public void EntityDescriptorExtensions_ToXElement_Nodes() { EntityId entityId = new EntityId("http://dummyentityid.com"); var entityDescriptor = new EntityDescriptor(entityId); var spsso = new ServiceProviderSingleSignOnDescriptor(); string sampleAcsUri = "https://some.uri.example.com/acs"; var acs = new IndexedProtocolEndpoint() { IsDefault = false, Index = 17, Binding = Saml2Binding.HttpPostUri, Location = new Uri(sampleAcsUri) }; spsso.AssertionConsumerServices.Add(1, acs); entityDescriptor.RoleDescriptors.Add(spsso); var rootName = Saml2Namespaces.Saml2Metadata + "EntityDescriptor"; var elementName = Saml2Namespaces.Saml2Metadata + "SPSSODescriptor"; var subject = entityDescriptor.ToXElement(); subject.Name.Should().Be(rootName); subject.Elements().Single().Name.Should().Be(elementName); subject.Attribute("entityId").Value.Should().Be("http://dummyentityid.com"); }
public void ServiceProviderSingleSignOnDescriptorExtensions_ToXElement_NullCheck_SPSSO() { ServiceProviderSingleSignOnDescriptor spsso = null; Action a = () => spsso.ToXElement(); a.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("spsso"); }
public static EntityDescriptor GetSpEntityDescriptor(string entityId) { var descriptor = new EntityDescriptor(new EntityId(entityId)); var cert = EntityDescriptorProviderMock.GetMockCertificate(); var idpRole = new ServiceProviderSingleSignOnDescriptor(); idpRole.AssertionConsumerServices.Add(0, new IndexedProtocolEndpoint(0, new Uri(ProtocolBindings.HttpRedirect), new Uri("http://localhost:60879"))); descriptor.RoleDescriptors.Add(idpRole); return(descriptor); }
public static XElement ToXElement(this ServiceProviderSingleSignOnDescriptor spsso) { if (spsso == null) { throw new ArgumentNullException("spsso"); } var innerElementName = Saml2Namespaces.Saml2Metadata + "AssertionConsumerService"; return(new XElement(Saml2Namespaces.Saml2Metadata + "SPSSODescriptor", spsso.AssertionConsumerServices.Select(acs => acs.Value.ToXElement(innerElementName)))); }
private static void CreateIdentityProviderMetadata(SamlSpData samlSpData, string fileName, Encoding encoding) { Constants.NameIdType nidFmt = samlSpData.NameIdType; MetadataSerializer serializer = new MetadataSerializer(); ServiceProviderSingleSignOnDescriptor item = new ServiceProviderSingleSignOnDescriptor(); EntityDescriptor metadata = new EntityDescriptor(); metadata.EntityId = new EntityId(samlSpData.EntityId); //using 2.0 if (Constants.NameIdType.Saml20 == nidFmt) { item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient); } //using 1.1 if (Constants.NameIdType.Saml11 == nidFmt) { item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified); } item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol)); IndexedProtocolEndpoint ipEndpoint = new IndexedProtocolEndpoint() { IsDefault = true, Binding = new Uri(samlSpData.BindingType), Location = new Uri(samlSpData.BindingLocation) }; item.AssertionConsumerService.Add(0, ipEndpoint); metadata.RoleDescriptors.Add(item); metadata.Contacts.Add(new ContactPerson(ContactType.Technical) { Company = samlSpData.MainContact.Company, GivenName = samlSpData.MainContact.GivenName, Surname = samlSpData.MainContact.SurName, EmailAddresses = { samlSpData.MainContact.Email }, TelephoneNumbers = { samlSpData.MainContact.Phone } }); XmlTextWriter writer = new XmlTextWriter(fileName, encoding); serializer.WriteMetadata(writer, metadata); writer.Close(); }
private ServiceProviderSingleSignOnDescriptor CreateServiceProviderSingleSignOnDescriptor() { var indexedProtocolEndpointDictionary = new IndexedProtocolEndpointDictionary(); var indexedProtocolEndpoint = new IndexedProtocolEndpoint(0, new Uri(Saml2Constants.PostBinding), new Uri(_configuration.MultiProtocolIssuer.ReplyUrl.AbsoluteUri)) { IsDefault = true }; indexedProtocolEndpointDictionary.Add(0, indexedProtocolEndpoint); var serviceProviderSingleSignOnDescriptor = new ServiceProviderSingleSignOnDescriptor(indexedProtocolEndpointDictionary); serviceProviderSingleSignOnDescriptor.ProtocolsSupported.Add(new Uri(Saml2Constants.Protocol)); serviceProviderSingleSignOnDescriptor.WantAssertionsSigned = true; serviceProviderSingleSignOnDescriptor.AuthenticationRequestsSigned = false; return(serviceProviderSingleSignOnDescriptor); }
