static GenericXmlSecurityToken WrapJwt(string jwt)
{
var subject = new ClaimsIdentity("saml");
subject.AddClaim(new Claim("jwt", jwt));
var descriptor = new SecurityTokenDescriptor
{
TokenType = TokenTypes.Saml2TokenProfile11,
TokenIssuerName = "urn:wrappedjwt",
Subject = subject
};
var handler = new Saml2SecurityTokenHandler();
var token = handler.CreateToken(descriptor);
var xmlToken = new GenericXmlSecurityToken(
XElement.Parse(token.ToTokenXmlString()).ToXmlElement(),
null,
DateTime.Now,
DateTime.Now.AddHours(1),
null,
null,
null);
return xmlToken;
}
private static SecurityToken GenerateHardcodedToken()
{
var securityTokenDescriptor = new SecurityTokenDescriptor();
securityTokenDescriptor.Subject = ClaimsPrincipal.Current.Identity as ClaimsIdentity;
securityTokenDescriptor.Lifetime = new Lifetime(DateTime.Now, DateTime.Now.AddDays(2));
securityTokenDescriptor.TokenIssuerName = "http://identityserver.v2.thinktecture.com/trust/changethis";
securityTokenDescriptor.AppliesToAddress = "https://windows7:444/identity/wstrust/bearer";
securityTokenDescriptor.SigningCredentials = GenerateSigningCredentials();
Saml2SecurityTokenHandler saml2SecurityTokenHandler = new Saml2SecurityTokenHandler();
var saml2SecurityToken = saml2SecurityTokenHandler.CreateToken(securityTokenDescriptor) as Saml2SecurityToken;
var authenticationMethod = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password";
var authenticationContext = new Saml2AuthenticationContext(new Uri(authenticationMethod));
saml2SecurityToken.Assertion.Statements.Add(new Saml2AuthenticationStatement(authenticationContext));
return saml2SecurityToken;
}
public static string CreateSaml2Token(string name)
{
var id = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, name) }, "SAML");
var descriptor = new SecurityTokenDescriptor
{
Subject = id,
AppliesToAddress = "https://test",
TokenIssuerName = "http://issuer",
SigningCredentials = GetSamlSigningCredential(),
};
var handler = new Saml2SecurityTokenHandler();
handler.Configuration = new SecurityTokenHandlerConfiguration();
var token = handler.CreateToken(descriptor);
return token.ToTokenXmlString();
}
private void CreateSaml2Tokens( SecurityTokenDescriptor tokenDescriptor )
{
Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler();
Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken;
MemoryStream ms = new MemoryStream();
XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter( ms );
samlTokenHandler.WriteToken( writer, token );
}
private void RunValidationTests( SecurityTokenDescriptor tokenDescriptor, SecurityToken securityToken, SecurityKey key, int iterations, bool display = true )
{
// Create jwts using wif
// Create Saml2 tokens
// Create Saml tokens
DateTime started;
string validating = "Validating, signed: '{0}', '{1}' Tokens. Time: '{2}'";
SetReturnSecurityTokenResolver str = new Test.SetReturnSecurityTokenResolver( securityToken, key );
SecurityTokenHandlerConfiguration tokenHandlerConfiguration = new SecurityTokenHandlerConfiguration()
{
IssuerTokenResolver = str,
SaveBootstrapContext = true,
CertificateValidator = AlwaysSucceedCertificateValidator.New,
AudienceRestriction = new AudienceRestriction( AudienceUriMode.Never ),
IssuerNameRegistry = new SetNameIssuerNameRegistry( Issuers.GotJwt ),
};
Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler();
Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken;
StringBuilder sb = new StringBuilder();
XmlWriter writer = XmlWriter.Create(sb);
samlTokenHandler.WriteToken( writer, token );
writer.Flush();
writer.Close();
string tokenXml = sb.ToString();
samlTokenHandler.Configuration = tokenHandlerConfiguration;
started = DateTime.UtcNow;
for ( int i = 0; i < iterations; i++ )
{
StringReader sr = new StringReader( tokenXml );
XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) );
reader.MoveToContent();
SecurityToken saml2Token = samlTokenHandler.ReadToken( reader );
samlTokenHandler.ValidateToken( saml2Token );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "Saml2SecurityTokenHandler", iterations, DateTime.UtcNow - started ) );
}
JwtSecurityTokenHandler jwtTokenHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken;
jwtTokenHandler.Configuration = tokenHandlerConfiguration;
started = DateTime.UtcNow;
for ( int i = 0; i < iterations; i++ )
{
jwtTokenHandler.ValidateToken( jwt.RawData );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ValidateToken( jwt.RawData )", iterations, DateTime.UtcNow - started ) );
}
jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken;
sb = new StringBuilder();
writer = XmlWriter.Create(sb);
jwtTokenHandler.WriteToken( writer, jwt );
writer.Flush();
writer.Close();
tokenXml = sb.ToString();
started = DateTime.UtcNow;
for ( int i = 0; i<iterations; i++ )
{
StringReader sr = new StringReader( tokenXml );
XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) );
reader.MoveToContent();
SecurityToken jwtToken = jwtTokenHandler.ReadToken( reader );
jwtTokenHandler.ValidateToken( jwtToken );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken )", iterations, DateTime.UtcNow - started ) );
}
started = DateTime.UtcNow;
for ( int i = 0; i < iterations; i++ )
{
StringReader sr = new StringReader( tokenXml );
XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) );
reader.MoveToContent();
JwtSecurityToken jwtToken = jwtTokenHandler.ReadToken( reader ) as JwtSecurityToken;
jwtTokenHandler.ValidateToken( jwtToken.RawData );
}
if ( display )
{
Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken.RawData )", iterations, DateTime.UtcNow - started ) );
}
}
