private static CommandResult RedirectToDiscoveryService( string returnPath, ISPOptions spOptions, AuthServicesUrls authServicesUrls) { string returnUrl = authServicesUrls.SignInUrl.OriginalString; if (!string.IsNullOrEmpty(returnPath)) { returnUrl += "?ReturnUrl=" + Uri.EscapeDataString(returnPath); } var redirectLocation = string.Format( CultureInfo.InvariantCulture, "{0}?entityID={1}&return={2}&returnIDParam=idp", spOptions.DiscoveryServiceUrl, Uri.EscapeDataString(spOptions.EntityId.Id), Uri.EscapeDataString(returnUrl)); return(new CommandResult() { HttpStatusCode = HttpStatusCode.SeeOther, Location = new Uri(redirectLocation) }); }
private static CommandResult RedirectToDiscoveryService( string returnPath, ISPOptions spOptions, AuthServicesUrls authServicesUrls) { string returnUrl = authServicesUrls.SignInUrl.OriginalString; if(!string.IsNullOrEmpty(returnPath)) { returnUrl += "?ReturnUrl=" + Uri.EscapeDataString(returnPath); } var redirectLocation = string.Format( CultureInfo.InvariantCulture, "{0}?entityID={1}&return={2}&returnIDParam=idp", spOptions.DiscoveryServiceUrl, Uri.EscapeDataString(spOptions.EntityId.Id), Uri.EscapeDataString(returnUrl)); return new CommandResult() { HttpStatusCode = HttpStatusCode.SeeOther, Location = new Uri(redirectLocation) }; }
private static CommandResult RedirectToDiscoveryService( string returnPath, SPOptions spOptions, AuthServicesUrls authServicesUrls, IDictionary <string, string> relayData) { string returnUrl = authServicesUrls.SignInUrl.OriginalString; var relayState = SecureKeyGenerator.CreateRelayState(); returnUrl += "?RelayState=" + Uri.EscapeDataString(relayState); var redirectLocation = string.Format( CultureInfo.InvariantCulture, "{0}?entityID={1}&return={2}&returnIDParam=idp", spOptions.DiscoveryServiceUrl, Uri.EscapeDataString(spOptions.EntityId.Id), Uri.EscapeDataString(returnUrl)); var requestState = new StoredRequestState( null, returnPath == null ? null : new Uri(returnPath, UriKind.RelativeOrAbsolute), null, relayData); return(new CommandResult() { HttpStatusCode = HttpStatusCode.SeeOther, Location = new Uri(redirectLocation), RequestState = requestState, SetCookieName = "Kentor." + relayState }); }
public CommandResult Run(HttpRequestData request, IOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options); var metadata = options.SPOptions.CreateMetadata(urls); options.Notifications.MetadataCreated(metadata, urls); var result = new CommandResult() { Content = metadata.ToXmlString( options.SPOptions.SigningServiceCertificate, options.SPOptions.SigningAlgorithm), ContentType = "application/samlmetadata+xml" }; options.Notifications.MetadataCommandResultCreated(result); return(result); }
public void AuthServicesUrls_Ctor_HandlesApplicationInRoot() { var appUrl = new Uri("http://localhost:42/"); var modulePath = "/modulePath"; var subject = new AuthServicesUrls(appUrl, modulePath); subject.AssertionConsumerServiceUrl.Should().Be(new Uri("http://localhost:42/modulePath/Acs")); subject.SignInUrl.Should().Be(new Uri("http://localhost:42/modulePath/SignIn")); }
public static CommandResult Run( EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, IDictionary <string, string> relayData) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options.SPOptions); IdentityProvider idp; if (idpEntityId == null || idpEntityId.Id == null) { if (options.SPOptions.DiscoveryServiceUrl != null) { return(RedirectToDiscoveryService(returnPath, options.SPOptions, urls)); } idp = options.IdentityProviders.Default; } else { if (!options.IdentityProviders.TryGetValue(idpEntityId, out idp)) { throw new InvalidOperationException("Unknown idp"); } } Uri returnUrl = null; if (!string.IsNullOrEmpty(returnPath)) { var appRelativePath = request.Url.AbsolutePath.Substring( request.ApplicationUrl.AbsolutePath.Length).TrimStart('/'); returnUrl = new Uri(new Uri(urls.ApplicationUrl, appRelativePath), returnPath); } var authnRequest = idp.CreateAuthenticateRequest(urls); var commandResult = idp.Bind(authnRequest); commandResult.RequestState = new StoredRequestState( idp.EntityId, returnUrl, authnRequest.Id, relayData); commandResult.SetCookieName = "Kentor." + authnRequest.RelayState; return(commandResult); }