private static void CreateIdentityProviderMetadata(SamlSpData samlSpData, string fileName, Encoding encoding) { Constants.NameIdType nidFmt = samlSpData.NameIdType; MetadataSerializer serializer = new MetadataSerializer(); ServiceProviderSingleSignOnDescriptor item = new ServiceProviderSingleSignOnDescriptor(); EntityDescriptor metadata = new EntityDescriptor(); metadata.EntityId = new EntityId(samlSpData.EntityId); //using 2.0 if (Constants.NameIdType.Saml20 == nidFmt) item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient); //using 1.1 if (Constants.NameIdType.Saml11 == nidFmt) item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified); item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol)); IndexedProtocolEndpoint ipEndpoint = new IndexedProtocolEndpoint() { IsDefault=true, Binding=new Uri(samlSpData.BindingType), Location=new Uri(samlSpData.BindingLocation) }; item.AssertionConsumerService.Add(0, ipEndpoint); metadata.RoleDescriptors.Add(item); metadata.Contacts.Add(new ContactPerson(ContactType.Technical) { Company = samlSpData.MainContact.Company, GivenName = samlSpData.MainContact.GivenName, Surname = samlSpData.MainContact.SurName, EmailAddresses = { samlSpData.MainContact.Email }, TelephoneNumbers = { samlSpData.MainContact.Phone } }); XmlTextWriter writer = new XmlTextWriter(fileName, encoding); serializer.WriteMetadata(writer, metadata); writer.Close(); }
public void ServiceProviderSingleSignOnDescriptorExtensions_ToXElement_BasicAttributes() { string sampleAcsUri = "https://some.uri.example.com/acs"; var acs = new IndexedProtocolEndpoint() { IsDefault = false, Index = 17, Binding = Saml2Binding.HttpPostUri, Location = new Uri(sampleAcsUri) }; var spsso = new ServiceProviderSingleSignOnDescriptor(); spsso.AssertionConsumerServices.Add(1, acs); var elementName = Saml2Namespaces.Saml2Metadata + "SPSSODescriptor"; var innerElementName = Saml2Namespaces.Saml2Metadata + "AssertionConsumerService"; var subject = spsso.ToXElement(); subject.Name.Should().Be(elementName); subject.Elements().Single().Name.Should().Be(innerElementName); }
public void GenerateMetadataFile() { var pluginManager = PluginManager.GetSingleton <SpMetaDataPlugin>(); var descriptor = new EntityDescriptor(new EntityId { Id = pluginManager.EntityId }); //var idpSignInUrl = IdpGetSignInUrl(pluginManager.IdpMetaDataUrl); var spd = new ServiceProviderSingleSignOnDescriptor { AuthenticationRequestsSigned = pluginManager.AuthnRequestsSigned, WantAssertionsSigned = pluginManager.WantAssertionsSigned, ValidUntil = DateTime.Now.AddDays(365) }; spd.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); spd.NameIdentifierFormats.Add(new Uri(pluginManager.NameId)); var consumerService = new IndexedProtocolEndpoint { Index = 0, IsDefault = true, Location = new Uri($"{Apis.Get<ICoreUrls>().Home()}samlresponse"), Binding = new Uri("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST") }; spd.AssertionConsumerServices.Add(1, consumerService); // Organizational Info if (!string.IsNullOrEmpty(pluginManager.OrgName) || !string.IsNullOrEmpty(pluginManager.OrgDisplayName) || !string.IsNullOrEmpty(pluginManager.OrgUrl)) { descriptor.Organization = new Organization(); } if (!string.IsNullOrEmpty(pluginManager.OrgName)) { descriptor.Organization.Names.Add(new LocalizedName(pluginManager.OrgName, CultureInfo.InvariantCulture)); } if (!string.IsNullOrEmpty(pluginManager.OrgDisplayName)) { descriptor.Organization.DisplayNames.Add(new LocalizedName(pluginManager.OrgDisplayName, CultureInfo.InvariantCulture)); } if (!string.IsNullOrEmpty(pluginManager.OrgUrl)) { descriptor.Organization.Urls.Add(new LocalizedUri(new Uri(pluginManager.OrgUrl), CultureInfo.InvariantCulture)); } // Tech contact info if (!string.IsNullOrEmpty(pluginManager.OrgName) && !string.IsNullOrEmpty(pluginManager.TechEmail) && !string.IsNullOrEmpty(pluginManager.SupportEmail)) { descriptor.Contacts.Add(new ContactPerson { Company = pluginManager.OrgName, EmailAddresses = { pluginManager.TechEmail, pluginManager.SupportEmail }, Type = ContactType.Support }); } // Handle the signing certificate if provided if (!string.IsNullOrEmpty(pluginManager.PrivateKey) && !string.IsNullOrEmpty(pluginManager.X509Cert)) { var cert = GetX509Cert(pluginManager.X509Cert, pluginManager.PrivateKey); var signingCredentials = new X509SigningCredentials(cert); var signingKey = new KeyDescriptor(signingCredentials.SigningKeyIdentifier) { Use = KeyType.Signing }; var encryptionKey = new KeyDescriptor(signingCredentials.SigningKeyIdentifier) { Use = KeyType.Encryption }; // Add signing key if a cert is provided. spd.Keys.Add(signingKey); spd.Keys.Add(encryptionKey); descriptor.SigningCredentials = signingCredentials; } descriptor.RoleDescriptors.Add(spd); var xml = WriteXml(descriptor); var context = HttpContext.Current; context.ClearError(); context.Response.Cache.SetLastModified(DateTime.Now); context.Response.ContentType = "text/xml"; context.Response.ContentEncoding = Encoding.UTF8; context.Response.AddHeader("content-disposition", "attachment; filename=community-metadata.xml"); context.Response.Write(xml); context.Response.Flush(); context.Response.End(); }