/// <summary>
        /// Create a Facebook identity provider with associated keys and permissions configured.
        /// </summary>
        /// <param name="applicationId">The Facebook Application ID</param>
        /// <param name="applicationSecret">The Facebook Application Secret</param>
        /// <param name="applicationPermissions">The permissions to request from Facebook</param>
        /// <returns></returns>
        public static IdentityProvider CreateFacebookIdentityProvider(this ManagementService svc, string applicationId, string applicationSecret, string applicationPermissions)
        {
            string name = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId);

            Issuer issuer = new Issuer()
            {
                Name = name
            };

            svc.AddToIssuers(issuer);

            //
            // Create the Identity Provider
            //
            IdentityProvider identityProvider = new IdentityProvider()
            {
                DisplayName        = name,
                LoginParameters    = applicationPermissions,
                WebSSOProtocolType = IdentityProviderProtocolType.Facebook.ToString(),
            };

            svc.AddObject("IdentityProviders", identityProvider);
            svc.SetLink(identityProvider, "Issuer", issuer);

            //
            // Create the application Id and application secret keys for this facebook application.
            //
            IdentityProviderKey applicationIdKey = new IdentityProviderKey()
            {
                DisplayName = "Facebook application ID",
                Type        = IdentityProviderKeyType.ApplicationKey.ToString(),
                Usage       = IdentityProviderKeyUsage.ApplicationId.ToString(),
                Value       = Encoding.UTF8.GetBytes(applicationId),
                StartDate   = DateTime.UtcNow,
                EndDate     = DateTime.MaxValue,
            };

            svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationIdKey);

            IdentityProviderKey applicationSecretKey = new IdentityProviderKey()
            {
                DisplayName = "Facebook application Secret",
                Type        = IdentityProviderKeyType.ApplicationKey.ToString(),
                Usage       = IdentityProviderKeyUsage.ApplicationSecret.ToString(),
                Value       = Encoding.UTF8.GetBytes(applicationSecret),
                StartDate   = DateTime.UtcNow,
                EndDate     = DateTime.MaxValue,
            };

            svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationSecretKey);

            identityProvider.Issuer = issuer;
            return(identityProvider);
        }
        /// <summary>
        /// Create a WS-Federation identity provider with associated keys and addresses.
        /// </summary>
        public static IdentityProvider CreateWsFederationIdentityProvider(this ManagementService svc, string name, byte[] signingCertificateValue, DateTime keyStartDate, DateTime keyEndDate, string signInUrl)
        {
            Issuer issuer = new Issuer()
            {
                Name = name
            };

            svc.AddToIssuers(issuer);

            //
            // Create the Identity Provider
            //
            IdentityProvider identityProvider = new IdentityProvider()
            {
                DisplayName        = name,
                WebSSOProtocolType = IdentityProviderProtocolType.WsFederation.ToString(),
            };

            svc.AddObject("IdentityProviders", identityProvider);

            svc.SetLink(identityProvider, "Issuer", issuer);

            //
            // Create the Identity Provider key used to validate the signature of IDP-signed tokens.
            //

            IdentityProviderKey signingKey = new IdentityProviderKey()
            {
                DisplayName = "SampleIdentityProviderKeyDisplayName",
                Type        = IdentityProviderKeyType.X509Certificate.ToString(),
                Usage       = IdentityProviderKeyUsage.Signing.ToString(),
                Value       = signingCertificateValue,
                StartDate   = keyStartDate.ToUniversalTime(),
                EndDate     = keyEndDate.ToUniversalTime()
            };

            svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", signingKey);

            // Create the sign-in address for Identity Provider
            IdentityProviderAddress signInAddress = new IdentityProviderAddress()
            {
                Address      = signInUrl,
                EndpointType = IdentityProviderEndpointType.SignIn.ToString(),
            };

            svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress);

            identityProvider.Issuer = issuer;
            return(identityProvider);
        }
Пример #3
0
        private static void DisplayIdentityProviderKey(IdentityProviderKey identityProviderKey)
        {
            // Display the values of returned Identity Provider
            if (identityProviderKey != null)
            {
                //
                // Values for Application keys should be displayed as UTF-8. Symmetric keys and certificates are Base64.
                //

                string keyValue = identityProviderKey.Type == IdentityProviderKeyType.ApplicationKey.ToString() ?
                                  Encoding.ASCII.GetString(identityProviderKey.Value) : Convert.ToBase64String(identityProviderKey.Value);

