private static EntitiesDescriptor LoadMetadata()
{
Console.WriteLine("Loading SAML metadata file {0}.", fileName);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load(fileName);
EntitiesDescriptor entitiesDescriptor = null;
if (EntitiesDescriptor.IsValid(xmlDocument.DocumentElement))
{
Console.WriteLine("Reading SAML entities descriptor metadata.");
entitiesDescriptor = new EntitiesDescriptor(xmlDocument.DocumentElement);
}
else if (EntityDescriptor.IsValid(xmlDocument.DocumentElement))
{
Console.WriteLine("Reading SAML entity descriptor metadata.");
entitiesDescriptor = new EntitiesDescriptor();
entitiesDescriptor.EntityDescriptors.Add(new EntityDescriptor(xmlDocument.DocumentElement));
}
else
{
throw new ArgumentException("Expecting entities descriptor or entity descriptor.");
}
return(entitiesDescriptor);
}
internal Federation(EntitiesDescriptor metadata, bool allowUnsolicitedAuthnResponse)
{
identityProviders = metadata.ChildEntities
.Where(ed => ed.RoleDescriptors.OfType <IdentityProviderSingleSignOnDescriptor>().Any())
.Select(ed => new IdentityProvider(ed, allowUnsolicitedAuthnResponse))
.ToDictionary(idp => idp.EntityId, EntityIdEqualityComparer.Instance);
}
static void Main(string[] args)
{
try {
ParseArguments(args);
EntitiesDescriptor entitiesDescriptor = LoadMetadata();
SAMLConfiguration samlConfiguration = LoadSAMLConfiguration();
IList <X509Certificate2> x509Certificates = new List <X509Certificate2>();
MetadataImporter.Import(entitiesDescriptor, samlConfiguration, x509Certificates);
AddLocalProviders(samlConfiguration);
UpdatePartnerProviders(samlConfiguration);
SaveSAMLConfiguration(samlConfiguration);
SaveCertificates(x509Certificates);
}
catch (Exception exception) {
Console.Error.WriteLine(exception.ToString());
if (exception is ArgumentException)
{
ShowUsage();
}
}
}
// Reads an entities descriptor
private static void ReadEntitiesDescriptor(EntitiesDescriptor entitiesDescriptor)
{
foreach (EntityDescriptor entityDescriptor in entitiesDescriptor.EntityDescriptors)
{
ReadEntityDescriptor(entityDescriptor);
}
}
public static EntitiesDescriptor GetEntitiesDescriptor()
{
var descriptor = new EntitiesDescriptor();
var entityDesc = EntityDescriptorProviderMock.GetEntityDescriptor();
descriptor.ChildEntities.Add(entityDesc);
return(descriptor);
}
public static EntitiesDescriptor CreateFederationMetadata()
{
var metadata = new EntitiesDescriptor
{
Name = "Sustainsys.Saml2.StubIdp Federation",
CacheDuration = new XsdDuration(minutes: 15),
ValidUntil = DateTime.UtcNow.AddDays(1)
};
metadata.ChildEntities.Add(CreateIdpMetadata(false));
return(metadata);
}
private static void ReadMetadata(XmlElement xmlElement)
{
if (EntitiesDescriptor.IsValid(xmlElement)) {
Console.Error.WriteLine("Reading SAML entities descriptor metadata");
EntitiesDescriptor entitiesDescriptor = new EntitiesDescriptor(xmlElement);
Console.WriteLine(entitiesDescriptor.ToXml().OuterXml);
} else if (EntityDescriptor.IsValid(xmlElement)) {
Console.Error.WriteLine("Reading SAML entity descriptor metadata");
EntityDescriptor entityDescriptor = new EntityDescriptor(xmlElement);
Console.WriteLine(entityDescriptor.ToXml().OuterXml);
} else {
throw new ArgumentException("Expecting entities descriptor or entity descriptor");
}
}
private SecurityTokenServiceDescriptor ReadStsDescriptor(MetadataBase metadataBase)
{
EntitiesDescriptor entities = metadataBase as EntitiesDescriptor;
if (entities != null)
{
foreach (EntityDescriptor en in entities.ChildEntities)
{
foreach (RoleDescriptor role in en.RoleDescriptors)
{
SecurityTokenServiceDescriptor stsDescriptor = role as SecurityTokenServiceDescriptor;
if (stsDescriptor != null)
{
//
// If there are multiple STS descriptors, the first one listed will be used.
