/// <summary>
/// Create a Facebook identity provider with associated keys and permissions configured.
/// </summary>
/// <param name="applicationId">The Facebook Application ID</param>
/// <param name="applicationSecret">The Facebook Application Secret</param>
/// <param name="applicationPermissions">The permissions to request from Facebook</param>
/// <returns></returns>
public static IdentityProvider CreateFacebookIdentityProvider(this ManagementService svc, string applicationId, string applicationSecret, string applicationPermissions)
{
string name = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId);
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
LoginParameters = applicationPermissions,
WebSSOProtocolType = IdentityProviderProtocolType.Facebook.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the application Id and application secret keys for this facebook application.
//
IdentityProviderKey applicationIdKey = new IdentityProviderKey()
{
DisplayName = "Facebook application ID",
Type = IdentityProviderKeyType.ApplicationKey.ToString(),
Usage = IdentityProviderKeyUsage.ApplicationId.ToString(),
Value = Encoding.UTF8.GetBytes(applicationId),
StartDate = DateTime.UtcNow,
EndDate = DateTime.MaxValue,
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationIdKey);
IdentityProviderKey applicationSecretKey = new IdentityProviderKey()
{
DisplayName = "Facebook application Secret",
Type = IdentityProviderKeyType.ApplicationKey.ToString(),
Usage = IdentityProviderKeyUsage.ApplicationSecret.ToString(),
Value = Encoding.UTF8.GetBytes(applicationSecret),
StartDate = DateTime.UtcNow,
EndDate = DateTime.MaxValue,
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", applicationSecretKey);
identityProvider.Issuer = issuer;
return(identityProvider);
}
/// <summary>
/// Create a WS-Federation identity provider with associated keys and addresses.
/// </summary>
public static IdentityProvider CreateWsFederationIdentityProvider(this ManagementService svc, string name, byte[] signingCertificateValue, DateTime keyStartDate, DateTime keyEndDate, string signInUrl)
{
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
WebSSOProtocolType = IdentityProviderProtocolType.WsFederation.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the Identity Provider key used to validate the signature of IDP-signed tokens.
//
IdentityProviderKey signingKey = new IdentityProviderKey()
{
DisplayName = "SampleIdentityProviderKeyDisplayName",
Type = IdentityProviderKeyType.X509Certificate.ToString(),
Usage = IdentityProviderKeyUsage.Signing.ToString(),
Value = signingCertificateValue,
StartDate = keyStartDate.ToUniversalTime(),
EndDate = keyEndDate.ToUniversalTime()
};
svc.AddRelatedObject(identityProvider, "IdentityProviderKeys", signingKey);
// Create the sign-in address for Identity Provider
IdentityProviderAddress signInAddress = new IdentityProviderAddress()
{
Address = signInUrl,
EndpointType = IdentityProviderEndpointType.SignIn.ToString(),
};
svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress);
identityProvider.Issuer = issuer;
return(identityProvider);
}
/// <summary>
/// Create an OpenID identity provider with the associated sign-in address
/// </summary>
/// <param name="name">The name of the issuer to create.</param>
/// <param name="signInUrl">The post-discovery OpenID endpoint URL of the provider.</param>
/// <returns>The created identity provider.</returns>
public static IdentityProvider CreateOpenIdIdentityProvider(this ManagementService svc, string name, string signInUrl)
{
Issuer issuer = new Issuer()
{
Name = name
};
svc.AddToIssuers(issuer);
//
// Create the Identity Provider
//
IdentityProvider identityProvider = new IdentityProvider()
{
DisplayName = name,
WebSSOProtocolType = IdentityProviderProtocolType.OpenId.ToString(),
};
svc.AddObject("IdentityProviders", identityProvider);
svc.SetLink(identityProvider, "Issuer", issuer);
//
// Create the sign-in address for Identity Provider
//
IdentityProviderAddress signInAddress = new IdentityProviderAddress()
{
Address = signInUrl,
EndpointType = IdentityProviderEndpointType.SignIn.ToString(),
};
svc.AddRelatedObject(identityProvider, "IdentityProviderAddresses", signInAddress);
