public void SustainsysSaml2Section_Attributes_LoadedFromConfig() { var expected = new AttributeConsumingService("SP") { IsDefault = true }; expected.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", NameFormat = RequestedAttribute.AttributeNameFormatUri, IsRequired = true }); expected.RequestedAttributes.Add( new RequestedAttribute("Minimal") { FriendlyName = null, NameFormat = RequestedAttribute.AttributeNameFormatUnspecified, IsRequired = false }); var subject = SustainsysSaml2Section.Current.AttributeConsumingServices.Single(); subject.ShouldBeEquivalentTo(expected); }
private static void AddAttributeConsumingServices(SPOptions options) { var a1 = new RequestedAttribute("urn:attributeName") { FriendlyName = "friendlyName", NameFormat = RequestedAttribute.AttributeNameFormatUri, AttributeValueXsiType = ClaimValueTypes.String, IsRequired = true }; a1.Values.Add("value1"); a1.Values.Add("value2"); var a2 = new RequestedAttribute("someName"); var acs = new AttributeConsumingService("attributeServiceName") { IsDefault = true }; acs.RequestedAttributes.Add(a1); acs.RequestedAttributes.Add(a2); options.AttributeConsumingServices.Add(acs); }
private static SPOptions CreateSPOptions() { var swedish = CultureInfo.GetCultureInfo("sv-se"); var organization = new Organization(); organization.Names.Add(new LocalizedName("Kentor", swedish)); organization.DisplayNames.Add(new LocalizedName("Kentor IT AB", swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.kentor.se"), swedish)); var spOptions = new SPOptions { EntityId = new EntityId("http://*****:*****@example.com"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService("AuthServices") { IsDefault = true, }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx")); return(spOptions); }
AttributeConsumingService GetAttributeService() { var attributeConsumingService = new AttributeConsumingService("AuthServices") { IsDefault = true, }; //ePPN attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.6") { FriendlyName = "eduPersonPrincipalName", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"), //AttributeValueXsiType = "ScopedAttributeDecoder" //IsRequired = true }); //Affiliation attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.9") { FriendlyName = "eduPersonScopedAffiliation", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") }); //SN (surname) attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:2.5.4.4") { FriendlyName = "sn", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") }); //givenName attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:2.5.4.42") { FriendlyName = "givenName", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") }); //eduPersonNickname attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:1.3.6.1.4.1.5923.1.1.1.2") { FriendlyName = "eduPersonNickname", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") }); //mail attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:0.9.2342.19200300.100.1.3") { FriendlyName = "mail", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") }); //displayName attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("urn:oid:2.16.840.1.113730.3.1.241") { FriendlyName = "displayName", NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") }); return(attributeConsumingService); }
private static SPOptions CreateSPOptions() { var swedish = "sv-se"; var organization = new Organization(); organization.Names.Add(new LocalizedName("Sustainsys", swedish)); organization.DisplayNames.Add(new LocalizedName("Sustainsys AB", swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.Sustainsys.se"), swedish)); var spOptions = new SPOptions { EntityId = new EntityId("https://*****:*****@example.com"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService { IsDefault = true, ServiceNames = { new LocalizedName("Saml2", "en") } }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx")); return(spOptions); }
public static AttributeConsumingService RequestEmail(this AttributeConsumingService service) { return(service.RequestAttribute(new RequestedAttribute("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress") { FriendlyName = "E-Mail-Addresses", IsRequired = false, NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") })); }
public static AttributeConsumingService RequestPersistentNameId(this AttributeConsumingService service) { return(service.RequestAttribute(new RequestedAttribute("nameid:persistent") { FriendlyName = "mail", IsRequired = false, NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") })); }