private static Uri GetReturnUrl(HttpRequestData request, string returnPath, IOptions options) { var urls = new AuthServicesUrls(request, options.SPOptions); if (!string.IsNullOrEmpty(returnPath)) { return(new Uri(urls.ApplicationUrl, returnPath)); } else { return(urls.ApplicationUrl); } }
public static CommandResult Run( EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, IDictionary <string, string> relayData) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options); IdentityProvider idp = options.Notifications.SelectIdentityProvider(idpEntityId, relayData); if (idp == null) { var idpEntityIdString = idpEntityId?.Id; if (idpEntityIdString == null) { if (options.SPOptions.DiscoveryServiceUrl != null) { var commandResult = RedirectToDiscoveryService(returnPath, options.SPOptions, urls); options.Notifications.SignInCommandResultCreated(commandResult, relayData); options.SPOptions.Logger.WriteInformation("Redirecting to Discovery Service to select Idp."); return(commandResult); } idp = options.IdentityProviders.Default; options.SPOptions.Logger.WriteVerbose( "No specific idp requested and no Discovery Service configured. " + "Falling back to use configured default Idp " + idp.EntityId.Id); } else { if (!options.IdentityProviders.TryGetValue(idpEntityId, out idp)) { throw new InvalidOperationException("Unknown idp " + idpEntityIdString); } } } var returnUrl = string.IsNullOrEmpty(returnPath) ? null : new Uri(returnPath, UriKind.RelativeOrAbsolute); options.SPOptions.Logger.WriteInformation("Initiating login to " + idp.EntityId.Id); return(InitiateLoginToIdp(options, relayData, urls, idp, returnUrl)); }
public CommandResult Run(HttpRequestData request, IOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options.SPOptions); return(new CommandResult() { Content = options.SPOptions.CreateMetadata(urls).ToXmlString(), ContentType = "application/samlmetadata+xml" }); }
public CommandResult Run(HttpRequestData request, IOptions options) { if (options == null) { throw new ArgumentNullException("options"); } var urls = new AuthServicesUrls(request, options.SPOptions); return new CommandResult() { Content = options.SPOptions.CreateMetadata(urls, _entityIdSuffix).ToXmlString(options.SPOptions.SigningServiceCertificate), ContentType = "application/samlmetadata+xml" }; }
public CommandResult Run(HttpRequestData request, IOptions options) { if(options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options.SPOptions); return new CommandResult() { Content = options.SPOptions.CreateMetadata(urls).ToXmlString(), ContentType = "application/samlmetadata+xml" }; }
