// This method demonstrates loading configuration programmatically.
// This is useful if you wish to store configuration in a custom database, for example.
// Alternatively, configuration is loaded automatically from the saml.config file in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.IdentityProviderConfiguration =
new IdentityProviderConfiguration() {
Name = "urn:componentspace:ExampleIdentityProvider",
CertificateFile = "idp.pfx",
CertificatePassword = "******"
};
samlConfiguration.AddPartnerServiceProvider(
new PartnerServiceProviderConfiguration() {
Name = "urn:componentspace:ExampleServiceProvider",
WantAuthnRequestSigned = false,
SignSAMLResponse = true,
SignAssertion = false,
EncryptAssertion = false,
AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx",
SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider/SAML/SLOService.aspx",
CertificateFile = "sp.cer"
});
SAMLConfiguration.Current = samlConfiguration;
}
static void Main(string[] args)
{
try {
ParseArguments(args);
EntitiesDescriptor entitiesDescriptor = LoadMetadata();
SAMLConfiguration samlConfiguration = LoadSAMLConfiguration();
IList <X509Certificate2> x509Certificates = new List <X509Certificate2>();
MetadataImporter.Import(entitiesDescriptor, samlConfiguration, x509Certificates);
AddLocalProviders(samlConfiguration);
UpdatePartnerProviders(samlConfiguration);
SaveSAMLConfiguration(samlConfiguration);
SaveCertificates(x509Certificates);
}
catch (Exception exception) {
Console.Error.WriteLine(exception.ToString());
if (exception is ArgumentException)
{
ShowUsage();
}
}
}
private static void ConfigureIdentityProvidersUsingRepository(
SAMLConfiguration samlConfiguration,
SamlIdentityProvidersRepository repository)
{
SamlPocTraceListener.Log("SAML", "SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Loading Identity Providers");
var providers = repository.GetRegisteredIdentityProviders();
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: {providers.Count()} Identity Providers loaded:");
var providersConfig = Utils.SerializeToJson(providers);
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureIdentityProvidersUsingRepository: Identity Providers configuration:\r\n{providersConfig}");
foreach (var provider in providers)
{
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = provider.Name,
Description = provider.Description,
SignAuthnRequest = provider.SignAuthnRequest,
SingleSignOnServiceUrl = provider.SingleSignOnUrl,
SingleLogoutServiceUrl = provider.SingleLogoutUrl,
PartnerCertificateFile = provider.CertificateFile,
UseEmbeddedCertificate = provider.UseEmbeddedCertificate,
DisableInboundLogout = !provider.SingleLogoutSupported,
DisableOutboundLogout = !provider.SingleLogoutSupported
});
}
}
static void Main(string[] args)
{
try
{
SAMLConfiguration samlConfiguration = LoadSAMLConfiguration();
EntityDescriptor entityDescriptor = null;
if (samlConfiguration.LocalIdentityProviderConfiguration != null)
{
entityDescriptor = ExportIdentityProviderMetadata(samlConfiguration);
}
else if (samlConfiguration.LocalServiceProviderConfiguration != null)
{
entityDescriptor = ExportServiceProviderMetadata(samlConfiguration);
}
SaveMetadata(entityDescriptor);
}
catch (Exception exception)
{
Console.Error.WriteLine(exception.ToString());
}
}
public static void GuideSSO(HttpResponseBase httpResponse, string partnerSp, string subject, Dictionary <string, string> samlAttributes)
{
Trace.TraceInformation("Initiation of SSO to the partner service provider " + partnerSp + " has completed successfully.");
SAMLConfiguration.Load();
var issuer = SAMLConfiguration.Current.IdentityProviderConfiguration.Name;
var partner = SAMLConfiguration.Current.GetPartnerServiceProvider(partnerSp);
Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ": Initiating SSO to the partner service provider " + partnerSp);
var saml = CreateSAML20ResponseAsBase64(issuer, 5, partnerSp,
subject,
partner.AssertionConsumerServiceUrl,
samlAttributes,
partnerSp);
var responseContent = String.Format("<html xmlns=\"http://www.w3.org/1999/xhtml\">"
+ "<body onload=\"document.forms.samlform.submit()\">"
+ "<noscript><p><strong>Note:</strong> Since your browser does not support Javascript, you must press the Continue button once to proceed.</p></noscript>"
+ "<form id=\"samlform\" action=\"{0}\" method=\"post\">"
+ "<div>"
+ "<input type=\"hidden\" name=\"SAMLResponse\" value=\"{1}\" />"
+ "<input type=\"hidden\" name=\"clientId\" value=\"900D3C06-C63C-4F49-B3D2-54A91C771A43\" />"
// + "<input type=\"hidden\" name=\"RelayState\" value=\"\" />"
+ "</div><noscript><div><input type=\"submit\" value=\"Continue\" /></div></noscript>"
+ "</form>"
+ "</body>"
+ "</html>", partner.AssertionConsumerServiceUrl, saml);
Trace.TraceInformation(DateTime.Now.ToShortTimeString() + ": Sending SAML form: " + responseContent);
httpResponse.Write(responseContent);
}
// This method demonstrates loading configuration programmatically.
