/// <summary> /// Just needed for SAML2 library to get to work /// </summary> public static Saml2Section Create(Audience audience) { var section = new Saml2Section { ServiceProvider = { Id = "https://workaround.com", Server = "http://", }, AllowedAudienceUris = { new AudienceUriElement { Uri = audience.Value }, }, }; return(section); }
/// <summary> /// Takes the configuration class and converts it to a SAML2.0 metadata document. /// </summary> /// <param name="config">The config.</param> /// <param name="keyInfo">The keyInfo.</param> private void ConvertToMetadata(Saml2Section config, KeyInfo keyInfo) { var entity = CreateDefaultEntity(); entity.EntityID = config.ServiceProvider.Id; entity.ValidUntil = DateTime.Now + config.Metadata.Lifetime; var serviceProviderDescriptor = new SpSsoDescriptor { ProtocolSupportEnumeration = new[] { Saml20Constants.Protocol }, AuthnRequestsSigned = XmlConvert.ToString(true), WantAssertionsSigned = XmlConvert.ToString(true) }; if (config.ServiceProvider.NameIdFormats.Count > 0) { serviceProviderDescriptor.NameIdFormat = new string[config.ServiceProvider.NameIdFormats.Count]; var count = 0; foreach (var elem in config.ServiceProvider.NameIdFormats) { serviceProviderDescriptor.NameIdFormat[count++] = elem.Format; } } var baseUrl = new Uri(config.ServiceProvider.Server); var logoutServiceEndpoints = new List <Endpoint>(); var signonServiceEndpoints = new List <IndexedEndpoint>(); var artifactResolutionEndpoints = new List <IndexedEndpoint>(2); // Include endpoints. foreach (var endpoint in config.ServiceProvider.Endpoints) { if (endpoint.Type == EndpointType.SignOn) { var loginEndpoint = new IndexedEndpoint { Index = endpoint.Index, IsDefault = true, Location = new Uri(baseUrl, endpoint.LocalPath).ToString(), Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost) }; signonServiceEndpoints.Add(loginEndpoint); var artifactSignonEndpoint = new IndexedEndpoint { Binding = Saml20Constants.ProtocolBindings.HttpSoap, Index = loginEndpoint.Index, Location = loginEndpoint.Location }; artifactResolutionEndpoints.Add(artifactSignonEndpoint); continue; } if (endpoint.Type == EndpointType.Logout) { var logoutEndpoint = new Endpoint { Location = new Uri(baseUrl, endpoint.LocalPath).ToString() }; logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpPost); logoutServiceEndpoints.Add(logoutEndpoint); // TODO: Look at this... logoutEndpoint = new Endpoint { Location = new Uri(baseUrl, endpoint.LocalPath).ToString() }; logoutEndpoint.ResponseLocation = logoutEndpoint.Location; logoutEndpoint.Binding = GetBinding(endpoint.Binding, Saml20Constants.ProtocolBindings.HttpRedirect); logoutServiceEndpoints.Add(logoutEndpoint); var artifactLogoutEndpoint = new IndexedEndpoint { Binding = Saml20Constants.ProtocolBindings.HttpSoap, Index = endpoint.Index, Location = logoutEndpoint.Location }; artifactResolutionEndpoints.Add(artifactLogoutEndpoint); continue; } } serviceProviderDescriptor.SingleLogoutService = logoutServiceEndpoints.ToArray(); serviceProviderDescriptor.AssertionConsumerService = signonServiceEndpoints.ToArray(); // Attribute consuming service. if (config.Metadata.RequestedAttributes.Count > 0) { var attConsumingService = new AttributeConsumingService(); serviceProviderDescriptor.AttributeConsumingService = new[] { attConsumingService }; attConsumingService.Index = signonServiceEndpoints[0].Index; attConsumingService.IsDefault = true; attConsumingService.ServiceName = new[] { new LocalizedName("SP", "en") }; attConsumingService.RequestedAttribute = new RequestedAttribute[config.Metadata.RequestedAttributes.Count]; for (var i = 0; i < config.Metadata.RequestedAttributes.Count; i++) { attConsumingService.RequestedAttribute[i] = new RequestedAttribute { Name = config.Metadata.RequestedAttributes[i].Name }; if (config.Metadata.RequestedAttributes[i].IsRequired) { attConsumingService.RequestedAttribute[i].IsRequired = true; } attConsumingService.RequestedAttribute[i].NameFormat = SamlAttribute.NameformatBasic; } } else { serviceProviderDescriptor.AttributeConsumingService = new AttributeConsumingService[0]; } if (config.Metadata == null || !config.Metadata.ExcludeArtifactEndpoints) { serviceProviderDescriptor.ArtifactResolutionService = artifactResolutionEndpoints.ToArray(); } entity.Items = new object[] { serviceProviderDescriptor }; // Keyinfo var keySigning = new KeyDescriptor(); var keyEncryption = new KeyDescriptor(); serviceProviderDescriptor.KeyDescriptor = new[] { keySigning, keyEncryption }; keySigning.Use = KeyTypes.Signing; keySigning.UseSpecified = true; keyEncryption.Use = KeyTypes.Encryption; keyEncryption.UseSpecified = true; // Ugly conversion between the .Net framework classes and our classes ... avert your eyes!! keySigning.KeyInfo = Serialization.DeserializeFromXmlString <Schema.XmlDSig.KeyInfo>(keyInfo.GetXml().OuterXml); keyEncryption.KeyInfo = keySigning.KeyInfo; // apply the <Organization> element if (config.Metadata.Organization.ElementInformation.IsPresent) { entity.Organization = new Organization { OrganizationName = new[] { new LocalizedName { Value = config.Metadata.Organization.Name } }, OrganizationDisplayName = new[] { new LocalizedName { Value = config.Metadata.Organization.DisplayName } }, OrganizationURL = new[] { new LocalizedURI { Value = config.Metadata.Organization.Url } } }; } if (config.Metadata.Contacts != null && config.Metadata.Contacts.Count > 0) { entity.ContactPerson = config.Metadata.Contacts.Select(x => new Contact { ContactType = (Schema.Metadata.ContactType) ((int)x.Type), Company = x.Company, GivenName = x.GivenName, SurName = x.SurName, EmailAddress = new[] { x.Email }, TelephoneNumber = new[] { x.Phone } }).ToArray(); } }
/// <summary> /// Initializes a new instance of the <see cref="Saml20MetadataDocument"/> class. /// </summary> /// <param name="config">The config.</param> /// <param name="keyinfo">key information for the service provider certificate.</param> /// <param name="sign">if set to <c>true</c> the metadata document will be signed.</param> public Saml20MetadataDocument(Saml2Section config, KeyInfo keyinfo, bool sign) : this(sign) { ConvertToMetadata(config, keyinfo); }
/// <summary> /// I took code from original Saml2Section.GetConfig() and changed it to get it to work. /// </summary> public static Saml2Config Create(Saml2Section configElement) { Saml2Config saml2Config = new Saml2Config(); if (configElement.Actions.ElementInformation.IsPresent) { foreach (ActionElement action in configElement .Actions) { saml2Config.Actions.Add(new Action { Name = action.Name, Type = action.Type }); } } if (true || configElement.AllowedAudienceUris.ElementInformation.IsPresent) { foreach (AudienceUriElement allowedAudienceUri in configElement.AllowedAudienceUris) { saml2Config.AllowedAudienceUris.Add(allowedAudienceUri.Uri); } } if (configElement.AssertionProfile.ElementInformation.IsPresent) { saml2Config.AssertionProfile.AssertionValidator = configElement.AssertionProfile.AssertionValidator; } if (configElement.CommonDomainCookie.ElementInformation.IsPresent) { saml2Config.CommonDomainCookie.Enabled = configElement.CommonDomainCookie.Enabled; saml2Config.CommonDomainCookie.LocalReaderEndpoint = configElement.CommonDomainCookie.LocalReaderEndpoint; } if (true || configElement.IdentityProviders.ElementInformation.IsPresent) { saml2Config.IdentityProviderSelectionUrl = configElement.IdentityProviders.SelectionUrl; saml2Config.IdentityProviders.Encodings = configElement.IdentityProviders.Encodings; saml2Config.IdentityProviders.MetadataLocation = configElement.IdentityProviders.MetadataLocation; foreach (IdentityProviderElement identityProvider1 in configElement.IdentityProviders) { IdentityProvider identityProvider2 = new IdentityProvider { AllowUnsolicitedResponses = identityProvider1.AllowUnsolicitedResponses, Default = identityProvider1.Default, ForceAuth = identityProvider1.ForceAuth, Id = identityProvider1.Id, IsPassive = identityProvider1.IsPassive, Name = identityProvider1.Name, OmitAssertionSignatureCheck = identityProvider1.OmitAssertionSignatureCheck, QuirksMode = identityProvider1.QuirksMode, ResponseEncoding = identityProvider1.ResponseEncoding }; if (identityProvider1.ArtifactResolution.ElementInformation.IsPresent) { HttpAuth httpAuth = new HttpAuth(); if (identityProvider1.ArtifactResolution.ClientCertificate.ElementInformation.IsPresent) { httpAuth.ClientCertificate = new Certificate { FindValue = identityProvider1.ArtifactResolution.ClientCertificate.FindValue, StoreLocation = identityProvider1.ArtifactResolution.ClientCertificate.StoreLocation, StoreName = identityProvider1.ArtifactResolution.ClientCertificate.StoreName, ValidOnly = identityProvider1.ArtifactResolution.ClientCertificate.ValidOnly, X509FindType = identityProvider1.ArtifactResolution.ClientCertificate.X509FindType } } ; if (identityProvider1.ArtifactResolution.Credentials.ElementInformation.IsPresent) { httpAuth.Credentials = new HttpAuthCredentials { Password = identityProvider1.ArtifactResolution.Credentials.Password, Username = identityProvider1.ArtifactResolution.Credentials.Username } } ; identityProvider2.ArtifactResolution = httpAuth; } if (identityProvider1.AttributeQuery.ElementInformation.IsPresent) { HttpAuth httpAuth = new HttpAuth(); if (identityProvider1.AttributeQuery.ClientCertificate.ElementInformation.IsPresent) { httpAuth.ClientCertificate = new Certificate { FindValue = identityProvider1.AttributeQuery.ClientCertificate.FindValue, StoreLocation = identityProvider1.AttributeQuery.ClientCertificate.StoreLocation, StoreName = identityProvider1.AttributeQuery.ClientCertificate.StoreName, ValidOnly = identityProvider1.AttributeQuery.ClientCertificate.ValidOnly, X509FindType = identityProvider1.AttributeQuery.ClientCertificate.X509FindType } } ; if (identityProvider1.AttributeQuery.Credentials.ElementInformation.IsPresent) { httpAuth.Credentials = new HttpAuthCredentials { Password = identityProvider1.AttributeQuery.Credentials.Password, Username = identityProvider1.AttributeQuery.Credentials.Username } } ; identityProvider2.AttributeQuery = httpAuth; } if (identityProvider1.PersistentPseudonym.ElementInformation.IsPresent) { identityProvider2.PersistentPseudonym = new PersistentPseudonym { Mapper = identityProvider1.PersistentPseudonym.Mapper } } ; foreach (CertificateValidationElement certificateValidation in identityProvider1 .CertificateValidations) { identityProvider2.CertificateValidations.Add(certificateValidation.Type); } foreach (string allKey in identityProvider1.CommonDomainCookie.AllKeys) { identityProvider2.CommonDomainCookie.Add(identityProvider1.CommonDomainCookie[allKey].Key, identityProvider1.CommonDomainCookie[allKey].Value); } foreach (IdentityProviderEndpointElement