private void ConfigureSaml2(IAppBuilder app, string signInAsType) { var options = new Saml2AuthenticationOptions(false) { SPOptions = new SPOptions { EntityId = new EntityId("http://localhost:4589/IdSrv3/Saml2"), }, SignInAsAuthenticationType = signInAsType, Caption = "SAML2p" }; UseIdSrv3LogoutOnFederatedLogout(app, options); options.SPOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx")); options.IdentityProviders.Add(new IdentityProvider( new EntityId("http://localhost:52071/Metadata"), options.SPOptions) { LoadMetadata = true }); app.UseSaml2Authentication(options); }
protected override void ProcessCore(IdentityProvidersArgs args) { var options = new Saml2AuthenticationOptions(false) { SPOptions = new SPOptions { EntityId = new EntityId(_spEntityId), ReturnUrl = new Uri(_spReturnUrl) }, AuthenticationType = GetAuthenticationType() }; options.IdentityProviders.Add(new Sustainsys.Saml2.IdentityProvider(new EntityId(_ipEntityId), options.SPOptions) { MetadataLocation = _ipMetadataLocation, LoadMetadata = true }); options.Notifications = new Saml2Notifications { AcsCommandResultCreated = (result, response) => { var identityProvider = GetIdentityProvider(); ((ClaimsIdentity)result.Principal.Identity).ApplyClaimsTransformations(new TransformationContext(FederatedAuthenticationConfiguration, identityProvider)); } }; args.App.UseSaml2Authentication(options); }
private static Saml2AuthenticationOptions CreateAuthServicesOptions() { // Configure Auth0 parameters string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"]; string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"]; string auth0ReturnUrl = ConfigurationManager.AppSettings["auth0:ReturnUrl"]; string auth0AppName = ConfigurationManager.AppSettings["auth0:AppName"]; var authServicesOptions = new Saml2AuthenticationOptions(false) { SPOptions = new SPOptions { EntityId = new EntityId($"urn:{auth0AppName}"), ReturnUrl = new Uri(auth0ReturnUrl), MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" } }; authServicesOptions.IdentityProviders.Add(new IdentityProvider(new EntityId($"urn:{auth0Domain}"), authServicesOptions.SPOptions) { AllowUnsolicitedAuthnResponse = true, MetadataLocation = String.Format("https://{0}/samlp/metadata/{1}", auth0Domain, auth0ClientId), Binding = Saml2BindingType.HttpPost }); return(authServicesOptions); }
public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); // Forces redirect to default login page if unauthenticated user directly tries to access protected page app.UseCookieAuthentication(new CookieAuthenticationOptions { LoginPath = new PathString("/SignIn/Link"), }); // Load IDP and Options from web.config var saml2Options = new Saml2AuthenticationOptions(true); saml2Options.Notifications = new Saml2Notifications { // Notification called when the SignIn command is about to select what Idp to use for the request. // To select a specicic IdentityProvider simply return it. // Return null to fall back to built in selection. SelectIdentityProvider = (entityid, relaydata) => { IdentityProvider idp = null; // Get the user selected Brand IDP so can use Branded Login Page saml2Options.IdentityProviders.TryGetValue(new EntityId(IdentityProviderManagement.GetIndentityProvider()), out idp); return(idp); } }; // Add SAML2 Authentication to the OWIN pipeline app.UseSaml2Authentication(saml2Options); }
public void Saml2AuthenticationOptions_Ctor_IgnoresConfiguration() { var subject = new Saml2AuthenticationOptions(false); subject.SPOptions.Should().BeNull(); subject.IdentityProviders.IsEmpty.Should().BeTrue(); }
