/// <summary>
/// Just needed for SAML2 library to get to work
/// </summary>
public static Saml2Section Create(Audience audience)
{
var section = new Saml2Section
{
ServiceProvider =
{
Id = "https://workaround.com",
Server = "http://",
},
AllowedAudienceUris =
{
new AudienceUriElement
{
Uri = audience.Value
},
},
};
return(section);
}
/// <summary>
/// Takes the configuration class and converts it to a SAML2.0 metadata document.
/// </summary>
/// <param name="config">The config.</param>
/// <param name="keyInfo">The keyInfo.</param>
private void ConvertToMetadata(Saml2Section config, KeyInfo keyInfo)
{
var entity = CreateDefaultEntity();
entity.EntityID = config.ServiceProvider.Id;
entity.ValidUntil = DateTime.Now + config.Metadata.Lifetime;
var serviceProviderDescriptor = new SpSsoDescriptor
{
ProtocolSupportEnumeration = new[] { Saml20Constants.Protocol },
AuthnRequestsSigned = XmlConvert.ToString(true),
WantAssertionsSigned = XmlConvert.ToString(true)
};
if (config.ServiceProvider.NameIdFormats.Count > 0)
{
serviceProviderDescriptor.NameIdFormat = new string[config.ServiceProvider.NameIdFormats.Count];
var count = 0;
foreach (var elem in config.ServiceProvider.NameIdFormats)
{
serviceProviderDescriptor.NameIdFormat[count++] = elem.Format;
}
}
var baseUrl = new Uri(config.ServiceProvider.Server);
var logoutServiceEndpoints = new List <Endpoint>();
var signonServiceEndpoints = new List <IndexedEndpoint>();
var artifactResolutionEndpoints = new List <IndexedEndpoint>(2);
// Include endpoints.
foreach (var endpoint in config.ServiceProvider.Endpoints)
{
if (endpoint.Type == EndpointType.SignOn)
{
var loginEndpoint = new IndexedEndpoint
{
Index = endpoint.Index,
IsDefault = true,
Location = new Uri(baseUrl, endpoint.LocalPath).ToString(),
Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost)
};
signonServiceEndpoints.Add(loginEndpoint);
var artifactSignonEndpoint = new IndexedEndpoint
{
Binding = Saml20Constants.ProtocolBindings.HttpSoap,
Index = loginEndpoint.Index,
Location = loginEndpoint.Location
};
artifactResolutionEndpoints.Add(artifactSignonEndpoint);
continue;
}
if (endpoint.Type == EndpointType.Logout)
{
var logoutEndpoint = new Endpoint
{
Location = new Uri(baseUrl, endpoint.LocalPath).ToString()
};
logoutEndpoint.ResponseLocation = logoutEndpoint.Location;
logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost);
logoutServiceEndpoints.Add(logoutEndpoint);
// TODO: Look at this...
logoutEndpoint = new Endpoint
{
Location = new Uri(baseUrl, endpoint.LocalPath).ToString()
};
logoutEndpoint.ResponseLocation = logoutEndpoint.Location;
logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpRedirect);
logoutServiceEndpoints.Add(logoutEndpoint);
var artifactLogoutEndpoint = new IndexedEndpoint
{
Binding = Saml20Constants.ProtocolBindings.HttpSoap,
Index = endpoint.Index,
Location = logoutEndpoint.Location
};
artifactResolutionEndpoints.Add(artifactLogoutEndpoint);
continue;
}
}
serviceProviderDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray();
serviceProviderDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray();
// Attribute consuming service.