public static ExtendedEntityDescriptor CreateMetadata(this ISPOptions spOptions, AuthServicesUrls urls) { var ed = new ExtendedEntityDescriptor { EntityId = spOptions.EntityId, Organization = spOptions.Organization, CacheDuration = spOptions.MetadataCacheDuration }; foreach (var contact in spOptions.Contacts) { ed.Contacts.Add(contact); } var spsso = new ExtendedServiceProviderSingleSignOnDescriptor(); spsso.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); spsso.AssertionConsumerServices.Add(0, new IndexedProtocolEndpoint() { Index = 0, IsDefault = true, Binding = Saml2Binding.HttpPostUri, Location = urls.AssertionConsumerServiceUrl }); foreach(var attributeService in spOptions.AttributeConsumingServices) { spsso.AttributeConsumingServices.Add(attributeService); } ed.RoleDescriptors.Add(spsso); if(spOptions.DiscoveryServiceUrl != null && !string.IsNullOrEmpty(spOptions.DiscoveryServiceUrl.OriginalString)) { ed.Extensions.DiscoveryResponse = new IndexedProtocolEndpoint { Binding = Saml2Binding.DiscoveryResponseUri, Index = 0, IsDefault = true, Location = urls.SignInUrl }; } return ed; }
public static CommandResult Run( EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, object relayData) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options.SPOptions); IdentityProvider idp; if (idpEntityId == null || idpEntityId.Id == null) { if (options.SPOptions.DiscoveryServiceUrl != null) { return(RedirectToDiscoveryService(returnPath, options.SPOptions, urls)); } idp = options.IdentityProviders.Default; } else { if (!options.IdentityProviders.TryGetValue(idpEntityId, out idp)) { throw new InvalidOperationException("Unknown idp"); } } Uri returnUrl = null; if (!string.IsNullOrEmpty(returnPath)) { Uri.TryCreate(request.Url, returnPath, out returnUrl); } var authnRequest = idp.CreateAuthenticateRequest(returnUrl, urls, relayData); return(idp.Bind(authnRequest)); }
public static CommandResult Run( EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, IDictionary <string, string> relayData) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options); IdentityProvider idp = options.Notifications.SelectIdentityProvider(idpEntityId, relayData); if (idp == null) { if (idpEntityId?.Id == null) { if (options.SPOptions.DiscoveryServiceUrl != null) { var commandResult = RedirectToDiscoveryService(returnPath, options.SPOptions, urls); options.Notifications.SignInCommandResultCreated(commandResult, relayData); return(commandResult); } idp = options.IdentityProviders.Default; } else { if (!options.IdentityProviders.TryGetValue(idpEntityId, out idp)) { throw new InvalidOperationException("Unknown idp"); } } } var returnUrl = string.IsNullOrEmpty(returnPath) ? null : new Uri(returnPath, UriKind.RelativeOrAbsolute); return(InitiateLoginToIdp(options, relayData, urls, idp, returnUrl)); }
public static CommandResult Run( EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, object relayData) { if(options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options.SPOptions); IdentityProvider idp; if (idpEntityId == null || idpEntityId.Id == null) { if (options.SPOptions.DiscoveryServiceUrl != null) { return RedirectToDiscoveryService(returnPath, options.SPOptions, urls); } idp = options.IdentityProviders.Default; } else { if (!options.IdentityProviders.TryGetValue(idpEntityId, out idp)) { throw new InvalidOperationException("Unknown idp"); } } Uri returnUrl = null; if (!string.IsNullOrEmpty(returnPath)) { Uri.TryCreate(request.Url, returnPath, out returnUrl); } var authnRequest = idp.CreateAuthenticateRequest(returnUrl, urls, relayData); return idp.Bind(authnRequest); }
public static CommandResult Run( EntityId idpEntityId, string returnPath, HttpRequestData request, IOptions options, IDictionary<string, string> relayData) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options.SPOptions); IdentityProvider idp = options.Notifications.SelectIdentityProvider(idpEntityId, relayData); if (idp == null) { if (idpEntityId?.Id == null) { if (options.SPOptions.DiscoveryServiceUrl != null) { var commandResult = RedirectToDiscoveryService(returnPath, options.SPOptions, urls); options.Notifications.SignInCommandResultCreated(commandResult, relayData); return commandResult; } idp = options.IdentityProviders.Default; } else { if (!options.IdentityProviders.TryGetValue(idpEntityId, out idp)) { throw new InvalidOperationException("Unknown idp"); } } } var returnUrl = string.IsNullOrEmpty(returnPath) ? null : new Uri(returnPath, UriKind.RelativeOrAbsolute); return InitiateLoginToIdp(options, relayData, urls, idp, returnUrl); }