private static SPOptions CreateSPOptions() { //var swedish = CultureInfo.GetCultureInfo("sv-se"); var swedish = "sv-se"; var organization = new Organization(); organization.Names.Add(new LocalizedName("Edubase", swedish)); organization.DisplayNames.Add(new LocalizedName("Edubase", swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.edubase.gov.uk"), swedish)); var spOptions = new SPOptions { EntityId = new EntityId("http://edubase.gov"), Organization = organization, ReturnUrl = StartupSecureAccess.ExternalAuthDefaultCallbackUrl, MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" }; var techContact = new ContactPerson { Type = ContactType.Technical }; techContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService() { ServiceNames = { new LocalizedName("AuthServices", "en") }, IsDefault = true, }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); return(spOptions); }
private static SPOptions CreateSPOptions() { var swedish = "sv-se"; var organization = new Organization(); organization.Names.Add(new LocalizedName("Sustainsys", swedish)); organization.DisplayNames.Add(new LocalizedName("Sustainsys AB", swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.Sustainsys.se"), swedish)); var spOptions = new SPOptions { EntityId = new EntityId(ConnectedAppIdentityId), Organization = organization, MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1", Logger = new SomeLogger() }; var techContact = new ContactPerson { Type = ContactType.Technical }; techContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService { IsDefault = true, ServiceNames = { new LocalizedName("Saml2", "en") } }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); return(spOptions); }
private static SPOptions CreateSPOptions(string optionName) { var spOptions = new SPOptions { EntityId = new EntityId(ConfigurationManager.AppSettings["saml:baseurl"] + "/Saml2"), ReturnUrl = new Uri(ConfigurationManager.AppSettings["saml:baseurl"] + "/Account/ExternalLoginCallback"), ModulePath = string.Format("/{0}", optionName) }; var techContact = new ContactPerson { Type = ContactType.Technical }; techContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService(optionName) { IsDefault = true, }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:Email") { FriendlyName = "Email", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx", string.Empty, X509KeyStorageFlags.MachineKeySet)); var adsa = "fdsafdsa"; return(spOptions); }
public static SPOptions WithService(this SPOptions providerOptions, string serviceName, string language, bool isDefault, Action <AttributeConsumingService>?configureService = null) { var svc = new AttributeConsumingService(); svc.ServiceNames.Add(new LocalizedName(serviceName, language)); svc.IsDefault = isDefault; if (configureService != null) { configureService(svc); } else { svc.RequestName().RequestEmail().RequestPersistentNameId(); } providerOptions.AttributeConsumingServices.Add(svc); return(providerOptions); }
private Saml2AuthenticationOptions CreateSaml2Options() { var spOptions = new SPOptions { EntityId = new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), ReturnUrl = new Uri("https://localhost:44358/"), }; var attributeConsumingService = new AttributeConsumingService { IsDefault = true, ServiceNames = { new LocalizedName("Saml2", "en") } }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:password") { FriendlyName = "AzureADTest", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); var Saml2Options = new Saml2AuthenticationOptions(false) { SPOptions = spOptions }; var idp = new IdentityProvider(new EntityId("https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"), spOptions) { AllowUnsolicitedAuthnResponse = true, Binding = Saml2BindingType.HttpRedirect, SingleSignOnServiceUrl = new Uri("https://localhost:44358/") }; idp.SigningKeys.AddConfiguredKey(new X509Certificate2(HostingEnvironment.MapPath("~/App_Data/AzureADTest.cer") ?? throw new InvalidOperationException())); Saml2Options.IdentityProviders.Add(idp); return(Saml2Options); }
