public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (authServer == null)
{
throw new ArgumentNullException("authServer");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError);
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (updateIdRealm)
{
authServer.IssuerIdentifier = authMetadata.ServiceName;
authServer.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm))
{
writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null);
}
authServer.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (partnerApplication == null)
{
throw new ArgumentNullException("partnerApplication");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError);
if (updatePidOrRealmOrIssuer)
{
partnerApplication.ApplicationIdentifier = authMetadata.ServiceName;
partnerApplication.IssuerIdentifier = authMetadata.Issuer;
partnerApplication.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null);
}
partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
}
protected override IConfigurable PrepareDataObject()
{
this.CreateAuthServersContainer();
AuthServer authServer = (AuthServer)base.PrepareDataObject();
ADObjectId containerId = AuthServer.GetContainerId(this.ConfigurationSession);
authServer.SetId(containerId.GetChildId(authServer.Name));
if (base.Fields.IsModified("AppSecretParameter"))
{
if (authServer.Type != AuthServerType.Facebook && authServer.Type != AuthServerType.LinkedIn)
{
base.WriteError(new TaskException(Strings.ErrorInvalidAuthServerTypeValue), ErrorCategory.InvalidArgument, null);
}
authServer.CurrentEncryptedAppSecret = OAuthTaskHelper.EncryptSecretWithDKM(this.AppSecret, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
else if (authServer.IsModified(AuthServerSchema.AuthMetadataUrl))
{
if (!authServer.IsModified(AuthServerSchema.Type))
{
authServer.Type = AuthServerType.MicrosoftACS;
}
else if (authServer.Type != AuthServerType.ADFS && authServer.Type != AuthServerType.AzureAD)
{
base.WriteError(new TaskException(Strings.ErrorInvalidAuthServerTypeValue), ErrorCategory.InvalidArgument, null);
}
OAuthTaskHelper.FixAuthMetadataUrl(authServer, new Task.TaskErrorLoggingDelegate(base.WriteError));
OAuthTaskHelper.FetchAuthMetadata(authServer, this.TrustAnySSLCertificate, true, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
OAuthTaskHelper.ValidateAuthServerRealmAndUniqueness(authServer, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
return(this.DataObject);
}
protected override void InternalProcessRecord()
{
if (this.RefreshAuthMetadata)
{
OAuthTaskHelper.FetchAuthMetadata(this.DataObject, this.TrustAnySSLCertificate, false, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
base.InternalProcessRecord();
}
protected override IConfigurable PrepareDataObject()
{
AuthServer authServer = (AuthServer)base.PrepareDataObject();
if ((base.ParameterSetName == "AppSecretParameterSet" && !SetAuthServer.IsOneOfAuthServerTypes(authServer.Type, new AuthServerType[]
{
AuthServerType.Facebook,
AuthServerType.LinkedIn
})) || (base.ParameterSetName == "AuthMetadataUrlParameterSet" && !SetAuthServer.IsOneOfAuthServerTypes(authServer.Type, new AuthServerType[]
{
AuthServerType.MicrosoftACS,
AuthServerType.AzureAD,
AuthServerType.ADFS
})) || (base.ParameterSetName == "NativeClientAuthServerParameterSet" && !SetAuthServer.IsOneOfAuthServerTypes(authServer.Type, new AuthServerType[]
{
AuthServerType.AzureAD,
AuthServerType.ADFS
})))
{
base.WriteError(new TaskException(Strings.ErrorAuthServerCannotSwitchType), ErrorCategory.InvalidArgument, null);
}
if (base.Fields.IsModified("AppSecretParameter"))
{
authServer.CurrentEncryptedAppSecret = OAuthTaskHelper.EncryptSecretWithDKM(this.AppSecret, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
if (base.Fields.IsModified(AuthServerSchema.IssuerIdentifier))
{
authServer.IssuerIdentifier = this.IssuerIdentifier;
}
if (base.Fields.IsModified(AuthServerSchema.TokenIssuingEndpoint))
{
authServer.TokenIssuingEndpoint = this.TokenIssuingEndpoint;
}
if (base.Fields.IsModified(AuthServerSchema.ApplicationIdentifier))
{
authServer.ApplicationIdentifier = this.ApplicationIdentifier;
}
if (base.Fields.IsModified(AuthServerSchema.AuthMetadataUrl))
{
