Exemplo n.º 1
0
        private void ConfigureSaml2(IAppBuilder app, string signInAsType)
        {
            var options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = new SPOptions
                {
                    EntityId = new EntityId("http://localhost:4589/IdSrv3/Saml2"),
                },
                SignInAsAuthenticationType = signInAsType,
                Caption = "SAML2p"
            };

            UseIdSrv3LogoutOnFederatedLogout(app, options);

            options.SPOptions.ServiceCertificates.Add(new X509Certificate2(
                                                          AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx"));

            options.IdentityProviders.Add(new IdentityProvider(
                                              new EntityId("http://localhost:52071/Metadata"),
                                              options.SPOptions)
            {
                LoadMetadata = true
            });

            app.UseSaml2Authentication(options);
        }
Exemplo n.º 2
0
        protected override void ProcessCore(IdentityProvidersArgs args)
        {
            var options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = new SPOptions
                {
                    EntityId  = new EntityId(_spEntityId),
                    ReturnUrl = new Uri(_spReturnUrl)
                },
                AuthenticationType = GetAuthenticationType()
            };

            options.IdentityProviders.Add(new Sustainsys.Saml2.IdentityProvider(new EntityId(_ipEntityId), options.SPOptions)
            {
                MetadataLocation = _ipMetadataLocation,
                LoadMetadata     = true
            });

            options.Notifications = new Saml2Notifications
            {
                AcsCommandResultCreated = (result, response) =>
                {
                    var identityProvider = GetIdentityProvider();
                    ((ClaimsIdentity)result.Principal.Identity).ApplyClaimsTransformations(new TransformationContext(FederatedAuthenticationConfiguration, identityProvider));
                }
            };

            args.App.UseSaml2Authentication(options);
        }
Exemplo n.º 3
0
        private static Saml2AuthenticationOptions CreateAuthServicesOptions()
        {
            // Configure Auth0 parameters
            string auth0Domain    = ConfigurationManager.AppSettings["auth0:Domain"];
            string auth0ClientId  = ConfigurationManager.AppSettings["auth0:ClientId"];
            string auth0ReturnUrl = ConfigurationManager.AppSettings["auth0:ReturnUrl"];
            string auth0AppName   = ConfigurationManager.AppSettings["auth0:AppName"];

            var authServicesOptions = new Saml2AuthenticationOptions(false)
            {
                SPOptions = new SPOptions
                {
                    EntityId  = new EntityId($"urn:{auth0AppName}"),
                    ReturnUrl = new Uri(auth0ReturnUrl),
                    MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
                }
            };

            authServicesOptions.IdentityProviders.Add(new IdentityProvider(new EntityId($"urn:{auth0Domain}"), authServicesOptions.SPOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                MetadataLocation = String.Format("https://{0}/samlp/metadata/{1}", auth0Domain, auth0ClientId),
                Binding          = Saml2BindingType.HttpPost
            });

            return(authServicesOptions);
        }
Exemplo n.º 4
0
        public void ConfigureAuth(IAppBuilder app)
        {
            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            // Configure the sign in cookie
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            // Forces redirect to default login page if unauthenticated user directly tries to access protected page
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                LoginPath = new PathString("/SignIn/Link"),
            });

            // Load IDP and Options from web.config
            var saml2Options = new Saml2AuthenticationOptions(true);

            saml2Options.Notifications = new Saml2Notifications
            {
                // Notification called when the SignIn command is about to select what Idp to use for the request.
                // To select a specicic IdentityProvider simply return it.
                // Return null to fall back to built in selection.
                SelectIdentityProvider = (entityid, relaydata) =>
                {
                    IdentityProvider idp = null;

                    // Get the user selected Brand IDP so can use Branded Login Page
                    saml2Options.IdentityProviders.TryGetValue(new EntityId(IdentityProviderManagement.GetIndentityProvider()), out idp);

                    return(idp);
                }
            };

