static void CreatePassiveStsMetadata(StsData data, string fileName, Encoding encoding) { MetadataSerializer serializer = new MetadataSerializer(); SecurityTokenServiceDescriptor item = new SecurityTokenServiceDescriptor(); EntityDescriptor metadata = new EntityDescriptor(); metadata.EntityId = new EntityId(data.EntityId); X509Certificate2 certificate = CertificateHelper.RetrieveCertificate(data.SigninCertificateCn); metadata.SigningCredentials = new X509SigningCredentials(certificate); KeyDescriptor descriptor3 = new KeyDescriptor(new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[] { new X509SecurityToken(certificate).CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>() })); descriptor3.Use = KeyType.Signing; item.Keys.Add(descriptor3); if (data.Claims != null) { foreach (var claim in data.Claims) { DisplayClaim dc = new DisplayClaim(claim.ClaimType, claim.DisplayTag, claim.Description) { Optional = claim.Optional }; item.ClaimTypesOffered.Add(dc); } } item.PassiveRequestorEndpoints.Add(new EndpointAddress(new Uri(data.PassiveRequestorEndpoint).AbsoluteUri)); if (data.Protocols != null) { foreach (Protocol protocol in data.Protocols) { item.ProtocolsSupported.Add(new Uri(protocol.ProtocolNamespace)); } } item.SecurityTokenServiceEndpoints.Add(new EndpointAddress(new Uri(data.ActiveStsEndpoint).AbsoluteUri)); item.Contacts.Add(new ContactPerson(ContactType.Technical) { Company = data.MainContact.Company, GivenName = data.MainContact.GivenName, Surname = data.MainContact.SurName, EmailAddresses = { data.MainContact.Email }, TelephoneNumbers = { data.MainContact.Phone } }); metadata.RoleDescriptors.Add(item); XmlTextWriter writer = new XmlTextWriter(fileName, Encoding.UTF8); serializer.WriteMetadata(writer, metadata); writer.Close(); }
private static void CreateIdentityProviderMetadata(SamlIdpData idpData, string fileName, Encoding encoding) { if (string.IsNullOrEmpty(idpData.SigninCertificateCn)) { throw new ApplicationException("no CN for a Certificate supplied"); } string signingCertificateSubjectName = idpData.SigninCertificateCn; Constants.NameIdType nidFmt = idpData.NameIdType; MetadataSerializer serializer = new MetadataSerializer(); IdentityProviderSingleSignOnDescriptor item = new IdentityProviderSingleSignOnDescriptor(); EntityDescriptor metadata = new EntityDescriptor(); metadata.EntityId = new EntityId(idpData.EntityId); X509Certificate2 certificate = CertificateHelper.RetrieveCertificate(signingCertificateSubjectName); KeyDescriptor descriptor = new KeyDescriptor( new SecurityKeyIdentifier( new SecurityKeyIdentifierClause[] { new X509SecurityToken(certificate).CreateKeyIdentifierClause <X509RawDataKeyIdentifierClause>() })); descriptor.Use = KeyType.Signing; item.Keys.Add(descriptor); //using 2.0 if (Constants.NameIdType.Saml20 == nidFmt) { item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient); } //using 1.1 if (Constants.NameIdType.Saml11 == nidFmt) { item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified); } foreach (var attributeName in idpData.AttributeNames) { Saml2Attribute at1 = new Saml2Attribute(attributeName.Name) { NameFormat = new Uri(Constants.Saml20AttributeNameFormat) }; item.SupportedAttributes.Add(at1); } item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol)); item.SingleSignOnServices.Add(new ProtocolEndpoint(new Uri(idpData.BindingType), new Uri(idpData.BindingLocation))); metadata.RoleDescriptors.Add(item); metadata.Contacts.Add(new ContactPerson(ContactType.Technical) { Company = idpData.MainContact.Company, GivenName = idpData.MainContact.GivenName, Surname = idpData.MainContact.SurName, EmailAddresses = { idpData.MainContact.Email }, TelephoneNumbers = { idpData.MainContact.Phone } }); XmlTextWriter writer = new XmlTextWriter(fileName, encoding); serializer.WriteMetadata(writer, metadata); writer.Close(); }