private void Init(string piIssuerCertificateThumbPrint)
        {
            var usernameHandler = new STSUserNameHandler();

            SecurityTokenService          = typeof(STSService);
            usernameHandler.Configuration = new SecurityTokenHandlerConfiguration();
            usernameHandler.Configuration.AudienceRestriction = new AudienceRestriction();
            usernameHandler.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never;
            usernameHandler.Configuration.SaveBootstrapContext             = true;
            usernameHandler.Configuration.IssuerNameRegistry = new STSIssuerNameRegister(piIssuerCertificateThumbPrint);
            SecurityTokenHandlers.AddOrReplace(usernameHandler);
        }
        public SimpleStsConfiguration(IRelyingParty rp)
            : base(rp.IssuerName)
        {
            RelyingParty         = rp;
            SecurityTokenService = typeof(SimpleSts);

            SecurityTokenHandlers.Clear();
            SecurityTokenHandlers.Add(TokenTypes.GetSecurityTokenHandler(rp.TokenType));


            ServiceCertificate = rp.GetEncryptingCertificate();
            if (ServiceCertificate != null)
            {
                SecurityTokenHandlers.Add(new EncryptedSecurityTokenHandler());
            }
        }
        /// <summary>
        /// Creates configuration for the basic security token service.
        /// </summary>
        public BasicSecurityTokenServiceConfiguration() :
            base(ConfigurationProvider.Instance.IssuerTokenName.Uri.AbsoluteUri)
        {
            DisableWsdl         = true;
            SaveBootstrapTokens = true;
            TokenIssuerName     = ConfigurationProvider.Instance.IssuerTokenName.Uri.AbsoluteUri;
            SigningCredentials  = new X509SigningCredentials(CertificateHelper.GetCertificate(StoreName.My, StoreLocation.LocalMachine, ConfigurationProvider.Instance.SigningCertificate.SubjetName));

            var userNameSecurityTokenHandler = SecurityTokenHandlers.OfType <UserNameSecurityTokenHandler>().FirstOrDefault();

            while (userNameSecurityTokenHandler != null)
            {
                SecurityTokenHandlers.Remove(userNameSecurityTokenHandler);
                userNameSecurityTokenHandler = SecurityTokenHandlers.OfType <UserNameSecurityTokenHandler>().FirstOrDefault();
            }
            SecurityTokenHandlers.Add(new UserNameAsMailAddressSecurityTokenHandler());

            SecurityTokenService = typeof(BasicSecurityTokenService);
        }
Beispiel #4
0
        private ReadOnlyCollection <ClaimsIdentity> ValidateAssertion(string assertionXml)
        {
            ReadOnlyCollection <ClaimsIdentity> claimsIdentities = null;
            Saml2SecurityToken securityToken;
            StringReader       reader = new StringReader(assertionXml);

            using (XmlReader xmlReader = XmlReader.Create(reader))
            {
                if (!xmlReader.ReadToFollowing("saml2:Assertion"))
                {
                    throw new SecurityTokenValidationException("SAML2 Assertion not found.");
                }

                FixedSaml2SecurityTokenHandler       tokenHandler       = new FixedSaml2SecurityTokenHandler(Recipient);
                SecurityTokenHandler[]               tokenHandlers      = new SecurityTokenHandlers[] { tokenHandler };
                SecurityTokenHandlerCollection       handlerCollection  = new SecurityTokenHandlerCollection(tokenHandlers);
                ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry();

                foreach (TrustedIssuer issuer in TrustedIssuers)
                {
                    issuerNameRegistry.AddTrustedIssuer(issuer.CertificateThumbprint, issuer.IssuerName);
                }
                handlerCollection.Configuration.IssuerNameRegistry = issuerNameRegistry;

                AudienceRestriction restriction = new AudienceRestriction(AudienceUriMode.Always);

                foreach (Uri allowedAudience in AllowedAudiences)
                {
                    restriction.AllowedAudiencesUris.Add(allowedAudience);
                }
                handlerCollection.Configuration.AudienceRestriction = restriction;
                securityToken    = (Saml2SecurityToken)handlerCollection.ReadToken(xmlReader.ReadSubtree());
                claimsIdentities = handlerCollection.ValidateToken(securityToken);
            }
            return(claimsIdentities);
        }
 public WsTrustOptions AddSecurityTokenHandler(Func <IServiceProvider, SecurityTokenHandler> factory, params string[] requestedTokenTypes)
 {
     SecurityTokenHandlers.Add(new SecurityTokenHandlerDescriptor(requestedTokenTypes, factory));
     return(this);
 }