Up until recently, we’ve been using v2.6.0.11, but after updating to v2.6.0.17, I can’t seem to find AbstractCertificateManager, or set CertificateManager in SAMLConfiguration.
We use this to pull certificates from different locations (some are coming from byte arrays, some are coming from the local certificate store).
Is this still available in v2.6.0.17, or has it been replaced by something different?
I’ve found that CertificateManager can be set in SAMLController directly - does this achieve the same thing?
My related question to this is that if AbstractCertificateManager has gone (along with the AddPartnerIdentityProviderCertificate, AddPartnerServiceProviderCertificate and AddPartnerIdentityProviderCertificate methods), do I now have to use a custom ICertificateLoader, or is there another way of loading certificates from a byte array (i.e., from a database)?
Hi Jamie
We normally maintain backward compatibility but do on occasions break this if it makes sense.
As part of the refactoring done, we created a SAMLController class and some of the properties formally part of SAMLConfiguration are now part of SAMLController.
For example, instead of SAMLConfiguration.CertificateManager there’s now SAMLController.CertificateManager.
Under the ComponentSpace.SAML2.Certificates namespace you’ll find the ICertificateManager interface. The CertificateManager class is the default implementation of ICertificateManager. We removed the AbstractCertificateManager class as it was superfluous.
Of course, you can implement ICertificateManager if you have a customer certificate manager to load certificates from a database etc.
I came across this post when I was upgrading. For your use case there is no reason to implement ICertificateManager. You can now use the builtin implementation to load certificates from the DB as a string. With v2 you probably had a CustomCertificateManager inheriting CertificateManager that would load certificates from the database. You don’t need to do this anymore, you can just load the certificate by adding a CertificateConfiguration, which will load the certificate through their ICertificateLoader implementation.
…
SAMLConfiguration samlConfiguration = SAMLController.Configuration;
…
string ssoUrl = Convert.ToString(dr[“SsoLoginUrl”]);
string sloUrl = Convert.ToString(dr[“SsoLogoutUrl”]);
string idpCertificate = Convert.ToString(dr[“SsoIdpX509Certificate”]);
string spPrivateKey = Convert.ToString(dr[“SsoSpPrivateKey”]);
string spCertificate = Convert.ToString(dr[“SsoSpX509Certificate”]);
PartnerIdentityProviderConfiguration partnerIdpConfig = new PartnerIdentityProviderConfiguration()
{
Name = ssoIdpEntityID,
SignAuthnRequest = signAuthnRequest,
WantSAMLResponseSigned = samlResponseSigned,
WantAssertionSigned = assertionSigned,
WantAssertionEncrypted = assertionEncrypted,
SingleSignOnServiceUrl = ssoUrl,
SingleLogoutServiceUrl = sloUrl,
NameIDFormat = nameIdFormat
};
CertificateConfiguration certConfig = new CertificateConfiguration();
certConfig.String = idpCertificate;
certConfig.Key = ssoIdpEntityID;
partnerIdpConfig.PartnerCertificates.Add(certConfig);
samlConfiguration.AddPartnerIdentityProvider(partnerIdpConfig);
…
All good information. Thank you.