if (config.Metadata.RequestedAttributes.Count > 0)
{
var attConsumingService = new AttributeConsumingService();
serviceProviderDescriptor.AttributeConsumingService = new[] { attConsumingService };
attConsumingService.Index = signonServiceEndpoints[0].Index;
attConsumingService.IsDefault = true;
attConsumingService.ServiceName = new[] { new LocalizedName("SP", "en") };
attConsumingService.RequestedAttribute = new RequestedAttribute[config.Metadata.RequestedAttributes.Count];
for (var i = 0; i < config.Metadata.RequestedAttributes.Count; i++)
{
attConsumingService.RequestedAttribute[i] = new RequestedAttribute
{
Name = config.Metadata.RequestedAttributes[i].Name
};
if (config.Metadata.RequestedAttributes[i].IsRequired)
{
attConsumingService.RequestedAttribute[i].IsRequired = true;
}
attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NameformatBasic;
}
}
else
{
serviceProviderDescriptor.AttributeConsumingService = new AttributeConsumingService[0];
}
if (config.Metadata == null || !config.Metadata.ExcludeArtifactEndpoints)
{
serviceProviderDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray();
}
entity.Items = new object[] { serviceProviderDescriptor };
// Keyinfo
var keySigning = new KeyDescriptor();
var keyEncryption = new KeyDescriptor();
serviceProviderDescriptor.KeyDescriptor = new[] { keySigning, keyEncryption };
keySigning.Use = KeyTypes.Signing;
keySigning.UseSpecified = true;
keyEncryption.Use = KeyTypes.Encryption;
keyEncryption.UseSpecified = true;
// Ugly conversion between the .Net framework classes and our classes ... avert your eyes!!
keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyInfo.GetXml().OuterXml);
keyEncryption.KeyInfo = keySigning.KeyInfo;
// apply the <Organization> element
if (config.Metadata.Organization.ElementInformation.IsPresent)
{
entity.Organization = new Organization
{
OrganizationName = new[] { new LocalizedName {
Value = config.Metadata.Organization.Name
} },
OrganizationDisplayName = new[] { new LocalizedName {
Value = config.Metadata.Organization.DisplayName
} },
OrganizationURL = new[] { new LocalizedURI {
Value = config.Metadata.Organization.Url
} }
};
}
if (config.Metadata.Contacts != null && config.Metadata.Contacts.Count > 0)
{
entity.ContactPerson = config.Metadata.Contacts.Select(x => new Contact
{
ContactType =
(Schema.Metadata.ContactType)
((int)x.Type),
Company = x.Company,
GivenName = x.GivenName,
SurName = x.SurName,
EmailAddress = new[] { x.Email },
TelephoneNumber = new[] { x.Phone }
}).ToArray();
}
}
/// <summary>
/// Initializes a new instance of the <see cref="Saml20MetadataDocument"/> class.
/// </summary>
/// <param name="config">The config.</param>
/// <param name="keyinfo">key information for the service provider certificate.</param>
/// <param name="sign">if set to <c>true</c> the metadata document will be signed.</param>
public Saml20MetadataDocument(Saml2Section config, KeyInfo keyinfo, bool sign)
: this(sign)
{
ConvertToMetadata(config, keyinfo);
}
/// <summary>
/// I took code from original Saml2Section.GetConfig() and changed it to get it to work.
/// </summary>
public static Saml2Config Create(Saml2Section configElement)
{
Saml2Config saml2Config = new Saml2Config();
if (configElement.Actions.ElementInformation.IsPresent)
{
foreach (ActionElement action in configElement
.Actions)
{
saml2Config.Actions.Add(new Action
{
Name = action.Name,
Type = action.Type
});
}
}
if (true || configElement.AllowedAudienceUris.ElementInformation.IsPresent)
{
foreach (AudienceUriElement allowedAudienceUri in configElement.AllowedAudienceUris)
{
saml2Config.AllowedAudienceUris.Add(allowedAudienceUri.Uri);
}
}
if (configElement.AssertionProfile.ElementInformation.IsPresent)
{
