public void SSOConnect(RequestSecurityTokenResponseType token, string url)
{
if (_service != null)
{
Disconnect();
}
_service = GetVimService(url, null, null, null, token.RequestedSecurityToken);
_sic = _service.RetrieveServiceContent(this._svcRef);
if (ServiceContent.sessionManager != null)
{
var userSession = _service.LoginByToken(ServiceContent.sessionManager, null);
VimUserSession = userSession;
}
_state = ConnectionState.Connected;
if (AfterConnect != null)
{
AfterConnect(this, new ConnectionEventArgs());
}
}
public static SamlToken GetSamlBearerToken(
string ssoUrl, string ssoUserName, string ssoPassword)
{
var binding = VimAuthenticationHelper.GetCustomBinding();
var address = new EndpointAddress(ssoUrl);
var stsServiceClient =
new STSService_PortTypeClient(binding, address);
stsServiceClient.ClientCredentials.UserName.UserName = ssoUserName;
stsServiceClient.ClientCredentials.UserName.Password = ssoPassword;
RequestSecurityTokenType tokenType =
new RequestSecurityTokenType();
/**
* For this request we need at least the following element in the
* RequestSecurityTokenType set
*
* 1. Lifetime - represented by LifetimeType which specifies the
* lifetime for the token to be issued
*
* 2. Tokentype - "urnoasisnamestcSAML20assertion", which is the
* class that models the requested token
*
* 3. RequestType -
* "httpdocsoasisopenorgwssxwstrust200512Issue", as we want
* to get a token issued
*
* 4. KeyType -
* "httpdocsoasisopenorgwssxwstrust200512Bearer",
* representing the kind of key the token will have. There are two
* options namely bearer and holder-of-key
*
* 5. SignatureAlgorithm -
* "httpwwww3org200104xmldsigmorersasha256", representing the
* algorithm used for generating signature
*
* 6. Renewing - represented by the RenewingType which specifies
* whether the token is renewable or not
*/
tokenType.TokenType =
TokenTypeEnum.urnoasisnamestcSAML20assertion;
tokenType.RequestType =
RequestTypeEnum.httpdocsoasisopenorgwssxwstrust200512Issue;
tokenType.KeyType =
KeyTypeEnum.httpdocsoasisopenorgwssxwstrust200512Bearer;
tokenType.SignatureAlgorithm =
SignatureAlgorithmEnum.httpwwww3org200104xmldsigmorersasha256;
tokenType.Delegatable = true;
tokenType.DelegatableSpecified = true;
LifetimeType lifetime = new LifetimeType();
AttributedDateTime created = new AttributedDateTime();
String createdDate = String.Format(dateFormat,
DateTime.Now.ToUniversalTime());
created.Value = createdDate;
lifetime.Created = created;
AttributedDateTime expires = new AttributedDateTime();
TimeSpan duration = new TimeSpan(1, 10, 10);
String expireDate = String.Format(dateFormat,
DateTime.Now.Add(duration).ToUniversalTime());
expires.Value = expireDate;
lifetime.Expires = expires;
tokenType.Lifetime = lifetime;
RenewingType renewing = new RenewingType();
renewing.Allow = false;
renewing.OK = true;
tokenType.Renewing = renewing;
RequestSecurityTokenResponseCollectionType responseToken =
stsServiceClient.Issue(tokenType);
RequestSecurityTokenResponseType rstResponse =
responseToken.RequestSecurityTokenResponse;
XmlElement samlTokenXml = rstResponse.RequestedSecurityToken;
SamlToken samlToken = new SamlToken(samlTokenXml);
return(samlToken);
}
private bool ProcessError(SecurityTokenService secureService, SoapException exception, MSNTicket msnticket, EventHandler onSuccess, EventHandler <ExceptionEventArgs> onError)
{
string errFedDirectLogin = @"Direct login to WLID is not allowed for this federated namespace";
if (exception == null)
{
return(false);
}
if (secureService.pp == null)
{
return(false);
}
uint errorCode = uint.Parse(secureService.pp.reqstatus.Remove(0, "0x".Length), NumberStyles.HexNumber);
if (errorCode == 0x800488ee)
{
if (exception.Detail.InnerXml.IndexOf(errFedDirectLogin) != -1)
{
string fedLoginURL = string.Empty;
string fedAuthURL = string.Empty;
string fedBrandName = string.Empty;
foreach (extPropertyType extProperty in secureService.pp.extProperties)
{
switch (extProperty.Name)
{
case "STSAuthURL": //STS means Security Token Service.