public CommandResult Run(HttpRequestData request, IOptions options) { if(options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new AuthServicesUrls(request, options); var metadata = options.SPOptions.CreateMetadata(urls); options.Notifications.MetadataCreated(metadata, urls); var result = new CommandResult() { Content = metadata.ToXmlString(options.SPOptions.SigningServiceCertificate), ContentType = "application/samlmetadata+xml" }; options.Notifications.MetadataCommandResultCreated(result); return result; }
public void AuthServiecsUrls_Ctor_AcceptsFullUrls() { var acsUrl = new Uri("http://localhost:73/MyApp/MyAcs"); var signinUrl = new Uri("http://localhost:73/MyApp/MySignin"); var appUrl = new Uri("http://localhost:73/MyApp"); var subject = new AuthServicesUrls(acsUrl, signinUrl, appUrl); subject.AssertionConsumerServiceUrl.ToString().Should().Be(acsUrl.ToString()); subject.SignInUrl.ToString().Should().Be(signinUrl.ToString()); subject.ApplicationUrl.Should().Be(appUrl.ToString()); }
/// <summary> /// Create an authenticate request aimed for this idp. /// </summary> /// <param name="returnUrl">The return url where the browser should be sent after /// successful authentication.</param> /// <param name="authServicesUrls">Urls for AuthServices, used to populate fields /// in the created AuthnRequest</param> /// <param name="relayData">Aux data that should be preserved across the authentication</param> /// <returns>AuthnRequest</returns> public Saml2AuthenticationRequest CreateAuthenticateRequest( Uri returnUrl, AuthServicesUrls authServicesUrls, object relayData) { if (authServicesUrls == null) { throw new ArgumentNullException("authServicesUrls"); } var authnRequest = new Saml2AuthenticationRequest() { DestinationUrl = SingleSignOnServiceUrl, AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl, Issuer = spOptions.EntityId, // For now we only support one attribute consuming service. AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null }; var responseData = new StoredRequestState(EntityId, returnUrl, relayData); PendingAuthnRequests.Add(new Saml2Id(authnRequest.Id), responseData); return authnRequest; }
private static CommandResult InitiateLoginToIdp(IOptions options, IDictionary<string, string> relayData, AuthServicesUrls urls, IdentityProvider idp, Uri returnUrl) { var authnRequest = idp.CreateAuthenticateRequest(urls); options.Notifications.AuthenticationRequestCreated(authnRequest, idp, relayData); var commandResult = idp.Bind(authnRequest); commandResult.RequestState = new StoredRequestState( idp.EntityId, returnUrl, authnRequest.Id, relayData); commandResult.SetCookieName = "Kentor." + authnRequest.RelayState; options.Notifications.SignInCommandResultCreated(commandResult, relayData); return commandResult; }
private static Uri ExpandReturnUrl(string returnPath, HttpRequestData request, AuthServicesUrls urls) { Uri returnUrl = null; if (!string.IsNullOrEmpty(returnPath)) { var appRelativePath = request.Url.AbsolutePath.Substring( request.ApplicationUrl.AbsolutePath.Length).TrimStart('/'); returnUrl = new Uri(new Uri(urls.ApplicationUrl, appRelativePath), returnPath); } return returnUrl; }