                Console.WriteLine("\tIdentity Provider Key (Id = {0})\n", identityProviderKey.Id);
                Console.WriteLine("\t\tId = {0}\n", identityProviderKey.Id);
                Console.WriteLine("\t\tDisplayName = {0}\n", identityProviderKey.DisplayName);
                Console.WriteLine("\t\tType = {0}\n", identityProviderKey.Type);
                Console.WriteLine("\t\tUsage = {0}\n", identityProviderKey.Usage);
                Console.WriteLine("\t\tStartDate = {0}\n", identityProviderKey.StartDate);
                Console.WriteLine("\t\tEndDate = {0}\n", identityProviderKey.EndDate);
                Console.WriteLine("\t\tValue = {0}\n", keyValue);
            }
        }
Пример #4
0
        /// <summary>
        /// Insert keys for an identity provider.
        /// </summary>
        /// <param name="svc">ManagementService instance.</param>
        /// <param name="idpKeys">List of keys to insert.</param>
        /// <param name="identityProvider">Identity Provider associated with the keys.</param>
        private static void InsertIdentityProviderSigningKeysFromMetadata(ManagementService svc, List <X509Certificate2> idpKeys, IdentityProvider identityProvider)
        {
            foreach (X509Certificate2 certificate in idpKeys)
            {
                IdentityProviderKey keyFromMetadata = new IdentityProviderKey()
                {
                    Usage       = IdentityProviderKeyUsage.Signing.ToString(),
                    DisplayName = string.Format(CultureInfo.InvariantCulture, "{0} Signing Key", identityProvider.DisplayName),
                    //
                    // As a security best practice, set the start and end dates on the data entry
                    // to be the same value as the dates on the certificate.
                    //
                    StartDate = certificate.NotBefore.ToUniversalTime(),
                    EndDate   = certificate.NotAfter.ToUniversalTime(),
                    Type      = IdentityProviderKeyType.X509Certificate.ToString(),
                    Value     = certificate.GetRawCertData()
                };

                Console.WriteLine(String.Format("Adding new identity provider key with subject: '{0}'.", GetSubjectFromCertificate(keyFromMetadata.Value)));
                svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", keyFromMetadata);
            }
        }
Пример #5
0
        public Issuer AddIdentityProviderManually(string displayName, string federationUrl, WebSSOProtocolType protocolType, byte[] signingValidationCert = null, string[] allowedRelyingParties = null)
        {
            try
            {
                var client           = this.CreateManagementServiceClient();
                var defaultStartDate = DateTime.UtcNow;
                var defaultEndDate   = defaultStartDate.AddYears(1);

                var issuer = new Issuer
                {
                    Name = displayName
                };

                var oldIssuer = client.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
                if (oldIssuer != null)
                {
                    client.DeleteObject(oldIssuer);
                }

                client.AddToIssuers(issuer);
                client.SaveChanges(SaveChangesOptions.Batch);

                var identityProvider = new IdentityProvider
                {
                    DisplayName        = displayName,
                    WebSSOProtocolType = protocolType.ToString(),
                    LoginLinkName      = displayName,
                    IssuerId           = issuer.Id
                };

                var oldIdentityProvider = client.IdentityProviders.Where(ip => ip.DisplayName.Equals(identityProvider.DisplayName, StringComparison.OrdinalIgnoreCase))
                                          .FirstOrDefault();
                if (oldIdentityProvider != null)
                {
                    client.DeleteObject(oldIdentityProvider);
                    client.SaveChanges();
                }

                client.AddToIdentityProviders(identityProvider);
                client.SaveChanges(SaveChangesOptions.Batch);

                // Identity provider public key to verify the signature
                if (signingValidationCert != null)
                {
                    var key = new IdentityProviderKey
                    {
                        IdentityProviderId = identityProvider.Id,
                        DisplayName        = "Signing Key for " + displayName,
                        StartDate          = defaultStartDate,
                        EndDate            = defaultEndDate,
                        Type  = KeyType.X509Certificate.ToString(),
                        Usage = KeyUsage.Signing.ToString(),
                        Value = signingValidationCert
                    };

                    client.AddToIdentityProviderKeys(key);
                    client.SaveChanges(SaveChangesOptions.Batch);
                }