public void Saml2AuthenticationOptions_Ctor_SetsDefault() { var subject = new Saml2AuthenticationOptions(true); subject.Description.Caption.Should().Be(Constants.DefaultCaption); subject.AuthenticationMode.Should().Be(AuthenticationMode.Passive); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = CreateSPOptions(); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId("https://stubidp.sustainsys.com/Metadata"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri("https://stubidp.sustainsys.com") }; idp.SigningKeys.AddConfiguredKey( new X509Certificate2( HostingEnvironment.MapPath( "~/App_Data/stubidp.sustainsys.com.cer"))); Saml2Options.IdentityProviders.Add(idp); // It's enough to just create the federation and associate it // with the options. The federation will load the metadata and // update the options with any identity providers found. new Federation("http://localhost:52071/Federation", true, Saml2Options); return(Saml2Options); }
private static Saml2AuthenticationOptions CreateSaml2Options() { SPOptions spOptions = CreateSPOptions(); Saml2AuthenticationOptions Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions, }; //var idp = new IdentityProvider(new EntityId("https://sts.windows.net/e1413b17-c8b7-4388-99f0-2f613124050c/"), spOptions) // { // AllowUnsolicitedAuthnResponse = true, // Binding = Saml2BindingType.HttpRedirect, // SingleSignOnServiceUrl = new Uri("https://login.microsoftonline.com/e1413b17-c8b7-4388-99f0-2f613124050c/saml2") // }; //idp.SigningKeys.AddConfiguredKey( // new X509Certificate2( // HostingEnvironment.MapPath( // "~/App_Data/SAMLThing.cer"))); //Saml2Options.IdentityProviders.Add(idp); // It's enough to just create the federation and associate it // with the options. The federation will load the metadata and // update the options with any identity providers found. // new Federation("https://login.microsoftonline.com/e1413b17-c8b7-4388-99f0-2f613124050c/federationmetadata/2007-06/federationmetadata.xml?appid=6d137192-dc97-42d0-a651-ce32b2804c33", true, Saml2Options); new Federation(@"~/odx_fedmyohio_idp_federation_metadata.xml", true, Saml2Options); return(Saml2Options); }
public Saml2AuthenticationOptions CreateSaml2Options() { string samlIdpUrl = "http://localhost:44358/"; string x509FileNamePath = "~/App_Data/AzureADTest.cer"; var spOptions = CreateSPOptions(); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri(samlIdpUrl) }; idp.SigningKeys.AddConfiguredKey( new X509Certificate2(HostingEnvironment.MapPath(x509FileNamePath))); Saml2Options.IdentityProviders.Add(idp); new Federation(samlIdpUrl, true, Saml2Options); return(Saml2Options); }
private static Saml2AuthenticationOptions CreateAuthServicesOptions() { var spOptions = new SPOptions { EntityId = new EntityId(ApplicationIdpEntityId), ReturnUrl = ExternalAuthDefaultCallbackUrl, MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" }; var authServicesOptions = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId(MetadataLocation.AbsoluteUri), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, MetadataLocation = MetadataLocation.AbsoluteUri, DisableOutboundLogoutRequests = true }; authServicesOptions.IdentityProviders.Add(idp); return(authServicesOptions); }
private static Saml2AuthenticationOptions GetSaml2AuthenticationOptions() { var spOptions = CreateSPOptions(); var saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId(IdpEntityId), spOptions) { AllowUnsolicitedAuthnResponse = true, MetadataLocation = IdpMetadataUrl }; idp.LoadMetadata = true; saml2Options.IdentityProviders.Add(idp); saml2Options.Notifications.ProcessSingleLogoutResponseStatus = (response, state) => { // "Requestor" error usually means the user is already signed out; send true to indicate it is handled return(response.Status == Sustainsys.Saml2.Saml2P.Saml2StatusCode.Requester); }; return(saml2Options); }
public void Saml2AuthenticationOptions_Caption() { var subject = new Saml2AuthenticationOptions(false) { Caption = "MyCaption" }; subject.Caption.Should().Be("MyCaption"); subject.Description.Caption.Should().Be("MyCaption"); }
public void Saml2AuthenticationOptions_Ctor_LoadsConfiguration() { var subject = new Saml2AuthenticationOptions(true); subject.SPOptions.EntityId.Id.Should().Be("https://github.com/SustainsysIT/Saml2"); subject.IdentityProviders.IsEmpty.Should().BeFalse(); subject.IdentityProviders[new EntityId("https://idp.example.com")] .SingleSignOnServiceUrl.Should().Be("https://idp.example.com/idp"); }
