static void CreateSampleRelyingParty()
{
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
DateTime startDate = DateTime.UtcNow;
DateTime endDate = startDate.AddYears(1);
// Create Relying Party
RelyingParty relyingParty = svc.CreateRelyingParty(TestRelyingPartyNameString, "http://TestRelyingParty.com/Realm", "http://TestRelyingParty.com/Reply", RelyingPartyTokenType.SAML_2_0, false);
string pfxFileName = "SampleCert.pfx";
string pfxPassword = @"pass@word1";
byte[] signingCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(pfxFileName, pfxPassword);
svc.CreateRelyingPartyKey(relyingParty, signingCertificate, pfxPassword, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true);
// Create a rule group and you can follow the 'Rule' sample code to add rules to it as needed.
string sampleRuleGroupName = "Sample Rule Group for " + relyingParty.Name;
RuleGroup ruleGroup = svc.RuleGroups.Where(rg => rg.Name == sampleRuleGroupName).FirstOrDefault();
if (ruleGroup == null)
{
ruleGroup = new RuleGroup()
{
Name = sampleRuleGroupName
};
svc.AddToRuleGroups(ruleGroup);
}
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
svc.SaveChangesBatch();
}
/// <summary>
/// Configures the ACS service namespace with the proper objects for this sample.
/// </summary>
/// <remarks>
/// Existing objects that are needed for this sample will be deleted and recreated.
/// </remarks>
static void Main(string[] args)
{
const string rpName = "Federation Sample RP";
const string rpRealm = "http://*****:*****@"..\..\..\Certificates\ACS2SigningCertificate.pfx", "password");
byte[] decryptionCertificate = ManagementServiceHelper.ReadBytesFromPfxFile(@"..\..\..\Certificates\ACS2DecryptionCert.pfx", "password");
byte[] encryptionCertificate = new X509Certificate2(@"..\..\..\Certificates\WcfServiceCertificate.cer").RawData;
svc.CreateRelyingPartyKey(relyingParty, signingCertificate, "password", RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true);
svc.CreateRelyingPartyKey(relyingParty, encryptionCertificate, null, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Encrypting, true);
svc.CreateIdentityProviderDecryptionKey(decryptionKeyName, decryptionCertificate, "password", true);
svc.ImportIdentityProviderFromMetadataUrl(new Uri(IdentityProviderMetadataUrl));
svc.AssociateIdentityProvidersWithRelyingParties(new[] { svc.GetIdentityProviderByName(entityId) }, new[] { relyingParty });
RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName);
svc.GenerateRules(ruleGroup, new[] { svc.GetIdentityProviderByName(entityId) });
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
svc.SaveChangesBatch();
Console.WriteLine("Sample successfully configured. Press ENTER to continue ...");
Console.ReadLine();
}
/// <summary>
/// Configures the ACS service namespace with the proper objects for this sample.
/// </summary>
/// <remarks>
/// Existing objects that are needed for this sample will be deleted and recreated.
/// </remarks>
static void Main(string[] args)
{
const string rpName = "ASPNET Simple MVC Sample";
const string rpRealm = "http://localhost:63000/";
const string rpErrorUrl = "http://localhost:63000/Error";
const string ruleGroupName = "Default rule group for ASPNET Simple MVC Sample";
const string googleIdpName = "Google";
const string yahooIdpName = "Yahoo!";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteRelyingPartyByRealmIfExists(rpRealm);
svc.DeleteRuleGroupByNameIfExists(ruleGroupName);
svc.DeleteIdentityProviderIfExists(googleIdpName);
svc.DeleteIdentityProviderIfExists(yahooIdpName);
svc.SaveChangesBatch();
IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID");
IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud");
IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth");
IdentityProvider[] associatedProviders = new[] { live, google, yahoo };
//
// Create the relying party. In this case, the Realm and the ReplyTo are the same address.
//
RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SAML_2_0, false);
svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty });
//
// Configure the error URL.
//
RelyingPartyAddress errorUrl = new RelyingPartyAddress()
{
Address = rpErrorUrl,
EndpointType = RelyingPartyAddressType.Error.ToString()
};
svc.AddRelatedObject(relyingParty, "RelyingPartyAddresses", errorUrl);
RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Create simple rules to pass through all claims from each issuer.
//
foreach (IdentityProvider identityProvider in associatedProviders)
{
string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name);
svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription);
}
svc.SaveChangesBatch();
Console.WriteLine("Sample successfully configured. Press ENTER to continue ...");
Console.ReadLine();
}
static void Main(string[] args)
{
const string RPRealm = "http://ContosoContacts/";
const string RPName = "ContosoContacts";
const string RuleGroupName = "Default rule group for ContosoContacts";
const string googleIdpName = "Google";
const string yahooIdpName = "Yahoo!";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteRelyingPartyByRealmIfExists(RPRealm);
svc.DeleteRuleGroupByNameIfExists(RuleGroupName);
svc.DeleteIdentityProviderIfExists(googleIdpName);
svc.DeleteIdentityProviderIfExists(yahooIdpName);
svc.SaveChangesBatch();
//
// Create Google and Yahoo! as identity providers. LiveID is already configured.
