|
public static RetrieveCertificate ( string subjectName ) : |
||
| subjectName | string | |
| return | ||
static void CreatePassiveStsMetadata(StsData data, string fileName, Encoding encoding)
{
MetadataSerializer serializer = new MetadataSerializer();
SecurityTokenServiceDescriptor item = new SecurityTokenServiceDescriptor();
EntityDescriptor metadata = new EntityDescriptor();
metadata.EntityId = new EntityId(data.EntityId);
X509Certificate2 certificate = CertificateHelper.RetrieveCertificate(data.SigninCertificateCn);
metadata.SigningCredentials = new X509SigningCredentials(certificate);
KeyDescriptor descriptor3 = new KeyDescriptor(new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { new X509SecurityToken(certificate).CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>() }));
descriptor3.Use = KeyType.Signing;
item.Keys.Add(descriptor3);
if (data.Claims != null)
{
foreach (var claim in data.Claims)
{
DisplayClaim dc = new DisplayClaim(claim.ClaimType, claim.DisplayTag, claim.Description)
{
Optional = claim.Optional
};
item.ClaimTypesOffered.Add(dc);
}
}
item.PassiveRequestorEndpoints.Add(new EndpointAddress(new Uri(data.PassiveRequestorEndpoint).AbsoluteUri));
if (data.Protocols != null)
{
foreach (Protocol protocol in data.Protocols)
{
item.ProtocolsSupported.Add(new Uri(protocol.ProtocolNamespace));
}
}
item.SecurityTokenServiceEndpoints.Add(new EndpointAddress(new Uri(data.ActiveStsEndpoint).AbsoluteUri));
item.Contacts.Add(new ContactPerson(ContactType.Technical)
{
Company = data.MainContact.Company,
GivenName = data.MainContact.GivenName,
Surname = data.MainContact.SurName,
EmailAddresses = { data.MainContact.Email },
TelephoneNumbers = { data.MainContact.Phone }
});
metadata.RoleDescriptors.Add(item);
XmlTextWriter writer = new XmlTextWriter(fileName, Encoding.UTF8);
serializer.WriteMetadata(writer, metadata);
writer.Close();
}
private static void CreateIdentityProviderMetadata(SamlIdpData idpData, string fileName, Encoding encoding)
{
if (string.IsNullOrEmpty(idpData.SigninCertificateCn))
{
throw new ApplicationException("no CN for a Certificate supplied");
}
string signingCertificateSubjectName = idpData.SigninCertificateCn;
Constants.NameIdType nidFmt = idpData.NameIdType;
MetadataSerializer serializer = new MetadataSerializer();
IdentityProviderSingleSignOnDescriptor item = new IdentityProviderSingleSignOnDescriptor();
EntityDescriptor metadata = new EntityDescriptor();
metadata.EntityId = new EntityId(idpData.EntityId);
X509Certificate2 certificate = CertificateHelper.RetrieveCertificate(signingCertificateSubjectName);
KeyDescriptor descriptor = new KeyDescriptor(
new SecurityKeyIdentifier(
new SecurityKeyIdentifierClause[]
{
new X509SecurityToken(certificate).CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>()
}));
descriptor.Use = KeyType.Signing;
item.Keys.Add(descriptor);
//using 2.0
if (Constants.NameIdType.Saml20 == nidFmt)
{
item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient);
}
//using 1.1
if (Constants.NameIdType.Saml11 == nidFmt)
{
item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified);
}
foreach (var attributeName in idpData.AttributeNames)
{
Saml2Attribute at1 = new Saml2Attribute(attributeName.Name)
{
NameFormat = new Uri(Constants.Saml20AttributeNameFormat)
};
item.SupportedAttributes.Add(at1);
}
item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol));
item.SingleSignOnServices.Add(new ProtocolEndpoint(new Uri(idpData.BindingType), new Uri(idpData.BindingLocation)));
metadata.RoleDescriptors.Add(item);
metadata.Contacts.Add(new ContactPerson(ContactType.Technical)
{
Company = idpData.MainContact.Company,
GivenName = idpData.MainContact.GivenName,
Surname = idpData.MainContact.SurName,
EmailAddresses = { idpData.MainContact.Email },
TelephoneNumbers = { idpData.MainContact.Phone }
});
XmlTextWriter writer = new XmlTextWriter(fileName, encoding);
serializer.WriteMetadata(writer, metadata);
writer.Close();
}
