/// <summary> /// Creates a System.ServiceModel.ServiceHost for a specified type of service with a specific base address. /// </summary> /// <param name="serviceType">Specifies the type of service to host.</param> /// <param name="baseAddresses">The System.Array of type System.Uri that contains the base addresses for the service hosted.</param> /// <returns></returns> protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses) { IServiceProvider sp = DI.DefaultServiceProvider; Type stsc = typeof(SecurityTokenServiceConfiguration); if (stsc.IsAssignableFrom(serviceType)) { // try resolving concrete or base STS configuration first to enable DI for it SecurityTokenServiceConfiguration stsConfig = sp.GetService(serviceType) as SecurityTokenServiceConfiguration; if (stsConfig == null) { stsConfig = sp.GetService(stsc) as SecurityTokenServiceConfiguration; } if (stsConfig == null) { stsConfig = Activator.CreateInstance(serviceType) as SecurityTokenServiceConfiguration; } ServiceHost host = new WSTrustServiceHost(stsConfig, baseAddresses); if (stsConfig.ServiceCertificate != null) { host.Credentials.ServiceCertificate.Certificate = stsConfig.ServiceCertificate; } return(host); } return(new ServiceProviderHost(sp, serviceType, baseAddresses)); }
public CustomSecurityTokenService(string loginProviderName, SecurityTokenServiceConfiguration securityTokenServiceConfiguration, EncryptingCredentials encryptingCredentials, IDragonUserStore <T> userStore) : base(securityTokenServiceConfiguration) { _loginProviderName = loginProviderName; _encryptingCredentials = encryptingCredentials; _userStore = userStore; }
static void Main(string[] args) { SigningCredentials signingCreds = new X509SigningCredentials("CN=MySTS".ToCertificate()); SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("http://MySTS", signingCreds); config.SecurityTokenHandlers.AddOrReplace(new CustomUsernameTokenHandler()); config.SecurityTokenService = typeof(MySecurityTokenService); // Create the WS-Trust service host with our STS configuration var host = new WSTrustServiceHost(config, new Uri("http://localhost:6000/MySTS")); try { host.Open(); Console.WriteLine("STS is ready to issue tokens… Press ENTER to shutdown"); Console.ReadLine(); host.Close(); } finally { if (host.State != CommunicationState.Faulted) { host.Close(); } else { host.Abort(); } } }
/// <summary> /// Creates a ServiceHost instance. To register a Security Token Service in IIS create /// a .svc file in the following format. /// <%@ServiceHost language=c# Debug="true" Factory="UserNameCardStsHostFactory" Service="<CustomSecurityTokenServiceConfiguration>" %> /// </summary> /// <param name="constructorString">The STSConfiguration name that is passed to the Service argument in the .svc file.</param> /// <param name="baseAddresses">The address under which the .svc file is registered.</param> /// <returns>Instance of Service Host.</returns> /// <exception cref="ArgumentNullException">One of the input arguments is either null or is an empty string.</exception> /// <exception cref="InvalidOperationException">The 'constructorString' parameter does not refer to a type 'SecurityTokenServiceConfiguration'.</exception> public override ServiceHostBase CreateServiceHost( string constructorString, Uri[] baseAddresses ) { if ( String.IsNullOrEmpty( constructorString ) ) { throw new ArgumentNullException( "constructorString" ); } if ( baseAddresses == null ) { throw new ArgumentNullException( "baseAddresses" ); } SecurityTokenServiceConfiguration securityTokenServiceConfiguration = CreateSecurityTokenServiceConfiguration( constructorString ); if ( securityTokenServiceConfiguration == null ) { throw new InvalidOperationException( "CreateSecurityTokenServiceConfiguration return a null SecurityTokenServiceConfiguration object" ); } WSTrustServiceHost serviceHost = new WSTrustServiceHost( securityTokenServiceConfiguration, baseAddresses ); // // Configure an EndpointIdentity for the service host. // If no EndpointIdentity is required, you may wish to set the SecurityTokenServiceConfiguration.TrustEndpoints property instead. // serviceHost.Description.Endpoints.Add( new ServiceEndpoint( ContractDescription.GetContract( typeof( IWSTrust13SyncContract ) ), new UserNameWSTrustBinding( SecurityMode.TransportWithMessageCredential ), new EndpointAddress( new Uri( StsAddress ), EndpointIdentity.CreateX509CertificateIdentity( SslCert ) ) ) ); serviceHost.Description.Behaviors.Find<ServiceMetadataBehavior>().HttpsGetUrl = new Uri( StsMexAddress ); return serviceHost; }
