private static AuthenticationHandler GetDefaultAuthenticationHandler()
        {
            var authConfig = new AuthenticationConfiguration
            {
                RequireSsl = false,
                InheritHostClientIdentity = false
            };

            #region Basic Authentication
            authConfig.AddBasicAuthentication((userName, password) => { return(userName == password); });
            #endregion

            //#region SWT
            //authConfig.Handler.AddSimpleWebToken(
            //    "SWT",
            //    Constants.Issuer,
            //    Constants.Realm,
            //    "Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg=");
            //#endregion

            #region SAML2 tokens
            var registry = new ConfigurationBasedIssuerNameRegistry();
            registry.AddTrustedIssuer("D263DDCF598E716F0037380796A4A62DF017ADB8", "TEST");

            var saml2Config = new SecurityTokenHandlerConfiguration();
            saml2Config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://test"));
            saml2Config.IssuerNameRegistry   = registry;
            saml2Config.CertificateValidator = X509CertificateValidator.None;

            authConfig.AddSaml2(saml2Config, AuthenticationOptions.ForAuthorizationHeader("Saml2"), null);
            #endregion

            var authHandler = new AuthenticationHandler(authConfig);
            return(authHandler);
        }
Example #2
0
        public static AuthenticationConfiguration CreateAuthenticationConfiguration(ILog log)
        {
            var authentication = new AuthenticationConfiguration {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl         = false,
                EnableSessionToken = true
            };

            #region Basic Authentication
            authentication.AddBasicAuthentication(UserCredentials.Validate);
            log.Info("Configurada autenticación básica.");
            #endregion

            #region IdentityServer JWT
            //authentication.AddJsonWebToken(
            //    issuer: Constants.IdSrv.IssuerUri,
            //    audience: Constants.Audience,
            //    signingKey: Constants.IdSrv.SigningKey);

            authentication.AddMsftJsonWebToken(
                issuer: Constants.IdSrv.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.IdSrv.SigningKey);
            log.Info("Configurado IdentityServer JWT.");
            #endregion

            #region Access Control Service JWT
            authentication.AddJsonWebToken(
                issuer: Constants.ACS.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.ACS.SigningKey,
                scheme: Constants.ACS.Scheme);
            log.Info("Configurado Access Control Service JWT.");
            #endregion

            #region IdentityServer SAML
            authentication.AddSaml2(
                issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
                issuerName: Constants.IdSrv.IssuerUri,
                audienceUri: Constants.Realm,
                certificateValidator: X509CertificateValidator.None,
                options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
                scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
            log.Info("Configurado IdentityServer SAML.");
            #endregion

            #region Client Certificates
            authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
            log.Info("Configurado Client Certificate.");
            #endregion

            // OLL: Reeemplazo la session key generada automaticamente. Tendría que haber una variable de web.config para indicar si la quiero random o fija
            // y obtener la key del config;
            authentication.SessionToken.SigningKey = Constants.SessionKey;
            log.Info("Configurada Clave.");

            return(authentication);
        }
Example #3
0
        private static AuthenticationConfiguration CreateAuthenticationConfiguration()
        {
            var authentication = new AuthenticationConfiguration
            {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl         = false,
                EnableSessionToken = true
            };

            #region Basic Authentication
            authentication.AddBasicAuthentication(UserCredentials.Validate);
            #endregion

            #region IdentityServer JWT
            //authentication.AddJsonWebToken(
            //    issuer: Constants.IdSrv.IssuerUri,
            //    audience: Constants.Audience,
            //    signingKey: Constants.IdSrv.SigningKey);

            authentication.AddMsftJsonWebToken(
                issuer: Constants.IdSrv.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.IdSrv.SigningKey);
            #endregion

            #region Access Control Service JWT
            authentication.AddJsonWebToken(
                issuer: Constants.ACS.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.ACS.SigningKey,
                scheme: Constants.ACS.Scheme);
            #endregion

            #region IdentityServer SAML
            authentication.AddSaml2(
                issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
                issuerName: Constants.IdSrv.IssuerUri,
                audienceUri: Constants.Realm,
                certificateValidator: X509CertificateValidator.None,
                options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
                scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
            #endregion

            #region Client Certificates
            authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
            #endregion

            return(authentication);
        }
Example #4
0
        public static void Register(HttpConfiguration config)
        {
            var authConfig = new AuthenticationConfiguration
            {
                RequireSsl = false,
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                EnableSessionToken          = true,
            };
            var registry = new ConfigurationBasedIssuerNameRegistry();

            registry.AddTrustedIssuer(System.Configuration.ConfigurationManager.AppSettings["SigningThumbPrint"], System.Configuration.ConfigurationManager.AppSettings["IssuerURI"]);
            var handlerConfig = new SecurityTokenHandlerConfiguration();

            handlerConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(System.Configuration.ConfigurationManager.AppSettings["AudianceUri"]));
            handlerConfig.IssuerNameRegistry   = registry;
            handlerConfig.CertificateValidator = X509CertificateValidator.None;
            handlerConfig.ServiceTokenResolver = new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine);
            authConfig.AddSaml2(handlerConfig, AuthenticationOptions.ForAuthorizationHeader("SAML"), AuthenticationScheme.SchemeOnly("SAML"));