/// <summary> /// Create an authenticate request aimed for this idp. /// </summary> /// <param name="returnUrl">The return url where the browser should be sent after /// successful authentication.</param> /// <param name="authServicesUrls">Urls for AuthServices, used to populate fields /// in the created AuthnRequest</param> /// <returns>AuthnRequest</returns> public Saml2AuthenticationRequest CreateAuthenticateRequest( Uri returnUrl, AuthServicesUrls authServicesUrls) { return CreateAuthenticateRequest(returnUrl, authServicesUrls, null); }
public static ExtendedEntityDescriptor CreateMetadata(this ISPOptions spOptions, AuthServicesUrls urls) { var ed = new ExtendedEntityDescriptor { EntityId = spOptions.EntityId, Organization = spOptions.Organization, CacheDuration = spOptions.MetadataCacheDuration }; foreach (var contact in spOptions.Contacts) { ed.Contacts.Add(contact); } var spsso = new ExtendedServiceProviderSingleSignOnDescriptor(); spsso.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); spsso.AssertionConsumerServices.Add(0, new IndexedProtocolEndpoint() { Index = 0, IsDefault = true, Binding = Saml2Binding.HttpPostUri, Location = urls.AssertionConsumerServiceUrl }); spsso.AssertionConsumerServices.Add(1, new IndexedProtocolEndpoint() { Index = 1, IsDefault = false, Binding = Saml2Binding.HttpArtifactUri, Location = urls.AssertionConsumerServiceUrl }); foreach(var attributeService in spOptions.AttributeConsumingServices) { spsso.AttributeConsumingServices.Add(attributeService); } if (spOptions.ServiceCertificates != null) { var publishCertificates = spOptions.MetadataCertificates; foreach (var serviceCert in publishCertificates) { using (var securityToken = new X509SecurityToken(serviceCert.Certificate)) { spsso.Keys.Add( new KeyDescriptor { Use = (KeyType)(byte)serviceCert.Use, KeyInfo = new SecurityKeyIdentifier(securityToken.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>()) } ); } } } if (spOptions.DiscoveryServiceUrl != null && !string.IsNullOrEmpty(spOptions.DiscoveryServiceUrl.OriginalString)) { spsso.Extensions.DiscoveryResponse = new IndexedProtocolEndpoint { Binding = Saml2Binding.DiscoveryResponseUri, Index = 0, IsDefault = true, Location = urls.SignInUrl }; } ed.RoleDescriptors.Add(spsso); return ed; }
public void AuthServicesUrls_Ctor_EnsuresApplicationUrlEndsWithSlash() { var request = new HttpRequestData( "GET", new Uri("http://localhost:1234/Foo/Bar"), "/Foo", null, null, null); var options = StubFactory.CreateOptions(); var subject = new AuthServicesUrls(request, options.SPOptions); subject.ApplicationUrl.OriginalString.Should().EndWith("/"); }
public void AuthServicesUrls_Ctor_FromHttpRequest_PublicOrigin() { var url = new Uri("http://example.com:42/ApplicationPath/Path?name=DROP%20TABLE%20STUDENTS"); string appPath = "/ApplicationPath"; var request = Substitute.For<HttpRequestBase>(); request.HttpMethod.Returns("GET"); request.Url.Returns(url); request.Form.Returns(new NameValueCollection { { "Key", "Value" } }); request.ApplicationPath.Returns(appPath); var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443/OtherPath")); var subject = request.ToHttpRequestData(); var urls = new AuthServicesUrls(subject, options.SPOptions); urls.AssertionConsumerServiceUrl.ShouldBeEquivalentTo("https://my.public.origin:8443/OtherPath/AuthServices/Acs"); urls.SignInUrl.ShouldBeEquivalentTo("https://my.public.origin:8443/OtherPath/AuthServices/SignIn"); }
public async Task AuthServicesUrls_Ctor_FromOwinHttpRequestData_PublicOrigin() { var ctx = OwinTestHelpers.CreateOwinContext(); var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443/")); var subject = await ctx.ToHttpRequestData(null); var urls = new AuthServicesUrls(subject, options.SPOptions); urls.AssertionConsumerServiceUrl.ShouldBeEquivalentTo("https://my.public.origin:8443/AuthServices/Acs"); urls.SignInUrl.ShouldBeEquivalentTo("https://my.public.origin:8443/AuthServices/SignIn"); }