            // Add SAML2 Authentication to the OWIN pipeline
            app.UseSaml2Authentication(saml2Options);
        }
Exemplo n.º 5
0
        public void Saml2AuthenticationOptions_Ctor_IgnoresConfiguration()
        {
            var subject = new Saml2AuthenticationOptions(false);

            subject.SPOptions.Should().BeNull();
            subject.IdentityProviders.IsEmpty.Should().BeTrue();
        }
Exemplo n.º 6
0
        public void Saml2AuthenticationOptions_Ctor_SetsDefault()
        {
            var subject = new Saml2AuthenticationOptions(true);

            subject.Description.Caption.Should().Be(Constants.DefaultCaption);
            subject.AuthenticationMode.Should().Be(AuthenticationMode.Passive);
        }
Exemplo n.º 7
0
        private static Saml2AuthenticationOptions CreateSaml2Options()
        {
            var spOptions    = CreateSPOptions();
            var Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId("https://stubidp.sustainsys.com/Metadata"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri("https://stubidp.sustainsys.com")
            };

            idp.SigningKeys.AddConfiguredKey(
                new X509Certificate2(
                    HostingEnvironment.MapPath(
                        "~/App_Data/stubidp.sustainsys.com.cer")));

            Saml2Options.IdentityProviders.Add(idp);

            // It's enough to just create the federation and associate it
            // with the options. The federation will load the metadata and
            // update the options with any identity providers found.
            new Federation("http://localhost:52071/Federation", true, Saml2Options);

            return(Saml2Options);
        }
Exemplo n.º 8
0
        private static Saml2AuthenticationOptions CreateSaml2Options()
        {
            SPOptions spOptions = CreateSPOptions();
            Saml2AuthenticationOptions Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions,
            };

            //var idp = new IdentityProvider(new EntityId("https://sts.windows.net/e1413b17-c8b7-4388-99f0-2f613124050c/"), spOptions)
            //    {
            //        AllowUnsolicitedAuthnResponse = true,
            //        Binding = Saml2BindingType.HttpRedirect,
            //        SingleSignOnServiceUrl = new Uri("https://login.microsoftonline.com/e1413b17-c8b7-4388-99f0-2f613124050c/saml2")

            //    };

            //idp.SigningKeys.AddConfiguredKey(
            //    new X509Certificate2(
            //        HostingEnvironment.MapPath(
            //            "~/App_Data/SAMLThing.cer")));

            //Saml2Options.IdentityProviders.Add(idp);

            // It's enough to just create the federation and associate it
            // with the options. The federation will load the metadata and
            // update the options with any identity providers found.

            //            new Federation("https://login.microsoftonline.com/e1413b17-c8b7-4388-99f0-2f613124050c/federationmetadata/2007-06/federationmetadata.xml?appid=6d137192-dc97-42d0-a651-ce32b2804c33", true, Saml2Options);
            new Federation(@"~/odx_fedmyohio_idp_federation_metadata.xml", true, Saml2Options);
            return(Saml2Options);
        }
Exemplo n.º 9
0
        public Saml2AuthenticationOptions CreateSaml2Options()
        {
            string samlIdpUrl       = "http://localhost:44358/";
            string x509FileNamePath = "~/App_Data/AzureADTest.cer";

            var spOptions    = CreateSPOptions();
            var Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri(samlIdpUrl)
            };

            idp.SigningKeys.AddConfiguredKey(
                new X509Certificate2(HostingEnvironment.MapPath(x509FileNamePath)));

            Saml2Options.IdentityProviders.Add(idp);
            new Federation(samlIdpUrl, true, Saml2Options);

            return(Saml2Options);
        }
        private static Saml2AuthenticationOptions CreateAuthServicesOptions()
        {
            var spOptions = new SPOptions
            {
                EntityId  = new EntityId(ApplicationIdpEntityId),
                ReturnUrl = ExternalAuthDefaultCallbackUrl,
                MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
            };

            var authServicesOptions = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId(MetadataLocation.AbsoluteUri), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding          = Saml2BindingType.HttpRedirect,
                MetadataLocation = MetadataLocation.AbsoluteUri,
                DisableOutboundLogoutRequests = true
            };

            authServicesOptions.IdentityProviders.Add(idp);
            return(authServicesOptions);
        }
Exemplo n.º 11
0
        private static Saml2AuthenticationOptions GetSaml2AuthenticationOptions()
        {
            var spOptions    = CreateSPOptions();
            var saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId(IdpEntityId), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                MetadataLocation = IdpMetadataUrl
            };

