The following code example demonstrates sending an Issue request to PingFederate with a Username token. PingFederate validates the Username token and issues a SAML token based upon the configured SP configuration.
// Configure STS Client (IDP-side, SP connection) STSClientConfiguration idpStsConfig = new STSClientConfiguration(); idpStsConfig.appliesTo = "http://wsp.domain.com"; idpStsConfig.stsEndpoint = new Uri("https://wsc.domain.com:9031/idp/sts.wst"); idpStsConfig.systemAuthType = SystemAuthType.BASIC; idpStsConfig.systemAuthUsername = "test1"; idpStsConfig.systemAuthPassword = "2Federate"; STSClient idpStsClient = new STSClient(idpStsConfig); // Send RST Issue request to STS SecurityToken samlToken = idpStsClient.IssueToken("joe","Password1");
The following code example demonstrates making a Validate request to PingFederate.
SoapContext reqCtx = RequestSoapContext.Current; if (reqCtx.Security.Tokens.Count == 0) { throw new SecurityFault("No security token found"); } IEnumerator tokenEnumerator = reqCtx.Security.Tokens.GetEnumerator(); tokenEnumerator.MoveNext(); SecurityToken samlToken = (SecurityToken) tokenEnumerator.Current; if (!(samlToken is SamlTokenClientBase)) { throw new SecurityFault("Only SAML tokens are supported"); } // Configure STS Client (SP-side, IdP connection) STSClientConfiguration spStsConfig = new STSClientConfiguration(); spStsConfig.stsEndpoint = new Uri("https://wsp.domain.com:9031/idp/sts.wst"); spStsConfig.systemAuthType = SystemAuthType.BASIC; spStsConfig.systemAuthUsername = "test1"; spStsConfig.systemAuthPassword = "2Federate"; STSClient spStsClient = new STSClient(spStsConfig); bool tokenValid = spStsClient.ValidateToken(samlToken); if (!tokenValid) { throw new SecurityFault("Invalid Token"); }
In order to use the example code, add the following lines to the security element of microsoft.web.services3 section in your application configuration (App.config) file. Only one SAML token manager can be in use during runtime. Disable the token manager not in use using XML comments.
<securityTokenManager> <add type="com.pingidentity.Security.Tokens.SAMLToken.ClientSaml1_1TokenManager, StsClientApi_Tokens" namespace="urn:oasis:names:tc:SAML:1.0:assertion" localName="Assertion"/> <!-- <add type="com.pingidentity.Security.Tokens.SAMLToken.ClientSaml2_0TokenManager, StsClientApi_Tokens" namespace="urn:oasis:names:tc:SAML:2.0:assertion" localName="Assertion" /> --> </securityTokenManager>
Class | Description |
---|---|
WstStatus | This class helps to work with the validate status in the RSTR. |