saml2Config.AssertionProfile.AssertionValidator = configElement.AssertionProfile.AssertionValidator;
}
if (configElement.CommonDomainCookie.ElementInformation.IsPresent)
{
saml2Config.CommonDomainCookie.Enabled = configElement.CommonDomainCookie.Enabled;
saml2Config.CommonDomainCookie.LocalReaderEndpoint =
configElement.CommonDomainCookie.LocalReaderEndpoint;
}
if (true || configElement.IdentityProviders.ElementInformation.IsPresent)
{
saml2Config.IdentityProviderSelectionUrl = configElement.IdentityProviders.SelectionUrl;
saml2Config.IdentityProviders.Encodings = configElement.IdentityProviders.Encodings;
saml2Config.IdentityProviders.MetadataLocation = configElement.IdentityProviders.MetadataLocation;
foreach (IdentityProviderElement identityProvider1 in configElement.IdentityProviders)
{
IdentityProvider identityProvider2 = new IdentityProvider
{
AllowUnsolicitedResponses = identityProvider1.AllowUnsolicitedResponses,
Default = identityProvider1.Default,
ForceAuth = identityProvider1.ForceAuth,
Id = identityProvider1.Id,
IsPassive = identityProvider1.IsPassive,
Name = identityProvider1.Name,
OmitAssertionSignatureCheck = identityProvider1.OmitAssertionSignatureCheck,
QuirksMode = identityProvider1.QuirksMode,
ResponseEncoding = identityProvider1.ResponseEncoding
};
if (identityProvider1.ArtifactResolution.ElementInformation.IsPresent)
{
HttpAuth httpAuth = new HttpAuth();
if (identityProvider1.ArtifactResolution.ClientCertificate.ElementInformation.IsPresent)
{
httpAuth.ClientCertificate = new Certificate
{
FindValue = identityProvider1.ArtifactResolution.ClientCertificate.FindValue,
StoreLocation = identityProvider1.ArtifactResolution.ClientCertificate.StoreLocation,
StoreName = identityProvider1.ArtifactResolution.ClientCertificate.StoreName,
ValidOnly = identityProvider1.ArtifactResolution.ClientCertificate.ValidOnly,
X509FindType = identityProvider1.ArtifactResolution.ClientCertificate.X509FindType
}
}
;
if (identityProvider1.ArtifactResolution.Credentials.ElementInformation.IsPresent)
{
httpAuth.Credentials = new HttpAuthCredentials
{
Password = identityProvider1.ArtifactResolution.Credentials.Password,
Username = identityProvider1.ArtifactResolution.Credentials.Username
}
}
;
identityProvider2.ArtifactResolution = httpAuth;
}
if (identityProvider1.AttributeQuery.ElementInformation.IsPresent)
{
HttpAuth httpAuth = new HttpAuth();
if (identityProvider1.AttributeQuery.ClientCertificate.ElementInformation.IsPresent)
{
httpAuth.ClientCertificate = new Certificate
{
FindValue = identityProvider1.AttributeQuery.ClientCertificate.FindValue,
StoreLocation = identityProvider1.AttributeQuery.ClientCertificate.StoreLocation,
StoreName = identityProvider1.AttributeQuery.ClientCertificate.StoreName,
ValidOnly = identityProvider1.AttributeQuery.ClientCertificate.ValidOnly,
X509FindType = identityProvider1.AttributeQuery.ClientCertificate.X509FindType
}
}
;
if (identityProvider1.AttributeQuery.Credentials.ElementInformation.IsPresent)
{
httpAuth.Credentials = new HttpAuthCredentials
{
Password = identityProvider1.AttributeQuery.Credentials.Password,
Username = identityProvider1.AttributeQuery.Credentials.Username
}
}
;
identityProvider2.AttributeQuery = httpAuth;
}
if (identityProvider1.PersistentPseudonym.ElementInformation.IsPresent)
{
identityProvider2.PersistentPseudonym = new PersistentPseudonym
{
Mapper = identityProvider1.PersistentPseudonym.Mapper
}
}
;
foreach (CertificateValidationElement certificateValidation in identityProvider1
.CertificateValidations)
{
identityProvider2.CertificateValidations.Add(certificateValidation.Type);
}
foreach (string allKey in identityProvider1.CommonDomainCookie.AllKeys)
{
identityProvider2.CommonDomainCookie.Add(identityProvider1.CommonDomainCookie[allKey].Key,