            idp.LoadMetadata = true;

            saml2Options.IdentityProviders.Add(idp);

            saml2Options.Notifications.ProcessSingleLogoutResponseStatus = (response, state) =>
            {
                // "Requestor" error usually means the user is already signed out; send true to indicate it is handled
                return(response.Status == Sustainsys.Saml2.Saml2P.Saml2StatusCode.Requester);
            };

            return(saml2Options);
        }
Exemplo n.º 12
0
        public void Saml2AuthenticationOptions_Caption()
        {
            var subject = new Saml2AuthenticationOptions(false)
            {
                Caption = "MyCaption"
            };

            subject.Caption.Should().Be("MyCaption");
            subject.Description.Caption.Should().Be("MyCaption");
        }
Exemplo n.º 13
0
        public void Saml2AuthenticationOptions_Ctor_LoadsConfiguration()
        {
            var subject = new Saml2AuthenticationOptions(true);

            subject.SPOptions.EntityId.Id.Should().Be("https://github.com/SustainsysIT/Saml2");

            subject.IdentityProviders.IsEmpty.Should().BeFalse();
            subject.IdentityProviders[new EntityId("https://idp.example.com")]
            .SingleSignOnServiceUrl.Should().Be("https://idp.example.com/idp");
        }
Exemplo n.º 14
0
        public void Saml2AuthenticationExtensions_UseSaml2Authentication()
        {
            var app = Substitute.For <IAppBuilder>();

            var options = new Saml2AuthenticationOptions(true);

            app.UseSaml2Authentication(options);

            app.Received().Use(typeof(Saml2AuthenticationMiddleware), app, options);
        }
Exemplo n.º 15
0
        private static Saml2AuthenticationOptions CreateSaml2Options()
        {
            var spOptions    = CreateSPOptions("arxspan");
            var Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions          = spOptions,
                AuthenticationType = "arxspan",
                Caption            = "arxspan"
            };

            var idp = new IdentityProvider(new EntityId("http://www.okta.com/exkez48ebtXNSGr3g0h7"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri("https://dev-871818.oktapreview.com/app/beldev871818_arxspansaml_1/exkez48ebtXNSGr3g0h7/sso/saml")
            };

            idp.SigningKeys.AddConfiguredKey(
                new X509Certificate2(
                    HostingEnvironment.MapPath(
                        "~/secure/okta.cert")));
            new Federation("http://localhost:52071/Federation", true, Saml2Options);

            Saml2Options.IdentityProviders.Add(idp);

            var spOptions2    = CreateSPOptions("belatrix");
            var Saml2Options2 = new Saml2AuthenticationOptions(false)
            {
                SPOptions          = spOptions2,
                AuthenticationType = "belatrix",
                Caption            = "belatrix"
            };

            var idp2 = new IdentityProvider(new EntityId("https://aax0038.my.centrify.com/ce0d8092-49bf-4e73-8306-5a5b2c2eb39c"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri("https://aax0038.my.centrify.com/applogin/appKey/ce0d8092-49bf-4e73-8306-5a5b2c2eb39c/customerId/AAX0038")
            };

            idp2.SigningKeys.AddConfiguredKey(
                new X509Certificate2(
                    HostingEnvironment.MapPath(
                        "~/App_Data/centrify.cert")));

            Saml2Options2.IdentityProviders.Add(idp2);

            // It's enough to just create the federation and associate it
            // with the options. The federation will load the metadata and
            // update the options with any identity providers found.
            new Federation("http://localhost:52071/ Federation", true, Saml2Options2);

            return(Saml2Options);
        }
Exemplo n.º 16
0
        public void Saml2AuthenticationOptions_Ctor_LoadsFederationFromConfigurationAndRegistersIdp()
        {
            var subject = new Saml2AuthenticationOptions(true);

