// This method demonstrates loading configuration programmatically. // This is useful if you wish to store configuration in a custom database, for example. // Alternatively, configuration is loaded automatically from the saml.config file in the application's directory. private static void LoadSAMLConfigurationProgrammatically() { SAMLConfiguration samlConfiguration = new SAMLConfiguration(); samlConfiguration.IdentityProviderConfiguration = new IdentityProviderConfiguration() { Name = "urn:componentspace:ExampleIdentityProvider", CertificateFile = "idp.pfx", CertificatePassword = "******" }; samlConfiguration.AddPartnerServiceProvider( new PartnerServiceProviderConfiguration() { Name = "urn:componentspace:ExampleServiceProvider", WantAuthnRequestSigned = false, SignSAMLResponse = true, SignAssertion = false, EncryptAssertion = false, AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx", SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider/SAML/SLOService.aspx", CertificateFile = "sp.cer" }); SAMLConfiguration.Current = samlConfiguration; }
static void Main(string[] args) { try { ParseArguments(args); EntitiesDescriptor entitiesDescriptor = LoadMetadata(); SAMLConfiguration samlConfiguration = LoadSAMLConfiguration(); IList <X509Certificate2> x509Certificates = new List <X509Certificate2>(); MetadataImporter.Import(entitiesDescriptor, samlConfiguration, x509Certificates); AddLocalProviders(samlConfiguration); UpdatePartnerProviders(samlConfiguration); SaveSAMLConfiguration(samlConfiguration); SaveCertificates(x509Certificates); } catch (Exception exception) { Console.Error.WriteLine(exception.ToString()); if (exception is ArgumentException) { ShowUsage(); } } }
private static void ConfigureIdentityProvidersUsingRepository( SAMLConfiguration samlConfiguration, SamlIdentityProvidersRepository repository) { SamlPocTraceListener.Log("SAML", "SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Loading Identity Providers"); var providers = repository.GetRegisteredIdentityProviders(); SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: {providers.Count()} Identity Providers loaded:"); var providersConfig = Utils.SerializeToJson(providers); SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Identity Providers configuration:\r\n{providersConfig}"); foreach (var provider in providers) { samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = provider.Name, Description = provider.Description, SignAuthnRequest = provider.SignAuthnRequest, SingleSignOnServiceUrl = provider.SingleSignOnUrl, SingleLogoutServiceUrl = provider.SingleLogoutUrl, PartnerCertificateFile = provider.CertificateFile, UseEmbeddedCertificate = provider.UseEmbeddedCertificate, DisableInboundLogout = !provider.SingleLogoutSupported, DisableOutboundLogout = !provider.SingleLogoutSupported }); } }
static void Main(string[] args) { try { SAMLConfiguration samlConfiguration = LoadSAMLConfiguration(); EntityDescriptor entityDescriptor = null; if (samlConfiguration.LocalIdentityProviderConfiguration != null) { entityDescriptor = ExportIdentityProviderMetadata(samlConfiguration); } else if (samlConfiguration.LocalServiceProviderConfiguration != null) { entityDescriptor = ExportServiceProviderMetadata(samlConfiguration); } SaveMetadata(entityDescriptor); } catch (Exception exception) { Console.Error.WriteLine(exception.ToString()); } }
public static void GuideSSO(HttpResponseBase httpResponse, string partnerSp, string subject, Dictionary <string, string> samlAttributes) { Trace.TraceInformation("Initiation of SSO to the partner service provider " + partnerSp + " has completed successfully."); SAMLConfiguration.Load(); var issuer = SAMLConfiguration.Current.IdentityProviderConfiguration.Name; var partner = SAMLConfiguration.Current.GetPartnerServiceProvider(partnerSp); Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ": Initiating SSO to the partner service provider " + partnerSp); var saml = CreateSAML20ResponseAsBase64(issuer, 5, partnerSp, subject, partner.AssertionConsumerServiceUrl, samlAttributes, partnerSp); var responseContent = String.Format("<html xmlns=\"http://www.w3.org/1999/xhtml\">" + "<body onload=\"document.forms.samlform.submit()\">" + "<noscript><p><strong>Note:</strong> Since your browser does not support Javascript, you must press the Continue button once to proceed.</p></noscript>" + "<form id=\"samlform\" action=\"{0}\" method=\"post\">" + "<div>" + "<input type=\"hidden\" name=\"SAMLResponse\" value=\"{1}\" />" + "<input type=\"hidden\" name=\"clientId\" value=\"900D3C06-C63C-4F49-B3D2-54A91C771A43\" />" // + "<input type=\"hidden\" name=\"RelayState\" value=\"\" />" + "</div><noscript><div><input type=\"submit\" value=\"Continue\" /></div></noscript>" + "</form>" + "</body>" + "</html>", partner.AssertionConsumerServiceUrl, saml); Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ": Sending SAML form: " + responseContent); httpResponse.Write(responseContent); }
