagementService svc,
            Issuer issuer,
            string inputClaimType,
            string inputClaimValue,
            string outputClaimType,
            string outputClaimValue,
            RuleGroup ruleGroup,
            string description)
        {
            var rule = new Rule
            {
                Description      = description,
                InputClaimType   = inputClaimType,
                InputClaimValue  = inputClaimValue,
                OutputClaimType  = outputClaimType,
                OutputClaimValue = outputClaimValue,
            };

            svc.AddToRules(rule);
            svc.SetLink(rule, "Issuer", issuer);
            svc.SetLink(rule, "RuleGroup", ruleGroup);

            return(rule);
        }
コード例 #4
0
        public static RuleGroup AddPassthroughRule(this ManagementService svc,
                                                   RelyingParty relyingParty, string ruleGroupName)
        {
            Contract.Requires(svc != null);
            Contract.Requires(relyingParty != null);
            Contract.Requires(!string.IsNullOrWhiteSpace(ruleGroupName));

            var ruleGroup = new RuleGroup()
            {
                Name = ruleGroupName
            };

            svc.AddToRuleGroups(ruleGroup);

            svc.SaveChanges(SaveChangesOptions.Batch);

            var localAuthority = svc.Issuers.Where(
                m => m.Name == "LOCAL AUTHORITY").FirstOrDefault();

            var passthrough = new Rule();

            passthrough.Description = "Passthough all ACS claims";

            svc.AddToRules(passthrough);
            svc.SetLink(passthrough, "RuleGroup", ruleGroup);
            svc.SetLink(passthrough, "Issuer", localAuthority);

            var rprg = new RelyingPartyRuleGroup();

            svc.AddToRelyingPartyRuleGroups(rprg);

            svc.AddLink(relyingParty, "RelyingPartyRuleGroups", rprg);
            svc.AddLink(ruleGroup, "RelyingPartyRuleGroups", rprg);

            svc.SaveChanges(SaveChangesOptions.Batch);

            return(ruleGroup);
        }
コード例 #5
0
        /// <summary>
        /// Copies the <paramref name="source"/> into a new rule group with name <paramref name="newRuleGroupName"/>
        /// </summary>
        /// <param name="svc"></param>
        /// <param name="source">Source rule group</param>
        /// <param name="newRuleGroupName">Name of the new rule group</param>
        public static void CopyRuleGroup(this ManagementService svc, RuleGroup source, string newRuleGroupName)
        {
            RuleGroup newRuleGroup = new RuleGroup()
            {
                Name = newRuleGroupName,
            };

            svc.AddToRuleGroups(newRuleGroup);

            foreach (Rule rule in svc.Rules.Expand("Issuer").Where(r => r.RuleGroupId == source.Id))
            {
                Rule newRule = new Rule();

                newRule.Description      = rule.Description;
                newRule.InputClaimType   = rule.InputClaimType;
                newRule.InputClaimValue  = rule.InputClaimValue;
                newRule.OutputClaimType  = rule.OutputClaimType;
                newRule.OutputClaimValue = rule.OutputClaimValue;

                svc.AddToRules(newRule);
                svc.SetLink(newRule, "Issuer", rule.Issuer);
                svc.SetLink(newRule, "RuleGroup", newRuleGroup);
            }
        }
コード例 #6
0
        /// <summary>
        /// Add rules to a rule group.
        /// </summary>
        private static void AddRulesToRuleGroup(string ruleGroupName)
        {
            Console.WriteLine("\nAdding rules in rule group (Name = {0})\n", ruleGroupName);

            ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();

            RuleGroup rg = svc.RuleGroups.Where(g => g.Name == ruleGroupName).FirstOrDefault();

            // "LOCAL AUTHORITY" is a built-in issuer name, representing the service namespace itself.
            Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY");

            Rule basicRule = new Rule()
            {
                InputClaimType   = "https://acs/your-input-type",
                InputClaimValue  = "inputValue",
                OutputClaimType  = "https://acs/your-output-type",
                OutputClaimValue = "outputValue",
            };

            basicRule.Description = string.Format(CultureInfo.InvariantCulture,
                                                  "Transforms claim from {0} with type: {1}, value: {2}, into a new claim with type: {3}, value:{4}",
                                                  "ACS",
                                                  basicRule.InputClaimType,
                                                  basicRule.InputClaimValue,
                                                  basicRule.OutputClaimType,
                                                  basicRule.OutputClaimValue);

            svc.AddToRules(basicRule);
            svc.SetLink(basicRule, "RuleGroup", rg);
            svc.SetLink(basicRule, "Issuer", localAuthority);

            Rule passthroughSpecificClaimRule = new Rule()
            {
                InputClaimType  = "https://acs/your-input-type2",
                InputClaimValue = "inputValue2",
            };

            passthroughSpecificClaimRule.Description = string.Format(CultureInfo.InvariantCulture,
                                                                     "Passthrough claim from {0} with type: {1}, value: {2}",
                                                                     "ACS",
                                                                     passthroughSpecificClaimRule.InputClaimType,
                                                                     passthroughSpecificClaimRule.InputClaimValue);

            svc.AddToRules(passthroughSpecificClaimRule);
            svc.SetLink(passthroughSpecificClaimRule, "RuleGroup", rg);
            svc.SetLink(passthroughSpecificClaimRule, "Issuer", localAuthority);

            Rule passthroughAnyClaimWithSpecificTypeRule = new Rule()
            {
                InputClaimType = "https://acs/your-input-type3",
            };

            passthroughAnyClaimWithSpecificTypeRule.Description = string.Format(CultureInfo.InvariantCulture,
                                                                                "Passthrough claim from {0} with type: {1}, and any value",
                                                                                "ACS",
                                                                                passthroughSpecificClaimRule.InputClaimType);

            svc.AddToRules(passthroughAnyClaimWithSpecificTypeRule);
            svc.SetLink(passthroughAnyClaimWithSpecificTypeRule, "RuleGroup", rg);
            svc.SetLink(passthroughAnyClaimWithSpecificTypeRule, "Issuer", localAuthority);

            Rule complexTransformationRule = new Rule()
            {
                InputClaimType  = "https://acs/your-input-type4",
                OutputClaimType = "https://acs/your-output-type2",
            };

            complexTransformationRule.Description = string.Format(CultureInfo.InvariantCulture,
                                                                  "Transforms claim from {0} with type: {1}, and any value, into a new claim with type: {2}, keeping(passingthrough) old value",
                                                                  "ACS",
                                                                  complexTransformationRule.InputClaimType,
                                                                  complexTransformationRule.OutputClaimType);

            svc.AddToRules(complexTransformationRule);
            svc.SetLink(complexTransformationRule, "RuleGroup", rg);
            svc.SetLink(complexTransformationRule, "Issuer", localAuthority);

            svc.SaveChangesBatch();
        }