/// <summary> /// Call the STS to get an appropriate token for a request and build a response. /// </summary> /// <param name="requestMessage"></param> /// <returns>The <see cref="SignInResponseMessage"/></returns> private SignInResponseMessage ProcessSignInRequest(SignInRequestMessage requestMessage) { // Ensure that the requestMessage has the required wtrealm parameter if (String.IsNullOrEmpty(requestMessage.Realm)) { throw new InvalidOperationException("Missing realm"); } SecurityTokenServiceConfiguration stsconfig = new SecurityTokenServiceConfiguration("PassiveFlowSTS"); // Create our STS backend SecurityTokenService sts = new CustomSecurityTokenService(stsconfig); // Create the WS-Federation serializer to process the request and create the response WSFederationSerializer federationSerializer = new WSFederationSerializer(); // Create RST from the request RequestSecurityToken request = federationSerializer.CreateRequest(requestMessage, new WSTrustSerializationContext()); // Get RSTR from our STS backend RequestSecurityTokenResponse response = sts.Issue((ClaimsPrincipal)Thread.CurrentPrincipal, request); // Create Response message from the RSTR return(new SignInResponseMessage(new Uri(response.ReplyTo), federationSerializer.GetResponseAsString(response, new WSTrustSerializationContext()))); }
static void Main(string[] args) { // Create and setup the configuration for our STS SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("STS"); // Add the STS endpoint information config.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSTSBinding(), "http://localhost:6000/STS")); // Set the STS implementation class type config.SecurityTokenService = typeof(CustomSecurityTokenService); SecurityTokenHandlerCollection actAsHandlerCollection = config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.ActAs]; actAsHandlerCollection.Configuration.IssuerNameRegistry = new ActAsIssuerNameRegistry(); // The token that we receive in the <RequestSecurityToken><ActAs> element was issued to the service proxies. // By adding the proxy audience URIs here we are enforcing the implicit contract that the STS will accept // only tokens issued to the proxy as an ActAs token. actAsHandlerCollection.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://localhost/WFE/default.aspx")); actAsHandlerCollection.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://localhost/Service1/Service1.svc")); // Create the WS-Trust service host with our STS configuration using (WSTrustServiceHost host = new WSTrustServiceHost(config, new Uri("http://localhost:6000/STS"))) { host.Open(); Console.WriteLine("STS started, press ENTER to stop ..."); Console.ReadLine(); host.Close(); } }
/// <summary> /// /// </summary> /// <param name="requestMessage"></param> /// <param name="config"></param> /// <param name="withRefreshToken"></param> /// <returns></returns> public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config, Boolean withRefreshToken) { ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; // Call issuer to create token WSTrustChannelFactory factory = new WSTrustChannelFactory("issuer"); // TODO: factory.Credentials.UserName.UserName = requestMessage.Name ?? requestMessage.ClientId; // TODO: factory.Credentials.UserName.Password = requestMessage.Password ?? requestMessage.ClientSecret; WSTrustChannel issuer = factory.CreateChannel() as WSTrustChannel; RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue); rst.AppliesTo = new EndpointAddress("https://wrap.client"); rst.KeyType = WSTrust13Constants.KeyTypes.Bearer; RequestSecurityTokenResponse response = null; issuer.Issue(rst, out response); WSTrustSerializationContext context = new WSTrustSerializationContext( config.SecurityTokenHandlerCollectionManager, config.CreateAggregateTokenResolver(), config.IssuerTokenResolver); // Create response var token = response.RequestedSecurityToken.SecurityToken; if (null == token) { using (XmlReader reader = new XmlNodeReader(response.RequestedSecurityToken.SecurityTokenXml)) { token = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader); } token = ConvertToSimpleWebToken(token, response); } // Write token return WriteToken(token, withRefreshToken); }
protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses) { SecurityTokenServiceConfiguration config = GetSecureTokenServiceConfiguration(); var host = new UnityWSTrustServiceHost(_unityContainer, config, baseAddresses); return(host); }
private ActionResult SignIn(string replyToAddress) { var user = HttpContext.Current.User.Identity.IsAuthenticated ? PreviouslyAuthenticated(replyToAddress) : AuthenticateAndCreateCookie(replyToAddress); var config = new SecurityTokenServiceConfiguration("http://sts.local", new X509SigningCredentials(LoadCertificate())); FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(HttpContext.Current.Request, (ClaimsPrincipal)user, new CustomTokenService(config), HttpContext.Current.Response); return(new HttpStatusCodeResult(HttpStatusCode.OK)); }