public void AuthServicesUrls_Ctor_PerRequest_PublicOrigin() { var options = StubFactory.CreateOptionsPublicOrigin(new Uri("https://my.public.origin:8443/")); options.Notifications.GetPublicOrigin = (requestData) => { return new Uri("https://special.public.origin/"); }; var urls = new AuthServicesUrls(new HttpRequestData("get", new Uri("http://servername/")), options); urls.AssertionConsumerServiceUrl.ShouldBeEquivalentTo("https://special.public.origin/AuthServices/Acs"); urls.SignInUrl.ShouldBeEquivalentTo("https://special.public.origin/AuthServices/SignIn"); }
public void AuthServicesUrls_Ctor_AllowsNullAcs() { // AssertionConsumerServiceURL is optional in the SAML spec var subject = new AuthServicesUrls(null, new Uri("http://localhost/signin"), null); subject.AssertionConsumerServiceUrl.Should().Be(null); subject.SignInUrl.ToString().Should().Be("http://localhost/signin"); }
public Saml2AuthenticationRequest CreateAuthenticateRequest( AuthServicesUrls authServicesUrls) { if (authServicesUrls == null) { throw new ArgumentNullException(nameof(authServicesUrls)); } var authnRequest = new Saml2AuthenticationRequest() { DestinationUrl = SingleSignOnServiceUrl, AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl, Issuer = spOptions.EntityId, // For now we only support one attribute consuming service. AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null, NameIdPolicy = spOptions.NameIdPolicy, RequestedAuthnContext = spOptions.RequestedAuthnContext }; if (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always || (spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.IfIdpWantAuthnRequestsSigned && WantAuthnRequestsSigned)) { if (spOptions.SigningServiceCertificate == null) { throw new ConfigurationErrorsException( string.Format( CultureInfo.InvariantCulture, "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\". To resolve this issue you can a) add a service certificate with usage \"Signing\" or \"Both\" (default if not specified is \"Both\") or b) Set the AuthenticateRequestSigningBehavior configuration property to \"Never\".", EntityId.Id)); } authnRequest.SigningCertificate = spOptions.SigningServiceCertificate; } return authnRequest; }
public Saml2AuthenticationRequest CreateAuthenticateRequest( Uri returnUrl, AuthServicesUrls authServicesUrls, object relayData) { if (authServicesUrls == null) { throw new ArgumentNullException(nameof(authServicesUrls)); } var authnRequest = new Saml2AuthenticationRequest() { DestinationUrl = SingleSignOnServiceUrl, AssertionConsumerServiceUrl = authServicesUrls.AssertionConsumerServiceUrl, Issuer = spOptions.EntityId, // For now we only support one attribute consuming service. AttributeConsumingServiceIndex = spOptions.AttributeConsumingServices.Any() ? 0 : (int?)null, }; if(spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always) { if(spOptions.SigningServiceCertificate == null) { throw new ConfigurationErrorsException( string.Format( CultureInfo.InvariantCulture, "Idp \"{0}\" is configured for signed AuthenticateRequests, but ServiceCertificates configuration contains no certificate with usage \"Signing\" or \"Both\".", EntityId.Id)); } authnRequest.SigningCertificate = spOptions.SigningServiceCertificate; } var responseData = new StoredRequestState(EntityId, returnUrl, authnRequest.Id, relayData); PendingAuthnRequests.Add(authnRequest.RelayState, responseData); return authnRequest; }