private static EntityDescriptor ExportServiceProviderMetadata(SAMLConfiguration samlConfiguration) { Console.Write("X.509 signature certificate .CER file [None]: "); string fileName = Console.ReadLine(); X509Certificate2 signatureCertificate = LoadCertificate(fileName); Console.Write("X.509 encryption certificate .CER file [None]: "); fileName = Console.ReadLine(); X509Certificate2 encryptionCertificate = LoadCertificate(fileName); Console.Write("Assertion Consumer Service URL: "); string assertionConsumerServiceURL = Console.ReadLine(); if (string.IsNullOrEmpty(assertionConsumerServiceURL)) { throw new ArgumentException("An assertion consumer service URL must be specified."); } Console.Write("Single Logout Service URL [None]: "); string singleLogoutServiceURL = Console.ReadLine(); Console.Write("Partner Identity Provider Name [None]: "); string partnerName = Console.ReadLine(); return(MetadataExporter.Export(samlConfiguration, signatureCertificate, encryptionCertificate, assertionConsumerServiceURL, singleLogoutServiceURL, partnerName)); }
static void Main(string[] args) { try { var samlConfiguration = new SAMLConfiguration(); switch (GetProviderType().ToLower()) { case "idp": samlConfiguration.LocalIdentityProviderConfiguration = CreateIdentityProviderConfiguration(); break; case "sp": samlConfiguration.LocalServiceProviderConfiguration = CreateServiceProviderConfiguration(); break; default: throw new ArgumentException("The provider type must either be \"IdP\" or \"SP\"."); } SaveConfiguration(samlConfiguration); } catch (Exception exception) { Console.WriteLine(exception.ToString()); } }
public static void GuideSSO(HttpResponseBase httpResponse, string partnerSp, string subject, Dictionary <string, string> samlAttributes) { SAMLConfiguration.Load(); var issuer = SAMLConfiguration.Current.IdentityProviderConfiguration.Name; var partner = SAMLConfiguration.Current.GetPartnerServiceProvider(partnerSp); var saml = CreateSAML20Response(issuer, 5, partnerSp, subject, partner.AssertionConsumerServiceUrl, samlAttributes, partnerSp); var responseContent = String.Format("<html xmlns=\"http://www.w3.org/1999/xhtml\">" + "<body onload=\"document.forms.samlform.submit()\">" + "<noscript><p><strong>Note:</strong> Since your browser does not support Javascript, you must press the Continue button once to proceed.</p></noscript>" + "<form id=\"samlform\" action=\"{0}\" method=\"post\">" + "<div>" + "<input type=\"hidden\" name=\"SAMLResponse\" value=\"{1}\" />" + "<input type=\"hidden\" name=\"RelayState\" value=\"\" />" + "</div><noscript><div><input type=\"submit\" value=\"Continue\" /></div></noscript>" + "</form>" + "</body>" + "</html>", partner.AssertionConsumerServiceUrl, saml); httpResponse.Write(responseContent); }
static void Main(string[] args) { try { ParseArguments(args); SAMLConfiguration samlConfiguration = LoadSAMLConfiguration(); X509Certificate2 x509Certificate = null; if (!string.IsNullOrEmpty(certificateFileName)) { x509Certificate = LoadCertificate(); } EntityDescriptor entityDescriptor = MetadataExporter.Export(samlConfiguration, x509Certificate, partnerName); SaveMetadata(entityDescriptor); } catch (Exception exception) { Console.Error.WriteLine(exception.ToString()); if (exception is ArgumentException) { ShowUsage(); } } }
static void Main(string[] args) { try { EntityDescriptor entityDescriptor = LoadMetadata(); SAMLConfiguration samlConfiguration = LoadSAMLConfiguration(); Console.Write("Certificate folder for saving certificates [Certificates]: "); string certificateFolder = Console.ReadLine(); if (string.IsNullOrEmpty(certificateFolder)) { certificateFolder = "Certificates"; } if (samlConfiguration.LocalIdentityProviderConfiguration != null) { MetadataImporter.ImportServiceProviders(entityDescriptor, samlConfiguration, certificateFolder); } if (samlConfiguration.LocalServiceProviderConfiguration != null) { MetadataImporter.ImportIdentityProviders(entityDescriptor, samlConfiguration, certificateFolder); } SaveSAMLConfiguration(samlConfiguration); } catch (Exception exception) { Console.Error.WriteLine(exception.ToString()); } }