// This is useful if you wish to store configuration in a custom database, for example.
// Alternatively, configuration is loaded automatically from the saml.config file in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.IdentityProviderConfiguration =
new IdentityProviderConfiguration()
{
Name = "urn:componentspace:ExampleIdentityProvider",
CertificateFile = "idp.pfx",
CertificatePassword = "******"
};
samlConfiguration.AddPartnerServiceProvider(
new PartnerServiceProviderConfiguration()
{
Name = "urn:componentspace:ExampleServiceProvider",
WantAuthnRequestSigned = false,
SignSAMLResponse = true,
SignAssertion = false,
EncryptAssertion = false,
AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx",
SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider/SAML/SLOService.aspx",
CertificateFile = "sp.cer"
});
SAMLConfiguration.Current = samlConfiguration;
}
private static EntityDescriptor ExportServiceProviderMetadata(SAMLConfiguration samlConfiguration)
{
Console.Write("X.509 signature certificate .CER file [None]: ");
string fileName = Console.ReadLine();
X509Certificate2 signatureCertificate = LoadCertificate(fileName);
Console.Write("X.509 encryption certificate .CER file [None]: ");
fileName = Console.ReadLine();
X509Certificate2 encryptionCertificate = LoadCertificate(fileName);
Console.Write("Assertion Consumer Service URL: ");
string assertionConsumerServiceURL = Console.ReadLine();
if (string.IsNullOrEmpty(assertionConsumerServiceURL))
{
throw new ArgumentException("An assertion consumer service URL must be specified.");
}
Console.Write("Single Logout Service URL [None]: ");
string singleLogoutServiceURL = Console.ReadLine();
Console.Write("Partner Identity Provider Name [None]: ");
string partnerName = Console.ReadLine();
return(MetadataExporter.Export(samlConfiguration, signatureCertificate, encryptionCertificate, assertionConsumerServiceURL, singleLogoutServiceURL, partnerName));
}
static void Main(string[] args)
{
try
{
var samlConfiguration = new SAMLConfiguration();
switch (GetProviderType().ToLower())
{
case "idp":
samlConfiguration.LocalIdentityProviderConfiguration = CreateIdentityProviderConfiguration();
break;
case "sp":
samlConfiguration.LocalServiceProviderConfiguration = CreateServiceProviderConfiguration();
break;
default:
throw new ArgumentException("The provider type must either be \"IdP\" or \"SP\".");
}
SaveConfiguration(samlConfiguration);
}
catch (Exception exception)
{
Console.WriteLine(exception.ToString());
}
}
public static void GuideSSO(HttpResponseBase httpResponse, string partnerSp, string subject, Dictionary <string, string> samlAttributes)
{
SAMLConfiguration.Load();
var issuer = SAMLConfiguration.Current.IdentityProviderConfiguration.Name;
var partner = SAMLConfiguration.Current.GetPartnerServiceProvider(partnerSp);
var saml = CreateSAML20Response(issuer, 5, partnerSp,
subject,
partner.AssertionConsumerServiceUrl,
samlAttributes,
partnerSp);
var responseContent = String.Format("<html xmlns=\"http://www.w3.org/1999/xhtml\">"