public static TestSts Create() { var signingCredentials = new X509SigningCredentials(GetCertificate()); var configuration = new SecurityTokenServiceConfiguration(Issuer, signingCredentials); return(new TestSts(configuration)); }
/// <summary> /// Use this constructor to initialize scope provider and token issuer certificate. /// </summary> /// <param name="securityTokenServiceConfiguration">The SecurityTokenServiceConfiguration that will have the related settings for the STS.</param> protected SecurityTokenService(SecurityTokenServiceConfiguration securityTokenServiceConfiguration) { if (securityTokenServiceConfiguration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("securityTokenServiceConfiguration"); } _securityTokenServiceConfiguration = securityTokenServiceConfiguration; }
public SamlTokenService(SecurityTokenServiceConfiguration configuration, IConfigurationRepository configurationRepository, IUserRepository userRepository, IClaimsRepository claimsRepository, IIdentityProviderRepository identityProviderRepository, IClaimsTransformationRulesRepository claimsTransformationRulesRepository) : base(configuration) { UserRepository = userRepository; ClaimsRepository = claimsRepository; IdentityProviderRepository = identityProviderRepository; ClaimsTransformationRulesRepository = claimsTransformationRulesRepository; ConfigurationRepository = configurationRepository; }
public FederationSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { using (var container = new UnityContainer()) { ContainerBootstraper.RegisterTypes(container); this.tenantStore = container.Resolve<ITenantStore>(); } }
public TokenService(SecurityTokenServiceConfiguration configuration, IConfigurationRepository configurationRepository, IUserRepository userRepository, IClaimsRepository claimsRepository, IIdentityProviderRepository identityProviderRepository, IClaimsTransformationRulesRepository claimsTransformationRulesRepository) : base(configuration) { UserRepository = userRepository; ClaimsRepository = claimsRepository; IdentityProviderRepository = identityProviderRepository; ClaimsTransformationRulesRepository = claimsTransformationRulesRepository; ConfigurationRepository = configurationRepository; }
public MySecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { // Setup the certificate our STS is going to use to sign the issued tokens _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, SigningCertificateName)); // We only support a single RP identity represented by the _encryptingCreds _encryptingCreds = new X509EncryptingCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, EncryptingCertificateName)); }
private string ProcessSignIn(Uri url, ClaimsPrincipal user) { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["SecurityTokenServiceEndpointUrl"], SecurityHelper.CreateSignupCredentialsFromConfig()); var encryptionCredentials = SecurityHelper.CreateEncryptingCredentialsFromConfig(); var sts = new CustomSecurityTokenService <AppMember>(WebConfigurationManager.AppSettings["LoginProviderName"], config, encryptionCredentials, _userStore); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts); return(responseMessage.WriteFormPost()); }
private SecurityTokenServiceConfiguration GetSecureTokenServiceConfiguration() { var signingCredentials = new X509SigningCredentials(CertificateHelper.GetCertificate(_tokenServiceOptions.CertificateStoreName, _tokenServiceOptions.CertificateStoreLocation, _tokenServiceOptions.CertificateSubject)); var config = new SecurityTokenServiceConfiguration(_tokenServiceOptions.CertificateIssuer, signingCredentials); config.SecurityTokenHandlers.AddOrReplace(_unityContainer.Resolve <CustomAuthenticationHandler>()); config.SecurityTokenService = typeof(TokenService); config.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; return(config); }
public static string ProcessSignIn(Uri url, ClaimsPrincipal user) { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate2()); var config = new SecurityTokenServiceConfiguration($"{url.Scheme}://{url.Authority}/FederatedLogin/", signingCredentials); var sts = new CustomSecurityTokenService(config); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts); return(responseMessage.WriteFormPost()); }
private static string ProcessSignIn(Uri url, ClaimsPrincipal user) { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate(ConfigurationManager.AppSettings["SigningCertificateName"])); var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["IssuerName"], signingCredentials); var sts = new CustomSecurityTokenService(config); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts); return(responseMessage.WriteFormPost()); }
