ComponentSpace

Forums



Programmatic Configuration with Certificates in a Database?


Programmatic Configuration with Certificates in a Database?

Author
Message
Russ Collins
Russ Collins
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 11
We're currently using XML configuration with certificates stored in the file system. We would like to move to programmatic configuration with configuration elements and certificates stored in a SQL Server database. From the Developer Guide, we're pretty clear on programmatic configuration but we're trying to work out how to retrieve certificates from a database. Is there a documented approach to this? Are there any cautionary tales regarding this approach? Thanks for any guidance you can provide.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
Hi Russ,

The Configuration Guide describes two techniques for setting SAML configuration programmatically. When storing configuration in a database, the recommended approach is to implement the ISAMLConfigurationResolver interface as described in the guide.

Certificates should be stored in the database as base-64 strings.

The Certificate Guide includes a "Certificate Strings" section describing how to convert certificates into strings.

The following example code is for a configuration resolver that returns hard-coded values. Your configuration resolver would read these values from your database.

The CertificateConfiguration.String property is used to specify the certificate as a base-64 string.


using ComponentSpace.SAML2.Configuration;
using ComponentSpace.SAML2.Configuration.Resolver;

public class ExampleConfigurationResolver : AbstractSAMLConfigurationResolver
{
  /// <summary>
  /// Gets the <c>LocalServiceProviderConfiguration</c>.
  /// </summary>
  /// <param name="configurationID">The configuration ID or <c>null</c> if none.</param>
  /// <returns>The local service provider configuration.</returns>
  /// <exception cref="SAMLException">
  /// Thrown when the local service provider configuration cannot be found.
  /// </exception>
  public override LocalServiceProviderConfiguration GetLocalServiceProviderConfiguration(string configurationID)
  {
      return new LocalServiceProviderConfiguration()
      {
          Name = "https://ExampleServiceProvider",
          AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
          LocalCertificates = new List<CertificateConfiguration>()
          {
              new CertificateConfiguration()
              {
                  String = "base-64 string goes here",
                  Password = "password"
               }
          }
       };
  }

  /// <summary>
  /// Gets the <c>PartnerIdentityProviderConfiguration</c> given the partner name.
  /// </summary>
  /// <param name="configurationID">The configuration ID or <c>null</c> if none.</param>
  /// <param name="partnerName">The partner name.</param>
  /// <returns>The partner identity provider configuration.</returns>
  /// <exception cref="SAMLException">
  /// Thrown when the partner identity provider configuration cannot be found.
  /// </exception>
  public override PartnerIdentityProviderConfiguration GetPartnerIdentityProviderConfiguration(string configurationID, string partnerName)
  {
      return new PartnerIdentityProviderConfiguration()
       {
           Name = "https://ExampleIdentityProvider",
           SignAuthnRequest = true,
           SingleSignOnServiceUrl = "https://localhost:44390/SAML/SSOService.aspx",
           SingleLogoutServiceUrl = "https://localhost:44390/SAML/SLOService.aspx",
           PartnerCertificates = new List<CertificateConfiguration>()
           {
               new CertificateConfiguration()
               {
                   String = "base-64 string goes here",
               }
           }
     };
  }
}



You register your ISAMLConfigurationResolver implementation at application start-up.


SAMLController.ConfigurationResolver = new ExampleConfigurationResolver();




Regards
ComponentSpace Development
Russ Collins
Russ Collins
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 11
ComponentSpace - 1/28/2020
Hi Russ,

The Configuration Guide describes two techniques for setting SAML configuration programmatically. When storing configuration in a database, the recommended approach is to implement the ISAMLConfigurationResolver interface as described in the guide.

Certificates should be stored in the database as base-64 strings.

The Certificate Guide includes a "Certificate Strings" section describing how to convert certificates into strings.

The following example code is for a configuration resolver that returns hard-coded values. Your configuration resolver would read these values from your database.

The CertificateConfiguration.String property is used to specify the certificate as a base-64 string.


using ComponentSpace.SAML2.Configuration;
using ComponentSpace.SAML2.Configuration.Resolver;

public class ExampleConfigurationResolver : AbstractSAMLConfigurationResolver
{
  /// <summary>
  /// Gets the <c>LocalServiceProviderConfiguration</c>.
  /// </summary>
  /// <param name="configurationID">The configuration ID or <c>null</c> if none.</param>
  /// <returns>The local service provider configuration.</returns>
  /// <exception cref="SAMLException">
  /// Thrown when the local service provider configuration cannot be found.
  /// </exception>
  public override LocalServiceProviderConfiguration GetLocalServiceProviderConfiguration(string configurationID)
  {
      return new LocalServiceProviderConfiguration()
      {
          Name = "https://ExampleServiceProvider",
          AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
          LocalCertificates = new List<CertificateConfiguration>()
          {
              new CertificateConfiguration()
              {
                  String = "base-64 string goes here",
                  Password = "password"
               }
          }
       };
  }

  /// <summary>
  /// Gets the <c>PartnerIdentityProviderConfiguration</c> given the partner name.
  /// </summary>
  /// <param name="configurationID">The configuration ID or <c>null</c> if none.</param>
  /// <param name="partnerName">The partner name.</param>
  /// <returns>The partner identity provider configuration.</returns>
  /// <exception cref="SAMLException">
  /// Thrown when the partner identity provider configuration cannot be found.
  /// </exception>
  public override PartnerIdentityProviderConfiguration GetPartnerIdentityProviderConfiguration(string configurationID, string partnerName)
  {
      return new PartnerIdentityProviderConfiguration()
       {
           Name = "https://ExampleIdentityProvider",
           SignAuthnRequest = true,
           SingleSignOnServiceUrl = "https://localhost:44390/SAML/SSOService.aspx",
           SingleLogoutServiceUrl = "https://localhost:44390/SAML/SLOService.aspx",
           PartnerCertificates = new List<CertificateConfiguration>()
           {
               new CertificateConfiguration()
               {
                   String = "base-64 string goes here",
               }
           }
     };
  }
}



You register your ISAMLConfigurationResolver implementation at application start-up.


SAMLController.ConfigurationResolver = new ExampleConfigurationResolver();



Thanks for pointing out the Certificate Guide. I think that was the puzzle piece I was missing.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)ComponentSpace Development (4K reputation)

Group: Administrators
Posts: 2.9K, Visits: 9.4K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search