Ever Try to Retrieve Relying Party Application Authenticated Under ACS (an Identity and Access Management Middleware) or the RP Identity Provider Name – DEVELOPPARADISE
26/04/2018

Ever Try to Retrieve Relying Party Application Authenticated Under ACS (an Identity and Access Management Middleware) or the RP Identity Provider Name


Introduction

In this article, we can retrieve Relying party application authenticated under ACS (an Identity And Access management middleware).

Background

Playing out with ACS to find RPs were a bit confusing but there are 2 ways which I found to be relevant and with few drawbacks.

Ever Try to Retrieve Relying Party Application Authenticated Under ACS (an Identity and Access Management Middleware) or the RP Identity Provider Name

Reason why we need Retrieve Relying party application details are:

  1. To know some application sensitive information like tenant subscribed under which IDP and how many?
  2. To know the Count of Retrieve Relying party application in the ACS !

Using the Code

The below code is C# code.

Two different code are here one direct way of writing a method which grabs Relying Party on the basis of Tenant name who authenticated to your Application via ACS.

This code uses ACS Management Service internally when it calls up.

CreateManagementServiceClient

// // Code 1 :   //   public RelyingParty RetrieveRelyingParty(string name)         {             try             {                 var client = this.CreateManagementServiceClient();                 return client.RelyingParties                     .Expand("RelyingPartyAddresses/RelyingParty,                     RelyingPartyIdentityProviders/IdentityProvider,                     RelyingPartyIdentityProviders/IdentityProvider/Issuer,                     RelyingPartyIdentityProviders/RelyingParty,                     RelyingPartyKeys/RelyingParty,RelyingPartyRuleGroups/RelyingParty,                     RelyingPartyRuleGroups/RuleGroup/Rules")                      .Where(rp => rp.Name.Equals(name, StringComparison.OrdinalIgnoreCase))                      .FirstOrDefault();             }             catch (Exception ex)             {                 throw this.TryGetExceptionDetails(ex);             }         } //

This code also uses ACS Management Service internally but it does not fetch directly the Identity Providers of a particular tenant.

Follows steps like:

  1. Get all the relyingPartyList using Service Helper internally uses ACS Management Service
  2. Get all the identityProviderList
  3. Iterate over relyingPartyList to select the proper Tenant Relying Party you want to target to get the IDP name
  4. Iterate and get match of the Unique IDO ids from both the IDP list and RP list and then get the Corresponding IDP name
// Code 2 : ManagementServiceHelper serviceHelper = new ManagementServiceHelper (acsData.AcsServiceNameSpace, acsData.AcsUserName, acsData.AcsPassword);                         int count = serviceHelper.RetrieveRelyingParties().Count();                         List<RelyingParty> relyingPartyList =                                serviceHelper.RetrieveRelyingParties().ToList();                         List<IdentityProvider> identityProviderList =                                serviceHelper.RetrieveIdentityProviders().ToList();                         foreach (var item in relyingPartyList)                         {                             if (item.Name.Equals(existingTenantData.TenantSlugName))                             {                                 string selected_Idp_DisplayName = string.Empty;                                 string selected_IDP_ID = (from selectedIdp in                                  identityProviderList select selectedIdp.Id).                                                      FirstOrDefault().ToString();                                 foreach (var identityProvider in identityProviderList)                                 {                                     foreach (var item2 in item.RelyingPartyIdentityProviders)                                     {                                         if (identityProvider.Id.Equals(item2.IdentityProviderId))                                         {                                             selected_Idp_DisplayName = identityProvider.DisplayName;                                             message = selected_Idp_DisplayName;                                         }                                     }                                 }                             }                             else                             {                                 message = "Could not Find Identity Provider name                                             Corresponding to the Relying Party";                             }                         }

Hope this was useful…

References

History

  • 9th October, 2014 – Initial post