public void Saml2AuthenticationExtensions_UseSaml2Authentication() { var app = Substitute.For <IAppBuilder>(); var options = new Saml2AuthenticationOptions(true); app.UseSaml2Authentication(options); app.Received().Use(typeof(Saml2AuthenticationMiddleware), app, options); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = CreateSPOptions("arxspan"); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions, AuthenticationType = "arxspan", Caption = "arxspan" }; var idp = new IdentityProvider(new EntityId("http://www.okta.com/exkez48ebtXNSGr3g0h7"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri("https://dev-871818.oktapreview.com/app/beldev871818_arxspansaml_1/exkez48ebtXNSGr3g0h7/sso/saml") }; idp.SigningKeys.AddConfiguredKey( new X509Certificate2( HostingEnvironment.MapPath( "~/secure/okta.cert"))); new Federation("http://localhost:52071/Federation", true, Saml2Options); Saml2Options.IdentityProviders.Add(idp); var spOptions2 = CreateSPOptions("belatrix"); var Saml2Options2 = new Saml2AuthenticationOptions(false) { SPOptions = spOptions2, AuthenticationType = "belatrix", Caption = "belatrix" }; var idp2 = new IdentityProvider(new EntityId("https://aax0038.my.centrify.com/ce0d8092-49bf-4e73-8306-5a5b2c2eb39c"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri("https://aax0038.my.centrify.com/applogin/appKey/ce0d8092-49bf-4e73-8306-5a5b2c2eb39c/customerId/AAX0038") }; idp2.SigningKeys.AddConfiguredKey( new X509Certificate2( HostingEnvironment.MapPath( "~/App_Data/centrify.cert"))); Saml2Options2.IdentityProviders.Add(idp2); // It's enough to just create the federation and associate it // with the options. The federation will load the metadata and // update the options with any identity providers found. new Federation("http://localhost:52071/ Federation", true, Saml2Options2); return(Saml2Options); }
public void Saml2AuthenticationOptions_Ctor_LoadsFederationFromConfigurationAndRegistersIdp() { var subject = new Saml2AuthenticationOptions(true); Action a = () => { var i = subject.IdentityProviders[new EntityId("http://idp.federation.example.com/metadata")]; }; a.ShouldNotThrow(); }
/// <summary> /// Add Sustainsys Saml2 SAML2 authentication to the Owin pipeline. /// </summary> /// <param name="app">Owin pipeline builder.</param> /// <param name="options">Options for the middleware.</param> /// <returns></returns> public static IAppBuilder UseSaml2Authentication(this IAppBuilder app, Saml2AuthenticationOptions options) { if (app == null) { throw new ArgumentNullException(nameof(app)); } app.Use(typeof(Saml2AuthenticationMiddleware), app, options); return(app); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = CreateSPOptions(); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions, // Set up SAML2 SP notifications. Notifications = new Saml2Notifications { AuthenticationRequestCreated = (request, provider, dictionary) => { //Add Forceauthn=True in SAML request request.ForceAuthentication = true; } } }; var idp = new IdentityProvider(new EntityId(ConfigurationManager.AppSettings["IDPEntityID"]), spOptions) { WantAuthnRequestsSigned = true, AllowUnsolicitedAuthnResponse = true, MetadataLocation = ConfigurationManager.AppSettings["IDPMetadataURL"], LoadMetadata = true, Binding = Saml2BindingType.HttpRedirect, //Logout Binding //SingleLogoutServiceBinding = Saml2BindingType.HttpPost, //SingleSignOnServiceUrl = new Uri("https://stubidp.sustainsys.com") SingleSignOnServiceUrl = new Uri(ConfigurationManager.AppSettings["IDPLoginURL"]), SingleLogoutServiceUrl = new Uri(ConfigurationManager.AppSettings["IDPLoginURL"]), //SingleLogoutServiceResponseUrl = new Uri("https://localhost:44303/saml2/logout"), DisableOutboundLogoutRequests = false }; //idp.SigningKeys.AddConfiguredKey( // new