+ "<body onload=\"document.forms.samlform.submit()\">"
+ "<noscript><p><strong>Note:</strong> Since your browser does not support Javascript, you must press the Continue button once to proceed.</p></noscript>"
+ "<form id=\"samlform\" action=\"{0}\" method=\"post\">"
+ "<div>"
+ "<input type=\"hidden\" name=\"SAMLResponse\" value=\"{1}\" />"
+ "<input type=\"hidden\" name=\"RelayState\" value=\"\" />"
+ "</div><noscript><div><input type=\"submit\" value=\"Continue\" /></div></noscript>"
+ "</form>"
+ "</body>"
+ "</html>", partner.AssertionConsumerServiceUrl, saml);
httpResponse.Write(responseContent);
}
static void Main(string[] args)
{
try {
ParseArguments(args);
SAMLConfiguration samlConfiguration = LoadSAMLConfiguration();
X509Certificate2 x509Certificate = null;
if (!string.IsNullOrEmpty(certificateFileName))
{
x509Certificate = LoadCertificate();
}
EntityDescriptor entityDescriptor = MetadataExporter.Export(samlConfiguration, x509Certificate, partnerName);
SaveMetadata(entityDescriptor);
}
catch (Exception exception) {
Console.Error.WriteLine(exception.ToString());
if (exception is ArgumentException)
{
ShowUsage();
}
}
}
static void Main(string[] args)
{
try
{
EntityDescriptor entityDescriptor = LoadMetadata();
SAMLConfiguration samlConfiguration = LoadSAMLConfiguration();
Console.Write("Certificate folder for saving certificates [Certificates]: ");
string certificateFolder = Console.ReadLine();
if (string.IsNullOrEmpty(certificateFolder))
{
certificateFolder = "Certificates";
}
if (samlConfiguration.LocalIdentityProviderConfiguration != null)
{
MetadataImporter.ImportServiceProviders(entityDescriptor, samlConfiguration, certificateFolder);
}
if (samlConfiguration.LocalServiceProviderConfiguration != null)
{
MetadataImporter.ImportIdentityProviders(entityDescriptor, samlConfiguration, certificateFolder);
}
SaveSAMLConfiguration(samlConfiguration);
}
catch (Exception exception)
{
Console.Error.WriteLine(exception.ToString());
}
}
// This method demonstrates loading configuration programmatically by calling the SAML configuration API.
// Alternatively, configuration may be loaded programmatically by implementing the ISAMLConfigurationResolver interface.
// Either of these approaches may be used if you wish to store configuration in a custom database, for example.
// If not configured programmatically, configuration is loaded automatically from the saml.config file
// in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration()
{
LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificateFile = @"certificates\sp.pfx",
LocalCertificatePassword = "******"
}
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp.cer"
});
SAMLController.Configuration = samlConfiguration;
}
// This method demonstrates loading multi-tenanted configuration programmatically by calling the SAML configuration API.
// Alternatively, configuration is loaded automatically from the multi-tenanted saml.config file in the application's directory.