// This method demonstrates loading configuration programmatically by calling the SAML configuration API. // Alternatively, configuration may be loaded programmatically by implementing the ISAMLConfigurationResolver interface. // Either of these approaches may be used if you wish to store configuration in a custom database, for example. // If not configured programmatically, configuration is loaded automatically from the saml.config file // in the application's directory. private static void LoadSAMLConfigurationProgrammatically() { SAMLConfiguration samlConfiguration = new SAMLConfiguration() { LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration() { Name = "http://ExampleServiceProvider", AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx", LocalCertificateFile = @"certificates\sp.pfx", LocalCertificatePassword = "******" } }; samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = "http://ExampleIdentityProvider", SignAuthnRequest = true, SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp.cer" }); SAMLController.Configuration = samlConfiguration; }
// This method demonstrates loading multi-tenanted configuration programmatically by calling the SAML configuration API. // Alternatively, configuration is loaded automatically from the multi-tenanted saml.config file in the application's directory. private static void LoadMultiTenantedSAMLConfigurationProgrammatically() { SAMLConfigurations samlConfigurations = new SAMLConfigurations(); SAMLConfiguration samlConfiguration = new SAMLConfiguration() { ID = "tenant1", LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration() { Name = "http://ExampleIdentityProvider", LocalCertificateFile = @"certificates\idp.pfx", LocalCertificatePassword = "******" } }; samlConfiguration.AddPartnerServiceProvider( new PartnerServiceProviderConfiguration() { Name = "http://ExampleServiceProvider", WantAuthnRequestSigned = true, SignSAMLResponse = true, AssertionConsumerServiceUrl = "http://*****:*****@"certificates\sp.cer" }); samlConfigurations.AddConfiguration(samlConfiguration); samlConfiguration = new SAMLConfiguration() { ID = "tenant2", LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration() { Name = "http://ExampleIdentityProvider2", LocalCertificateFile = @"certificates\idp2.pfx", LocalCertificatePassword = "******" } }; samlConfiguration.AddPartnerServiceProvider( new PartnerServiceProviderConfiguration() { Name = "http://ExampleServiceProvider2", WantAuthnRequestSigned = true, SignSAMLResponse = true, AssertionConsumerServiceUrl = "http://*****:*****@"certificates\sp2.cer" }); samlConfigurations.AddConfiguration(samlConfiguration); SAMLController.Configurations = samlConfigurations; }
protected void Application_Start() { AreaRegistration.RegisterAllAreas(); WebApiConfig.Register(GlobalConfiguration.Configuration); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); SAMLConfiguration.Load(); }
private static void SaveSAMLConfiguration(SAMLConfiguration samlConfiguration) { Console.WriteLine("Saving SAML configuration to {0}.", configurationFileName); XmlDocument xmlDocument = samlConfiguration.ToXml().OwnerDocument; using (XmlTextWriter xmlTextWriter = new XmlTextWriter(configurationFileName, null)) { xmlTextWriter.Formatting = Formatting.Indented; xmlDocument.Save(xmlTextWriter); } }
private static void UpdatePartnerProviders(SAMLConfiguration samlConfiguration) { foreach (PartnerIdentityProviderConfiguration partnerIdentityProviderConfiguration in samlConfiguration.PartnerIdentityProviderConfigurations.Values) { partnerIdentityProviderConfiguration.CertificateFile = promptMessage; } foreach (PartnerServiceProviderConfiguration partnerServiceProviderConfiguration in samlConfiguration.PartnerServiceProviderConfigurations.Values) { partnerServiceProviderConfiguration.CertificateFile = promptMessage; } }
private static void AddLocalProviders(SAMLConfiguration samlConfiguration) { if (samlConfiguration.PartnerIdentityProviderConfigurations.Count == 0 || samlConfiguration.PartnerServiceProviderConfigurations.Count > 0) { samlConfiguration.IdentityProviderConfiguration = new IdentityProviderConfiguration(); samlConfiguration.IdentityProviderConfiguration.Name = promptMessage; samlConfiguration.IdentityProviderConfiguration.CertificateFile = promptMessage; } if (samlConfiguration.PartnerServiceProviderConfigurations.Count == 0 || samlConfiguration.PartnerIdentityProviderConfigurations.Count > 0) { samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration(); samlConfiguration.ServiceProviderConfiguration.Name = promptMessage; samlConfiguration.ServiceProviderConfiguration.CertificateFile = promptMessage; samlConfiguration.ServiceProviderConfiguration.AssertionConsumerServiceUrl = promptMessage; } }