endpoint in identityProvider1 .Endpoints) { identityProvider2.Endpoints.Add(new IdentityProviderEndpoint { Binding = endpoint.Binding, ForceProtocolBinding = endpoint.ForceProtocolBinding, TokenAccessor = endpoint.TokenAccessor, Type = endpoint.Type, Url = endpoint.Url }); } saml2Config.IdentityProviders.Add(identityProvider2); } } if (configElement.Logging.ElementInformation.IsPresent) { saml2Config.Logging.LoggingFactory = configElement.Logging.LoggingFactory; } if (true || configElement.Metadata.ElementInformation.IsPresent) { saml2Config.Metadata.ExcludeArtifactEndpoints = configElement.Metadata.ExcludeArtifactEndpoints; saml2Config.Metadata.Lifetime = configElement.Metadata.Lifetime; if (configElement.Metadata.Organization.ElementInformation.IsPresent) { saml2Config.Metadata.Organization = new Organization { Name = configElement.Metadata.Organization.Name, DisplayName = configElement.Metadata.Organization.DisplayName, Url = configElement.Metadata.Organization.Url } } ; foreach (ContactElement contact in configElement.Metadata.Contacts) { saml2Config.Metadata.Contacts.Add(new Contact { Company = contact.Company, Email = contact.Email, GivenName = contact.GivenName, Phone = contact.Phone, SurName = contact.SurName, Type = contact.Type }); } foreach (AttributeElement requestedAttribute in configElement.Metadata .RequestedAttributes) { saml2Config.Metadata.RequestedAttributes.Add(new Attribute { IsRequired = requestedAttribute.IsRequired, Name = requestedAttribute.Name }); } } if (true || configElement.ServiceProvider.ElementInformation.IsPresent) { saml2Config.ServiceProvider.AuthenticationContextComparison = configElement.ServiceProvider.AuthenticationContexts.Comparison; saml2Config.ServiceProvider.Id = configElement.ServiceProvider.Id; saml2Config.ServiceProvider.NameIdFormatAllowCreate = configElement.ServiceProvider.NameIdFormats.AllowCreate; saml2Config.ServiceProvider.Server = configElement.ServiceProvider.Server; if (configElement.ServiceProvider.SigningCertificate.ElementInformation.IsPresent) { saml2Config.ServiceProvider.SigningCertificate = new Certificate { FindValue = configElement.ServiceProvider.SigningCertificate.FindValue, StoreLocation = configElement.ServiceProvider.SigningCertificate.StoreLocation, StoreName = configElement.ServiceProvider.SigningCertificate.StoreName, ValidOnly = configElement.ServiceProvider.SigningCertificate.ValidOnly, X509FindType = configElement.ServiceProvider.SigningCertificate.X509FindType } } ; foreach (AuthenticationContextElement authenticationContext in configElement .ServiceProvider.AuthenticationContexts) { saml2Config.ServiceProvider.AuthenticationContexts.Add(new AuthenticationContext { Context = authenticationContext.Context, ReferenceType = authenticationContext.ReferenceType }); } foreach (ServiceProviderEndpointElement endpoint in configElement .ServiceProvider.Endpoints) { saml2Config.ServiceProvider.Endpoints.Add(new ServiceProviderEndpoint { Binding = endpoint.Binding, Index = endpoint.Index, LocalPath = endpoint.LocalPath, RedirectUrl = endpoint.RedirectUrl, Type = endpoint.Type }); } foreach (NameIdFormatElement nameIdFormat in configElement.ServiceProvider .NameIdFormats) { saml2Config.ServiceProvider.NameIdFormats.Add(nameIdFormat.Format); } } if (configElement.State.ElementInformation.IsPresent) { saml2Config.State.StateServiceFactory = configElement.State.StateServiceFactory; foreach (StateSettingElement setting in configElement.State.Settings) { saml2Config.State.Settings.Add(setting.Name, setting.Value); } } return(saml2Config); } } }