Introduction
In this article, we can retrieve Relying party application authenticated under ACS (an Identity And Access management middleware).
Background
Playing out with ACS to find RPs were a bit confusing but there are 2 ways which I found to be relevant and with few drawbacks.
Reason why we need Retrieve Relying party application details are:
- To know some application sensitive information like tenant subscribed under which IDP and how many?
- To know the Count of Retrieve Relying party application in the ACS !
Using the Code
The below code is C# code.
Two different code are here one direct way of writing a method which grabs Relying Party on the basis of Tenant name who authenticated to your Application via ACS.
This code uses ACS Management Service internally when it calls up.
CreateManagementServiceClient
public RelyingParty RetrieveRelyingParty(string name)
{
try
{
var client = this.CreateManagementServiceClient();
return client.RelyingParties
.Expand("RelyingPartyAddresses/RelyingParty,
RelyingPartyIdentityProviders/IdentityProvider,
RelyingPartyIdentityProviders/IdentityProvider/Issuer,
RelyingPartyIdentityProviders/RelyingParty,
RelyingPartyKeys/RelyingParty,RelyingPartyRuleGroups/RelyingParty,
RelyingPartyRuleGroups/RuleGroup/Rules")
.Where(rp => rp.Name.Equals(name, StringComparison.OrdinalIgnoreCase))
.FirstOrDefault();
}
catch (Exception ex)
{
throw this.TryGetExceptionDetails(ex);
}
}
This code also uses ACS Management Service internally but it does not fetch directly the Identity Providers of a particular tenant.
Follows steps like:
- Get all the
relyingPartyList using Service Helper internally uses ACS Management Service - Get all the
identityProviderList - Iterate over
relyingPartyList to select the proper Tenant Relying Party you want to target to get the IDP name - Iterate and get match of the Unique IDO ids from both the IDP list and RP list and then get the Corresponding IDP name
ManagementServiceHelper serviceHelper = new ManagementServiceHelper
(acsData.AcsServiceNameSpace, acsData.AcsUserName, acsData.AcsPassword);
int count = serviceHelper.RetrieveRelyingParties().Count();
List<RelyingParty> relyingPartyList =
serviceHelper.RetrieveRelyingParties().ToList();
List<IdentityProvider> identityProviderList =
serviceHelper.RetrieveIdentityProviders().ToList();
foreach (var item in relyingPartyList)
{
if (item.Name.Equals(existingTenantData.TenantSlugName))
{
string selected_Idp_DisplayName = string.Empty;
string selected_IDP_ID = (from selectedIdp in
identityProviderList select selectedIdp.Id).
FirstOrDefault().ToString();
foreach (var identityProvider in identityProviderList)
{
foreach (var item2 in item.RelyingPartyIdentityProviders)
{
if (identityProvider.Id.Equals(item2.IdentityProviderId))
{
selected_Idp_DisplayName = identityProvider.DisplayName;
message = selected_Idp_DisplayName;
}
}
}
}
else
{
message = "Could not Find Identity Provider name
Corresponding to the Relying Party";
}
}
Hope this was useful...
References
History
- 9th October, 2014 - Initial post