private static SPOptions CreateSPOptions() { string strEntityID = "https://sts.windows.net/8b67b292-ebf3-4d29-89a6-47f7971c2e16/"; string strServiceProviderReturnUrl = "https://ramesh.knowledgeowl.com/help/saml-login"; string strPfxFilePath = "/App_Data/Sustainsys.Saml2.Tests.pfx"; string strSamlIdpOrgName = "AzureADTest"; string strSamlIdpOrgDisplayName = "AzureADTest"; var swedish = "sv-se"; var organization = new Organization(); organization.Names.Add(new LocalizedName(strSamlIdpOrgName, swedish)); organization.DisplayNames.Add(new LocalizedName(strSamlIdpOrgDisplayName, swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.Sustainsys.se"), swedish)); var spOptions = new SPOptions { EntityId = new EntityId(strEntityID), ReturnUrl = new Uri(strServiceProviderReturnUrl), Organization = organization }; var attributeConsumingService = new AttributeConsumingService { IsDefault = true, }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + strPfxFilePath)); return(spOptions); }
private static SPOptions CreateSPOptions(string optionName) { var spOptions = new SPOptions { EntityId = new EntityId("https://*****:*****@gmail.com"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService(optionName) { IsDefault = true, }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:Email") { FriendlyName = "Email", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx")); return(spOptions); }
public void SPOptionsExtensions_CreateMetadata_IncludeAttributeConsumingService() { var spOptions = StubFactory.CreateSPOptions(); var urls = StubFactory.CreateAuthServicesUrls(); var attributeConsumingService = new AttributeConsumingService("Name"); spOptions.AttributeConsumingServices.Clear(); spOptions.AttributeConsumingServices.Add(attributeConsumingService); attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("AttributeName")); var subject = spOptions .CreateMetadata(urls) .RoleDescriptors .Cast <ExtendedServiceProviderSingleSignOnDescriptor>() .First(); subject.AttributeConsumingServices.First().Should().BeSameAs(attributeConsumingService); }
public void SPOptionsExtensions_CreateMetadata_IncludeAttributeConsumingService() { var spOptions = StubFactory.CreateSPOptions(); var urls = StubFactory.CreateSaml2Urls(); var attributeConsumingService = new AttributeConsumingService(); attributeConsumingService.ServiceNames.Add( new LocalizedName("Name", "en")); spOptions.AttributeConsumingServices.Clear(); spOptions.AttributeConsumingServices.Add(attributeConsumingService); attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("AttributeName")); var subject = spOptions .CreateMetadata(urls) .RoleDescriptors .Cast <SpSsoDescriptor>() .First(); subject.AttributeConsumingServices.Values.First().Should().BeSameAs(attributeConsumingService); }
/// <summary> /// Takes the configuration class and converts it to a SAML2.0 metadata document. /// </summary> /// <param name="config">The config.</param> /// <param name="keyInfo">The keyInfo.</param> private void ConvertToMetadata(Saml2Configuration config, KeyInfo keyInfo) { var entity = CreateDefaultEntity(); entity.EntityID = config.ServiceProvider.Id; entity.ValidUntil = DateTime.Now.AddDays(7); var serviceProviderDescriptor = new SpSsoDescriptor { ProtocolSupportEnumeration = new[] { Saml20Constants.Protocol }, AuthnRequestsSigned = XmlConvert.ToString(true), WantAssertionsSigned = XmlConvert.ToString(true) }; if (config.ServiceProvider.NameIdFormats.Count > 0) { serviceProviderDescriptor.NameIdFormat = new string[config.ServiceProvider.NameIdFormats.Count]; var count = 0; foreach (var elem in config.ServiceProvider.NameIdFormats) { serviceProviderDescriptor.NameIdFormat[count++] = elem.Format; } } var baseUrl = new Uri(config.ServiceProvider.Server); var logoutServiceEndpoints = new List <Endpoint>(); var signonServiceEndpoints = new List <IndexedEndpoint>(); var artifactResolutionEndpoints = new List <IndexedEndpoint>(2); // Include endpoints. foreach (var endpoint in config.ServiceProvider.Endpoints) { if (endpoint.Type == EndpointType.SignOn) { var loginEndpoint = new IndexedEndpoint { Index = endpoint.Index, IsDefault = true, Location = new Uri(baseUrl, endpoint.LocalPath).ToString(), Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost) }; signonServiceEndpoints.Add(loginEndpoint); var artifactSignonEndpoint = new IndexedEndpoint { Binding = Saml20Constants.ProtocolBindings.HttpSoap, Index = loginEndpoint.Index, Location = loginEndpoint.Location }; artifactResolutionEndpoints.Add(artifactSignonEndpoint); continue; } if (endpoint.Type == EndpointType.Logout) { var logoutEndpoint = new Endpoint { Location = new