private static void LoadMultiTenantedSAMLConfigurationProgrammatically()
{
SAMLConfigurations samlConfigurations = new SAMLConfigurations();
SAMLConfiguration samlConfiguration = new SAMLConfiguration()
{
ID = "tenant1",
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider",
LocalCertificateFile = @"certificates\idp.pfx",
LocalCertificatePassword = "******"
}
};
samlConfiguration.AddPartnerServiceProvider(
new PartnerServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider",
WantAuthnRequestSigned = true,
SignSAMLResponse = true,
AssertionConsumerServiceUrl = "http://*****:*****@"certificates\sp.cer"
});
samlConfigurations.AddConfiguration(samlConfiguration);
samlConfiguration = new SAMLConfiguration()
{
ID = "tenant2",
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider2",
LocalCertificateFile = @"certificates\idp2.pfx",
LocalCertificatePassword = "******"
}
};
samlConfiguration.AddPartnerServiceProvider(
new PartnerServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider2",
WantAuthnRequestSigned = true,
SignSAMLResponse = true,
AssertionConsumerServiceUrl = "http://*****:*****@"certificates\sp2.cer"
});
samlConfigurations.AddConfiguration(samlConfiguration);
SAMLController.Configurations = samlConfigurations;
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
SAMLConfiguration.Load();
}
private static void SaveSAMLConfiguration(SAMLConfiguration samlConfiguration)
{
Console.WriteLine("Saving SAML configuration to {0}.", configurationFileName);
XmlDocument xmlDocument = samlConfiguration.ToXml().OwnerDocument;
using (XmlTextWriter xmlTextWriter = new XmlTextWriter(configurationFileName, null)) {
xmlTextWriter.Formatting = Formatting.Indented;
xmlDocument.Save(xmlTextWriter);
}
}
private static void UpdatePartnerProviders(SAMLConfiguration samlConfiguration)
{
foreach (PartnerIdentityProviderConfiguration partnerIdentityProviderConfiguration in samlConfiguration.PartnerIdentityProviderConfigurations.Values)
{
partnerIdentityProviderConfiguration.CertificateFile = promptMessage;
}
foreach (PartnerServiceProviderConfiguration partnerServiceProviderConfiguration in samlConfiguration.PartnerServiceProviderConfigurations.Values)
{
partnerServiceProviderConfiguration.CertificateFile = promptMessage;
}
}
private static void AddLocalProviders(SAMLConfiguration samlConfiguration)
{
if (samlConfiguration.PartnerIdentityProviderConfigurations.Count == 0 || samlConfiguration.PartnerServiceProviderConfigurations.Count > 0) {
samlConfiguration.IdentityProviderConfiguration = new IdentityProviderConfiguration();
samlConfiguration.IdentityProviderConfiguration.Name = promptMessage;
samlConfiguration.IdentityProviderConfiguration.CertificateFile = promptMessage;
}
if (samlConfiguration.PartnerServiceProviderConfigurations.Count == 0 || samlConfiguration.PartnerIdentityProviderConfigurations.Count > 0) {
samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration();
samlConfiguration.ServiceProviderConfiguration.Name = promptMessage;
samlConfiguration.ServiceProviderConfiguration.CertificateFile = promptMessage;
samlConfiguration.ServiceProviderConfiguration.AssertionConsumerServiceUrl = promptMessage;
}
}
public static void Configure(SamlIdentityProvidersRepository repository)
{
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.Configure: Starting configuration of SAML environment.");
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
ConfigureServiceProvider(samlConfiguration);
ConfigureIdentityProvidersUsingRepository(samlConfiguration, repository);
// ConfigureIdentityProvidersUsingHardCodedConfiguration(samlConfiguration);
SAMLController.Configuration = samlConfiguration;
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.Configure: Ended configuration of SAML environment.");
}
private static void ConfigureServiceProvider(SAMLConfiguration samlConfiguration)
{
samlConfiguration.LocalServiceProviderConfiguration = new
LocalServiceProviderConfiguration()
{
Name = ConfigurationManager.AppSettings[ServiceProviderName],
Description = ConfigurationManager.AppSettings[ServiceProviderDescription],
AssertionConsumerServiceUrl = ConfigurationManager.AppSettings[ServiceProviderAssertionConsumerServiceUrl],
LocalCertificateFile = ConfigurationManager.AppSettings[ServiceProviderLocalCertificateFile],
LocalCertificatePassword = ConfigurationManager.AppSettings[ServiceProviderLocalCertificatePassword]