//
IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID");
IdentityProvider google = svc.CreateOpenIdIdentityProvider(googleIdpName, "https://www.google.com/accounts/o8/ud");
IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooIdpName, "https://open.login.yahooapis.com/openid/op/auth");
IdentityProvider[] associatedProviders = new[] { live, google, yahoo };
//
// Create the relying party and its associated key.
//
RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false);
svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty });
RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true);
Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value));
RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Create simple rules to pass through all claims from each issuer.
//
foreach (IdentityProvider identityProvider in associatedProviders)
{
string ruleDescription = String.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name);
svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription);
}
svc.SaveChangesBatch();
Console.WriteLine("Sample configured successfully. Press <ENTER> to exit...");
Console.ReadLine();
}
/// <summary>
/// Generates the rules for the relying party
/// </summary>
private static void GenerateRules(string ruleGroupName, string relyingPartyName)
{
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
// Get the identity providers for the relying party
RelyingParty relyingParty = svc.GetRelyingPartyByName(relyingPartyName);
IEnumerable <IdentityProvider> rpIdentityProviders = svc.GetRelyingPartyIdentityProviders(relyingParty);
// Generate rules for the rule group
RuleGroup ruleGroup = svc.RuleGroups.Where(rg => rg.Name == ruleGroupName).FirstOrDefault();
svc.GenerateRules(ruleGroup, rpIdentityProviders);
// Assign the rule group to relying party
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
svc.SaveChangesBatch();
}
/// <summary>
/// Configures the ACS service namespace with the proper objects for this sample.
/// </summary>
/// <remarks>
/// Existing objects that are needed for this sample will be deleted and recreated.
/// </remarks>
static void Main(string[] args)
{
const string rpName = "Certificate Binding Sample RP";
const string rpRealm = "http://*****:*****@"..\..\..\Certificates\ACS2SigningCertificate.pfx", "password");
byte[] encryptionCertificate = new X509Certificate2(@"..\..\..\Certificates\WcfServiceCertificate.cer").RawData;
svc.CreateRelyingPartyKey(relyingParty, signingCertificate, "password", RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Signing, true);
svc.CreateRelyingPartyKey(relyingParty, encryptionCertificate, null, RelyingPartyKeyType.X509Certificate, RelyingPartyKeyUsage.Encrypting, true);
byte[] clientCertificate = new X509Certificate2(@"..\..\..\Certificates\ACS2ClientCertificate.cer").RawData;
svc.CreateServiceIdentity(serviceIdentityName, clientCertificate, ServiceIdentityKeyType.X509Certificate, ServiceIdentityKeyUsage.Signing);
RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Add a rule to pass through all ACS-issued claims. These are represented by an issuer called "LOCAL AUTHORITY"
// Null input and output claim types and values mean to pass-through all.
//
svc.CreateRule(svc.GetIssuerByName("LOCAL AUTHORITY"), null, null, null, null, ruleGroup, "Pass through all claims issued by ACS.");
svc.SaveChangesBatch();
Console.WriteLine("Sample successfully configured. Press ENTER to continue ...");
Console.ReadLine();
}
static void Main(string[] args)
{
const string ClientName = "OAuth2SampleX509Identity";
const string RPRealm = "https://oauth2RelyingParty/";
const string RPName = "OAuth2 RP";
const string RuleGroupName = "Default rule group for OAuth2 RP";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteServiceIdentityIfExists(ClientName);
svc.DeleteRelyingPartyByRealmIfExists(RPRealm);
svc.DeleteRuleGroupByNameIfExists(RuleGroupName);
svc.SaveChangesBatch();
X509Certificate2 clientCertificate = new X509Certificate2(@"..\..\..\Certificates\ACS2ClientCertificate.cer");
svc.CreateServiceIdentity(ClientName, clientCertificate.RawData, ServiceIdentityKeyType.X509Certificate, ServiceIdentityKeyUsage.Signing);
RelyingParty relyingParty = svc.CreateRelyingParty(RPName, RPRealm, null, RelyingPartyTokenType.SWT, false);
RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.MaxValue, true);
Console.WriteLine("Generated symmetric key: {0}", Convert.ToBase64String(relyingPartyKey.Value));
Issuer localAuthority = svc.GetIssuerByName("LOCAL AUTHORITY");
RuleGroup ruleGroup = svc.CreateRuleGroup(RuleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
svc.CreateRule(localAuthority, null, null, null, null, ruleGroup, "Pass through claims issued by ACS");
svc.SaveChangesBatch();
Console.WriteLine("Sample configured successfully. Press <ENTER> to exit...");
Console.ReadLine();
}
/// <summary>
/// Configures the ACS service namespace with the proper objects for this sample.