/// <summary> /// The constructor. /// </summary> /// <param name="config">The <see cref="SecurityTokenServiceConfiguration"/> object to be /// passed to the base class.</param> public CustomSecurityTokenService(SecurityTokenServiceConfiguration config) : base(config) { // Set up the localized DisplayClaim table for the "Given Name" display-tag in English, Italian, Spanish, and French locales localizedDisplayClaimTable = new Dictionary <string, string>(); localizedDisplayClaimTable.Add("en-US", "Given Name"); localizedDisplayClaimTable.Add("it-IT", "Nome di Battesimo"); localizedDisplayClaimTable.Add("es-ES", "Nombre de Pila"); localizedDisplayClaimTable.Add("fr-FR", "Prénom"); }
/// <summary> /// Processes a WS-Federation request. /// </summary> /// <param name="request">The WS-Federation request message.</param> /// <param name="principal">The client principal.</param> /// <param name="configuration">The token service configuration.</param> public static void ProcessRequest(WSFederationMessage request, IClaimsPrincipal principal, SecurityTokenServiceConfiguration configuration) { Contract.Requires(request != null); Contract.Requires(principal != null); Contract.Requires(configuration != null); HttpContext context = HttpContext.Current; if (request.Action == WSFederationConstants.Actions.SignIn) { var response = ProcessSignInRequest( (SignInRequestMessage)request, principal, configuration); response.Write(context.Response.Output); context.Response.Flush(); context.Response.End(); } else if (request.Action == WSFederationConstants.Actions.SignOut) { var signOut = (SignOutRequestMessage)request; ProcessSignOutRequest(); if (!String.IsNullOrEmpty(signOut.Reply)) { context.Response.Redirect(signOut.Reply); } else { context.Response.Redirect("~/"); } } else if (request.Action == WSFederationConstants.Actions.SignOutCleanup) { var signOut = (SignOutCleanupRequestMessage)request; ProcessSignOutRequest(); if (!String.IsNullOrEmpty(signOut.Reply)) { context.Response.Redirect(signOut.Reply); } else { context.Response.Redirect("~/"); } } else { throw new InvalidOperationException(String.Format( CultureInfo.InvariantCulture, "Unsupported Action: {0}", request.Action)); } }
public static System.IdentityModel.SecurityTokenService GetSecurityTokenService() { var config = new SecurityTokenServiceConfiguration( ConfigurationManager.AppSettings["stsName"], CertificateFactory.GetSigningCredentials()) { DefaultTokenLifetime = new TimeSpan(1, 0, 0, 0) }; return(new CustomSecurityTokenService(config)); }
/// <summary> /// Initializes a new instance of the GenesisSecurityTokenService class. /// </summary> /// <param name="configuration">Configuration for the service.</param> public STSService(SecurityTokenServiceConfiguration configuration) : base(configuration) { _signingCreds = new X509SigningCredentials( CertificateUtil.GetCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.SigningCertificateThumbprint])); if (!string.IsNullOrWhiteSpace(WebConfigurationManager.AppSettings[Common.EncryptingCertificateName])) { _encryptingCreds = new X509EncryptingCredentials( CertificateUtil.GetCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.EncryptingCertificateName])); } }
public CustomSecurityTokenService(SecurityTokenServiceConfiguration config) : base(config) { this.signingCreds = new X509SigningCredentials( CertificateUtil.GetCertificate(StoreName.Root, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.SigningCertificateName])); if (!string.IsNullOrWhiteSpace(WebConfigurationManager.AppSettings[Common.EncryptingCertificateName])) { this.encryptingCreds = new X509EncryptingCredentials( CertificateUtil.GetCertificate(StoreName.Root, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.EncryptingCertificateName])); } }
public TokenService(SecurityTokenServiceConfiguration securityTokenServiceConfiguration) : base(securityTokenServiceConfiguration) { var options = new TokenServiceOptions(); options.CertificateStoreName = StoreName.Root; options.CertificateStoreLocation = StoreLocation.LocalMachine; options.CertificateIssuer = "CN=SecureTokenServiceTest"; options.CertificateSubject = "CN=SecureTokenServiceTest"; _tokenServiceOptions = options; }
public CustomSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { // Setup the certificate our STS is going to use to sign the issued tokens _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, SIGNING_CERTIFICATE_NAME)); // Note: In this sample app only a si ngle RP identity is shown, which is localhost, and the certificate of that RP is // populated as _encryptingCreds // If you have multiple RPs for the STS you would select the certificate that is specific to // the RP that requests the token and then use that for _encryptingCreds _encryptingCreds = new X509EncryptingCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, ENCRYPTING_CERTIFICATE_NAME)); }
public CustomSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { _trustFabric = OpenTrustFabric(); // Setup certificate the STS is going to use to sign the issued tokens configuration.SigningCredentials = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, SigningCertificateName)); //configuration.SigningCredentials = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, SigningCertificateName), // "http://www.w3.org/2000/09/xmldsig#rsa-sha1", // "http://www.w3.org/2000/09/xmldsig#sha1"); }
public CustomSecurityTokenService(SecurityTokenServiceConfiguration securityTokenServiceConfiguration) : base(securityTokenServiceConfiguration) { //this.SigningCredentials = new X509SigningCredentials( // GetCertificate(WebConfigurationManager.AppSettings["SigningCertificateName"]) // ); //if (!string.IsNullOrWhiteSpace(WebConfigurationManager.AppSettings["EncryptingCertificateName"])) //{ // this.encryptingCreds = new X509EncryptingCredentials( // GetCertificate( WebConfigurationManager.AppSettings["EncryptingCertificateName"]) // ); //} }
private void SignIn(LoginModel model) { var claims = GetClaims(model.UserId); var config = new SecurityTokenServiceConfiguration( "SimIssuer", new X509SigningCredentials( new X509Certificate2(Server.MapPath(VirtualPathUtility.ToAbsolute("~/app_data/simissuer.pfx")), "SimIssuer", X509KeyStorageFlags.MachineKeySet), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmlenc#sha256")); var tokenService = new TokenService(config); var principal = new ClaimsPrincipal(new ClaimsIdentity(claims.Select(x => new System.Security.Claims.Claim(String.Concat(x.Namespace, "/", x.Name), x.Value)))); var requestUri = new Uri(BuildRequestUrl(model)); tokenService.ProcessSignIn(principal, requestUri); }
private static string ProcessSignIn(Uri url, ClaimsPrincipal principal) { SignInRequestMessage requestMSG = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); X509SigningCredentials credentials = new X509SigningCredentials (GetX509Cert(ConfigurationManager.AppSettings["SigningCertificateName"])); SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["IssuerName"], credentials); CustomSecurityTokenService sts = new CustomSecurityTokenService(config); SignInResponseMessage finalResponse = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMSG, principal, sts); return(finalResponse.WriteFormPost()); }
protected CustomSecurityTokenService(SecurityTokenServiceConfiguration securityTokenServiceConfiguration) : base(securityTokenServiceConfiguration) { var certificate = CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, WebConfigurationManager.AppSettings[Common.SigningCertificateName]); _signingCredentials = new X509SigningCredentials(certificate); if (!string.IsNullOrWhiteSpace(WebConfigurationManager.AppSettings[Common.EncryptingCertificateName])) { _encryptingCredentials = new X509EncryptingCredentials( CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine , WebConfigurationManager.AppSettings[Common.EncryptingCertificateName])); } }
private string ProcessSignIn(Uri url, ClaimsPrincipal user) { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); //var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=localhost")); //var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=MySTSCert2")); var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificateFromFile(System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["CertName"]))); var config = new SecurityTokenServiceConfiguration("http://localhost:5000", _signingCreds); var sts = new CustomSecurityTokenService(config); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts); return(responseMessage.WriteFormPost()); }
public static SecurityTokenServiceConfiguration CreateConfigurationFromExpectedUrl(string url) { var config = new SecurityTokenServiceConfiguration(); config.TokenIssuerName = "sts.test.larionov"; // hard-coded for testing purposes only ! config.SecurityTokenService = typeof(MySecurityTokenService); config.DefaultTokenLifetime = TimeSpan.FromHours(2); config.SecurityTokenHandlers.Add(new SimpleWebTokenHandler()); config.DefaultTokenType = SimpleWebTokenHandler.SimpleWebTokenTypeUri; config.SigningCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey( Encoding.UTF8.GetBytes("wAVkldQiFypTQ+ddNdGWCBCHRcee9XmXxXvgmak8vSDm")), // hard-coded for testing purposes only ! SymmetricKeySignatureAlgorithm, SymmetricKeyDigestAlgorithm); return(config); }
