protected virtual ClaimsIdentity ConvertTicket(DecryptedKrbApReq krbApReq)
{
var claims = new List <Claim>();
var restrictions = new List <Restriction>();
DecodeRestrictions(krbApReq, claims, restrictions);
SetMinimumIdentity(krbApReq, claims);
string apRep = null;
if (krbApReq.Options.HasFlag(ApOptions.MutualRequired))
{
var apRepEncoded = krbApReq.CreateResponseMessage().EncodeApplication();
apRep = Convert.ToBase64String(apRepEncoded.ToArray());
}
return(new KerberosIdentity(
claims,
"Kerberos",
ClaimTypes.NameIdentifier,
ClaimTypes.Role,
restrictions,
validator.ValidateAfterDecrypt,
apRep
));
}
