/// <summary>
        /// Create Saml2 based Metadata
        /// </summary>
        /// <returns></returns>
        public EntityDescriptor CreateMetadata()
        {
            _entityId = ConfigurationRepository.Global.IssuerUri;

            _signingCertificate = ConfigurationRepository.Keys.SigningCertificate;

            var descriptor = new EntityDescriptor(new Microsoft.IdentityModel.Protocols.WSFederation.Metadata.EntityId(_entityId));

            var role = new ServiceProviderSingleSignOnDescriptor() { WantAssertionsSigned = true, AuthenticationRequestsSigned = true };

            if (_signingCertificate != null)
            {
                Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyDescriptor keyDescriptor = CreateKeyDescriptor(_signingCertificate);
                keyDescriptor.Use = Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyType.Signing;
                role.Keys.Add(keyDescriptor);
            }

            role.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));

            role.AssertionConsumerService.Add(0, new IndexedProtocolEndpoint(0, ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2ASTPost.AbsoluteUri)) { IsDefault = true });
            role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2SLOPOST.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLOPostResponse.AbsoluteUri) });

            //
            // Artifact binding and single logout is only supported if there is a signing cerificate.
            //
            if (_signingCertificate != null)
            {
                role.AssertionConsumerService.Add(1, new IndexedProtocolEndpoint(1, ProtocolBindings.HttpArtifact, new Uri(_endpoints.Saml2ASTArtifact.AbsoluteUri)));
                role.AssertionConsumerService.Add(2, new IndexedProtocolEndpoint(2, ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2ASTRedirect.AbsoluteUri)));
                role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2SLORedirect.AbsoluteUri)) { ResponseLocation = new Uri(_endpoints.Saml2SLORedirectResponse.AbsoluteUri) });
            }

            descriptor.RoleDescriptors.Add(role);
            return descriptor;
        }
        /// <summary>
        /// Create Saml2 based Metadata
        /// </summary>
        /// <returns></returns>
        public EntityDescriptor CreateMetadata()
        {
            _entityId = ConfigurationRepository.Global.IssuerUri;

            _signingCertificate = ConfigurationRepository.Keys.SigningCertificate;

            var descriptor = new EntityDescriptor(new Microsoft.IdentityModel.Protocols.WSFederation.Metadata.EntityId(_entityId));

            var role = new ServiceProviderSingleSignOnDescriptor()
            {
                WantAssertionsSigned = true, AuthenticationRequestsSigned = true
            };

            if (_signingCertificate != null)
            {
                Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyDescriptor keyDescriptor = CreateKeyDescriptor(_signingCertificate);
                keyDescriptor.Use = Microsoft.IdentityModel.Protocols.WSFederation.Metadata.KeyType.Signing;
                role.Keys.Add(keyDescriptor);
            }

            role.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));

            role.AssertionConsumerService.Add(0, new IndexedProtocolEndpoint(0, ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2ASTPost.AbsoluteUri))
            {
                IsDefault = true
            });
            role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpPost, new Uri(_endpoints.Saml2SLOPOST.AbsoluteUri))
            {
                ResponseLocation = new Uri(_endpoints.Saml2SLOPostResponse.AbsoluteUri)
            });

            //
            // Artifact binding and single logout is only supported if there is a signing cerificate.
            //
            if (_signingCertificate != null)
            {
                role.AssertionConsumerService.Add(1, new IndexedProtocolEndpoint(1, ProtocolBindings.HttpArtifact, new Uri(_endpoints.Saml2ASTArtifact.AbsoluteUri)));
                role.AssertionConsumerService.Add(2, new IndexedProtocolEndpoint(2, ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2ASTRedirect.AbsoluteUri)));
                role.SingleLogoutServices.Add(new ProtocolEndpoint(ProtocolBindings.HttpRedirect, new Uri(_endpoints.Saml2SLORedirect.AbsoluteUri))
                {
                    ResponseLocation = new Uri(_endpoints.Saml2SLORedirectResponse.AbsoluteUri)
                });
            }

            descriptor.RoleDescriptors.Add(role);
            return(descriptor);
        }