X509Certificate2( // HostingEnvironment.MapPath( // //"~/App_Data/stubidp.sustainsys.com.cer"))); // //IDP Signing Certificate // "~/App_Data/adfssiging.cer"))); Saml2Options.IdentityProviders.Add(idp); // It's enough to just create the federation and associate it // with the options. The federation will load the metadata and // update the options with any identity providers found. //new Federation("https://sts.azurehybrid.tk/FederationMetadata/2007-06/FederationMetadata.xml", true, Saml2Options); //Debug.WriteLine("stop here"); return(Saml2Options); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = CreateSpOptions(); var saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp5 = new IdentityProvider( new EntityId("http://idp5.canadacentral.cloudapp.azure.com:80/opensso"), spOptions) { MetadataLocation = HostingEnvironment.MapPath("~/App_Data/idp5-metadata.xml"), AllowUnsolicitedAuthnResponse = true }; // Key from IDP COT idp5.SigningKeys.AddConfiguredKey(new X509Certificate2( HostingEnvironment.MapPath("~/App_Data/idp5.canadacentral.cloudapp.azure.com.cer"))); var cbs = new IdentityProvider( new EntityId("https://cbs-uat-cbs.securekey.com"), spOptions) { MetadataLocation = HostingEnvironment.MapPath("~/App_Data/cbs-metadata-signed.xml") }; cbs.SigningKeys.AddConfiguredKey(GetGccfSigninCertificate()); var gckey = new IdentityProvider( new EntityId("https://te.clegc-gckey.gc.ca"), spOptions) { MetadataLocation = HostingEnvironment.MapPath("~/App_Data/gckey-metadata-signed.xml") }; gckey.SigningKeys.AddConfiguredKey(GetGccfSigninCertificate()); saml2Options.Notifications = new Saml2Notifications { GetBinding = GccfAuthorizationFilter.GetSaml2Binding() }; saml2Options.IdentityProviders.Add(idp5); saml2Options.IdentityProviders.Add(cbs); saml2Options.IdentityProviders.Add(gckey); return(saml2Options); }
private Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = new SPOptions { EntityId = new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), ReturnUrl = new Uri("https://localhost:44358/"), }; var attributeConsumingService = new AttributeConsumingService { IsDefault = true, ServiceNames = { new LocalizedName("Saml2", "en") } }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:password") { FriendlyName = "AzureADTest", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri("https://localhost:44358/") }; idp.SigningKeys.AddConfiguredKey(new X509Certificate2(HostingEnvironment.MapPath("~/App_Data/AzureADTest.cer") ?? throw new InvalidOperationException())); Saml2Options.IdentityProviders.Add(idp); return(Saml2Options); }
private static Saml2AuthenticationOptions CreateAuthServicesOptions() { var spOptions = CreateSPOptions(); var authServicesOptions = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId("http://dfe-sign-in-simulator.azurewebsites.net/Metadata"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri("http://dfe-sign-in-simulator.azurewebsites.net/") }; authServicesOptions.IdentityProviders.Add(idp); new Federation("http://dfe-sign-in-simulator.azurewebsites.net/Federation", true, authServicesOptions); return(authServicesOptions); }
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { var options = new Saml2AuthenticationOptions(false); options.SPOptions = CreateSPOptions(); options.SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie; options.IdentityProviders.Add(new IdentityProvider(new EntityId("http://adfs.groupyfy.com/adfs/services/trust"), options.SPOptions) { MetadataLocation = "https://adfs.groupyfy.com/FederationMetadata/2007-06/FederationMetadata.xml", }); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/saml2/signin") }); app.UseSaml2Authentication(options); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var entiyId = ConfigurationManager.AppSettings["saml:BackendAuthUrl"]; var returnUrl = ConfigurationManager.AppSettings["saml:FrontendAuthUrl"]; var spOptions = new SPOptions() { EntityId = new EntityId(entiyId), ReturnUrl = new Uri(returnUrl) }; var saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions, // can tie into pipeline here // uncomment to see saml working Notifications = new Saml2Notifications() { AuthenticationRequestCreated = (request, rIdp, parms) => { var test = parms; }, AcsCommandResultCreated = (commandResult, response) => { var test = commandResult.Principal.Claims; } } }; var ipEntityId = ConfigurationManager.AppSettings["saml:IPEntityId"]; var ipMetadata = ConfigurationManager.AppSettings["saml:IPMetadataUrl"]; var idp = new IdentityProvider(new EntityId(ipEntityId), spOptions) { //enable idp initiated signin AllowUnsolicitedAuthnResponse = true, MetadataLocation = ipMetadata }; saml2Options.IdentityProviders.Add(idp); return(saml2Options); }
private static Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = CreateSPOptions(); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId(SalesforceIdentityProvider), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, MetadataLocation = MetadataUrl }; idp.SigningKeys.AddConfiguredKey(new X509Certificate2(SalesforceCertificatePath)); Saml2Options.IdentityProviders.Add(idp); return(Saml2Options); }
private static Saml2AuthenticationOptions CreateAuthServicesOptions() { var spOptions = CreateSPOptions(); var authServicesOptions = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var stubGuid = AppSettings["SASimulatorGuid"]; var idpUrl = AppSettings["SASimulatorUri"] + stubGuid; var idp = new IdentityProvider(new EntityId(idpUrl + "/Metadata"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri(idpUrl) }; authServicesOptions.IdentityProviders.Add(idp); new Federation(idpUrl + "/Federation", true, authServicesOptions); return(authServicesOptions); }
protected override void ProcessCore(IdentityProvidersArgs args) { Assert.ArgumentNotNull(args, "args"); //Settings from config string entityId = Settings.GetSetting("MyProject.EntityId"); string returnUrl = Settings.GetSetting("MyProject.ReturnUrl"); string metadataLocation = Settings.GetSetting("MyProject.MetadataLocation"); var options = new Saml2AuthenticationOptions(false) { SPOptions = new SPOptions { EntityId = new System.IdentityModel.Metadata.EntityId(entityId), ReturnUrl = new Uri(returnUrl) }, AuthenticationType = GetAuthenticationType() }; options.IdentityProviders.Add( new Sustainsys.Saml2.IdentityProvider(new System.IdentityModel.Metadata.EntityId(entityId), options.SPOptions) { MetadataLocation = metadataLocation, LoadMetadata = true }); options.Notifications = new Saml2Notifications { AcsCommandResultCreated = (result, response) => { var identityProvider = GetIdentityProvider(); ((ClaimsIdentity)result.Principal.Identity).ApplyClaimsTransformations( new TransformationContext(FederatedAuthenticationConfiguration, identityProvider)); } }; args.App.UseSaml2Authentication(options); }
private void UseIdSrv3LogoutOnFederatedLogout(IAppBuilder app, Saml2AuthenticationOptions options) { app.Map("/signoutcleanup", cleanup => { cleanup.Run(async ctx => { await ctx.Environment.ProcessFederatedSignoutAsync(); }); }); app.Use(async(context, next) => { await next.Invoke(); if (context.Authentication.AuthenticationResponseRevoke != null && context.Response.StatusCode % 100 == 3 && !HttpContext.Current.Response.HeadersWritten) { var finalLocation = context.Response.Headers["Location"]; context.Response.StatusCode = 200; await context.Response.WriteAsync($@" <html> <body> <h1>Signing Out...<span id=""dots""></span></h1> <iframe style=""display:none;"" src=""../signoutcleanup""></iframe> <script> setInterval(function() {{ var dots = document.getElementById(""dots""); dots.innerText = dots.innerText + "".""; }}, 250); setTimeout(function() {{ window.location = ""{finalLocation}""; }}, 5000); </script> </body> </html>"); } }); }
public void Saml2AuthenticationOptions_Ctor_LoadsIdpFromConfiguration() { var subject = new Saml2AuthenticationOptions(true); subject.IdentityProviders.Default.EntityId.Id.Should().Be("https://idp.example.com"); }