/// <summary> /// Create Saml2 based Metadata /// </summary> /// <returns></returns> public EntityDescriptor CreateMetadata() { _entityId = ConfigurationRepository.Global.IssuerUri; _signingCertificate = ConfigurationRepository.Keys.SigningCertificate; var descriptor = new EntityDescriptor(new Microsoft.IdentityModel.Protocols.WSFederation.Metadata.EntityId(_entityId)); var role = new ServiceProviderSingleSignOnDescriptor() { WantAssertionsSigned = true, AuthenticationRequestsSigned = true }; if (_signingCertificate != null) { Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyDescriptor keyDescriptor = CreateKeyDescriptor(_signingCertificate); keyDescriptor.Use = Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyType.Signing; role.Keys.Add(keyDescriptor); } role.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); role.AssertionConsumerService.Add(0, new IndexedProtocolEndpoint(0, ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2ASTPost.AbsoluteUri)) { IsDefault = true }); role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2SLOPOST.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLOPostResponse.AbsoluteUri) }); // // Artifact binding and single logout is only supported if there is a signing cerificate. // if (_signingCertificate != null) { role.AssertionConsumerService.Add(1, new IndexedProtocolEndpoint(1, ProtocolBindings.HttpArtifact, new Uri(_endpoints.Saml2ASTArtifact.AbsoluteUri))); role.AssertionConsumerService.Add(2, new IndexedProtocolEndpoint(2, ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2ASTRedirect.AbsoluteUri))); role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2SLORedirect.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLORedirectResponse.AbsoluteUri) }); } descriptor.RoleDescriptors.Add(role); return descriptor; }
/// <summary> /// Create Saml2 based Metadata /// </summary> /// <returns></returns> public EntityDescriptor CreateMetadata() { _entityId = ConfigurationRepository.Global.IssuerUri; _signingCertificate = ConfigurationRepository.Keys.SigningCertificate; var descriptor = new EntityDescriptor(new Microsoft.IdentityModel.Protocols.WSFederation.Metadata.EntityId(_entityId)); var role = new ServiceProviderSingleSignOnDescriptor() { WantAssertionsSigned = true, AuthenticationRequestsSigned = true }; if (_signingCertificate != null) { Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyDescriptor keyDescriptor = CreateKeyDescriptor(_signingCertificate); keyDescriptor.Use = Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyType.Signing; role.Keys.Add(keyDescriptor); } role.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); role.AssertionConsumerService.Add(0, new IndexedProtocolEndpoint(0, ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2ASTPost.AbsoluteUri)) { IsDefault = true }); role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2SLOPOST.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLOPostResponse.AbsoluteUri) }); // // Artifact binding and single logout is only supported if there is a signing cerificate. // if (_signingCertificate != null) { role.AssertionConsumerService.Add(1, new IndexedProtocolEndpoint(1, ProtocolBindings.HttpArtifact, new Uri(_endpoints.Saml2ASTArtifact.AbsoluteUri))); role.AssertionConsumerService.Add(2, new IndexedProtocolEndpoint(2, ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2ASTRedirect.AbsoluteUri))); role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2SLORedirect.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLORedirectResponse.AbsoluteUri) }); } descriptor.RoleDescriptors.Add(role); return(descriptor); }