            config.MessageHandlers.Add(new AuthenticationHandler(authConfig));

            config.Routes.MapHttpRoute(
                name: "UsersCurrentPermittedUser",
                routeTemplate: "api/Users/{logonUserName}/CurrentPermittedUser",
                defaults: new { Controller = "UsersCurrentPermittedUser", id = RouteParameter.Optional });
            //constraints:new {httpMethod = new System.Web.Http.Routing.HttpMethodConstraint(HttpMethod.Get,HttpMethod.Post)});


            config.Routes.MapHttpRoute(
                name: "Calculations",
                routeTemplate: "api/Periods/{PeriodId}/Calculations/{id}",
                defaults: new { Controller = "Calculations", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "CalculationsState",
                routeTemplate: "api/Periods/{PeriodId}/Calculations/{id}/State",
                defaults: new { Controller = "CalculationsState", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "CalculationsExceptions",
                routeTemplate: "api/Periods/{PeriodId}/Calculations/{calculationId}/Exceptions/{id}",
                defaults: new { Controller = "CalculationsExceptions", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "JobIndexPoints",
                routeTemplate: "api/Periods/{PeriodId}/Calculations/{CalculationId}/JobIndexpoints/{id}",
                defaults: new { Controller = "JobIndexPoints", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "JobCustomFields",
                routeTemplate: "api/Jobs/{jobId}/CustomFields/{id}",
                defaults: new { Controller = "JobCustomFields", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodState",
                routeTemplate: "api/Periods/{id}/State",
                defaults: new { Controller = "PeriodsState", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodSourceDestinationState",
                routeTemplate: "api/SourcePeriods/{sourcePeriodId}/DestinationPeriods/{destinationPeriodId}/State",
                defaults: new { Controller = "PeriodSourceDestinationState", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PolicyFunctions",
                routeTemplate: "api/Policies/{PolicyId}/Functions/{id}",
                defaults: new { Controller = "PolicyFunctions", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PolicyRules",
                routeTemplate: "api/Policies/{PolicyId}/Rules/{id}",
                defaults: new { Controller = "PolicyRules", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PolicyRuleTrails",
                routeTemplate: "api/Policies/{policyId}/Rules/{ruleId}/Trails/{id}",
                defaults: new { Controller = "PolicyRuleTrails", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PolicyRuleCompilations",
                routeTemplate: "api/Policies/{PolicyId}/RuleCompilations/{id}",
                defaults: new { Controller = "RuleCompilations", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodUnits",
                routeTemplate: "api/Periods/{PeriodId}/Units/{id}",
                defaults: new { Controller = "PeriodUnits", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "UnitInquirySubjectsController",
                routeTemplate: "api/Periods/{PeriodId}/Units/{UnitId}/InquirySubjects",
                defaults: new { Controller = "UnitInquirySubjects", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "UnitVerifiersController",
                routeTemplate: "api/Periods/{PeriodId}/Units/{UnitId}/Verifiers",
                defaults: new { Controller = "UnitVerifiers", id = RouteParameter.Optional });


            config.Routes.MapHttpRoute(
                name: "InquirerInquiryUnits",
                routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquiryUnits",
                defaults: new { Controller = "InquirerInquiryUnits", id = RouteParameter.Optional });


            config.Routes.MapHttpRoute(
                name: "EmployeeUnits",
                routeTemplate: "api/Periods/{PeriodId}/Employees/{EmployeeNo}/Units",
                defaults: new { Controller = "EmployeeUnits", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "InquiryUnitInquiryUnitIndexPoints",
                routeTemplate:
                "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/Units/{unitId}/InquiryUnitIndexPoints",
                defaults: new { Controller = "InquiryUnitInquiryUnitIndexPoints", id = RouteParameter.Optional });



            config.Routes.MapHttpRoute(
                name: "PeriodEmployees",
                routeTemplate: "api/Periods/{PeriodId}/Employees/{id}",
                defaults: new { Controller = "PeriodEmployees", id = RouteParameter.Optional });



            config.Routes.MapHttpRoute(
                name: "EmployeeJobPositions",
                routeTemplate: "api/Periods/{PeriodId}/Employees/{EmployeeNo}/JobPositions",
                defaults: new { Controller = "EmployeeJobPositions", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodJobPositions",
                routeTemplate: "api/Periods/{PeriodId}/JobPositions/{id}",
                defaults: new { Controller = "PeriodJobPositions", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodJobIndex",
                routeTemplate: "api/Periods/{PeriodId}/JobIndices/{id}",
                defaults: new { Controller = "PeriodJobIndex", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodUnitIndex",
                routeTemplate: "api/Periods/{PeriodId}/UnitIndices/{id}",
                defaults: new { Controller = "PeriodUnitIndex", id = RouteParameter.Optional });


