The following example demonstrates how to generate Metadata for ADFS:
using ComponentPro.Saml;
using ComponentPro.Saml2;
using ComponentPro.Saml2.Metadata;
using System.Security.Cryptography.X509Certificates;
...
static void Main()
{
// Create a new instance of the EntityDescriptor class.
EntityDescriptor entityDescriptor = new EntityDescriptor();
// Set ID.
entityDescriptor.Id = "MPCSHKBKAJTWEF5RsrHcS2.R3Fb";
entityDescriptor.EntityId = new EntityIdType("http://xxx.xxxx.com/adfs/services/trust");
// Create a new instance of the AttributeAuthorityDescriptor class.
// You may not need this AttributeAuthorityDescriptor in your metadata.
AttributeAuthorityDescriptor attributeAuthorityDescriptor = new AttributeAuthorityDescriptor();
// Add that AttributeAuthorityDescriptor to the entity descriptor.
entityDescriptor.AttributeAuthorityDescriptors.Add(attributeAuthorityDescriptor);
// Set binding type and location.
AttributeService attributeService = new AttributeService();
attributeService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
attributeService.Location = "https://xxx.xxxx.xxxx.com/idp/attrsvc.ssaml2";
attributeAuthorityDescriptor.AttributeServices.Add(attributeService);
// Load the key to sign
X509Certificate2 x509Certificate = new X509Certificate2(@"..\..\Pkey.pfx", "password");
// Create SP SSO Descriptor
SpSsoDescriptor spSsoDescriptor = new SpSsoDescriptor();
spSsoDescriptor.ProtocolSupportEnumeration = SamlNamespaceUris.Protocol;
spSsoDescriptor.WantAssertionsSigned = true;
// Create Artifact Resolution Service
ArtifactResolutionService ars = new ArtifactResolutionService();
ars.IsDefault = true;
ars.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/ARS.ssaml2";
spSsoDescriptor.ArtifactResolutionServices.Add(ars);
// Create Single Logout Service for HTTP-Redirect binding.
SingleLogoutService slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
spSsoDescriptor.SingleLogoutServices.Add(slo);
// Create Single Logout Service for HTTP-POST binding.
slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
spSsoDescriptor.SingleLogoutServices.Add(slo);
// Create Single Logout Service for HTTP-Artifact binding.
slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
spSsoDescriptor.SingleLogoutServices.Add(slo);
// Create Single Logout Service for SOAP binding.
slo = new SingleLogoutService();
slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.ssaml2";
spSsoDescriptor.SingleLogoutServices.Add(slo);
// Create Assertion Consumer Service for HTTP-POST binding.
AssertionConsumerService acs = new AssertionConsumerService();
acs.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
acs.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/ACS.saml2";
spSsoDescriptor.AssertionConsumerServices.Add(acs);
// Create Attribute Consuming Service.
AttributeConsumingService attcs = new AttributeConsumingService();
attcs.ServiceNames.Add(new ServiceName("AttributeContract", "en"));
attcs.RequestedAttributes.Add(new RequestedAttribute("lname"));
attcs.RequestedAttributes.Add(new RequestedAttribute("mid"));
attcs.RequestedAttributes.Add(new RequestedAttribute("fname"));
spSsoDescriptor.AttributeConsumingServices.Add(attcs);
// Name ID Formats
spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.EmailAddress));
spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.Persistent));
spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.Transient));
// You may want to sign
// ssoDescriptor.Sign(x509Certificate);
// Add SP SSO Descriptor to EntityDescriptor
entityDescriptor.SpSsoDescriptors.Add(spSsoDescriptor);
ContactPerson person = new ContactPerson();
person.Type = "technical";
person.Company = "Demo Domain";
person.GivenName = "John";
person.Surname = "Brown";
person.EmailAddresses.Add("a@email.com");
person.TelephoneNumbers.Add("12345");
entityDescriptor.ContactPeople.Add(person);
//RoleDescriptor role = new RoleDescriptor();
//KeyDescriptor key = new KeyDescriptor();
//key.Use = "encryption";
//key.KeyInfo = signedKeyInfoXml;
//role.KeyDescriptors.Add(key);
//// Add as many extensions as you need.
//role.Extensions.Elements.Add(extensionXmlElement);
//ssoDescriptor.Sign(x509Certificate); // Sign SSO Descriptor if needed.
entityDescriptor.Sign(x509Certificate); // In this case we sign the entity descriptor.
// If you dont want the 'md' tag prefix, uncomment the following line
//EntityDescriptor.CreateElement += EntityDescriptor_CreateElement;
string xml = entityDescriptor.GetXml().OuterXml;
System.Diagnostics.Trace.WriteLine(xml);
using (System.IO.StreamWriter fw = new System.IO.StreamWriter(@"D:\Temp\test.xml"))
{
fw.Write(xml);
}
}
static void EntityDescriptor_CreateElement(object sender, CreateElementEventArgs e)
{
e.Prefix = e.Prefix.Replace("md", "");
}