            Action a = () =>
            {
                var i = subject.IdentityProviders[new EntityId("http://idp.federation.example.com/metadata")];
            };

            a.ShouldNotThrow();
        }
Exemplo n.º 17
0
        /// <summary>
        /// Add Sustainsys Saml2 SAML2 authentication to the Owin pipeline.
        /// </summary>
        /// <param name="app">Owin pipeline builder.</param>
        /// <param name="options">Options for the middleware.</param>
        /// <returns></returns>
        public static IAppBuilder UseSaml2Authentication(this IAppBuilder app,
                                                         Saml2AuthenticationOptions options)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            app.Use(typeof(Saml2AuthenticationMiddleware), app, options);

            return(app);
        }
Exemplo n.º 18
0
        private static Saml2AuthenticationOptions CreateSaml2Options()

        {
            var spOptions    = CreateSPOptions();
            var Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions,
                // Set up SAML2 SP notifications.
                Notifications = new Saml2Notifications
                {
                    AuthenticationRequestCreated = (request, provider, dictionary) =>
                    {
                        //Add Forceauthn=True in SAML request
                        request.ForceAuthentication = true;
                    }
                }
            };

            var idp = new IdentityProvider(new EntityId(ConfigurationManager.AppSettings["IDPEntityID"]), spOptions)
            {
                WantAuthnRequestsSigned       = true,
                AllowUnsolicitedAuthnResponse = true,
                MetadataLocation = ConfigurationManager.AppSettings["IDPMetadataURL"],
                LoadMetadata     = true,
                Binding          = Saml2BindingType.HttpRedirect,
                //Logout Binding
                //SingleLogoutServiceBinding = Saml2BindingType.HttpPost,
                //SingleSignOnServiceUrl = new Uri("https://stubidp.sustainsys.com")
                SingleSignOnServiceUrl = new Uri(ConfigurationManager.AppSettings["IDPLoginURL"]),
                SingleLogoutServiceUrl = new Uri(ConfigurationManager.AppSettings["IDPLoginURL"]),
                //SingleLogoutServiceResponseUrl = new Uri("https://localhost:44303/saml2/logout"),
                DisableOutboundLogoutRequests = false
            };

            //idp.SigningKeys.AddConfiguredKey(
            //    new X509Certificate2(
            //        HostingEnvironment.MapPath(
            //            //"~/App_Data/stubidp.sustainsys.com.cer")));
            //            //IDP Signing Certificate
            //            "~/App_Data/adfssiging.cer")));

            Saml2Options.IdentityProviders.Add(idp);

            // It's enough to just create the federation and associate it
            // with the options. The federation will load the metadata and
            // update the options with any identity providers found.
            //new Federation("https://sts.azurehybrid.tk/FederationMetadata/2007-06/FederationMetadata.xml", true, Saml2Options);
            //Debug.WriteLine("stop here");

            return(Saml2Options);
        }
Exemplo n.º 19
0
        private static Saml2AuthenticationOptions CreateSaml2Options()
        {
            var spOptions = CreateSpOptions();

            var saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };


            var idp5 = new IdentityProvider(
                new EntityId("http://idp5.canadacentral.cloudapp.azure.com:80/opensso"), spOptions)
            {
                MetadataLocation = HostingEnvironment.MapPath("~/App_Data/idp5-metadata.xml"),
                AllowUnsolicitedAuthnResponse = true
            };

            // Key from IDP COT
            idp5.SigningKeys.AddConfiguredKey(new X509Certificate2(
                                                  HostingEnvironment.MapPath("~/App_Data/idp5.canadacentral.cloudapp.azure.com.cer")));


            var cbs = new IdentityProvider(
                new EntityId("https://cbs-uat-cbs.securekey.com"), spOptions)
            {
                MetadataLocation = HostingEnvironment.MapPath("~/App_Data/cbs-metadata-signed.xml")
            };

            cbs.SigningKeys.AddConfiguredKey(GetGccfSigninCertificate());


            var gckey = new IdentityProvider(
                new EntityId("https://te.clegc-gckey.gc.ca"), spOptions)
            {
                MetadataLocation = HostingEnvironment.MapPath("~/App_Data/gckey-metadata-signed.xml")
            };

            gckey.SigningKeys.AddConfiguredKey(GetGccfSigninCertificate());


            saml2Options.Notifications = new Saml2Notifications
            {
                GetBinding = GccfAuthorizationFilter.GetSaml2Binding()
            };

