Exemplo n.º 1
0
        public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
        {
            if (authServer == null)
            {
                throw new ArgumentNullException("authServer");
            }
            if (writeWarning == null)
            {
                throw new ArgumentNullException("writeWarning");
            }
            if (writeError == null)
            {
                throw new ArgumentNullException("writeError");
            }
            AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError);

            AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
            if (updateIdRealm)
            {
                authServer.IssuerIdentifier = authMetadata.ServiceName;
                authServer.Realm            = authMetadata.Realm;
            }
            else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm))
            {
                writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null);
            }
            authServer.CertificateBytes      = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
            authServer.TokenIssuingEndpoint  = authMetadata.IssuingEndpoint;
            authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
        }
Exemplo n.º 2
0
        public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
        {
            if (partnerApplication == null)
            {
                throw new ArgumentNullException("partnerApplication");
            }
            if (writeWarning == null)
            {
                throw new ArgumentNullException("writeWarning");
            }
            if (writeError == null)
            {
                throw new ArgumentNullException("writeError");
            }
            AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError);

            if (updatePidOrRealmOrIssuer)
            {
                partnerApplication.ApplicationIdentifier = authMetadata.ServiceName;
                partnerApplication.IssuerIdentifier      = authMetadata.Issuer;
                partnerApplication.Realm = authMetadata.Realm;
            }
            else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
            {
                writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null);
            }
            partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
        }
Exemplo n.º 3
0
        protected override IConfigurable PrepareDataObject()
        {
            this.CreateAuthServersContainer();
            AuthServer authServer  = (AuthServer)base.PrepareDataObject();
            ADObjectId containerId = AuthServer.GetContainerId(this.ConfigurationSession);

            authServer.SetId(containerId.GetChildId(authServer.Name));
            if (base.Fields.IsModified("AppSecretParameter"))
            {
                if (authServer.Type != AuthServerType.Facebook && authServer.Type != AuthServerType.LinkedIn)
                {
                    base.WriteError(new TaskException(Strings.ErrorInvalidAuthServerTypeValue), ErrorCategory.InvalidArgument, null);
                }
                authServer.CurrentEncryptedAppSecret = OAuthTaskHelper.EncryptSecretWithDKM(this.AppSecret, new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            else if (authServer.IsModified(AuthServerSchema.AuthMetadataUrl))
            {
                if (!authServer.IsModified(AuthServerSchema.Type))
                {
                    authServer.Type = AuthServerType.MicrosoftACS;
                }
                else if (authServer.Type != AuthServerType.ADFS && authServer.Type != AuthServerType.AzureAD)
                {
                    base.WriteError(new TaskException(Strings.ErrorInvalidAuthServerTypeValue), ErrorCategory.InvalidArgument, null);
                }
                OAuthTaskHelper.FixAuthMetadataUrl(authServer, new Task.TaskErrorLoggingDelegate(base.WriteError));
                OAuthTaskHelper.FetchAuthMetadata(authServer, this.TrustAnySSLCertificate, true, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            OAuthTaskHelper.ValidateAuthServerRealmAndUniqueness(authServer, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
            return(this.DataObject);
        }
Exemplo n.º 4
0
 protected override void InternalProcessRecord()
 {
     if (this.RefreshAuthMetadata)
     {
         OAuthTaskHelper.FetchAuthMetadata(this.DataObject, this.TrustAnySSLCertificate, false, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
     }
     base.InternalProcessRecord();
 }
Exemplo n.º 5
0
        protected override IConfigurable PrepareDataObject()
        {
            AuthServer authServer = (AuthServer)base.PrepareDataObject();

            if ((base.ParameterSetName == "AppSecretParameterSet" && !SetAuthServer.IsOneOfAuthServerTypes(authServer.Type, new AuthServerType[]
            {
                AuthServerType.Facebook,
                AuthServerType.LinkedIn
            })) || (base.ParameterSetName == "AuthMetadataUrlParameterSet" && !SetAuthServer.IsOneOfAuthServerTypes(authServer.Type, new AuthServerType[]
            {
                AuthServerType.MicrosoftACS,
                AuthServerType.AzureAD,
                AuthServerType.ADFS
            })) || (base.ParameterSetName == "NativeClientAuthServerParameterSet" && !SetAuthServer.IsOneOfAuthServerTypes(authServer.Type, new AuthServerType[]
            {
                AuthServerType.AzureAD,
                AuthServerType.ADFS
            })))
            {
                base.WriteError(new TaskException(Strings.ErrorAuthServerCannotSwitchType), ErrorCategory.InvalidArgument, null);
            }
            if (base.Fields.IsModified("AppSecretParameter"))
            {
                authServer.CurrentEncryptedAppSecret = OAuthTaskHelper.EncryptSecretWithDKM(this.AppSecret, new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            if (base.Fields.IsModified(AuthServerSchema.IssuerIdentifier))
            {
                authServer.IssuerIdentifier = this.IssuerIdentifier;
            }
            if (base.Fields.IsModified(AuthServerSchema.TokenIssuingEndpoint))
            {
                authServer.TokenIssuingEndpoint = this.TokenIssuingEndpoint;
            }
            if (base.Fields.IsModified(AuthServerSchema.ApplicationIdentifier))
            {
                authServer.ApplicationIdentifier = this.ApplicationIdentifier;
            }
            if (base.Fields.IsModified(AuthServerSchema.AuthMetadataUrl))
            {
                authServer.AuthMetadataUrl = this.AuthMetadataUrl;
                OAuthTaskHelper.FixAuthMetadataUrl(authServer, new Task.TaskErrorLoggingDelegate(base.WriteError));
                OAuthTaskHelper.FetchAuthMetadata(authServer, this.TrustAnySSLCertificate, false, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
                OAuthTaskHelper.ValidateAuthServerRealmAndUniqueness(authServer, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            if (base.Fields.IsModified(AuthServerSchema.IsDefaultAuthorizationEndpoint))
            {
                authServer.IsDefaultAuthorizationEndpoint = this.IsDefaultAuthorizationEndpoint;
                OAuthTaskHelper.ValidateAuthServerAuthorizationEndpoint(authServer, this.ConfigurationSession, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            return(authServer);
        }
Exemplo n.º 6
0
        protected override IConfigurable PrepareDataObject()
        {
            PartnerApplication partnerApplication = (PartnerApplication)base.PrepareDataObject();