            config.Routes.MapHttpRoute(
                name: "PeriodJobs",
                routeTemplate: "api/Periods/{PeriodId}/Jobs/{id}",
                defaults: new { Controller = "PeriodJobs", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "JobIndexCustomFields",
                routeTemplate: "api/JobIndices/{jobindexid}/CustomFields/{id}",
                defaults: new { Controller = "CustomFields", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "JobPositionJobs",
                routeTemplate: "api/Periods/{PeriodId}/JobPositions/{JobPositionId}/Jobs",
                defaults: new { Controller = "JobPositionJobs", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "JobPositionInquirySubjects",
                routeTemplate: "api/Periods/{PeriodId}/JobPositions/{JobPositionId}/InquirySubjects",
                defaults: new { Controller = "JobPositionInquirySubjects", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "InquirySubjectInquirers",
                routeTemplate: "api/Periods/{PeriodId}/JobPositions/{JobPositionId}/InquirySubjects/{InquirySubjectEmployeeNo}/Inquirers",
                defaults: new { Controller = "InquirySubjectInquirers", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "InquirerInquirySubjects",
                routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquirySubjects",
                defaults: new { Controller = "InquirerInquirySubjects", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "InquirerInquiryIndices",
                routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquiryIndices",
                defaults: new { Controller = "InquirerInquiryIndices", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "InquirySubjectJobPositionInquiryJobIndexPoints",
                routeTemplate:
                "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquirySubjects/{InquirySubjectEmployeeNo}/JobPositions/{JobPositionId}/InquiryJobIndexPoints",
                defaults: new { Controller = "InquirySubjectJobPositionInquiryJobIndexPoints", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "InquiryIndexInquiryJobIndexPoints",
                routeTemplate:
                "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquiryIndices/{jobIndexId}/InquiryJobIndexPoints",
                defaults: new { Controller = "InquiryIndexInquiryJobIndexPoints", id = RouteParameter.Optional });


            config.Routes.MapHttpRoute(
                name: "PeriodClaims",
                routeTemplate: "api/Periods/{PeriodId}/Claims/{id}",
                defaults: new { Controller = "PeriodClaims", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "PeriodClaimStates",
                routeTemplate: "api/Periods/{PeriodId}/ClaimStates",
                defaults: new { Controller = "PeriodClaimStates", id = RouteParameter.Optional });
            config.Routes.MapHttpRoute(
                name: "PeriodClaimTypes",
                routeTemplate: "api/Periods/{PeriodId}/ClaimTypes",
                defaults: new { Controller = "PeriodClaimTypes", id = RouteParameter.Optional });

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional });

            config.Formatters.Add(new PlainTextFormatter());
            config.Filters.Add(new GlobalExceptionFilterAttribute());
            config.Formatters.JsonFormatter.SerializerSettings.TypeNameHandling       = TypeNameHandling.Auto;
            config.Formatters.JsonFormatter.SerializerSettings.TypeNameAssemblyFormat = System.Runtime.Serialization.Formatters.FormatterAssemblyStyle.Simple;
            config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling
                = ReferenceLoopHandling.Serialize;
            config.Formatters.JsonFormatter.SerializerSettings.PreserveReferencesHandling
                = PreserveReferencesHandling.Objects;
            config.Services.RemoveAll(typeof(System.Web.Http.Validation.ModelValidatorProvider), v => v is InvalidModelValidatorProvider);
        }
Example #5
0
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
            };

            #region Basic Authentication
            config.AddBasicAuthentication((userName, password) => userName == password);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                "http://identity.thinktecture.com/trust",
                Constants.Realm,
                Constants.IdSrvSymmetricSigningKey,
                AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                "http://selfissued.test",
                Constants.Realm,
                Constants.IdSrvSymmetricSigningKey,
                AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry   = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                "https://" + Constants.ACS + "/",
                Constants.Realm,
                Constants.AcsSymmetricSigningKey,
                AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            var handler = new SimpleSecurityTokenHandler("my access key", token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return(new ClaimsIdentity(new Claim[]
                    {
                        new Claim("customerid", "123")
                    }, "Custom"));
                }

                return(null);
            });

            config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
            #endregion

            return(config);
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken          = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: Constants.IdSrvIssuerName,
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region JsonWebToken Windows Store Client
            config.AddJsonWebToken(
                issuer: "http://identityserver.v2.thinktecture.com/trust/changethis",
                audience: "https://test/rp/",
                signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=",
                options: AuthenticationOptions.ForAuthorizationHeader("Win8"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry   = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry   = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return(Principal.Create("Custom",
                                            new Claim("customerid", "123"),
                                            new Claim("email", "*****@*****.**")));
                }

                return(null);
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            #region Client Certificate
            config.AddClientCertificate(
                ClientCertificateMode.ChainValidationWithIssuerSubjectName,
                "CN=PortableCA");
            #endregion

            return(config);
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken          = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: "http://identity.thinktecture.com/trust",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry   = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS");
            adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry   = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return(Principal.Create("Custom",
                                            new Claim("customerid", "123"),
                                            new Claim("email", "*****@*****.**")));
                }

                return(null);
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            #region Client Certificate
            config.AddClientCertificate(
                ClientCertificateMode.ChainValidationWithIssuerSubjectName,
                "CN=PortableCA");
            #endregion

            return(config);
        }