private void LoadMetadata(EntityDescriptor metadata)
{
if (EntityId != null)
{
if (metadata.EntityId.Id != EntityId.Id)
{
var msg = string.Format(CultureInfo.InvariantCulture,
"Unexpected entity id \"{0}\" found when loading metadata for \"{1}\".",
metadata.EntityId.Id, EntityId.Id);
throw new ConfigurationErrorsException(msg);
}
}
else
{
EntityId = metadata.EntityId;
}
var idpDescriptor = metadata.RoleDescriptors
.OfType <IdentityProviderSingleSignOnDescriptor>().Single();
var ssoService = idpDescriptor.SingleSignOnServices.First();
Binding = Saml2Binding.UriToSaml2BindingType(ssoService.Binding);
AssertionConsumerServiceUrl = ssoService.Location;
var key = idpDescriptor.Keys
.Where(k => k.Use == KeyType.Unspecified || k.Use == KeyType.Signing)
.SingleOrDefault();
if (key != null)
{
SigningKey = ((AsymmetricSecurityKey)key.KeyInfo.CreateKey())
.GetAsymmetricAlgorithm(SignedXml.XmlDsigRSASHA1Url, false);
}
}
private void ReadMetadataIdpDescriptor(ExtendedEntityDescriptor metadata)
{
var idpDescriptor = metadata.RoleDescriptors
.OfType <IdentityProviderSingleSignOnDescriptor>().Single();
// Prefer an endpoint with a redirect binding, then check for POST which
// is the other supported by AuthServices.
var ssoService = idpDescriptor.SingleSignOnServices
.FirstOrDefault(s => s.Binding == Saml2Binding.HttpRedirectUri) ??
idpDescriptor.SingleSignOnServices
.First(s => s.Binding == Saml2Binding.HttpPostUri);
binding = Saml2Binding.UriToSaml2BindingType(ssoService.Binding);
singleSignOnServiceUrl = ssoService.Location;
var key = idpDescriptor.Keys
.Where(k => k.Use == KeyType.Unspecified || k.Use == KeyType.Signing)
.SingleOrDefault();
if (key != null)
{
signingKey = ((AsymmetricSecurityKey)key.KeyInfo.CreateKey())
.GetAsymmetricAlgorithm(SignedXml.XmlDsigRSASHA1Url, false);
}
}
private void ReadMetadataIdpDescriptor(ExtendedEntityDescriptor metadata)
{
var idpDescriptor = metadata.RoleDescriptors
.OfType <IdentityProviderSingleSignOnDescriptor>().Single();
// Prefer an endpoint with a redirect binding, then check for POST which
// is the other supported by AuthServices.
var ssoService = idpDescriptor.SingleSignOnServices
.FirstOrDefault(s => s.Binding == Saml2Binding.HttpRedirectUri) ??
idpDescriptor.SingleSignOnServices
.FirstOrDefault(s => s.Binding == Saml2Binding.HttpPostUri);
if (ssoService != null)
{
binding = Saml2Binding.UriToSaml2BindingType(ssoService.Binding);
singleSignOnServiceUrl = ssoService.Location;
}
foreach (var ars in idpDescriptor.ArtifactResolutionServices)
{
artifactResolutionServiceUrls[ars.Value.Index] = ars.Value.Location;
}
foreach (var ars in artifactResolutionServiceUrls.Keys
.Where(k => !idpDescriptor.ArtifactResolutionServices.Keys.Contains(k)))
{
artifactResolutionServiceUrls.Remove(ars);
}
var keys = idpDescriptor.Keys.Where(k => k.Use == KeyType.Unspecified || k.Use == KeyType.Signing);
signingKeys.SetLoadedItems(keys.Select(k => ((AsymmetricSecurityKey)k.KeyInfo.CreateKey())
.GetAsymmetricAlgorithm(SignedXml.XmlDsigRSASHA1Url, false)).ToList());
}
private void ReadMetadataIdpDescriptor(ExtendedEntityDescriptor metadata)
{
var idpDescriptor = metadata.RoleDescriptors
.OfType <IdentityProviderSingleSignOnDescriptor>().Single();
WantAuthnRequestsSigned = idpDescriptor.WantAuthenticationRequestsSigned;
// Prefer an endpoint with a redirect binding, then check for POST which
// is the other supported by AuthServices.
var ssoService = idpDescriptor.SingleSignOnServices
.FirstOrDefault(s => s.Binding == Saml2Binding.HttpRedirectUri) ??
idpDescriptor.SingleSignOnServices
.FirstOrDefault(s => s.Binding == Saml2Binding.HttpPostUri);
if (ssoService != null)
{
binding = Saml2Binding.UriToSaml2BindingType(ssoService.Binding);
singleSignOnServiceUrl = ssoService.Location;
}
var sloService = idpDescriptor.SingleLogoutServices
.Where(slo => slo.Binding == Saml2Binding.HttpRedirectUri ||
slo.Binding == Saml2Binding.HttpPostUri)
.FirstOrDefault();
if (sloService != null)
{
SingleLogoutServiceUrl = sloService.Location;
SingleLogoutServiceBinding = Saml2Binding.UriToSaml2BindingType(sloService.Binding);
singleLogoutServiceResponseUrl = sloService.ResponseLocation;
}
foreach (var ars in idpDescriptor.ArtifactResolutionServices)
{
artifactResolutionServiceUrls[ars.Value.Index] = ars.Value.Location;
}
foreach (var ars in artifactResolutionServiceUrls.Keys
.Where(k => !idpDescriptor.ArtifactResolutionServices.Keys.Contains(k)))
{
artifactResolutionServiceUrls.Remove(ars);
}
var keys = idpDescriptor.Keys.Where(k => k.Use == KeyType.Unspecified || k.Use == KeyType.Signing);
signingKeys.SetLoadedItems(keys.Select(k => k.KeyInfo.First(c => c.CanCreateKey)).ToList());
}
private void ReadMetadataIdpDescriptor(ExtendedEntityDescriptor metadata)
{
var idpDescriptor = metadata.RoleDescriptors
.OfType <IdentityProviderSingleSignOnDescriptor>().Single();
WantAuthnRequestsSigned = idpDescriptor.WantAuthenticationRequestsSigned;
var ssoService = GetPreferredEndpoint(idpDescriptor.SingleSignOnServices);
if (ssoService != null)
{
binding = Saml2Binding.UriToSaml2BindingType(ssoService.Binding);
singleSignOnServiceUrl = ssoService.Location;
}
var sloService = GetPreferredEndpoint(idpDescriptor.SingleLogoutServices);
if (sloService != null)
{
SingleLogoutServiceUrl = sloService.Location;
SingleLogoutServiceBinding = Saml2Binding.UriToSaml2BindingType(sloService.Binding);
singleLogoutServiceResponseUrl = sloService.ResponseLocation;
}
foreach (var ars in idpDescriptor.ArtifactResolutionServices)
{
artifactResolutionServiceUrls[ars.Value.Index] = ars.Value.Location;
}
foreach (var ars in artifactResolutionServiceUrls.Keys
.Where(k => !idpDescriptor.ArtifactResolutionServices.Keys.Contains(k)))
{
artifactResolutionServiceUrls.Remove(ars);
}
var keys = idpDescriptor.Keys.Where(k => k.Use == KeyType.Unspecified || k.Use == KeyType.Signing);
signingKeys.SetLoadedItems(keys.Select(k => k.KeyInfo.First(c => c.CanCreateKey)).ToList());
}