public static ExtendedEntityDescriptor CreateMetadata(this ISPOptions spOptions, AuthServicesUrls urls, string entityIdSuffix) { var eid = string.IsNullOrEmpty(entityIdSuffix) ? spOptions.EntityId : new EntityId(spOptions.EntityId.Id + entityIdSuffix); var ed = new ExtendedEntityDescriptor { EntityId = eid, Organization = spOptions.Organization, CacheDuration = spOptions.MetadataCacheDuration, }; if(spOptions.MetadataValidDuration.HasValue) { ed.ValidUntil = DateTime.UtcNow.Add(spOptions.MetadataValidDuration.Value); } foreach (var contact in spOptions.Contacts) { ed.Contacts.Add(contact); } var spsso = new ExtendedServiceProviderSingleSignOnDescriptor() { WantAssertionsSigned = spOptions.WantAssertionsSigned, AuthenticationRequestsSigned = spOptions.AuthenticateRequestSigningBehavior == SigningBehavior.Always }; spsso.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); spsso.AssertionConsumerServices.Add(0, new IndexedProtocolEndpoint() { Index = 0, IsDefault = true, Binding = Saml2Binding.HttpPostUri, Location = urls.AssertionConsumerServiceUrl }); spsso.AssertionConsumerServices.Add(1, new IndexedProtocolEndpoint() { Index = 1, IsDefault = false, Binding = Saml2Binding.HttpArtifactUri, Location = urls.AssertionConsumerServiceUrl }); foreach(var attributeService in spOptions.AttributeConsumingServices) { spsso.AttributeConsumingServices.Add(attributeService); } if (spOptions.ServiceCertificates != null) { var publishCertificates = spOptions.MetadataCertificates; foreach (var serviceCert in publishCertificates) { using (var securityToken = new X509SecurityToken(serviceCert.Certificate)) { spsso.Keys.Add( new KeyDescriptor { Use = (KeyType)(byte)serviceCert.Use, KeyInfo = new SecurityKeyIdentifier(securityToken.CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>()) } ); } } } if(spOptions.SigningServiceCertificate != null) { spsso.SingleLogoutServices.Add(new ProtocolEndpoint( Saml2Binding.HttpRedirectUri, urls.LogoutUrl)); spsso.SingleLogoutServices.Add(new ProtocolEndpoint( Saml2Binding.HttpPostUri, urls.LogoutUrl)); } if (spOptions.DiscoveryServiceUrl != null && !string.IsNullOrEmpty(spOptions.DiscoveryServiceUrl.OriginalString)) { spsso.Extensions.DiscoveryResponse = new IndexedProtocolEndpoint { Binding = Saml2Binding.DiscoveryResponseUri, Index = 0, IsDefault = true, Location = urls.SignInUrl }; } ed.RoleDescriptors.Add(spsso); return ed; }
public static ExtendedEntityDescriptor CreateMetadata(this ISPOptions spOptions, AuthServicesUrls urls) { return spOptions.CreateMetadata(urls, string.Empty); }
private static CommandResult InitiateLoginToIdp(IOptions options, IDictionary <string, string> relayData, AuthServicesUrls urls, IdentityProvider idp, Uri returnUrl) { var authnRequest = idp.CreateAuthenticateRequest(urls); options.Notifications.AuthenticationRequestCreated(authnRequest, idp, relayData); var commandResult = idp.Bind(authnRequest); commandResult.RequestState = new StoredRequestState( idp.EntityId, returnUrl, authnRequest.Id, relayData); commandResult.SetCookieName = "Kentor." + authnRequest.RelayState; options.Notifications.SignInCommandResultCreated(commandResult, relayData); return(commandResult); }
private static Uri ExpandReturnUrl(string returnPath, HttpRequestData request, AuthServicesUrls urls) { Uri returnUrl = null; if (!string.IsNullOrEmpty(returnPath)) { var appRelativePath = request.Url.AbsolutePath.Substring( request.ApplicationUrl.AbsolutePath.Length).TrimStart('/'); returnUrl = new Uri(new Uri(urls.ApplicationUrl, appRelativePath), returnPath); } return(returnUrl); }
private static Uri GetReturnUrl(HttpRequestData request, string returnPath, IOptions options) { var urls = new AuthServicesUrls(request, options.SPOptions); if (!string.IsNullOrEmpty(returnPath)) { return new Uri(urls.ApplicationUrl, returnPath); } else { return urls.ApplicationUrl; } }