public void EntityDescriptorExtensions_ToXElement_Nodes()
{
EntityId entityId = new EntityId("http://dummyentityid.com");
var entityDescriptor = new EntityDescriptor(entityId);
var spsso = new ServiceProviderSingleSignOnDescriptor();
string sampleAcsUri = "https://some.uri.example.com/acs";
var acs = new IndexedProtocolEndpoint()
{
IsDefault = false,
Index = 17,
Binding = Saml2Binding.HttpPostUri,
Location = new Uri(sampleAcsUri)
};
spsso.AssertionConsumerServices.Add(1, acs);
entityDescriptor.RoleDescriptors.Add(spsso);
var rootName = Saml2Namespaces.Saml2Metadata + "EntityDescriptor";
var elementName = Saml2Namespaces.Saml2Metadata + "SPSSODescriptor";
var subject = entityDescriptor.ToXElement();
subject.Name.Should().Be(rootName);
subject.Elements().Single().Name.Should().Be(elementName);
subject.Attribute("entityId").Value.Should().Be("http://dummyentityid.com");
}
public void ServiceProviderSingleSignOnDescriptorExtensions_ToXElement_NullCheck_SPSSO()
{
ServiceProviderSingleSignOnDescriptor spsso = null;
Action a = () => spsso.ToXElement();
a.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("spsso");
}
public static EntityDescriptor GetSpEntityDescriptor(string entityId)
{
var descriptor = new EntityDescriptor(new EntityId(entityId));
var cert = EntityDescriptorProviderMock.GetMockCertificate();
var idpRole = new ServiceProviderSingleSignOnDescriptor();
idpRole.AssertionConsumerServices.Add(0, new IndexedProtocolEndpoint(0, new Uri(ProtocolBindings.HttpRedirect), new Uri("http://localhost:60879")));
descriptor.RoleDescriptors.Add(idpRole);
return(descriptor);
}
public static XElement ToXElement(this ServiceProviderSingleSignOnDescriptor spsso)
{
if (spsso == null)
{
throw new ArgumentNullException("spsso");
}
var innerElementName = Saml2Namespaces.Saml2Metadata + "AssertionConsumerService";
return(new XElement(Saml2Namespaces.Saml2Metadata + "SPSSODescriptor",
spsso.AssertionConsumerServices.Select(acs =>
acs.Value.ToXElement(innerElementName))));
}
private static void CreateIdentityProviderMetadata(SamlSpData samlSpData, string fileName, Encoding encoding)
{
Constants.NameIdType nidFmt = samlSpData.NameIdType;
MetadataSerializer serializer = new MetadataSerializer();
ServiceProviderSingleSignOnDescriptor item = new ServiceProviderSingleSignOnDescriptor();
EntityDescriptor metadata = new EntityDescriptor();
metadata.EntityId = new EntityId(samlSpData.EntityId);
//using 2.0
if (Constants.NameIdType.Saml20 == nidFmt)
{
item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient);
}
//using 1.1
if (Constants.NameIdType.Saml11 == nidFmt)
{
item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified);
}
item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol));
IndexedProtocolEndpoint ipEndpoint = new IndexedProtocolEndpoint()
{
IsDefault = true,
Binding = new Uri(samlSpData.BindingType),
Location = new Uri(samlSpData.BindingLocation)
};
item.AssertionConsumerService.Add(0, ipEndpoint);
metadata.RoleDescriptors.Add(item);
metadata.Contacts.Add(new ContactPerson(ContactType.Technical)
{
Company = samlSpData.MainContact.Company,
GivenName = samlSpData.MainContact.GivenName,
Surname = samlSpData.MainContact.SurName,
EmailAddresses = { samlSpData.MainContact.Email },
TelephoneNumbers = { samlSpData.MainContact.Phone }
});
XmlTextWriter writer = new XmlTextWriter(fileName, encoding);
serializer.WriteMetadata(writer, metadata);
writer.Close();
}
private ServiceProviderSingleSignOnDescriptor CreateServiceProviderSingleSignOnDescriptor()
{
var indexedProtocolEndpointDictionary = new IndexedProtocolEndpointDictionary();
var indexedProtocolEndpoint = new IndexedProtocolEndpoint(0,
new Uri(Saml2Constants.PostBinding),
new Uri(_configuration.MultiProtocolIssuer.ReplyUrl.AbsoluteUri))
{
IsDefault = true
};
indexedProtocolEndpointDictionary.Add(0, indexedProtocolEndpoint);
var serviceProviderSingleSignOnDescriptor = new ServiceProviderSingleSignOnDescriptor(indexedProtocolEndpointDictionary);
serviceProviderSingleSignOnDescriptor.ProtocolsSupported.Add(new Uri(Saml2Constants.Protocol));
serviceProviderSingleSignOnDescriptor.WantAssertionsSigned = true;
serviceProviderSingleSignOnDescriptor.AuthenticationRequestsSigned = false;
return(serviceProviderSingleSignOnDescriptor);
}
private static void CreateIdentityProviderMetadata(SamlSpData samlSpData, string fileName, Encoding encoding)
{
Constants.NameIdType nidFmt = samlSpData.NameIdType;
MetadataSerializer serializer = new MetadataSerializer();
ServiceProviderSingleSignOnDescriptor item = new ServiceProviderSingleSignOnDescriptor();
EntityDescriptor metadata = new EntityDescriptor();
metadata.EntityId = new EntityId(samlSpData.EntityId);
//using 2.0
if (Constants.NameIdType.Saml20 == nidFmt)