fedLoginURL = extProperty.Value;
break;
case "AuthURL":
fedAuthURL = extProperty.Value;
break;
case "AllowFedUsersWLIDSignIn": //Is it allow to login by MSN ? Not all feduser can log in with a WLM client.
if (!bool.Parse(extProperty.Value))
{
return(false);
}
break;
case "FederationBrandName":
fedBrandName = extProperty.Value;
break;
case "IsFederatedNS":
if (!bool.Parse(extProperty.Value))
{
return(false);
}
break;
}
}
if (fedLoginURL == string.Empty)
{
return(false);
}
Uri fedLoginURI = new Uri(fedLoginURL);
string strFedLoginURI = fedLoginURI.Scheme.ToUpperInvariant() + "://" + fedLoginURI.Host + (fedLoginURI.Scheme.ToLowerInvariant() == "https" ? ":443" : string.Empty) + "/" + fedLoginURI.PathAndQuery;
SecurityTokenService fedSecureService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", strFedLoginURI);
fedSecureService.Url = fedLoginURL;
RequestSecurityTokenType token = new RequestSecurityTokenType();
token.Id = "RST0";
token.RequestType = RequestTypeOpenEnum.httpschemasxmlsoaporgws200502trustIssue;
AppliesTo appliesTo = new AppliesTo();
appliesTo.EndpointReference = new EndpointReferenceType();
appliesTo.EndpointReference.Address = new AttributedURIType();
appliesTo.EndpointReference.Address.Value = strFedLoginURI.Remove(0, @"HTTPS://".Length);
token.AppliesTo = appliesTo;
RequestSecurityTokenResponseType response = null;
if (onSuccess != null && onError != null)
{
//Async request.
fedSecureService.RequestSecurityTokenCompleted += delegate(object sender, RequestSecurityTokenCompletedEventArgs e)
{
if (!e.Cancelled)
{
if (e.Error != null)
{
MSNPSharpException sexp = new MSNPSharpException(e.Error.Message + ". See innerexception for detail.", e.Error);
onError(this, new ExceptionEventArgs(sexp));
return;
}
response = e.Result;
if (response.RequestedSecurityToken == null || response.RequestedSecurityToken.Assertion == null)
{
return;
}
AssertionType assertion = response.RequestedSecurityToken.Assertion;
secureService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", @"HTTPS://login.live.com:443//RST2.srf");
secureService.Security.Assertion = assertion;
if (response.Lifetime != null)
{
secureService.Security.Timestamp.Created = response.Lifetime.Created;
secureService.Security.Timestamp.Expires = response.Lifetime.Expires;
}
Authenticate(secureService, msnticket, onSuccess, onError);
}
};
fedSecureService.RequestSecurityTokenAsync(token, new object());
return(true);
}
else
{
//Sync request.
try
{
response = fedSecureService.RequestSecurityToken(token);
}
catch (Exception ex)
{
MSNPSharpException sexp = new MSNPSharpException(ex.Message + ". See innerexception for detail.", ex);
throw sexp;
}
if (response.RequestedSecurityToken == null)
{
return(false);
}
if (response.RequestedSecurityToken.Assertion == null)
{
return(false);
}
AssertionType assertion = response.RequestedSecurityToken.Assertion;
secureService = CreateSecurityTokenService(@"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", @"HTTPS://login.live.com:443//RST2.srf");
secureService.Security.Assertion = assertion;
Authenticate(secureService, msnticket, onSuccess, onError);
return(true);
}
}
}
return(false);
}