/// </summary>
/// <remarks>
/// Existing objects that are needed for this sample will be deleted and recreated.
/// </remarks>
static void Main(string[] args)
{
const string rpName = "ASPNET Simple Service";
const string rpRealm = "http://localhost:8000/Service/";
const string serviceIdentityName = "acssample";
const string serviceIdentityPassword = "******";
const string ruleGroupName = "Default rule group for ASPNET Simple Service";
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
svc.DeleteRelyingPartyByRealmIfExists(rpRealm);
svc.DeleteServiceIdentityIfExists(serviceIdentityName);
svc.DeleteRuleGroupByNameIfExists(ruleGroupName);
svc.SaveChangesBatch();
RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpRealm, RelyingPartyTokenType.SWT, false);
RelyingPartyKey relyingPartyKey = svc.GenerateRelyingPartySymmetricKey(relyingParty, DateTime.UtcNow, DateTime.UtcNow.AddYears(1), true);
Console.WriteLine("Generated symmetric key value: {0}", Convert.ToBase64String(relyingPartyKey.Value));
svc.CreateServiceIdentity(serviceIdentityName, Encoding.UTF8.GetBytes(serviceIdentityPassword), ServiceIdentityKeyType.Password, ServiceIdentityKeyUsage.Password);
RuleGroup ruleGroup = svc.CreateRuleGroup(ruleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Add a rule to issue the "action=reverse" claim.
//
svc.CreateRule(svc.GetIssuerByName("LOCAL AUTHORITY"), null, null, "action", "reverse", ruleGroup, "Issue action=reverse claim.");
svc.SaveChangesBatch();
Console.WriteLine("Sample successfully configured. Press ENTER to continue ...");
Console.ReadLine();
}
/// <summary>
/// Configures the ACS service namespace with the proper objects for this sample.
/// </summary>
/// <remarks>
/// Existing objects that are needed for this sample will be deleted and recreated.
/// </remarks>
static void Main(string[] args)
{
const string rpName = "ASPNET MVC3 Custom Sign-In Page Sample";
const string rpRealm = "http://localhost:64000/";
const string rpReplyTo = "http://localhost:64000/Account/SignIn";
const string facebookName = "Facebook";
const string yahooName = "Yahoo!";
const string defaultRuleGroupName = "Default rule group for ASPNET MVC3 Custom Sign-In Page Sample";
// Please update these with your own Facebook application information
const string applicationId = "applicationid";
const string applicationSecret = "applicationsecret";
string facebookIdpName = String.Format(CultureInfo.InvariantCulture, "Facebook-{0}", applicationId);
ManagementService svc = ManagementServiceHelper.CreateManagementServiceClient();
//
// Clean up pre-existing configuration
//
svc.DeleteRelyingPartyByRealmIfExists(rpRealm);
svc.DeleteRuleGroupByNameIfExists(defaultRuleGroupName);
svc.DeleteIdentityProviderIfExists(facebookIdpName);
svc.DeleteIdentityProviderIfExists(yahooName);
svc.SaveChangesBatch();
//
// Create Identity Providers
//
IdentityProvider live = svc.GetIdentityProviderByName("uri:WindowsLiveID");;
IdentityProvider facebook = svc.CreateFacebookIdentityProvider(applicationId, applicationSecret, "email,user_events");
SetSignInInformation(svc, facebook, facebookName);
IdentityProvider yahoo = svc.CreateOpenIdIdentityProvider(yahooName, "https://open.login.yahooapis.com/openid/op/auth");
SetSignInInformation(svc, yahoo, yahooName);
IdentityProvider[] associatedProviders = new[] { live, facebook, yahoo };
//
// Create Relying Party
//
RelyingParty relyingParty = svc.CreateRelyingParty(rpName, rpRealm, rpReplyTo, RelyingPartyTokenType.SAML_2_0, false);
svc.AssociateIdentityProvidersWithRelyingParties(associatedProviders, new[] { relyingParty });
RuleGroup ruleGroup = svc.CreateRuleGroup(defaultRuleGroupName);
svc.AssignRuleGroupToRelyingParty(ruleGroup, relyingParty);
//
// Create simple rules to pass through all claims from each issuer.
//
foreach (IdentityProvider identityProvider in associatedProviders)
{
string ruleDescription = string.Format(CultureInfo.InvariantCulture, "Pass through all claims from '{0}'", identityProvider.Issuer.Name);
svc.CreateRule(identityProvider.Issuer, null, null, null, null, ruleGroup, ruleDescription);
}
svc.SaveChangesBatch();
Console.WriteLine("Sample successfully configured. Press ENTER to continue ...");
Console.ReadLine();
}
