/// <summary>
/// Create Saml2 based Metadata
/// </summary>
/// <returns></returns>
public EntityDescriptor CreateMetadata()
{
_entityId = ConfigurationRepository.Global.IssuerUri;
_signingCertificate = ConfigurationRepository.Keys.SigningCertificate;
var descriptor = new EntityDescriptor(new Microsoft.IdentityModel.Protocols.WSFederation.Metadata.EntityId(_entityId));
var role = new ServiceProviderSingleSignOnDescriptor() { WantAssertionsSigned = true, AuthenticationRequestsSigned = true };
if (_signingCertificate != null)
{
Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyDescriptor keyDescriptor = CreateKeyDescriptor(_signingCertificate);
keyDescriptor.Use = Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyType.Signing;
role.Keys.Add(keyDescriptor);
}
role.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
role.AssertionConsumerService.Add(0, new IndexedProtocolEndpoint(0, ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2ASTPost.AbsoluteUri)) { IsDefault = true });
role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2SLOPOST.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLOPostResponse.AbsoluteUri) });
//
// Artifact binding and single logout is only supported if there is a signing cerificate.
//
if (_signingCertificate != null)
{
role.AssertionConsumerService.Add(1, new IndexedProtocolEndpoint(1, ProtocolBindings.HttpArtifact, new Uri(_endpoints.Saml2ASTArtifact.AbsoluteUri)));
role.AssertionConsumerService.Add(2, new IndexedProtocolEndpoint(2, ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2ASTRedirect.AbsoluteUri)));
role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2SLORedirect.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLORedirectResponse.AbsoluteUri) });
}
descriptor.RoleDescriptors.Add(role);
return descriptor;
}
/// <summary>
/// Create Saml2 based Metadata
/// </summary>
/// <returns></returns>
public EntityDescriptor CreateMetadata()
{
_entityId = ConfigurationRepository.Global.IssuerUri;
_signingCertificate = ConfigurationRepository.Keys.SigningCertificate;
var descriptor = new EntityDescriptor(new Microsoft.IdentityModel.Protocols.WSFederation.Metadata.EntityId(_entityId));
var role = new ServiceProviderSingleSignOnDescriptor()
{
WantAssertionsSigned = true, AuthenticationRequestsSigned = true
};
if (_signingCertificate != null)
{
Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyDescriptor keyDescriptor = CreateKeyDescriptor(_signingCertificate);
keyDescriptor.Use = Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyType.Signing;
role.Keys.Add(keyDescriptor);
}
role.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
role.AssertionConsumerService.Add(0, new IndexedProtocolEndpoint(0, ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2ASTPost.AbsoluteUri))
{
IsDefault = true
});
role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2SLOPOST.AbsoluteUri))
{
ResponseLocation = new Uri(_endpoints.Saml2SLOPostResponse.AbsoluteUri)
});
//
// Artifact binding and single logout is only supported if there is a signing cerificate.
//
if (_signingCertificate != null)
{
role.AssertionConsumerService.Add(1, new IndexedProtocolEndpoint(1, ProtocolBindings.HttpArtifact, new Uri(_endpoints.Saml2ASTArtifact.AbsoluteUri)));
role.AssertionConsumerService.Add(2, new IndexedProtocolEndpoint(2, ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2ASTRedirect.AbsoluteUri)));
role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2SLORedirect.AbsoluteUri))
{
ResponseLocation = new Uri(_endpoints.Saml2SLORedirectResponse.AbsoluteUri)
});
}
descriptor.RoleDescriptors.Add(role);
return(descriptor);
}