private static WSTrustServiceHost CreateSecurityTokenServiceHost() { var signingCredentials = new X509SigningCredentials(STSCertificate); var stsConfig = new SecurityTokenServiceConfiguration(STSAddress, signingCredentials); stsConfig.SecurityTokenService = typeof(CustomSecurityTokenService); // Add the STS endpoint information stsConfig.TrustEndpoints.Add( new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetSecurityTokenServiceBinding(), STSAddress)); // Setting the certificate will automatically populate the token resolver // that is used to decrypt the client entropy in the RST. stsConfig.ServiceCertificate = STSCertificate; WSTrustServiceHost stsHost = new WSTrustServiceHost(stsConfig, new Uri(STSAddress)); return(stsHost); }
public CustomSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { // // Setup the certificate our STS is going to use to sign the issued tokens // _signingCreds = new X509SigningCredentials( CertificateUtil.GetCertificate( StoreName.My, StoreLocation.LocalMachine, SigningCertificateName)); // // In this sample, we only support a single RP identity represented by the _encryptingCreds. // However, this encrypting credential may differ based on the RP identity requesting a token in // a production STS. See the comments in GetScope() for more details. // _encryptingCreds = new X509EncryptingCredentials( CertificateUtil.GetCertificate( StoreName.My, StoreLocation.LocalMachine, EncryptingCertificateName)); }
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses) { StreamWriter file = new StreamWriter("c:\\temp\\IdentityProviderSts.OnBehalfOfSecurityTokenServiceFactory - CreateServiceHost.txt", true); file.WriteLine("_________________________________________"); file.WriteLine("DateTime: " + DateTime.Now.ToString()); file.WriteLine("constructorString:" + constructorString); file.Close(); SecurityTokenServiceConfiguration config = new SecurityTokenServiceConfiguration("https://ha50idp:8544/IDP-STS/Issue.svc"); //Uri baseUri = baseAddresses.FirstOrDefault(a => a.Scheme == "https"); //if (baseUri == null) // throw new InvalidOperationException("The STS should be hosted under https"); //config.TrustEndpoints.Add(new ServiceHostEndpointConfiguration(typeof(IWSTrust13SyncContract), GetCertificateCredentialsBinding(), baseUri + "")); // Set the STS implementation class type config.SecurityTokenService = typeof(CustomSecurityTokenService); // Create a security token handler collection and then provide with a SAML11 security token // handler and set the Audience restriction to Never SecurityTokenHandlerCollection onBehalfOfHandlers = new SecurityTokenHandlerCollection(); Saml2SecurityTokenHandler onBehalfOfTokenHandler = new Saml2SecurityTokenHandler(); onBehalfOfHandlers.Add(onBehalfOfTokenHandler); //onBehalfOfHandlers.Add(userNameTokenHandler); onBehalfOfHandlers.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; // Set the appropriate issuer name registry //onBehalfOfHandlers.Configuration.IssuerNameRegistry = new IdentityProviderIssuerNameRegistry(); // Set the token handlers collection config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.OnBehalfOf] = onBehalfOfHandlers; // WindowsUserNameSecurityTokenHandler userNameTokenHandler = new WindowsUserNameSecurityTokenHandler(); // config.SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.Default].Add(userNameTokenHandler); WSTrustServiceHost host = new WSTrustServiceHost(config, baseAddresses); return host; }
public WrapIssuer(SecurityTokenServiceConfiguration configuration) : this(configuration, null) { }
/// <summary> /// Creates an instance of CustomSecurityTokenService. /// </summary> /// <param name="configuration">The SecurityTokenServiceConfiguration.</param> /// <param name="encryptingCertificateName"></param> public CustomSecurityTokenService(SecurityTokenServiceConfiguration configuration, string encryptingCertificateName) : base(configuration) { _encryptingCertificateName = encryptingCertificateName; }
public TokenService(SecurityTokenServiceConfiguration configuration, IUserRepository userRepository, IClaimsRepository claimsRepository) : base(configuration) { UserRepository = userRepository; ClaimsRepository = claimsRepository; }
public MultiProtocolSecurityTokenService(SecurityTokenServiceConfiguration configuration, IConfigurationRepository multiProtocolConfiguration) : base(configuration) { this.multiProtocolConfiguration = multiProtocolConfiguration; }
/// <summary> /// /// </summary> /// <param name="requestMessage"></param> /// <param name="config"></param> /// <returns></returns> public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config) { return ProcessAccessTokenRequest(requestMessage, config, false); }