};
var spConfig = Utils.SerializeToJson(samlConfiguration.LocalServiceProviderConfiguration);
SamlPocTraceListener.Log("SAML", $"SamlConfigurationManager.ConfigureServiceProvider: Service Provider configuration:\r\n{spConfig}");
}
private static void AddLocalProviders(SAMLConfiguration samlConfiguration)
{
if (samlConfiguration.PartnerIdentityProviderConfigurations.Count == 0 || samlConfiguration.PartnerServiceProviderConfigurations.Count > 0)
{
samlConfiguration.IdentityProviderConfiguration = new IdentityProviderConfiguration();
samlConfiguration.IdentityProviderConfiguration.Name = promptMessage;
samlConfiguration.IdentityProviderConfiguration.CertificateFile = promptMessage;
}
if (samlConfiguration.PartnerServiceProviderConfigurations.Count == 0 || samlConfiguration.PartnerIdentityProviderConfigurations.Count > 0)
{
samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration();
samlConfiguration.ServiceProviderConfiguration.Name = promptMessage;
samlConfiguration.ServiceProviderConfiguration.CertificateFile = promptMessage;
samlConfiguration.ServiceProviderConfiguration.AssertionConsumerServiceUrl = promptMessage;
}
}
protected void Application_Start()
{
MvcHandler.DisableMvcResponseHeader = true;
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Upn;
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
var samlConfigLocation = Settings.Get <string>("Saml.Configuration.FileLocation");
if (!string.IsNullOrEmpty(samlConfigLocation))
{
SAMLConfiguration.Load(samlConfigLocation);
}
}
private static void SaveConfiguration(SAMLConfiguration samlConfiguration)
{
Console.Write("SAML configuration file [saml.config]: ");
var fileName = ReadLine();
if (string.IsNullOrEmpty(fileName))
{
fileName = "saml.config";
}
using (XmlTextWriter xmlTextWriter = new XmlTextWriter(fileName, null))
{
xmlTextWriter.Formatting = Formatting.Indented;
samlConfiguration.ToXml().OwnerDocument.Save(xmlTextWriter);
}
}
private static void SaveSAMLConfiguration(SAMLConfiguration samlConfiguration)
{
Console.Write("Save SAML configuration to [{0}]: ", configurationFileName);
string fileName = Console.ReadLine();
if (string.IsNullOrEmpty(fileName))
{
fileName = configurationFileName;
}
XmlDocument xmlDocument = samlConfiguration.ToXml().OwnerDocument;
using (XmlTextWriter xmlTextWriter = new XmlTextWriter(fileName, null))
{
xmlTextWriter.Formatting = Formatting.Indented;
xmlDocument.Save(xmlTextWriter);
}
}
static void Main(string[] args)
{
try {
ParseArguments(args);
Console.Error.WriteLine("Validating {0}.", fileName);
SAMLConfiguration.Validate(fileName);
}
catch (Exception exception) {
Console.Error.WriteLine(exception.ToString());
if (exception is ArgumentException)
{
ShowUsage();
}
}
}
private static SAMLConfiguration LoadSAMLConfiguration()
{
SAMLConfiguration samlConfiguration = null;
if (File.Exists(configurationFileName))
{
Console.WriteLine("Loading SAML configuration file {0}.", configurationFileName);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load(configurationFileName);
samlConfiguration = new SAMLConfiguration(xmlDocument.DocumentElement);
}
else
{
samlConfiguration = new SAMLConfiguration();
}
return(samlConfiguration);
}
private static EntityDescriptor ExportIdentityProviderMetadata(SAMLConfiguration samlConfiguration)
{
Console.Write("X.509 certificate .CER file [None]: ");
string fileName = Console.ReadLine();
X509Certificate2 x509Certificate = LoadCertificate(fileName);
Console.Write("Single Sign-On Service URL: ");
string singleSignOnServiceURL = Console.ReadLine();
if (string.IsNullOrEmpty(singleSignOnServiceURL))
{
throw new ArgumentException("A single sign-on service URL must be specified.");
}
Console.Write("Single Logout Service URL [None]: ");
string singleLogoutServiceURL = Console.ReadLine();
Console.Write("Partner Service Provider Name [None]: ");
string partnerName = Console.ReadLine();
return(MetadataExporter.Export(samlConfiguration, x509Certificate, singleSignOnServiceURL, singleLogoutServiceURL, partnerName));
}
// This method demonstrates loading configuration programmatically by calling the SAML configuration API.
// Alternatively, configuration may be loaded programmatically by implementing the ISAMLConfigurationResolver interface.
// Either of these approaches may be used if you wish to store configuration in a custom database, for example.