public static void Configure(SamlIdentityProvidersRepository repository) { SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.Configure: Starting configuration of SAML environment."); SAMLConfiguration samlConfiguration = new SAMLConfiguration(); ConfigureServiceProvider(samlConfiguration); ConfigureIdentityProvidersUsingRepository(samlConfiguration, repository); // ConfigureIdentityProvidersUsingHardCodedConfiguration(samlConfiguration); SAMLController.Configuration = samlConfiguration; SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.Configure: Ended configuration of SAML environment."); }
private static void ConfigureServiceProvider(SAMLConfiguration samlConfiguration) { samlConfiguration.LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration() { Name = ConfigurationManager.AppSettings[ServiceProviderName], Description = ConfigurationManager.AppSettings[ServiceProviderDescription], AssertionConsumerServiceUrl = ConfigurationManager.AppSettings[ServiceProviderAssertionConsumerServiceUrl], LocalCertificateFile = ConfigurationManager.AppSettings[ServiceProviderLocalCertificateFile], LocalCertificatePassword = ConfigurationManager.AppSettings[ServiceProviderLocalCertificatePassword] }; var spConfig = Utils.SerializeToJson(samlConfiguration.LocalServiceProviderConfiguration); SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureServiceProvider: Service Provider configuration:\r\n{spConfig}"); }
protected void Application_Start() { MvcHandler.DisableMvcResponseHeader = true; AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Upn; FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); var samlConfigLocation = Settings.Get <string>("Saml.Configuration.FileLocation"); if (!string.IsNullOrEmpty(samlConfigLocation)) { SAMLConfiguration.Load(samlConfigLocation); } }
private static void SaveConfiguration(SAMLConfiguration samlConfiguration) { Console.Write("SAML configuration file [saml.config]: "); var fileName = ReadLine(); if (string.IsNullOrEmpty(fileName)) { fileName = "saml.config"; } using (XmlTextWriter xmlTextWriter = new XmlTextWriter(fileName, null)) { xmlTextWriter.Formatting = Formatting.Indented; samlConfiguration.ToXml().OwnerDocument.Save(xmlTextWriter); } }
private static void SaveSAMLConfiguration(SAMLConfiguration samlConfiguration) { Console.Write("Save SAML configuration to [{0}]: ", configurationFileName); string fileName = Console.ReadLine(); if (string.IsNullOrEmpty(fileName)) { fileName = configurationFileName; } XmlDocument xmlDocument = samlConfiguration.ToXml().OwnerDocument; using (XmlTextWriter xmlTextWriter = new XmlTextWriter(fileName, null)) { xmlTextWriter.Formatting = Formatting.Indented; xmlDocument.Save(xmlTextWriter); } }
static void Main(string[] args) { try { ParseArguments(args); Console.Error.WriteLine("Validating {0}.", fileName); SAMLConfiguration.Validate(fileName); } catch (Exception exception) { Console.Error.WriteLine(exception.ToString()); if (exception is ArgumentException) { ShowUsage(); } } }
private static SAMLConfiguration LoadSAMLConfiguration() { SAMLConfiguration samlConfiguration = null; if (File.Exists(configurationFileName)) { Console.WriteLine("Loading SAML configuration file {0}.", configurationFileName); XmlDocument xmlDocument = new XmlDocument(); xmlDocument.PreserveWhitespace = true; xmlDocument.Load(configurationFileName); samlConfiguration = new SAMLConfiguration(xmlDocument.DocumentElement); } else { samlConfiguration = new SAMLConfiguration(); } return(samlConfiguration); }
private static EntityDescriptor ExportIdentityProviderMetadata(SAMLConfiguration samlConfiguration) { Console.Write("X.509 certificate .CER file [None]: "); string fileName = Console.ReadLine(); X509Certificate2 x509Certificate = LoadCertificate(fileName); Console.Write("Single Sign-On Service URL: "); string singleSignOnServiceURL = Console.ReadLine(); if (string.IsNullOrEmpty(singleSignOnServiceURL)) { throw new ArgumentException("A single sign-on service URL must be specified."); } Console.Write("Single Logout Service URL [None]: "); string singleLogoutServiceURL = Console.ReadLine(); Console.Write("Partner Service Provider Name [None]: "); string partnerName = Console.ReadLine(); return(MetadataExporter.Export(samlConfiguration, x509Certificate, singleSignOnServiceURL, singleLogoutServiceURL, partnerName)); }
