/// <summary>
/// Initializes an instance of <see cref="SamlSecurityTokenHandler"/>
/// </summary>
/// <param name="samlSecurityTokenRequirement">The SamlSecurityTokenRequirement to be used by the Saml11SecurityTokenHandler instance when validating tokens.</param>
public SamlSecurityTokenHandler(SamlSecurityTokenRequirement samlSecurityTokenRequirement)
{
if (samlSecurityTokenRequirement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("samlSecurityTokenRequirement");
}
_samlSecurityTokenRequirement = samlSecurityTokenRequirement;
}
public HttpSaml2SecurityTokenHandler(SamlSecurityTokenRequirement requirement, string identifier)
: base(requirement)
{
_identifier = new string[] { identifier };
}
public HttpSamlSecurityTokenHandler(SamlSecurityTokenRequirement requirement)
: base(requirement)
{ }
public CustomSaml2SecurityTokenHandler(SamlSecurityTokenRequirement tokenRequirement)
: base(tokenRequirement)
{
_trustFabric = OpenTrustFabric();
}
/// <summary>
/// Load custom configuration from Xml
/// </summary>
/// <param name="customConfigElements">SAML token authentication requirements.</param>
/// <exception cref="ArgumentNullException">Input parameter 'customConfigElements' is null.</exception>
/// <exception cref="InvalidOperationException">Custom configuration specified was invalid.</exception>
public override void LoadCustomConfiguration(XmlNodeList customConfigElements)
{
if (customConfigElements == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("customConfigElements");
}
List<XmlElement> configNodes = XmlUtil.GetXmlElements(customConfigElements);
bool foundValidConfig = false;
foreach (XmlElement configElement in configNodes)
{
if (configElement.LocalName != ConfigurationStrings.SamlSecurityTokenRequirement)
{
continue;
}
if (foundValidConfig)
{
throw DiagnosticUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID7026, ConfigurationStrings.SamlSecurityTokenRequirement));
}
this.samlSecurityTokenRequirement = new SamlSecurityTokenRequirement(configElement);
foundValidConfig = true;
}
if (!foundValidConfig)
{
this.samlSecurityTokenRequirement = new SamlSecurityTokenRequirement();
}
}
public CustomSaml2SecurityTokenHandler(SamlSecurityTokenRequirement tokenRequirement) : base(tokenRequirement)
{
Init();
}
public OnBehalfOfSaml2SecurityTokenHandler(SamlSecurityTokenRequirement tokenRequirement)
: base(tokenRequirement)
{
}
protected virtual SecurityTokenHandler GetSecurityTokenHandler()
{
var authPlugin = PluginManager.GetSingleton<SamlOAuthClient>();
//var config = System.IdentityModel.Services.Configuration..FederationConfiguration..;
SecurityTokenHandler handler = null;
var securityRequirements = new SamlSecurityTokenRequirement();
var securityTokenHandlerConfig = new SecurityTokenHandlerConfiguration();
switch (authPlugin.IdpBindingType)
{
case SamlBinding.SAML11_POST:
handler = new SamlSecurityTokenHandler(securityRequirements) { Configuration = securityTokenHandlerConfig };
break;
case SamlBinding.SAML20_POST:
handler = new SubjectConfirmationDataSaml2SecurityTokenHandler(securityRequirements, authPlugin.SubjectRecipientValidationMode) { Configuration = securityTokenHandlerConfig };
break;
}
if (handler == null)
throw new InvalidOperationException(
string.Format("No suitable token handler was loaded for the SAML binding type : {0}",
tokenProcessorConfiguration.IdpBindingType));
handler.Configuration.IssuerNameRegistry = new CodeBasedIssuerNameRegistry(tokenProcessorConfiguration.TrustedIssuerThumbprint.Split(','));
handler.Configuration.CertificateValidationMode = tokenProcessorConfiguration.CertificateValidationMode;
if (typeof(SamlSecurityTokenHandler).IsAssignableFrom(handler.GetType()))
((SamlSecurityTokenHandler)handler).CertificateValidator = GetCertificateValidator(handler.Configuration.CertificateValidationMode);
if (typeof(Saml2SecurityTokenHandler).IsAssignableFrom(handler.GetType()))
((Saml2SecurityTokenHandler)handler).CertificateValidator = GetCertificateValidator(handler.Configuration.CertificateValidationMode);
handler.Configuration.AudienceRestriction.AudienceMode = System.IdentityModel.Selectors.AudienceUriMode.Never;
return handler;
}
public SubjectConfirmationDataSaml2SecurityTokenHandler(SamlSecurityTokenRequirement samlSecurityTokenRequirement, SubjectRecipientValidationMode subjectRecipientValidationMode)
: base(samlSecurityTokenRequirement)
{
_subjectRecipientValidationMode = subjectRecipientValidationMode;
}
public SubjectConfirmationDataSaml2SecurityTokenHandler(SamlSecurityTokenRequirement samlSecurityTokenRequirement)
: base(samlSecurityTokenRequirement)
{
}