identityProvider1.CommonDomainCookie[allKey].Value);
}
foreach (IdentityProviderEndpointElement endpoint in identityProvider1
.Endpoints)
{
identityProvider2.Endpoints.Add(new IdentityProviderEndpoint
{
Binding = endpoint.Binding,
ForceProtocolBinding = endpoint.ForceProtocolBinding,
TokenAccessor = endpoint.TokenAccessor,
Type = endpoint.Type,
Url = endpoint.Url
});
}
saml2Config.IdentityProviders.Add(identityProvider2);
}
}
if (configElement.Logging.ElementInformation.IsPresent)
{
saml2Config.Logging.LoggingFactory = configElement.Logging.LoggingFactory;
}
if (true || configElement.Metadata.ElementInformation.IsPresent)
{
saml2Config.Metadata.ExcludeArtifactEndpoints = configElement.Metadata.ExcludeArtifactEndpoints;
saml2Config.Metadata.Lifetime = configElement.Metadata.Lifetime;
if (configElement.Metadata.Organization.ElementInformation.IsPresent)
{
saml2Config.Metadata.Organization = new Organization
{
Name = configElement.Metadata.Organization.Name,
DisplayName = configElement.Metadata.Organization.DisplayName,
Url = configElement.Metadata.Organization.Url
}
}
;
foreach (ContactElement contact in configElement.Metadata.Contacts)
{
saml2Config.Metadata.Contacts.Add(new Contact
{
Company = contact.Company,
Email = contact.Email,
GivenName = contact.GivenName,
Phone = contact.Phone,
SurName = contact.SurName,
Type = contact.Type
});
}
foreach (AttributeElement requestedAttribute in configElement.Metadata
.RequestedAttributes)
{
saml2Config.Metadata.RequestedAttributes.Add(new Attribute
{
IsRequired = requestedAttribute.IsRequired,
Name = requestedAttribute.Name
});
}
}
if (true || configElement.ServiceProvider.ElementInformation.IsPresent)
{
saml2Config.ServiceProvider.AuthenticationContextComparison =
configElement.ServiceProvider.AuthenticationContexts.Comparison;
saml2Config.ServiceProvider.Id = configElement.ServiceProvider.Id;
saml2Config.ServiceProvider.NameIdFormatAllowCreate =
configElement.ServiceProvider.NameIdFormats.AllowCreate;
saml2Config.ServiceProvider.Server = configElement.ServiceProvider.Server;
if (configElement.ServiceProvider.SigningCertificate.ElementInformation.IsPresent)
{
saml2Config.ServiceProvider.SigningCertificate = new Certificate
{
FindValue = configElement.ServiceProvider.SigningCertificate.FindValue,
StoreLocation = configElement.ServiceProvider.SigningCertificate.StoreLocation,
StoreName = configElement.ServiceProvider.SigningCertificate.StoreName,
ValidOnly = configElement.ServiceProvider.SigningCertificate.ValidOnly,
X509FindType = configElement.ServiceProvider.SigningCertificate.X509FindType
}
}
;
foreach (AuthenticationContextElement authenticationContext in configElement
.ServiceProvider.AuthenticationContexts)
{
saml2Config.ServiceProvider.AuthenticationContexts.Add(new AuthenticationContext
{
Context = authenticationContext.Context,
ReferenceType = authenticationContext.ReferenceType
});
}
foreach (ServiceProviderEndpointElement endpoint in configElement
.ServiceProvider.Endpoints)
{
saml2Config.ServiceProvider.Endpoints.Add(new ServiceProviderEndpoint
{
Binding = endpoint.Binding,
Index = endpoint.Index,
LocalPath = endpoint.LocalPath,
RedirectUrl = endpoint.RedirectUrl,
Type = endpoint.Type
});
}
foreach (NameIdFormatElement nameIdFormat in configElement.ServiceProvider
.NameIdFormats)
{
saml2Config.ServiceProvider.NameIdFormats.Add(nameIdFormat.Format);
}
}
if (configElement.State.ElementInformation.IsPresent)
{
saml2Config.State.StateServiceFactory = configElement.State.StateServiceFactory;
foreach (StateSettingElement setting in configElement.State.Settings)
{
saml2Config.State.Settings.Add(setting.Name, setting.Value);
}
}
return(saml2Config);
}
}
}
