static void CreateSampleRelyingParty()
{
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
DateTime startDate = DateTime.UtcNow;
DateTime endDate = startDate.AddYears(1);
// Create Relying Party
RelyingParty relyingParty = svc.CreateRelyingParty(TestRelyingPartyNameString, "http://TestRelyingParty.com/Realm", "http://TestRelyingParty.com/Reply", RelyingPartyTokenType.SAML_2_0, false);
string pfxFileName = "SampleCert.pfx";
string pfxPassword = @"pass@word1";
byte[] signingCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(pfxFileName, pfxPassword);
svc.CreateRelyingPartyKey(relyingParty, signingCertificate, pfxPassword, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true);
// Create a rule group and you can follow the 'Rule' sample code to add rules to it as needed.
string sampleRuleGroupName = "Sample Rule Group for " + relyingParty.Name;
RuleGroup ruleGroup = svc.RuleGroups.Where(rg => rg.Name == sampleRuleGroupName).FirstOrDefault();
if (ruleGroup == null)
{
ruleGroup = new RuleGroup()
{
Name = sampleRuleGroupName
};
svc.AddToRuleGroups(ruleGroup);
}
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
svc.SaveChangesBatch();
}
/// <summary>
/// Add a rule group.
/// </summary>
private static void AddRuleGroup(string name)
{
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
RuleGroup rg = new RuleGroup()
{
Name = name
};
svc.AddToRuleGroups(rg);
svc.SaveChangesBatch();
}
/// <summary>
/// Creates a rule group with the given name.
/// </summary>
public static RuleGroup CreateRuleGroup(this ManagementService svc, string name)
{
svc.DeleteRuleGroupByNameIfExists(name);
RuleGroup ruleGroup = new RuleGroup {
Name = name
};
svc.AddToRuleGroups(ruleGroup);
return(ruleGroup);
}
public static RuleGroup AddPassthroughRule(this ManagementService svc,
RelyingParty relyingParty, string ruleGroupName)
{
Contract.Requires(svc != null);
Contract.Requires(relyingParty != null);
Contract.Requires(!string.IsNullOrWhiteSpace(ruleGroupName));
var ruleGroup = new RuleGroup()
{
Name = ruleGroupName
};
svc.AddToRuleGroups(ruleGroup);
svc.SaveChanges(SaveChangesOptions.Batch);
var localAuthority = svc.Issuers.Where(
m => m.Name == "LOCAL AUTHORITY").FirstOrDefault();
var passthrough = new Rule();
passthrough.Description = "Passthough all ACS claims";
svc.AddToRules(passthrough);
svc.SetLink(passthrough, "RuleGroup", ruleGroup);
svc.SetLink(passthrough, "Issuer", localAuthority);
var rprg = new RelyingPartyRuleGroup();
svc.AddToRelyingPartyRuleGroups(rprg);
svc.AddLink(relyingParty, "RelyingPartyRuleGroups", rprg);
svc.AddLink(ruleGroup, "RelyingPartyRuleGroups", rprg);
svc.SaveChanges(SaveChangesOptions.Batch);
return(ruleGroup);
}
/// <summary>
/// Copies the <paramref name="source"/> into a new rule group with name <paramref name="newRuleGroupName"/>
/// </summary>
/// <param name="svc"></param>
/// <param name="source">Source rule group</param>
/// <param name="newRuleGroupName">Name of the new rule group</param>
public static void CopyRuleGroup(this ManagementService svc, RuleGroup source, string newRuleGroupName)
{
RuleGroup newRuleGroup = new RuleGroup()
{
Name = newRuleGroupName,
};
svc.AddToRuleGroups(newRuleGroup);
foreach (Rule rule in svc.Rules.Expand("Issuer").Where(r => r.RuleGroupId == source.Id))
{
Rule newRule = new Rule();
newRule.Description = rule.Description;
newRule.InputClaimType = rule.InputClaimType;
newRule.InputClaimValue = rule.InputClaimValue;
newRule.OutputClaimType = rule.OutputClaimType;
newRule.OutputClaimValue = rule.OutputClaimValue;
svc.AddToRules(newRule);
svc.SetLink(newRule, "Issuer", rule.Issuer);
svc.SetLink(newRule, "RuleGroup", newRuleGroup);
}
}
private static void CreateRelyingParty(ManagementService client, string relyingPartyName, string ruleGroupName, string realmAddress, string replyAddress, TokenType tokenType, int tokenLifetime, bool asymmetricTokenEncryptionRequired, out RelyingParty relyingParty)
{
// Create Relying Party
relyingParty = new RelyingParty
{
Name = relyingPartyName,
DisplayName = relyingPartyName,
Description = relyingPartyName,
TokenType = tokenType.ToString(),
TokenLifetime = tokenLifetime,
AsymmetricTokenEncryptionRequired = asymmetricTokenEncryptionRequired
};
client.AddObject("RelyingParties", relyingParty);
client.SaveChanges();
if (!string.IsNullOrWhiteSpace(ruleGroupName))
{
RuleGroup ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(ruleGroupName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (ruleGroup == null)
{
ruleGroup = new RuleGroup
{
Name = ruleGroupName
};
client.AddToRuleGroups(ruleGroup);
client.SaveChanges();
}
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
// Create the Realm for Relying Party
var realm = new RelyingPartyAddress
{
Address = realmAddress,
EndpointType = RelyingPartyAddressEndpointType.Realm.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realm);
if (!string.IsNullOrEmpty(replyAddress))
{
var reply = new RelyingPartyAddress
{
Address = replyAddress,
EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply);
}
client.SaveChanges(SaveChangesOptions.Batch);
}