identityProvider.Issuer = issuer;
return(identityProvider);
}
private static void CreateRelyingParty(ManagementService client, string relyingPartyName, string ruleGroupName, string realmAddress, string replyAddress, TokenType tokenType, int tokenLifetime, bool asymmetricTokenEncryptionRequired, out RelyingParty relyingParty)
{
// Create Relying Party
relyingParty = new RelyingParty
{
Name = relyingPartyName,
DisplayName = relyingPartyName,
Description = relyingPartyName,
TokenType = tokenType.ToString(),
TokenLifetime = tokenLifetime,
AsymmetricTokenEncryptionRequired = asymmetricTokenEncryptionRequired
};
client.AddObject("RelyingParties", relyingParty);
client.SaveChanges();
if (!string.IsNullOrWhiteSpace(ruleGroupName))
{
RuleGroup ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(ruleGroupName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (ruleGroup == null)
{
ruleGroup = new RuleGroup
{
Name = ruleGroupName
};
client.AddToRuleGroups(ruleGroup);
client.SaveChanges();
}
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
// Create the Realm for Relying Party
var realm = new RelyingPartyAddress
{
Address = realmAddress,
EndpointType = RelyingPartyAddressEndpointType.Realm.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realm);
if (!string.IsNullOrEmpty(replyAddress))
{
var reply = new RelyingPartyAddress
{
Address = replyAddress,
EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply);
}
client.SaveChanges(SaveChangesOptions.Batch);
}
/// <summary>
/// Add an Identity Provider
/// </summary>
private static Issuer CreateIdpManually(DateTime startDate, DateTime endDate, ManagementService svc0, string idpName, string idpDisplayName, string idpAddress, string idpKeyDisplayName)
{
var issuer = new Issuer
{
Name = idpName
};
// Check the Issuer does not exist previouly (if it exists, delete it)
var oldIssuer = svc0.Issuers.Where(ip => ip.Name == issuer.Name).FirstOrDefault();
if (oldIssuer != null)
{
svc0.DeleteObject(oldIssuer);
svc0.SaveChanges();
}
// Add Issuer
svc0.AddToIssuers(issuer);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Issuer created: {0}", idpName);
var idp = new IdentityProvider
{
DisplayName = idpDisplayName,
LoginLinkName = idpDisplayName,
WebSSOProtocolType = "WsFederation",
IssuerId = issuer.Id
};
// Check the IP does not exist previouly (if it exists, delete it)
var oldIdentityProvider = svc0.IdentityProviders.Where(ip => ip.DisplayName == idp.DisplayName).FirstOrDefault();
if (oldIdentityProvider != null)
{
svc0.DeleteObject(oldIdentityProvider);
svc0.SaveChanges();
}
// Add the new IP to ACS
svc0.AddObject("IdentityProviders", idp);
// Console.WriteLine("Info: Identity Provider created: {0}", idp.Name);
Console.WriteLine("Info: Identity Provider created: {0}", idp.DisplayName);
// Identity provider public key to verify the signature
var cert = File.ReadAllBytes(@"Resources\SelfSTS.cer");
var key = new IdentityProviderKey
{
IdentityProvider = idp,
DisplayName = idpKeyDisplayName,
EndDate = endDate,
StartDate = startDate,
Type = "X509Certificate",
Usage = "Signing",
Value = cert
};
svc0.AddRelatedObject(idp, "IdentityProviderKeys", key);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Key added: {0}", idpKeyDisplayName);
// WS-Federation sign-in URL
var idpaSignIn = new IdentityProviderAddress
{
IdentityProviderId = idp.Id,
EndpointType = "SignIn",
Address = idpAddress
};
svc0.AddRelatedObject(idp, "IdentityProviderAddresses", idpaSignIn);
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Identity Provider Address added: {0}", idpAddress);
string labRelyingPartyName = "WebSiteAdvancedACS";
// Relying Party related to the Identity Provider
foreach (var existingRelyingParty in svc0.RelyingParties)
{
var rpid = new RelyingPartyIdentityProvider
{
IdentityProviderId = idp.Id,
RelyingPartyId = existingRelyingParty.Id
};
existingRelyingParty.RelyingPartyIdentityProviders.Add(rpid);
idp.RelyingPartyIdentityProviders.Add(rpid);
svc0.AddToRelyingPartyIdentityProviders(rpid);
}
svc0.SaveChanges(SaveChangesOptions.Batch);
Console.WriteLine("Info: Relying Party added to Identity Provider: {0}", labRelyingPartyName);
return(issuer);
}