authServer.AuthMetadataUrl = this.AuthMetadataUrl;
OAuthTaskHelper.FixAuthMetadataUrl(authServer, new Task.TaskErrorLoggingDelegate(base.WriteError));
OAuthTaskHelper.FetchAuthMetadata(authServer, this.TrustAnySSLCertificate, false, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
OAuthTaskHelper.ValidateAuthServerRealmAndUniqueness(authServer, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
if (base.Fields.IsModified(AuthServerSchema.IsDefaultAuthorizationEndpoint))
{
authServer.IsDefaultAuthorizationEndpoint = this.IsDefaultAuthorizationEndpoint;
OAuthTaskHelper.ValidateAuthServerAuthorizationEndpoint(authServer, this.ConfigurationSession, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
return(authServer);
}
protected override IConfigurable PrepareDataObject()
{
PartnerApplication partnerApplication = (PartnerApplication)base.PrepareDataObject();
if (base.Fields.IsModified(PartnerApplicationSchema.AuthMetadataUrl))
{
if (partnerApplication.UseAuthServer)
{
base.WriteError(new TaskException(Strings.ErrorPartnerApplicationUseAuthServerCannotSetUrl), ErrorCategory.InvalidArgument, null);
}
partnerApplication.AuthMetadataUrl = this.AuthMetadataUrl;
OAuthTaskHelper.FetchAuthMetadata(partnerApplication, this.TrustAnySSLCertificate, false, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
else if (base.Fields.IsModified(PartnerApplicationSchema.Realm) || base.Fields.IsModified(PartnerApplicationSchema.ApplicationIdentifier) || base.Fields.IsModified(PartnerApplicationSchema.IssuerIdentifier))
{
base.WriteError(new TaskException(Strings.ErrorChangePartnerApplicationDirectTrust), ErrorCategory.InvalidArgument, null);
}
if (base.Fields.IsModified(PartnerApplicationSchema.LinkedAccount))
{
if (this.LinkedAccount == null)
{
partnerApplication.LinkedAccount = null;
}
else
{
ADRecipient adrecipient = (ADRecipient)base.GetDataObject <ADRecipient>(this.LinkedAccount, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorRecipientNotFound(this.LinkedAccount.ToString())), new LocalizedString?(Strings.ErrorRecipientNotUnique(this.LinkedAccount.ToString())));
partnerApplication.LinkedAccount = adrecipient.Id;
}
}
if (base.Fields.IsModified(PartnerApplicationSchema.AppOnlyPermissions))
{
partnerApplication.AppOnlyPermissions = this.AppOnlyPermissions;
}
if (base.Fields.IsModified(PartnerApplicationSchema.ActAsPermissions))
{
partnerApplication.ActAsPermissions = this.ActAsPermissions;
}
OAuthTaskHelper.ValidateApplicationRealmAndUniqueness(partnerApplication, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
return(partnerApplication);
}
protected override IConfigurable PrepareDataObject()
{
this.CreatePartnerApplicationsContainer();
PartnerApplication partnerApplication = (PartnerApplication)base.PrepareDataObject();
ADObjectId containerId = PartnerApplication.GetContainerId(this.ConfigurationSession);
partnerApplication.SetId(containerId.GetChildId(partnerApplication.Name));
partnerApplication.UseAuthServer = true;
if (partnerApplication.IsModified(PartnerApplicationSchema.AuthMetadataUrl))
{
partnerApplication.UseAuthServer = false;
OAuthTaskHelper.FetchAuthMetadata(partnerApplication, this.TrustAnySSLCertificate, true, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
if (base.Fields.IsModified(PartnerApplicationSchema.LinkedAccount))
{
if (this.LinkedAccount == null)
{
partnerApplication.LinkedAccount = null;
}
else
{
ADRecipient adrecipient = (ADRecipient)base.GetDataObject <ADRecipient>(this.LinkedAccount, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorRecipientNotFound(this.LinkedAccount.ToString())), new LocalizedString?(Strings.ErrorRecipientNotUnique(this.LinkedAccount.ToString())));
partnerApplication.LinkedAccount = adrecipient.Id;
}
}
if (base.Fields.IsModified(PartnerApplicationSchema.AppOnlyPermissions))
{
partnerApplication.AppOnlyPermissions = this.AppOnlyPermissions;
}
if (base.Fields.IsModified(PartnerApplicationSchema.ActAsPermissions))
{
partnerApplication.ActAsPermissions = this.ActAsPermissions;
}
OAuthTaskHelper.ValidateApplicationRealmAndUniqueness(partnerApplication, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
return(partnerApplication);
}
