How To: Generate FederationMetadata for a passive STS with Geneva Framework

UPDATE: the code has been updated to work with WIF RTM. Thanks Nico! Providing the federation metadata for your STS will be very useful when a relying party want to establish a trust relationship with your STS. For instance, the Geneva Framework provides a FedUtil.exe tool that allows you to point to this metadata file and configure the relying party changing the microsoft.identityModel section (read more about the metadata format here: http://www.oasis-open.org/committees/download.php/30005/ws-federation-1.2-spec-ed-09.doc) The metadata is signed with the STS private key, which make sense because you don't want someone else publishing a metadata file and claiming that it's your STS metadata. That means that you will need some code in order to generate that signature based on the metadata content. Well I have good news for you. Microsoft Geneva Framework provides a couple of useful classes (like MetadataSerializer) to generate the metadata. Disclaimer: this code generates a simple version of federation metadata for an IP passive STS (it does not include WS-Trust endpoints for active profile for instance).
var stsUri = new Uri("https://login.mysts.com/FederationPassive");
string destFolder = @"d:\Temp\";
string signingCertificateSubjectName = "CN=localhost";
var claimsOffered = new DisplayClaim[]
{
    CreateDisplayClaim("http://schemas.xmlsoap.org/claims/Group", false, "Group", string.Empty),
    CreateDisplayClaim("http://schemas.xmlsoap.org/claim/Issuer", false, "Issuer", string.Empty),
    CreateDisplayClaim("http://schemas.xmlsoap.org/claim/Email", false, "Email", string.Empty),
    CreateDisplayClaim("http://schemas.xmlsoap.org/claim/FirstName", false, "FirstName", string.Empty),
    CreateDisplayClaim("http://schemas.xmlsoap.org/claim/LastName", false, "LastName", string.Empty),
    CreateDisplayClaim("http://schemas.xmlsoap.org/claim/CostCenter", false, "CostCenter", string.Empty),
    CreateDisplayClaim("http://schemas.xmlsoap.org/claim/Phone", false, "Phone", string.Empty)
};

CreatePassiveStsMetadata(stsUri, signingCertificateSubjectName, claimsOffered, destFolder);
The code above shows the usage for a sample STS. Download the code from here

Published: May 10 2009

blog comments powered by Disqus