            saml2Options.IdentityProviders.Add(idp5);
            saml2Options.IdentityProviders.Add(cbs);
            saml2Options.IdentityProviders.Add(gckey);

            return(saml2Options);
        }
Exemplo n.º 20
0
        private Saml2AuthenticationOptions CreateSaml2Options()
        {
            var spOptions = new SPOptions
            {
                EntityId  = new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"),
                ReturnUrl = new Uri("https://localhost:44358/"),
            };

            var attributeConsumingService = new AttributeConsumingService
            {
                IsDefault    = true,
                ServiceNames = { new LocalizedName("Saml2", "en") }
            };

            attributeConsumingService.RequestedAttributes.Add(
                new RequestedAttribute("urn:password")
            {
                FriendlyName = "AzureADTest",
                IsRequired   = true,
                NameFormat   = RequestedAttribute.AttributeNameFormatUri
            });

            attributeConsumingService.RequestedAttributes.Add(
                new RequestedAttribute("Minimal"));

            spOptions.AttributeConsumingServices.Add(attributeConsumingService);

            var Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri("https://localhost:44358/")
            };

            idp.SigningKeys.AddConfiguredKey(new X509Certificate2(HostingEnvironment.MapPath("~/App_Data/AzureADTest.cer") ?? throw new InvalidOperationException()));

            Saml2Options.IdentityProviders.Add(idp);

            return(Saml2Options);
        }
Exemplo n.º 21
0
        private static Saml2AuthenticationOptions CreateAuthServicesOptions()
        {
            var spOptions           = CreateSPOptions();
            var authServicesOptions = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId("http://dfe-sign-in-simulator.azurewebsites.net/Metadata"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri("http://dfe-sign-in-simulator.azurewebsites.net/")
            };

            authServicesOptions.IdentityProviders.Add(idp);
            new Federation("http://dfe-sign-in-simulator.azurewebsites.net/Federation", true, authServicesOptions);
            return(authServicesOptions);
        }
Exemplo n.º 22
0
        // For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            var options = new Saml2AuthenticationOptions(false);

            options.SPOptions = CreateSPOptions();
            options.SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
            options.IdentityProviders.Add(new IdentityProvider(new EntityId("http://adfs.groupyfy.com/adfs/services/trust"), options.SPOptions)
            {
                MetadataLocation = "https://adfs.groupyfy.com/FederationMetadata/2007-06/FederationMetadata.xml",
            });

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath          = new PathString("/saml2/signin")
            });

            app.UseSaml2Authentication(options);
        }
Exemplo n.º 23
0
        private static Saml2AuthenticationOptions CreateSaml2Options()
        {
            var entiyId   = ConfigurationManager.AppSettings["saml:BackendAuthUrl"];
            var returnUrl = ConfigurationManager.AppSettings["saml:FrontendAuthUrl"];
            var spOptions = new SPOptions()
            {
                EntityId  = new EntityId(entiyId),
                ReturnUrl = new Uri(returnUrl)
            };

            var saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions,
                // can tie into pipeline here
                // uncomment to see saml working
                Notifications = new Saml2Notifications()
                {
                    AuthenticationRequestCreated = (request, rIdp, parms) =>
                    {
                        var test = parms;
                    },
                    AcsCommandResultCreated = (commandResult, response) =>
                    {
                        var test = commandResult.Principal.Claims;
                    }
                }
            };

            var ipEntityId = ConfigurationManager.AppSettings["saml:IPEntityId"];
            var ipMetadata = ConfigurationManager.AppSettings["saml:IPMetadataUrl"];
            var idp        = new IdentityProvider(new EntityId(ipEntityId), spOptions)
            {
                //enable idp initiated signin
                AllowUnsolicitedAuthnResponse = true,
                MetadataLocation = ipMetadata
            };

            saml2Options.IdentityProviders.Add(idp);

            return(saml2Options);
        }
Exemplo n.º 24
0
        private static Saml2AuthenticationOptions CreateSaml2Options()
        {
            var spOptions    = CreateSPOptions();
            var Saml2Options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var idp = new IdentityProvider(new EntityId(SalesforceIdentityProvider), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding          = Saml2BindingType.HttpRedirect,
                MetadataLocation = MetadataUrl
            };

            idp.SigningKeys.AddConfiguredKey(new X509Certificate2(SalesforceCertificatePath));