// This method demonstrates loading configuration programmatically by calling the SAML configuration API. // Alternatively, configuration may be loaded programmatically by implementing the ISAMLConfigurationResolver interface. // Either of these approaches may be used if you wish to store configuration in a custom database, for example. // If not configured programmatically, configuration is loaded automatically from the saml.config file // in the application's directory. private static void LoadSAMLConfigurationProgrammatically() { SAMLConfiguration samlConfiguration = new SAMLConfiguration() { LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration() { Name = "http://ExampleIdentityProvider", LocalCertificates = new List <CertificateConfiguration>() { new CertificateConfiguration() { FileName = @"certificates\idp.pfx", Password = "******" } } } }; samlConfiguration.AddPartnerServiceProvider( new PartnerServiceProviderConfiguration() { Name = "http://ExampleServiceProvider", WantAuthnRequestSigned = true, SignSAMLResponse = true, AssertionConsumerServiceUrl = "http://*****:*****@"certificates\sp.cer" } } }); SAMLController.Configuration = samlConfiguration; }
private static void ConfigureIdentityProvidersUsingHardcodedConfiguration(SAMLConfiguration samlConfiguration) { samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = "http://cone-idp", Description = "Cone Identity Provider", SignAuthnRequest = true, SingleSignOnServiceUrl = "http://cone-idp/SAML/SSOService", SingleLogoutServiceUrl = "http://cone-idp/SAML/SLOService", PartnerCertificateFile = "Certificates\\idp.cer" }); samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = "https://shib-idp/", Description = "Shibboleth Identity Provider", SignAuthnRequest = true, SingleSignOnServiceUrl = "https://shib-idp/SAML/SSOService.aspx?binding=redirect", PartnerCertificateFile = "Certificates\\idp.cer", DisableInboundLogout = true, DisableOutboundLogout = true }); samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = "http://kentor-idp/Metadata", Description = "Kentor Identity Provider", SignAuthnRequest = true, SingleSignOnServiceUrl = "http://kentor-idp/", SingleLogoutServiceUrl = "http://kentor-idp/Logout", UseEmbeddedCertificate = true }); }
private static SAMLConfiguration LoadSAMLConfiguration() { SAMLConfiguration samlConfiguration = null; if (File.Exists(configurationFileName)) { Console.WriteLine("Loading SAML configuration file {0}.", configurationFileName); XmlDocument xmlDocument = new XmlDocument(); xmlDocument.PreserveWhitespace = true; xmlDocument.Load(configurationFileName); samlConfiguration = new SAMLConfiguration(xmlDocument.DocumentElement); } else { samlConfiguration = new SAMLConfiguration(); } return samlConfiguration; }
// This method demonstrates loading multi-tenanted configuration programmatically by calling the SAML configuration API. // Alternatively, configuration is loaded automatically from the multi-tenanted saml.config file in the application's directory. private static void LoadMultiTenantedSAMLConfigurationProgrammatically() { SAMLConfigurations samlConfigurations = new SAMLConfigurations(); SAMLConfiguration samlConfiguration = new SAMLConfiguration() { ID = "tenant1", LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration() { Name = "http://ExampleServiceProvider", AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx", LocalCertificates = new List <CertificateConfiguration>() { new CertificateConfiguration() { FileName = @"certificates\sp.pfx", Password = "******" } } } }; samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = "http://ExampleIdentityProvider", SignAuthnRequest = true, SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp.cer", } } }); samlConfigurations.AddConfiguration(samlConfiguration); samlConfiguration = new SAMLConfiguration() { ID = "tenant2", LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration() { Name = "http://ExampleServiceProvider2", AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx", LocalCertificates = new List <CertificateConfiguration>() { new CertificateConfiguration() { FileName = @"certificates\sp2.pfx", Password = "******" } } } }; samlConfiguration.AddPartnerIdentityProvider( new PartnerIdentityProviderConfiguration() { Name = "http://ExampleIdentityProvider2", SignAuthnRequest = true, SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp2.cer", } } }); samlConfigurations.AddConfiguration(samlConfiguration); SAMLController.Configurations = samlConfigurations; }