// This mirrors the behavior of the Federation Utility tool that creates automatic trust
// using the STS Federation metadata. This is provided for illustrative purposes only.
// In a production system, you may choose to trust one or more STS descriptors that are
// published in the STS Federation metadata.
//
return(stsDescriptor);
}
}
}
}
EntityDescriptor entity = metadataBase as EntityDescriptor;
if (entity != null)
{
foreach (RoleDescriptor role in entity.RoleDescriptors)
{
SecurityTokenServiceDescriptor stsDescriptor = role as SecurityTokenServiceDescriptor;
if (stsDescriptor != null)
{
//
// If there are multiple STS descriptors, the first one listed will be used.
// This mirrors the behavior of the Federation Utility tool that creates automatic trust
// using the STS Federation metadata. This is provided for illustrative purposes only.
// In a production system, you may choose to trust one or more STS descriptors that are
// published in the STS Federation metadata.
//
return(stsDescriptor);
}
}
}
throw new InvalidOperationException("The metadata does not contain a valid SecurityTokenServiceDescriptor.");
}
// Reads SAML v2.0 metadata
private static void ReadMetadata(XmlElement xmlElement)
{
if (EntitiesDescriptor.IsValid(xmlElement))
{
ReadEntitiesDescriptor(new EntitiesDescriptor(xmlElement));
}
else if (EntityDescriptor.IsValid(xmlElement))
{
ReadEntityDescriptor(new EntityDescriptor(xmlElement));
}
else
{
throw new ArgumentException("Expecting entities descriptor or entity descriptor");
}
}
private static EntityDescriptor ExtractEntityDescriptor(string fromXml, string forEntityId = null)
{
// extract entity descriptor from xml
if (string.IsNullOrWhiteSpace(fromXml))
{
throw new ArgumentNullException("fromXml");
}
// load xml into a document
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(fromXml);
// xml may only be a single entity descriptor
if (EntityDescriptor.IsValid(xmlDocument.DocumentElement))
{
// create a new entity descriptor
var entityDescriptor = new EntityDescriptor(xmlDocument.DocumentElement);
// entity descriptor is only valid when forEntityId argument has no value
// or when the forEntityId argument has value and matches the entity descriptor
if (string.IsNullOrWhiteSpace(forEntityId) || // entityID match not enforced
forEntityId.Equals(entityDescriptor.EntityID.URI, // entityID match enforced
StringComparison.OrdinalIgnoreCase))
{
return(entityDescriptor);
}
// forEntityId argument has value, and does not match entity descriptor
return(null);
}
// xml may be a n entities descriptor container
if (EntitiesDescriptor.IsValid(xmlDocument.DocumentElement))
{
// create a new entities descriptor
var entitiesDescriptor = new EntitiesDescriptor(xmlDocument.DocumentElement);
// when forEntityId is specified, return specific entity descriptor
// when forEntityId is not specified, return the first entity descriptor
return((!string.IsNullOrWhiteSpace(forEntityId))
? entitiesDescriptor.GetEntityDescriptor(forEntityId)
: entitiesDescriptor.EntityDescriptors.FirstOrDefault());
}
return(null);
}
public static EntitiesDescriptor GetEntitiesDescriptor(int idpEntities, int spEntities)
{
var descriptor = new EntitiesDescriptor();
for (var i = 0; i < idpEntities; i++)
{
var entityDesc = EntityDescriptorProviderMock.GetIdpEntityDescriptor(String.Format("IdpEntityId_{0}", i));
descriptor.ChildEntities.Add(entityDesc);
}
for (var i = 0; i < spEntities; i++)
{
var entityDesc = EntityDescriptorProviderMock.GetSpEntityDescriptor(String.Format("SPEntityId_{0}", i));
descriptor.ChildEntities.Add(entityDesc);
}
return(descriptor);
}
private static void ReadMetadata(XmlElement xmlElement)
{
if (EntitiesDescriptor.IsValid(xmlElement))
{
Console.Error.WriteLine("Reading SAML entities descriptor metadata");
EntitiesDescriptor entitiesDescriptor = new EntitiesDescriptor(xmlElement);
Console.WriteLine(entitiesDescriptor.ToXml().OuterXml);