            Saml2Options.IdentityProviders.Add(idp);

            return(Saml2Options);
        }
        private static Saml2AuthenticationOptions CreateAuthServicesOptions()
        {
            var spOptions           = CreateSPOptions();
            var authServicesOptions = new Saml2AuthenticationOptions(false)
            {
                SPOptions = spOptions
            };

            var stubGuid = AppSettings["SASimulatorGuid"];
            var idpUrl   = AppSettings["SASimulatorUri"] + stubGuid;

            var idp = new IdentityProvider(new EntityId(idpUrl + "/Metadata"), spOptions)
            {
                AllowUnsolicitedAuthnResponse = true,
                Binding = Saml2BindingType.HttpRedirect,
                SingleSignOnServiceUrl = new Uri(idpUrl)
            };

            authServicesOptions.IdentityProviders.Add(idp);
            new Federation(idpUrl + "/Federation", true, authServicesOptions);
            return(authServicesOptions);
        }
Exemplo n.º 26
0
        protected override void ProcessCore(IdentityProvidersArgs args)
        {
            Assert.ArgumentNotNull(args, "args");
            //Settings from config
            string entityId         = Settings.GetSetting("MyProject.EntityId");
            string returnUrl        = Settings.GetSetting("MyProject.ReturnUrl");
            string metadataLocation = Settings.GetSetting("MyProject.MetadataLocation");

            var options = new Saml2AuthenticationOptions(false)
            {
                SPOptions = new SPOptions
                {
                    EntityId  = new System.IdentityModel.Metadata.EntityId(entityId),
                    ReturnUrl = new Uri(returnUrl)
                },
                AuthenticationType = GetAuthenticationType()
            };

            options.IdentityProviders.Add(
                new Sustainsys.Saml2.IdentityProvider(new System.IdentityModel.Metadata.EntityId(entityId), options.SPOptions)
            {
                MetadataLocation = metadataLocation,
                LoadMetadata     = true
            });

            options.Notifications = new Saml2Notifications
            {
                AcsCommandResultCreated = (result, response) =>
                {
                    var identityProvider = GetIdentityProvider();
                    ((ClaimsIdentity)result.Principal.Identity).ApplyClaimsTransformations(
                        new TransformationContext(FederatedAuthenticationConfiguration, identityProvider));
                }
            };

            args.App.UseSaml2Authentication(options);
        }
Exemplo n.º 27
0
        private void UseIdSrv3LogoutOnFederatedLogout(IAppBuilder app, Saml2AuthenticationOptions options)
        {
            app.Map("/signoutcleanup", cleanup =>
            {
                cleanup.Run(async ctx =>
                {
                    await ctx.Environment.ProcessFederatedSignoutAsync();
                });
            });

            app.Use(async(context, next) =>
            {
                await next.Invoke();

                if (context.Authentication.AuthenticationResponseRevoke != null &&
                    context.Response.StatusCode % 100 == 3 &&
                    !HttpContext.Current.Response.HeadersWritten)
                {
                    var finalLocation = context.Response.Headers["Location"];

                    context.Response.StatusCode = 200;

                    await context.Response.WriteAsync($@"
<html>
    <body>
        <h1>Signing Out...<span id=""dots""></span></h1>
        <iframe style=""display:none;"" src=""../signoutcleanup""></iframe>
        <script>
            setInterval(function() {{ var dots = document.getElementById(""dots""); dots.innerText = dots.innerText + "".""; }}, 250);
            setTimeout(function() {{ window.location = ""{finalLocation}""; }}, 5000);
        </script>
    </body>
</html>");
                }
            });
        }
Exemplo n.º 28
0
        public void Saml2AuthenticationOptions_Ctor_LoadsIdpFromConfiguration()
        {
            var subject = new Saml2AuthenticationOptions(true);

            subject.IdentityProviders.Default.EntityId.Id.Should().Be("https://idp.example.com");
        }