Uri(baseUrl, endpoint.LocalPath).ToString() }; logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost); logoutServiceEndpoints.Add(logoutEndpoint); // TODO: Look at this... logoutEndpoint = new Endpoint { Location = new Uri(baseUrl, endpoint.LocalPath).ToString() }; logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpRedirect); logoutServiceEndpoints.Add(logoutEndpoint); var artifactLogoutEndpoint = new IndexedEndpoint { Binding = Saml20Constants.ProtocolBindings.HttpSoap, Index = endpoint.Index, Location = logoutEndpoint.Location }; artifactResolutionEndpoints.Add(artifactLogoutEndpoint); continue; } } serviceProviderDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray(); serviceProviderDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray(); // Attribute consuming service. if (config.Metadata.RequestedAttributes.Count > 0) { var attConsumingService = new AttributeConsumingService(); serviceProviderDescriptor.AttributeConsumingService = new[] { attConsumingService }; attConsumingService.Index = signonServiceEndpoints[0].Index; attConsumingService.IsDefault = true; attConsumingService.ServiceName = new[] { new LocalizedName("SP", "en") }; attConsumingService.RequestedAttribute = new RequestedAttribute[config.Metadata.RequestedAttributes.Count]; for (var i = 0; i < config.Metadata.RequestedAttributes.Count; i++) { attConsumingService.RequestedAttribute[i] = new RequestedAttribute { Name = config.Metadata.RequestedAttributes[i].Name }; if (config.Metadata.RequestedAttributes[i].IsRequired) { attConsumingService.RequestedAttribute[i].IsRequired = true; } attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NameformatBasic; } } else { serviceProviderDescriptor.AttributeConsumingService = new AttributeConsumingService[0]; } if (config.Metadata == null || !config.Metadata.ExcludeArtifactEndpoints) { serviceProviderDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray(); } entity.Items = new object[] { serviceProviderDescriptor }; // Keyinfo var keySigning = new KeyDescriptor(); var keyEncryption = new KeyDescriptor(); serviceProviderDescriptor.KeyDescriptor = new[] { keySigning, keyEncryption }; keySigning.Use = KeyTypes.Signing; keySigning.UseSpecified = true; keyEncryption.Use = KeyTypes.Encryption; keyEncryption.UseSpecified = true; // Ugly conversion between the .Net framework classes and our classes ... avert your eyes!! keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyInfo.GetXml().OuterXml); keyEncryption.KeyInfo = keySigning.KeyInfo; // apply the <Organization> element if (config.Metadata.Organization != null) { entity.Organization = new Schema.Metadata.Organization { OrganizationName = new[] { new LocalizedName { Value = config.Metadata.Organization.Name } }, OrganizationDisplayName = new[] { new LocalizedName { Value = config.Metadata.Organization.DisplayName } }, OrganizationURL = new[] { new LocalizedURI { Value = config.Metadata.Organization.Url } } }; } if (config.Metadata.Contacts != null && config.Metadata.Contacts.Any()) { entity.ContactPerson = config.Metadata.Contacts.Select(x => new Schema.Metadata.Contact { ContactType = (Schema.Metadata.ContactType) ((int)x.Type), Company = x.Company, GivenName = x.GivenName, SurName = x.SurName, EmailAddress = new[] { x.Email }, TelephoneNumber = new[] { x.Phone } }).ToArray(); } }
public async Task <IActionResult> SpMetadataAsync(string partyId) { logger.ScopeTrace(() => "Up, SP Metadata request."); logger.SetScopeProperty(Constants.Logs.UpPartyId, partyId); var party = RouteBinding.UpParty != null ? await tenantRepository.GetAsync <SamlUpParty>(partyId) : null; var signMetadata = party != null ? party.SignMetadata : false; var samlConfig = await saml2ConfigurationLogic.GetSamlUpConfigAsync(party, includeSigningAndDecryptionCertificate : signMetadata, includeSignatureValidationCertificates : false); var acsDestination = new Uri(UrlCombine.Combine(HttpContext.GetHostWithTenantAndTrack(), RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlAcs)); var singleLogoutDestination = new Uri(UrlCombine.Combine(HttpContext.GetHostWithTenantAndTrack(), RouteBinding.PartyNameAndBinding, Constants.Routes.SamlController, Constants.Endpoints.SamlSingleLogout)); var entityDescriptor = new EntityDescriptor(samlConfig, signMetadata); if (party != null) { entityDescriptor.ValidUntil = new TimeSpan(0, 0, settings.SamlMetadataLifetime).Days; } var trackCertificates = GetTrackCertificates(); entityDescriptor.SPSsoDescriptor = new SPSsoDescriptor { //AuthnRequestsSigned = true, //WantAssertionsSigned = true, SigningCertificates = trackCertificates, AssertionConsumerServices = new AssertionConsumerService[] { new AssertionConsumerService { Binding = ToSamleBindingUri(party?.AuthnBinding?.ResponseBinding), Location = acsDestination }, }, }; entityDescriptor.SPSsoDescriptor.SingleLogoutServices = new SingleLogoutService[] { new SingleLogoutService { Binding = ToSamleBindingUri(party?.LogoutBinding?.ResponseBinding), Location = singleLogoutDestination }, }; if (party?.MetadataIncludeEncryptionCertificates == true) { entityDescriptor.SPSsoDescriptor.EncryptionCertificates = trackCertificates; entityDescriptor.SPSsoDescriptor.SetDefaultEncryptionMethods(); } if (party?.MetadataNameIdFormats?.Count > 0) { entityDescriptor.SPSsoDescriptor.NameIDFormats = party.MetadataNameIdFormats.Select(nf => new Uri(nf)); } if (party?.MetadataAttributeConsumingServices?.Count() > 0) { var attributeConsumingServices = new List <AttributeConsumingService>(); foreach (var aItem in party.MetadataAttributeConsumingServices) { var attributeConsumingService = new AttributeConsumingService { ServiceName = new ServiceName(aItem.ServiceName.Name, aItem.ServiceName.Lang) }; attributeConsumingService.RequestedAttributes = aItem.RequestedAttributes.Select(ra => string.IsNullOrEmpty(ra.NameFormat) ? new RequestedAttribute(ra.Name, ra.IsRequired) : new RequestedAttribute(ra.Name, ra.IsRequired, ra.NameFormat)); attributeConsumingServices.Add(attributeConsumingService); } entityDescriptor.SPSsoDescriptor.AttributeConsumingServices = attributeConsumingServices; } if (party?.MetadataContactPersons?.Count() > 0) { entityDescriptor.ContactPersons = GetContactPersons(party.MetadataContactPersons); } return(new Saml2Metadata(entityDescriptor).CreateMetadata().ToActionResult()); }
/// <summary> /// Takes the Safewhere configuration class and converts it to a SAML2.0 metadata document. /// </summary> private void ConvertToMetadata(SAML20FederationConfig config, KeyInfo keyinfo) { EntityDescriptor entity = CreateDefaultEntity(); entity.entityID = config.ServiceProvider.ID; entity.validUntil = DateTime.Now.AddDays(7); SPSSODescriptor spDescriptor = new SPSSODescriptor(); spDescriptor.protocolSupportEnumeration = new string[] { Saml20Constants.PROTOCOL }; spDescriptor.AuthnRequestsSigned = XmlConvert.ToString(true); spDescriptor.WantAssertionsSigned = XmlConvert.ToString(true); if (config.ServiceProvider.NameIdFormats.All) { spDescriptor.NameIDFormat = new string[] { Saml20Constants.NameIdentifierFormats.Email, Saml20Constants.NameIdentifierFormats.Entity, Saml20Constants.NameIdentifierFormats.Kerberos, Saml20Constants.NameIdentifierFormats.Persistent, Saml20Constants.NameIdentifierFormats.Transient, Saml20Constants.NameIdentifierFormats.Unspecified, Saml20Constants.NameIdentifierFormats.Windows, Saml20Constants.NameIdentifierFormats.X509SubjectName }; } else { spDescriptor.NameIDFormat = new string[config.ServiceProvider.NameIdFormats.NameIdFormats.Count]; int count = 0; foreach (NameIdFormatElement elem in config.ServiceProvider.NameIdFormats.NameIdFormats) { spDescriptor.NameIDFormat[count++] = elem.NameIdFormat; } } Uri baseURL = new Uri(config.ServiceProvider.Server); List <Endpoint> logoutServiceEndpoints = new List <Endpoint>(); List <IndexedEndpoint> signonServiceEndpoints = new List <IndexedEndpoint>(); List <IndexedEndpoint> artifactResolutionEndpoints = new List <IndexedEndpoint>(2); // Include endpoints. foreach (Saml20ServiceEndpoint endpoint in config.ServiceProvider.serviceEndpoints) { if (endpoint.endpointType == EndpointType.SIGNON) { IndexedEndpoint loginEndpoint = new IndexedEndpoint(); loginEndpoint.index = endpoint.endPointIndex; loginEndpoint.isDefault = true; loginEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString(); loginEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Post); signonServiceEndpoints.Add(loginEndpoint); IndexedEndpoint artifactSignonEndpoint = new IndexedEndpoint(); artifactSignonEndpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_SOAP; artifactSignonEndpoint.index = loginEndpoint.index; artifactSignonEndpoint.Location = loginEndpoint.Location; artifactResolutionEndpoints.Add(artifactSignonEndpoint); continue; } if (endpoint.endpointType == EndpointType.LOGOUT) { Endpoint