// If not configured programmatically, configuration is loaded automatically from the saml.config file
// in the application's directory.
private static void LoadSAMLConfigurationProgrammatically()
{
SAMLConfiguration samlConfiguration = new SAMLConfiguration()
{
LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider",
LocalCertificates = new List <CertificateConfiguration>()
{
new CertificateConfiguration()
{
FileName = @"certificates\idp.pfx",
Password = "******"
}
}
}
};
samlConfiguration.AddPartnerServiceProvider(
new PartnerServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider",
WantAuthnRequestSigned = true,
SignSAMLResponse = true,
AssertionConsumerServiceUrl = "http://*****:*****@"certificates\sp.cer"
}
}
});
SAMLController.Configuration = samlConfiguration;
}
private static void ConfigureIdentityProvidersUsingHardcodedConfiguration(SAMLConfiguration samlConfiguration)
{
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://cone-idp",
Description = "Cone Identity Provider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://cone-idp/SAML/SSOService",
SingleLogoutServiceUrl = "http://cone-idp/SAML/SLOService",
PartnerCertificateFile = "Certificates\\idp.cer"
});
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "https://shib-idp/",
Description = "Shibboleth Identity Provider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "https://shib-idp/SAML/SSOService.aspx?binding=redirect",
PartnerCertificateFile = "Certificates\\idp.cer",
DisableInboundLogout = true,
DisableOutboundLogout = true
});
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://kentor-idp/Metadata",
Description = "Kentor Identity Provider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://kentor-idp/",
SingleLogoutServiceUrl = "http://kentor-idp/Logout",
UseEmbeddedCertificate = true
});
}
private static SAMLConfiguration LoadSAMLConfiguration()
{
SAMLConfiguration samlConfiguration = null;
if (File.Exists(configurationFileName)) {
Console.WriteLine("Loading SAML configuration file {0}.", configurationFileName);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load(configurationFileName);
samlConfiguration = new SAMLConfiguration(xmlDocument.DocumentElement);
} else {
samlConfiguration = new SAMLConfiguration();
}
return samlConfiguration;
}
private static void UpdatePartnerProviders(SAMLConfiguration samlConfiguration)
{
foreach (PartnerIdentityProviderConfiguration partnerIdentityProviderConfiguration in samlConfiguration.PartnerIdentityProviderConfigurations.Values) {
partnerIdentityProviderConfiguration.CertificateFile = promptMessage;
}
foreach (PartnerServiceProviderConfiguration partnerServiceProviderConfiguration in samlConfiguration.PartnerServiceProviderConfigurations.Values) {
partnerServiceProviderConfiguration.CertificateFile = promptMessage;
}
}
private static void SaveSAMLConfiguration(SAMLConfiguration samlConfiguration)
{
Console.WriteLine("Saving SAML configuration to {0}.", configurationFileName);
XmlDocument xmlDocument = samlConfiguration.ToXml().OwnerDocument;
using (XmlTextWriter xmlTextWriter = new XmlTextWriter(configurationFileName, null)) {
xmlTextWriter.Formatting = Formatting.Indented;
xmlDocument.Save(xmlTextWriter);
}
}
// This method demonstrates loading multi-tenanted configuration programmatically by calling the SAML configuration API.
// Alternatively, configuration is loaded automatically from the multi-tenanted saml.config file in the application's directory.
private static void LoadMultiTenantedSAMLConfigurationProgrammatically()
{
SAMLConfigurations samlConfigurations = new SAMLConfigurations();
SAMLConfiguration samlConfiguration = new SAMLConfiguration()
{
ID = "tenant1",
LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificates = new List <CertificateConfiguration>()
{
new CertificateConfiguration()
{
FileName = @"certificates\sp.pfx",
Password = "******"
}
}
}
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp.cer",
}
}
});
samlConfigurations.AddConfiguration(samlConfiguration);
samlConfiguration = new SAMLConfiguration()
{
ID = "tenant2",
LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = "http://ExampleServiceProvider2",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificates = new List <CertificateConfiguration>()
{
new CertificateConfiguration()
{
FileName = @"certificates\sp2.pfx",
Password = "******"
}
}
}
};
samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration()
{
Name = "http://ExampleIdentityProvider2",
SignAuthnRequest = true,
SingleSignOnServiceUrl = "http://*****:*****@"certificates\idp2.cer",
}
}
});
samlConfigurations.AddConfiguration(samlConfiguration);
SAMLController.Configurations = samlConfigurations;
}