// ToDo: Set enableAppliesToValidation to true to enable only the RP Url's specified in the ActiveClaimsAwareApps array to get a token from this STS /// <summary> /// The enable applies to validation. /// </summary> //private const bool EnableAppliesToValidation = false; // ToDo: Add relying party Url's that will be allowed to get token from this STS //static readonly string[] ActiveClaimsAwareApps = { ConfigurationManager.AppSettings["IssuerName"] }; /// <summary> /// Creates an instance of CustomSecurityTokenService. /// </summary> /// <param name="configuration">The SecurityTokenServiceConfiguration.</param> public WindowsSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { }
public Sts(SecurityTokenServiceConfiguration configuration) : this(configuration, null) { }
/// <summary> /// Processes a WS-Federation sign in request. /// </summary> /// <param name="request">The request.</param> /// <param name="principal">The client principal.</param> /// <param name="configuration">The token service configuration.</param> /// <returns>A SignInResponseMessage</returns> public static SignInResponseMessage ProcessSignInRequest(SignInRequestMessage request, IClaimsPrincipal principal, SecurityTokenServiceConfiguration configuration) { Contract.Requires(request != null); Contract.Requires(principal != null); Contract.Requires(configuration != null); Contract.Ensures(Contract.Result<SignInResponseMessage>() != null); // create token service and serializers var sts = configuration.CreateSecurityTokenService(); var context = new WSTrustSerializationContext( sts.SecurityTokenServiceConfiguration.SecurityTokenHandlerCollectionManager, sts.SecurityTokenServiceConfiguration.ServiceTokenResolver, sts.SecurityTokenServiceConfiguration.IssuerTokenResolver); var federationSerializer = new WSFederationSerializer( sts.SecurityTokenServiceConfiguration.WSTrust13RequestSerializer, sts.SecurityTokenServiceConfiguration.WSTrust13ResponseSerializer); // convert ws-fed message to RST and call issue pipeline var rst = federationSerializer.CreateRequest(request, context); var rstr = sts.Issue(principal, rst); // check ReplyTo Uri result = null; if (!Uri.TryCreate(rstr.ReplyTo, UriKind.Absolute, out result)) { throw new InvalidOperationException("Invalid ReplyTo"); } var response = new SignInResponseMessage(result, rstr, federationSerializer, context); // copy the incoming context data (as required by the WS-Federation spec) if (!String.IsNullOrEmpty(request.Context)) { response.Context = request.Context; } return response; }
/// <summary> /// Creates an instance of CustomSecurityTokenService. /// </summary> /// <param name="configuration">The SecurityTokenServiceConfiguration.</param> public CustomSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { }
public WrapIssuer(SecurityTokenServiceConfiguration configuration, ReadOnlyCollection<Claim> claimSet) : base(configuration) { this.claimSet = claimSet; }
public MultiProtocolSecurityTokenService(SecurityTokenServiceConfiguration configuration) : this(configuration, new DefaultConfigurationRepository()) { }
public TokenService(SecurityTokenServiceConfiguration configuration, IUserRepository userRepository) : base(configuration) { _userRepository = userRepository; }
/// <summary> /// The constructor. /// </summary> /// <param name="config">The <see cref="SecurityTokenServiceConfiguration"/> object to be /// passed to the base class.</param> public RealmSecurityTokenService(SecurityTokenServiceConfiguration config) : base(config) { }
/// <summary> /// Initializes a new instance of the <see cref="TracingSecurityTokenService"/> class. /// </summary> /// <param name="configuration">The configuration.</param> public TracingSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { }
public SimpleSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base( configuration ) { }
public IdentityProviderSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { }
public SparkleTokenService(SecurityTokenServiceConfiguration securityTokenServiceConfiguration) : base(securityTokenServiceConfiguration) { }
/// <summary> /// Creates an instance of StotaxSecurityTokenService. /// </summary> /// <param name="configuration">The SecurityTokenServiceConfiguration.</param> public DotnetKoelnSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { }
public InMemorySts(SecurityTokenServiceConfiguration configuration, X509Certificate2 encryptionKey) : base(configuration) { _encryptionkey = encryptionKey; }
public SamlTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { Container.Current.SatisfyImportsOnce(this); }
public JwtSecurityTokenService(SecurityTokenServiceConfiguration securityTokenServiceConfiguration) : base(securityTokenServiceConfiguration) { }