logoutEndpoint = new Endpoint(); logoutEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString(); logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Post); logoutServiceEndpoints.Add(logoutEndpoint); logoutEndpoint = new Endpoint(); logoutEndpoint.Location = new Uri(baseURL, endpoint.localPath).ToString(); logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HTTP_Redirect); logoutServiceEndpoints.Add(logoutEndpoint); IndexedEndpoint artifactLogoutEndpoint = new IndexedEndpoint(); artifactLogoutEndpoint.Binding = Saml20Constants.ProtocolBindings.HTTP_SOAP; artifactLogoutEndpoint.index = endpoint.endPointIndex; artifactLogoutEndpoint.Location = logoutEndpoint.Location; artifactResolutionEndpoints.Add(artifactLogoutEndpoint); continue; } } spDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray(); spDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray(); // NameIdFormat if (!string.IsNullOrEmpty(config.NameIdFormat)) { spDescriptor.NameIDFormat = new string[] { config.NameIdFormat }; } // Attribute consuming service. if (config.RequestedAttributes.Attributes.Count > 0) { AttributeConsumingService attConsumingService = new AttributeConsumingService(); spDescriptor.AttributeConsumingService = new AttributeConsumingService[] { attConsumingService }; attConsumingService.index = signonServiceEndpoints[0].index; attConsumingService.isDefault = true; attConsumingService.ServiceName = new LocalizedName[] { new LocalizedName("SP", "da") }; attConsumingService.RequestedAttribute = new RequestedAttribute[config.RequestedAttributes.Attributes.Count]; for (int i = 0; i < config.RequestedAttributes.Attributes.Count; i++) { attConsumingService.RequestedAttribute[i] = new RequestedAttribute(); attConsumingService.RequestedAttribute[i].Name = config.RequestedAttributes.Attributes[i].name; if (config.RequestedAttributes.Attributes[i].IsRequired) { attConsumingService.RequestedAttribute[i].isRequired = true; } attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NAMEFORMAT_BASIC; } } else { spDescriptor.AttributeConsumingService = new AttributeConsumingService[0]; } if (config.Metadata != null && config.Metadata.IncludeArtifactEndpoints) { spDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray(); } entity.Items = new object[] { spDescriptor }; // Keyinfo KeyDescriptor keySigning = new KeyDescriptor(); KeyDescriptor keyEncryption = new KeyDescriptor(); spDescriptor.KeyDescriptor = new KeyDescriptor[] { keySigning, keyEncryption }; keySigning.use = KeyTypes.signing; keySigning.useSpecified = true; keyEncryption.use = KeyTypes.encryption; keyEncryption.useSpecified = true; // Ugly conversion between the .Net framework classes and our classes ... avert your eyes!! keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyinfo.GetXml().OuterXml); keyEncryption.KeyInfo = keySigning.KeyInfo; // apply the <Organization> element if (config.ServiceProvider.Organization != null) { entity.Organization = config.ServiceProvider.Organization; } if (config.ServiceProvider.ContactPerson != null && config.ServiceProvider.ContactPerson.Count > 0) { entity.ContactPerson = config.ServiceProvider.ContactPerson.ToArray(); } }
private static SPOptions CreateSPOptions() { string english = "en-us"; Organization organization = new Organization(); organization.Names.Add(new LocalizedName("OhioPublicDefender", english)); organization.DisplayNames.Add(new LocalizedName("OhioPublicDefender", english)); organization.Urls.Add(new LocalizedUri(new Uri("http://online.opd.ohio.gov"), english)); SPOptions spOptions = new SPOptions { EntityId = new EntityId("http://*****:*****@example.com"); spOptions.Contacts.Add(techContact); ContactPerson supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); AttributeConsumingService attributeConsumingService = new AttributeConsumingService { IsDefault = true, ServiceNames = { new LocalizedName("Saml2", "en") } }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("email") { FriendlyName = "email", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUnspecified }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Sustainsys.Saml2.Tests.pfx")); spOptions.MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; return(spOptions); }
public static AttributeConsumingService RequestAttribute(this AttributeConsumingService service, RequestedAttribute attribute) { service.RequestedAttributes.Add(attribute); return(service); }