}
else if (EntityDescriptor.IsValid(xmlElement))
{
Console.Error.WriteLine("Reading SAML entity descriptor metadata");
EntityDescriptor entityDescriptor = new EntityDescriptor(xmlElement);
Console.WriteLine(entityDescriptor.ToXml().OuterXml);
}
else
{
throw new ArgumentException("Expecting entities descriptor or entity descriptor");
}
}
private static EntityDescriptor ExtractEntityDescriptor(string fromXml, string forEntityId = null)
{
// extract entity descriptor from xml
if (string.IsNullOrWhiteSpace(fromXml)) throw new ArgumentNullException("fromXml");
// load xml into a document
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(fromXml);
// xml may only be a single entity descriptor
if (EntityDescriptor.IsValid(xmlDocument.DocumentElement))
{
// create a new entity descriptor
var entityDescriptor = new EntityDescriptor(xmlDocument.DocumentElement);
// entity descriptor is only valid when forEntityId argument has no value
// or when the forEntityId argument has value and matches the entity descriptor
if (string.IsNullOrWhiteSpace(forEntityId) // entityID match not enforced
|| forEntityId.Equals(entityDescriptor.EntityID.URI, // entityID match enforced
StringComparison.OrdinalIgnoreCase))
return entityDescriptor;
// forEntityId argument has value, and does not match entity descriptor
return null;
}
// xml may be a n entities descriptor container
if (EntitiesDescriptor.IsValid(xmlDocument.DocumentElement))
{
// create a new entities descriptor
var entitiesDescriptor = new EntitiesDescriptor(xmlDocument.DocumentElement);
// when forEntityId is specified, return specific entity descriptor
// when forEntityId is not specified, return the first entity descriptor
return (!string.IsNullOrWhiteSpace(forEntityId))
? entitiesDescriptor.GetEntityDescriptor(forEntityId)
: entitiesDescriptor.EntityDescriptors.FirstOrDefault();
}
return null;
}
public void ExtendedMetadataSerializer_Write_EntitiesDescriptorCacheDuration()
{
var metadata = new EntitiesDescriptor
{
Name = "Federation Name",
CacheDuration = new XsdDuration(minutes: 42)
};
var entity = new EntityDescriptor
{
EntityId = new EntityId("http://some.entity.example.com")
};
var idpSsoDescriptor = new IdpSsoDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://some.entity.example.com/sso")
});
entity.RoleDescriptors.Add(idpSsoDescriptor);
metadata.ChildEntities.Add(entity);
var stream = new MemoryStream();
ExtendedMetadataSerializer.ReaderInstance.WriteMetadata(stream, metadata);
stream.Seek(0, SeekOrigin.Begin);
var result = XDocument.Load(stream).Root;
result.Name.Should().Be(Saml2Namespaces.Saml2Metadata + "EntitiesDescriptor");
result.Attribute("cacheDuration").Value.Should().Be("PT42M");
result.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor").Attribute("cacheDuration")
.Should().BeNull();
}
private static EntitiesDescriptor LoadMetadata()
{
Console.WriteLine("Loading SAML metadata file {0}.", fileName);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load(fileName);
EntitiesDescriptor entitiesDescriptor = null;
if (EntitiesDescriptor.IsValid(xmlDocument.DocumentElement)) {
Console.WriteLine("Reading SAML entities descriptor metadata.");
entitiesDescriptor = new EntitiesDescriptor(xmlDocument.DocumentElement);
} else if (EntityDescriptor.IsValid(xmlDocument.DocumentElement)) {
Console.WriteLine("Reading SAML entity descriptor metadata.");
entitiesDescriptor = new EntitiesDescriptor();
entitiesDescriptor.EntityDescriptors.Add(new EntityDescriptor(xmlDocument.DocumentElement));
} else {
throw new ArgumentException("Expecting entities descriptor or entity descriptor.");
}
return entitiesDescriptor;
}
// Reads an entities descriptor
private static void ReadEntitiesDescriptor(EntitiesDescriptor entitiesDescriptor)
{
foreach (EntityDescriptor entityDescriptor in entitiesDescriptor.EntityDescriptors) {
ReadEntityDescriptor(entityDescriptor);
}
}
