Creating Metadata for ADFS

by System Administrator
The following example demonstrates how to generate Metadata for ADFS:
using ComponentPro.Saml;
using ComponentPro.Saml2;
using ComponentPro.Saml2.Metadata;
using System.Security.Cryptography.X509Certificates;
...
static void Main()
{
	// Create a new instance of the EntityDescriptor class.
	EntityDescriptor entityDescriptor = new EntityDescriptor();
	
	// Set ID.
	entityDescriptor.Id = "MPCSHKBKAJTWEF5RsrHcS2.R3Fb";
	entityDescriptor.EntityId = new EntityIdType("http://xxx.xxxx.com/adfs/services/trust");

	// Create a new instance of the AttributeAuthorityDescriptor class.
	// You may not need this AttributeAuthorityDescriptor in your metadata.
	AttributeAuthorityDescriptor attributeAuthorityDescriptor = new AttributeAuthorityDescriptor();
	// Add that AttributeAuthorityDescriptor to the entity descriptor.
	entityDescriptor.AttributeAuthorityDescriptors.Add(attributeAuthorityDescriptor);

	// Set binding type and location.
	AttributeService attributeService = new AttributeService();
	attributeService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
	attributeService.Location = "https://xxx.xxxx.xxxx.com/idp/attrsvc.ssaml2";
	attributeAuthorityDescriptor.AttributeServices.Add(attributeService);

	// Load the key to sign
	X509Certificate2 x509Certificate = new X509Certificate2(@"..\..\Pkey.pfx", "password");

	// Create SP SSO Descriptor
	SpSsoDescriptor spSsoDescriptor = new SpSsoDescriptor();

	spSsoDescriptor.ProtocolSupportEnumeration = SamlNamespaceUris.Protocol;
	spSsoDescriptor.WantAssertionsSigned = true;

	// Create Artifact Resolution Service
	ArtifactResolutionService ars = new ArtifactResolutionService();
	ars.IsDefault = true;
	ars.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/ARS.ssaml2";
	spSsoDescriptor.ArtifactResolutionServices.Add(ars);

	// Create Single Logout Service for HTTP-Redirect binding.
	SingleLogoutService slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Single Logout Service for HTTP-POST binding.
	slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Single Logout Service for HTTP-Artifact binding.
	slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Single Logout Service for SOAP binding.
	slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.ssaml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Assertion Consumer Service for HTTP-POST binding.
	AssertionConsumerService acs = new AssertionConsumerService();
	acs.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
	acs.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/ACS.saml2";
	spSsoDescriptor.AssertionConsumerServices.Add(acs);

	// Create Attribute Consuming Service.
	AttributeConsumingService attcs = new AttributeConsumingService();
	attcs.ServiceNames.Add(new ServiceName("AttributeContract", "en"));
	attcs.RequestedAttributes.Add(new RequestedAttribute("lname"));
	attcs.RequestedAttributes.Add(new RequestedAttribute("mid"));
	attcs.RequestedAttributes.Add(new RequestedAttribute("fname"));
	spSsoDescriptor.AttributeConsumingServices.Add(attcs);

	// Name ID Formats
	spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.EmailAddress));
	spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.Persistent));
	spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.Transient));

	// You may want to sign
	// ssoDescriptor.Sign(x509Certificate);

	// Add SP SSO Descriptor to EntityDescriptor
	entityDescriptor.SpSsoDescriptors.Add(spSsoDescriptor);

	ContactPerson person = new ContactPerson();
	person.Type = "technical";
	person.Company = "Demo Domain";
	person.GivenName = "John";
	person.Surname = "Brown";
	person.EmailAddresses.Add("a@email.com");
	person.TelephoneNumbers.Add("12345");

	entityDescriptor.ContactPeople.Add(person);

	//RoleDescriptor role = new RoleDescriptor();
	//KeyDescriptor key = new KeyDescriptor();
	//key.Use = "encryption";
	//key.KeyInfo = signedKeyInfoXml;
	//role.KeyDescriptors.Add(key);

	//// Add as many extensions as you need.
	//role.Extensions.Elements.Add(extensionXmlElement);
	

	//ssoDescriptor.Sign(x509Certificate); // Sign SSO Descriptor if needed.
	entityDescriptor.Sign(x509Certificate); // In this case we sign the entity descriptor.

	// If you dont want the 'md' tag prefix, uncomment the following line
	//EntityDescriptor.CreateElement += EntityDescriptor_CreateElement;

	string xml = entityDescriptor.GetXml().OuterXml;

	System.Diagnostics.Trace.WriteLine(xml);

	using (System.IO.StreamWriter fw = new System.IO.StreamWriter(@"D:\Temp\test.xml"))
	{
		fw.Write(xml);
	}
}

static void EntityDescriptor_CreateElement(object sender, CreateElementEventArgs e)
{
	e.Prefix = e.Prefix.Replace("md", "");
}
All Articles
45-Day Money Back Guarantee

We will refund your full money in 45 days
if you are not satisfied with our products

Buy Now
Creating Metadata for ADFS

45-Day Money Back Guarantee

We will refund your full money in 45 days if you are not satisfied with our products

We will refund your full money in 45 days
if you are not satisfied with our products