            if (base.Fields.IsModified(PartnerApplicationSchema.AuthMetadataUrl))
            {
                if (partnerApplication.UseAuthServer)
                {
                    base.WriteError(new TaskException(Strings.ErrorPartnerApplicationUseAuthServerCannotSetUrl), ErrorCategory.InvalidArgument, null);
                }
                partnerApplication.AuthMetadataUrl = this.AuthMetadataUrl;
                OAuthTaskHelper.FetchAuthMetadata(partnerApplication, this.TrustAnySSLCertificate, false, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            else if (base.Fields.IsModified(PartnerApplicationSchema.Realm) || base.Fields.IsModified(PartnerApplicationSchema.ApplicationIdentifier) || base.Fields.IsModified(PartnerApplicationSchema.IssuerIdentifier))
            {
                base.WriteError(new TaskException(Strings.ErrorChangePartnerApplicationDirectTrust), ErrorCategory.InvalidArgument, null);
            }
            if (base.Fields.IsModified(PartnerApplicationSchema.LinkedAccount))
            {
                if (this.LinkedAccount == null)
                {
                    partnerApplication.LinkedAccount = null;
                }
                else
                {
                    ADRecipient adrecipient = (ADRecipient)base.GetDataObject <ADRecipient>(this.LinkedAccount, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorRecipientNotFound(this.LinkedAccount.ToString())), new LocalizedString?(Strings.ErrorRecipientNotUnique(this.LinkedAccount.ToString())));
                    partnerApplication.LinkedAccount = adrecipient.Id;
                }
            }
            if (base.Fields.IsModified(PartnerApplicationSchema.AppOnlyPermissions))
            {
                partnerApplication.AppOnlyPermissions = this.AppOnlyPermissions;
            }
            if (base.Fields.IsModified(PartnerApplicationSchema.ActAsPermissions))
            {
                partnerApplication.ActAsPermissions = this.ActAsPermissions;
            }
            OAuthTaskHelper.ValidateApplicationRealmAndUniqueness(partnerApplication, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
            return(partnerApplication);
        }
        protected override IConfigurable PrepareDataObject()
        {
            this.CreatePartnerApplicationsContainer();
            PartnerApplication partnerApplication = (PartnerApplication)base.PrepareDataObject();
            ADObjectId         containerId        = PartnerApplication.GetContainerId(this.ConfigurationSession);

            partnerApplication.SetId(containerId.GetChildId(partnerApplication.Name));
            partnerApplication.UseAuthServer = true;
            if (partnerApplication.IsModified(PartnerApplicationSchema.AuthMetadataUrl))
            {
                partnerApplication.UseAuthServer = false;
                OAuthTaskHelper.FetchAuthMetadata(partnerApplication, this.TrustAnySSLCertificate, true, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
            }
            if (base.Fields.IsModified(PartnerApplicationSchema.LinkedAccount))
            {
                if (this.LinkedAccount == null)
                {
                    partnerApplication.LinkedAccount = null;
                }
                else
                {
                    ADRecipient adrecipient = (ADRecipient)base.GetDataObject <ADRecipient>(this.LinkedAccount, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorRecipientNotFound(this.LinkedAccount.ToString())), new LocalizedString?(Strings.ErrorRecipientNotUnique(this.LinkedAccount.ToString())));
                    partnerApplication.LinkedAccount = adrecipient.Id;
                }
            }
            if (base.Fields.IsModified(PartnerApplicationSchema.AppOnlyPermissions))
            {
                partnerApplication.AppOnlyPermissions = this.AppOnlyPermissions;
            }
            if (base.Fields.IsModified(PartnerApplicationSchema.ActAsPermissions))
            {
                partnerApplication.ActAsPermissions = this.ActAsPermissions;
            }
            OAuthTaskHelper.ValidateApplicationRealmAndUniqueness(partnerApplication, this.ConfigurationSession, new Task.TaskErrorLoggingDelegate(base.WriteError));
            return(partnerApplication);
        }