Forums, Documentation & Knowledge Base - ComponentSpace

encrypt password for "LocalCertificates" section in JSON SAML file


https://componentspace.com/forums/Topic10221.aspx

By eric_08 - 8/15/2019

I have separate SAML JSON file for storing SAML configuration settings. I'm trying to implement service provider side, but one of my requirements is that the "Password" value used for PFX file for service provider certificate needs to be encrypted. I looked at this in detail, and I came up with my CustomSamlConfigurationResolver class that extends built-in SamlConfigurationResolver class. The code looks like this: (The assumption here is that passwords are already encrypted, which is done by separate code)

public class CustomSamlConfigurationResolver : SamlConfigurationResolver
  {
   private readonly Lazy<IDataProtector> protector;

   private bool isUnprotected;

   public CustomSamlConfigurationResolver(IDataProtectionProvider dataProtectionProvider, IOptionsSnapshot<SamlConfigurations> samlConfigurations)
    : base(samlConfigurations)
   {
    this.protector = new Lazy<IDataProtector>(() => dataProtectionProvider.CreateProtector("Certs"));
   }

   public override Task<LocalServiceProviderConfiguration> GetLocalServiceProviderConfigurationAsync(string configurationID)
   {
    var task = base.GetLocalServiceProviderConfigurationAsync(configurationID);

    if (this.isUnprotected)
    {
      return task;
    }

    var localServiceProviderConfiguration = task.Result;

    this.isUnprotected = true;
    foreach (var certificate in localServiceProviderConfiguration.LocalCertificates)
    {
      if (!string.IsNullOrWhiteSpace(certificate.Password))
      {
       certificate.Password = this.protector.Value.Unprotect(certificate.Password);
      }
    }

    return task;
   }

The above class is registered in Startup class like this:

   services.TryAddScoped<ISamlConfigurationResolver, CustomSamlConfigurationResolver>();
    services.AddSaml(this.Configuration.GetSection("SAML"));

Everything seems to work, but I'd like to know if there is easier way to accomplish this.

Thanks,
Eric
By ComponentSpace - 8/19/2019

You're welcome.