// Creates an SP SSO descriptor private static SPSSODescriptor CreateSPSSODescriptor() { SPSSODescriptor spSSODescriptor = new SPSSODescriptor(); spSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol; X509Certificate2 x509Certificate = new X509Certificate2(spCertificateFileName); spSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate)); IndexedEndpointType assertionConsumerService1 = new IndexedEndpointType(1, true); assertionConsumerService1.Binding = SAMLIdentifiers.BindingURIs.HTTPPost; assertionConsumerService1.Location = "https://www.idp.com/AssertionConsumerService/POST"; spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService1); IndexedEndpointType assertionConsumerService2 = new IndexedEndpointType(2, false); assertionConsumerService2.Binding = SAMLIdentifiers.BindingURIs.HTTPArtifact; assertionConsumerService2.Location = "https://www.idp.com/AssertionConsumerService/Artifact"; spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService2); spSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient); return(spSSODescriptor); }
private void ExtractEndpoints() { if (_entity != null) { _SSOEndpoints = new List <IDPEndPointElement>(); _SLOEndpoints = new List <IDPEndPointElement>(); _ARSEndpoints = new Dictionary <ushort, IndexedEndpoint>(); _AssertionConsumerServiceEndpoints = new List <IDPEndPointElement>(); _attributeQueryEndpoints = new List <Endpoint>(); foreach (object item in _entity.Items) { if (item is IDPSSODescriptor) { IDPSSODescriptor descriptor = (IDPSSODescriptor)item; foreach (Endpoint endpoint in descriptor.SingleSignOnService) { _SSOEndpoints.Add(new IDPEndPointElement(endpoint)); } } if (item is SSODescriptor) { SSODescriptor descriptor = (SSODescriptor)item; if (descriptor.SingleLogoutService != null) { foreach (Endpoint endpoint in descriptor.SingleLogoutService) { _SLOEndpoints.Add(new IDPEndPointElement(endpoint)); } } if (descriptor.ArtifactResolutionService != null) { foreach (IndexedEndpoint ie in descriptor.ArtifactResolutionService) { _ARSEndpoints.Add(ie.index, ie); } } } if (item is SPSSODescriptor) { SPSSODescriptor descriptor = (SPSSODescriptor)item; foreach (IndexedEndpoint endpoint in descriptor.AssertionConsumerService) { _AssertionConsumerServiceEndpoints.Add(new IDPEndPointElement(endpoint)); } } if (item is AttributeAuthorityDescriptor) { AttributeAuthorityDescriptor aad = (AttributeAuthorityDescriptor)item; _attributeQueryEndpoints.AddRange(aad.AttributeService); } } } }
/// <summary> /// Takes the Safewhere configuration class and converts it to a SAML2.0 metadata document. /// </summary> private void ConvertToMetadata(SAML20FederationConfig config, KeyInfo keyinfo) { EntityDescriptor entity = CreateDefaultEntity(); entity.entityID = config.ServiceProvider.ID; entity.validUntil = DateTime.Now.AddDays(7); SPSSODescriptor spDescriptor = new SPSSODescriptor(); spDescriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL }; spDescriptor.AuthnRequestsSigned = XmlConvert.ToString(true); spDescriptor.WantAssertionsSigned = XmlConvert.ToString(true); if (config.ServiceProvider.NameIdFormats.All) { spDescriptor.NameIDFormat = new string[] { Saml20Constants.NameIdentifierFormats.Email, Saml20Constants.NameIdentifierFormats.Entity, Saml20Constants.NameIdentifierFormats.Kerberos, Saml20Constants.NameIdentifierFormats.Persistent, Saml20Constants.NameIdentifierFormats.Transient, Saml20Constants.NameIdentifierFormats.Unspecified, Saml20Constants.NameIdentifierFormats.Windows, Saml20Constants.NameIdentifierFormats.X509SubjectName }; } else { spDescriptor.NameIDFormat = new string[config.ServiceProvider.NameIdFormats.NameIdFormats.Count]; int count = 0; foreach (NameIdFormatElement elem in config.ServiceProvider.NameIdFormats.NameIdFormats) { spDescriptor.NameIDFormat[count++] = elem.NameIdFormat; } } Uri baseURL = new Uri(config.ServiceProvider.Server); List <Endpoint> logoutServiceEndpoints = new List <Endpoint>(); List <IndexedEndpoint> signonServiceEndpoints = new List <IndexedEndpoint>(); List <IndexedEndpoint> artifactResolutionEndpoints = new List <IndexedEndpoint>(2); // Include endpoints. foreach (Saml20ServiceEndpoint endpoint in config.ServiceProvider.serviceEndpoints) { if (endpoint.endpointType == EndpointType.SIGNON) { IndexedEndpoint loginEndpoint = new IndexedEndpoint(); loginEndpoint.index = endpoint.endPointIndex; loginEndpoint.isDefault = true; loginEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString(); loginEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Post); signonServiceEndpoints.Add(loginEndpoint); IndexedEndpoint artifactSignonEndpoint = new