                // WS-Federation sign-in URL
                var federationSignInAddress = new IdentityProviderAddress
                {
                    IdentityProviderId = identityProvider.Id,
                    EndpointType       = EndpointType.SignIn.ToString(),
                    Address            = federationUrl
                };

                client.AddToIdentityProviderAddresses(federationSignInAddress);
                client.SaveChanges(SaveChangesOptions.Batch);

                return(issuer);
            }
            catch (Exception ex)
            {
                throw TryGetExceptionDetails(ex);
            }
        }
Пример #6
0
        /// <summary>
        /// Add an Identity Provider
        /// </summary>
        private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName)
        {
            var issuer = new Issuer
            {
                Name = idpName
            };

            // Check the Issuer does not exist previouly (if it exists, delete it)
            var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();

            if (oldIssuer != null)
            {
                svc0.DeleteObject(oldIssuer);
                svc0.SaveChanges();
            }

            // Add Issuer
            svc0.AddToIssuers(issuer);
            svc0.SaveChanges(SaveChangesOptions.Batch);
            Console.WriteLine("Info: Issuer created: {0}", idpName);

            var idp = new IdentityProvider
            {
                DisplayName        = idpDisplayName,
                LoginLinkName      = idpDisplayName,
                WebSSOProtocolType = "WsFederation",
                IssuerId           = issuer.Id
            };

            // Check the IP does not exist previouly (if it exists, delete it)
            var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault();

            if (oldIdentityProvider != null)
            {
                svc0.DeleteObject(oldIdentityProvider);
                svc0.SaveChanges();
            }

            // Add the new IP to ACS
            svc0.AddObject("IdentityProviders", idp);

            // Console.WriteLine("Info: Identity Provider created: {0}", idp.Name);
            Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName);

            // Identity provider public key to verify the signature
            var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer");
            var key  = new IdentityProviderKey
            {
                IdentityProvider = idp,
                DisplayName      = idpKeyDisplayName,
                EndDate          = endDate,
                StartDate        = startDate,
                Type             = "X509Certificate",
                Usage            = "Signing",
                Value            = cert
            };

            svc0.AddRelatedObject(idp, "IdentityProviderKeys", key);
            svc0.SaveChanges(SaveChangesOptions.Batch);

            Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName);

            // WS-Federation sign-in URL
            var idpaSignIn = new IdentityProviderAddress
            {
                IdentityProviderId = idp.Id,
                EndpointType       = "SignIn",
                Address            = idpAddress
            };

            svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn);
            svc0.SaveChanges(SaveChangesOptions.Batch);

            Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress);

            string labRelyingPartyName = "WebSiteAdvancedACS";

            // Relying Party related to the Identity Provider
            foreach (var existingRelyingParty in svc0.RelyingParties)
            {
                var rpid = new RelyingPartyIdentityProvider
                {
                    IdentityProviderId = idp.Id,
                    RelyingPartyId     = existingRelyingParty.Id
                };
                existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid);
                idp.RelyingPartyIdentityProviders.Add(rpid);
                svc0.AddToRelyingPartyIdentityProviders(rpid);
            }

            svc0.SaveChanges(SaveChangesOptions.Batch);

            Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName);

            return(issuer);
        }
 public void AddToIdentityProviderKeys(IdentityProviderKey identityProviderKey)
 {
     base.AddObject("IdentityProviderKeys", identityProviderKey);
 }
 public static IdentityProviderKey CreateIdentityProviderKey(long ID, long identityProviderId, bool systemReserved, global::System.DateTime startDate, global::System.DateTime endDate)
 {
     IdentityProviderKey identityProviderKey = new IdentityProviderKey();
     identityProviderKey.Id = ID;
     identityProviderKey.IdentityProviderId = identityProviderId;
     identityProviderKey.SystemReserved = systemReserved;
     identityProviderKey.StartDate = startDate;
     identityProviderKey.EndDate = endDate;
     return identityProviderKey;
 }