Creating Metadata for ADFS

The following example demonstrates how to generate Metadata for ADFS:

using ComponentPro.Saml;
using ComponentPro.Saml2;
using ComponentPro.Saml2.Metadata;
using System.Security.Cryptography.X509Certificates;
...
static void Main()
{
	// Create a new instance of the EntityDescriptor class.
	EntityDescriptor entityDescriptor = new EntityDescriptor();
	
	// Set ID.
	entityDescriptor.Id = "MPCSHKBKAJTWEF5RsrHcS2.R3Fb";
	entityDescriptor.EntityId = new EntityIdType("http://xxx.xxxx.com/adfs/services/trust");

	// Create a new instance of the AttributeAuthorityDescriptor class.
	// You may not need this AttributeAuthorityDescriptor in your metadata.
	AttributeAuthorityDescriptor attributeAuthorityDescriptor = new AttributeAuthorityDescriptor();
	// Add that AttributeAuthorityDescriptor to the entity descriptor.
	entityDescriptor.AttributeAuthorityDescriptors.Add(attributeAuthorityDescriptor);

	// Set binding type and location.
	AttributeService attributeService = new AttributeService();
	attributeService.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
	attributeService.Location = "https://xxx.xxxx.xxxx.com/idp/attrsvc.ssaml2";
	attributeAuthorityDescriptor.AttributeServices.Add(attributeService);

	// Load the key to sign
	X509Certificate2 x509Certificate = new X509Certificate2(@"..\..\Pkey.pfx", "password");

	// Create SP SSO Descriptor
	SpSsoDescriptor spSsoDescriptor = new SpSsoDescriptor();

	spSsoDescriptor.ProtocolSupportEnumeration = SamlNamespaceUris.Protocol;
	spSsoDescriptor.WantAssertionsSigned = true;

	// Create Artifact Resolution Service
	ArtifactResolutionService ars = new ArtifactResolutionService();
	ars.IsDefault = true;
	ars.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/ARS.ssaml2";
	spSsoDescriptor.ArtifactResolutionServices.Add(ars);

	// Create Single Logout Service for HTTP-Redirect binding.
	SingleLogoutService slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Single Logout Service for HTTP-POST binding.
	slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Single Logout Service for HTTP-Artifact binding.
	slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.saml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Single Logout Service for SOAP binding.
	slo = new SingleLogoutService();
	slo.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
	slo.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/SLO.ssaml2";
	spSsoDescriptor.SingleLogoutServices.Add(slo);

	// Create Assertion Consumer Service for HTTP-POST binding.
	AssertionConsumerService acs = new AssertionConsumerService();
	acs.Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
	acs.Location = "https://ssoqa.xxxxx.com/hsyeg/sp/ACS.saml2";
	spSsoDescriptor.AssertionConsumerServices.Add(acs);

	// Create Attribute Consuming Service.
	AttributeConsumingService attcs = new AttributeConsumingService();
	attcs.ServiceNames.Add(new ServiceName("AttributeContract", "en"));
	attcs.RequestedAttributes.Add(new RequestedAttribute("lname"));
	attcs.RequestedAttributes.Add(new RequestedAttribute("mid"));
	attcs.RequestedAttributes.Add(new RequestedAttribute("fname"));
	spSsoDescriptor.AttributeConsumingServices.Add(attcs);

	// Name ID Formats
	spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.EmailAddress));
	spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.Persistent));
	spSsoDescriptor.NameIdFormats.Add(new NameIdFormat(SamlNameIdentifierFormat.Transient));

	// You may want to sign
	// ssoDescriptor.Sign(x509Certificate);

	// Add SP SSO Descriptor to EntityDescriptor
	entityDescriptor.SpSsoDescriptors.Add(spSsoDescriptor);

	ContactPerson person = new ContactPerson();
	person.Type = "technical";
	person.Company = "Demo Domain";
	person.GivenName = "John";
	person.Surname = "Brown";
	person.EmailAddresses.Add("a@email.com");
	person.TelephoneNumbers.Add("12345");

	entityDescriptor.ContactPeople.Add(person);

	//RoleDescriptor role = new RoleDescriptor();
	//KeyDescriptor key = new KeyDescriptor();
	//key.Use = "encryption";
	//key.KeyInfo = signedKeyInfoXml;
	//role.KeyDescriptors.Add(key);

	//// Add as many extensions as you need.
	//role.Extensions.Elements.Add(extensionXmlElement);
	

	//ssoDescriptor.Sign(x509Certificate); // Sign SSO Descriptor if needed.
	entityDescriptor.Sign(x509Certificate); // In this case we sign the entity descriptor.

	// If you dont want the 'md' tag prefix, uncomment the following line
	//EntityDescriptor.CreateElement += EntityDescriptor_CreateElement;

	string xml = entityDescriptor.GetXml().OuterXml;

	System.Diagnostics.Trace.WriteLine(xml);

	using (System.IO.StreamWriter fw = new System.IO.StreamWriter(@"D:\Temp\test.xml"))
	{
		fw.Write(xml);
	}
}

static void EntityDescriptor_CreateElement(object sender, CreateElementEventArgs e)
{
	e.Prefix = e.Prefix.Replace("md", "");
}

45-Day Money Back Guarantee

We will refund your full money in 45 days
if you are not satisfied with our products

Buy Now