IndexedEndpoint(); artifactSignonEndpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_SOAP; artifactSignonEndpoint.index = loginEndpoint.index; artifactSignonEndpoint.Location = loginEndpoint.Location; artifactResolutionEndpoints.Add(artifactSignonEndpoint); continue; } if (endpoint.endpointType == EndpointType.LOGOUT) { Endpoint logoutEndpoint = new Endpoint(); logoutEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString(); logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Post); logoutServiceEndpoints.Add(logoutEndpoint); logoutEndpoint = new Endpoint(); logoutEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString(); logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Redirect); logoutServiceEndpoints.Add(logoutEndpoint); IndexedEndpoint artifactLogoutEndpoint = new IndexedEndpoint(); artifactLogoutEndpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_SOAP; artifactLogoutEndpoint.index = endpoint.endPointIndex; artifactLogoutEndpoint.Location = logoutEndpoint.Location; artifactResolutionEndpoints.Add(artifactLogoutEndpoint); continue; } } spDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray(); spDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray(); // NameIdFormat if (!string.IsNullOrEmpty(config.NameIdFormat)) { spDescriptor.NameIDFormat = new string[] { config.NameIdFormat }; } // Attribute consuming service. if (config.RequestedAttributes.Attributes.Count > 0) { AttributeConsumingService attConsumingService = new AttributeConsumingService(); spDescriptor.AttributeConsumingService = new AttributeConsumingService[] { attConsumingService }; attConsumingService.index = signonServiceEndpoints[0].index; attConsumingService.isDefault = true; attConsumingService.ServiceName = new LocalizedName[] { new LocalizedName("SP", "da") }; attConsumingService.RequestedAttribute = new RequestedAttribute[config.RequestedAttributes.Attributes.Count]; for (int i = 0; i < config.RequestedAttributes.Attributes.Count; i++) { attConsumingService.RequestedAttribute[i] = new RequestedAttribute(); attConsumingService.RequestedAttribute[i].Name = config.RequestedAttributes.Attributes[i].name; if (config.RequestedAttributes.Attributes[i].IsRequired) { attConsumingService.RequestedAttribute[i].isRequired = true; } attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NAMEFORMAT_BASIC; } } else { spDescriptor.AttributeConsumingService = new AttributeConsumingService[0]; } if (config.Metadata != null && config.Metadata.IncludeArtifactEndpoints) { spDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray(); } entity.Items = new object[] { spDescriptor }; // Keyinfo KeyDescriptor keySigning = new KeyDescriptor(); KeyDescriptor keyEncryption = new KeyDescriptor(); spDescriptor.KeyDescriptor = new KeyDescriptor[] { keySigning, keyEncryption }; keySigning.use = KeyTypes.signing; keySigning.useSpecified = true; keyEncryption.use = KeyTypes.encryption; keyEncryption.useSpecified = true; // Ugly conversion between the .Net framework classes and our classes ... avert your eyes!! keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyinfo.GetXml().OuterXml); keyEncryption.KeyInfo = keySigning.KeyInfo; // apply the <Organization> element if (config.ServiceProvider.Organization != null) { entity.Organization = config.ServiceProvider.Organization; } if (config.ServiceProvider.ContactPerson != null && config.ServiceProvider.ContactPerson.Count > 0) { entity.ContactPerson = config.ServiceProvider.ContactPerson.ToArray(); } }
// Creates an SP SSO descriptor private static SPSSODescriptor CreateSPSSODescriptor() { SPSSODescriptor spSSODescriptor = new SPSSODescriptor(); spSSODescriptor.ProtocolSupportEnumeration = SAML.NamespaceURIs.Protocol; X509Certificate2 x509Certificate = new X509Certificate2(spCertificateFileName); spSSODescriptor.KeyDescriptors.Add(CreateKeyDescriptor(x509Certificate)); IndexedEndpointType assertionConsumerService1 = new IndexedEndpointType(1, true); assertionConsumerService1.Binding = SAMLIdentifiers.BindingURIs.HTTPPost; assertionConsumerService1.Location = "https://www.idp.com/AssertionConsumerService/POST"; spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService1); IndexedEndpointType assertionConsumerService2 = new IndexedEndpointType(2, false); assertionConsumerService2.Binding = SAMLIdentifiers.BindingURIs.HTTPArtifact; assertionConsumerService2.Location = "https://www.idp.com/AssertionConsumerService/Artifact"; spSSODescriptor.AssertionConsumerServices.Add(assertionConsumerService2); spSSODescriptor.NameIDFormats.Add(SAMLIdentifiers.NameIdentifierFormats.Transient); return spSSODescriptor; }