更新SAMLController.Configurations

时间:2018-08-17 11:28:33

标签: single-sign-on x509certificate saml-2.0 component-space

大家好,

我正在使用ComponentSpace作为服务提供者来为我的客户建立SAML2单点登录。客户端使用他们自己的身份提供者来认证并获得对我的MVC5 Web应用程序的访问。我遇到的问题是,当客户端要更新其X509证书文件时,我会动态更新物理文件,但是我必须进行IIS重置才能使用新的证书文件。我如何避免在身份验证时不必进行IIS重置并让ComponentSpace使用新的X509证书文件。我的代码示例如下。

var samlConfiguration = new 
ComponentSpace.SAML2.Configuration.SAMLConfiguration();

var ssoUrl = "https://www.ssoUrl/Consumer";
var ssoName ="https://www.ssoName";

var localServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
  Name = ssoName,
  AssertionConsumerServiceUrl = ssoUrl
};

samlConfiguration.LocalServiceProviderConfiguration = localServiceProviderConfiguration ;

var certNamePrimary = ConfigurationManager.AppSettings["Certificate_Path"] + "cert-A.cer";

var certNameSecondary = ConfigurationManager.AppSettings["Certificate_Path"] + "cert-B.cer";

var partnerIdentityProviderConfiguration = new 
ComponentSpace.SAML2.Configuration.PartnerIdentityProviderConfiguration()
{
    Name = clientConfig.PartnerIdPName,
    SingleSignOnServiceUrl = clientConfig.IdPSingleSignOnServiceURL,
    SignAuthnRequest = false,
    WantSAMLResponseSigned = false,
    WantAssertionEncrypted = false,
    WantAssertionSigned = true,
    PartnerCertificateFile = certNamePrimary ,
    SecondaryPartnerCertificateFile = certNameSecondary 
};

samlConfiguration.PartnerIdentityProviderConfigurations.AddPartnerIdentityProvider(partnerIdentityProviderConfiguration );

if (ComponentSpace.SAML2.SAMLController.Configurations.Keys.Contains(ssoUrl))
{
   ComponentSpace.SAML2.SAMLController.Configurations.Remove(ssoUrl);                        
   ComponentSpace.SAML2.SAMLController.Configurations.Add(ssoUrl, samlConfiguration);
}
else
    ComponentSpace.SAML2.SAMLController.Configurations.Add(ssoUrl, samlConfiguration);

ComponentSpace.SAML2.SAMLController.ConfigurationID = ssoUrl;
SAMLServiceProvider.InitiateSSO(Response, null, "http://company.com/adfs/services/trust");

0 个答案:

没有答案