item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Transient);
//using 1.1
if (Constants.NameIdType.Saml11 == nidFmt)
item.NameIdentifierFormats.Add(Saml2Constants.NameIdentifierFormats.Unspecified);
item.ProtocolsSupported.Add(new Uri(Constants.Saml20Protocol));
IndexedProtocolEndpoint ipEndpoint = new IndexedProtocolEndpoint()
{
IsDefault=true,
Binding=new Uri(samlSpData.BindingType),
Location=new Uri(samlSpData.BindingLocation)
};
item.AssertionConsumerService.Add(0, ipEndpoint);
metadata.RoleDescriptors.Add(item);
metadata.Contacts.Add(new ContactPerson(ContactType.Technical)
{
Company = samlSpData.MainContact.Company,
GivenName = samlSpData.MainContact.GivenName,
Surname = samlSpData.MainContact.SurName,
EmailAddresses = { samlSpData.MainContact.Email },
TelephoneNumbers = { samlSpData.MainContact.Phone }
});
XmlTextWriter writer = new XmlTextWriter(fileName, encoding);
serializer.WriteMetadata(writer, metadata);
writer.Close();
}
public void ServiceProviderSingleSignOnDescriptorExtensions_ToXElement_BasicAttributes()
{
string sampleAcsUri = "https://some.uri.example.com/acs";
var acs = new IndexedProtocolEndpoint()
{
IsDefault = false,
Index = 17,
Binding = Saml2Binding.HttpPostUri,
Location = new Uri(sampleAcsUri)
};
var spsso = new ServiceProviderSingleSignOnDescriptor();
spsso.AssertionConsumerServices.Add(1, acs);
var elementName = Saml2Namespaces.Saml2Metadata + "SPSSODescriptor";
var innerElementName = Saml2Namespaces.Saml2Metadata + "AssertionConsumerService";
var subject = spsso.ToXElement();
subject.Name.Should().Be(elementName);
subject.Elements().Single().Name.Should().Be(innerElementName);
}
public void GenerateMetadataFile()
{
var pluginManager = PluginManager.GetSingleton <SpMetaDataPlugin>();
var descriptor = new EntityDescriptor(new EntityId {
Id = pluginManager.EntityId
});
//var idpSignInUrl = IdpGetSignInUrl(pluginManager.IdpMetaDataUrl);
var spd = new ServiceProviderSingleSignOnDescriptor
{
AuthenticationRequestsSigned = pluginManager.AuthnRequestsSigned,
WantAssertionsSigned = pluginManager.WantAssertionsSigned,
ValidUntil = DateTime.Now.AddDays(365)
};
spd.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
spd.NameIdentifierFormats.Add(new Uri(pluginManager.NameId));
var consumerService = new IndexedProtocolEndpoint
{
Index = 0,
IsDefault = true,
Location = new Uri($"{Apis.Get<ICoreUrls>().Home()}samlresponse"),
Binding = new Uri("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
};
spd.AssertionConsumerServices.Add(1, consumerService);
// Organizational Info
if (!string.IsNullOrEmpty(pluginManager.OrgName) || !string.IsNullOrEmpty(pluginManager.OrgDisplayName) || !string.IsNullOrEmpty(pluginManager.OrgUrl))
{
descriptor.Organization = new Organization();
}
if (!string.IsNullOrEmpty(pluginManager.OrgName))
{
descriptor.Organization.Names.Add(new LocalizedName(pluginManager.OrgName, CultureInfo.InvariantCulture));
}
if (!string.IsNullOrEmpty(pluginManager.OrgDisplayName))
{
descriptor.Organization.DisplayNames.Add(new LocalizedName(pluginManager.OrgDisplayName,
CultureInfo.InvariantCulture));
}
if (!string.IsNullOrEmpty(pluginManager.OrgUrl))
{
descriptor.Organization.Urls.Add(new LocalizedUri(new Uri(pluginManager.OrgUrl),
CultureInfo.InvariantCulture));
}
// Tech contact info
if (!string.IsNullOrEmpty(pluginManager.OrgName) && !string.IsNullOrEmpty(pluginManager.TechEmail) &&
!string.IsNullOrEmpty(pluginManager.SupportEmail))
{
descriptor.Contacts.Add(new ContactPerson {
Company = pluginManager.OrgName, EmailAddresses = { pluginManager.TechEmail, pluginManager.SupportEmail }, Type = ContactType.Support
});
}
// Handle the signing certificate if provided
if (!string.IsNullOrEmpty(pluginManager.PrivateKey) && !string.IsNullOrEmpty(pluginManager.X509Cert))
{
var cert = GetX509Cert(pluginManager.X509Cert, pluginManager.PrivateKey);
var signingCredentials = new X509SigningCredentials(cert);
var signingKey = new KeyDescriptor(signingCredentials.SigningKeyIdentifier)
{
Use = KeyType.Signing
};
var encryptionKey = new KeyDescriptor(signingCredentials.SigningKeyIdentifier)
{
Use = KeyType.Encryption
};
// Add signing key if a cert is provided.
spd.Keys.Add(signingKey);
spd.Keys.Add(encryptionKey);
descriptor.SigningCredentials = signingCredentials;
}
descriptor.RoleDescriptors.Add(spd);
var xml = WriteXml(descriptor);
var context = HttpContext.Current;
context.ClearError();
context.Response.Cache.SetLastModified(DateTime.Now);
context.Response.ContentType = "text/xml";
context.Response.ContentEncoding = Encoding.UTF8;
context.Response.AddHeader("content-disposition", "attachment; filename=community-metadata.xml");
context.Response.Write(xml);
context.Response.Flush();
context.Response.End();
}
