/// <summary>
/// Creates a <see cref="ClaimsIdentity"/> from a <see cref="JwtSecurityToken"/>.
/// </summary>
/// <param name="jwt">The <see cref="JwtSecurityToken"/> to use as a <see cref="Claim"/> source.</param>
/// <param name="issuer">The value to set <see cref="Claim.Issuer"/></param>
/// <param name="validationParameters"> contains parameters for validating the token.</param>
/// <returns>A <see cref="ClaimsIdentity"/> containing the <see cref="JwtSecurityToken.Claims"/>.</returns>
protected virtual ClaimsIdentity CreateClaimsIdentity(JwtSecurityToken jwt, string issuer, TokenValidationParameters validationParameters)
{
if (jwt == null)
{
throw new ArgumentNullException("jwt");
}
if (string.IsNullOrWhiteSpace(issuer))
{
throw new ArgumentException(ErrorMessages.IDX10221);
}
ClaimsIdentity identity = validationParameters.CreateClaimsIdentity(jwt, issuer);
foreach (Claim jwtClaim in jwt.Claims)
{
if (InboundClaimFilter.Contains(jwtClaim.Type))
{
continue;
}
string claimType;
bool wasMapped = true;
if (!JwtSecurityTokenHandler.InboundClaimTypeMap.TryGetValue(jwtClaim.Type, out claimType))
{
claimType = jwtClaim.Type;
wasMapped = false;
}
if (claimType == ClaimTypes.Actor)
{
if (identity.Actor != null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10710, JwtRegisteredClaimNames.Actort, jwtClaim.Value));
}
if (this.CanReadToken(jwtClaim.Value))
{
JwtSecurityToken actor = this.ReadToken(jwtClaim.Value) as JwtSecurityToken;
identity.Actor = this.CreateClaimsIdentity(actor, issuer, validationParameters);
}
}
Claim c = new Claim(claimType, jwtClaim.Value, jwtClaim.ValueType, issuer, issuer, identity);
if (jwtClaim.Properties.Count > 0)
{
foreach(var kv in jwtClaim.Properties)
{
c.Properties[kv.Key] = kv.Value;
}
}
if (wasMapped)
{
c.Properties[ShortClaimTypeProperty] = jwtClaim.Type;
}
identity.AddClaim(c);
}
return identity;
}
/// <summary>
/// Creates a <see cref="ClaimsIdentity"/> from the Saml2 securityToken.
/// </summary>
/// <param name="samlToken">The Saml2SecurityToken.</param>
/// <param name="issuer">the issuer value for each <see cref="Claim"/> in the <see cref="ClaimsIdentity"/>.</param>
/// <param name="validationParameters"> contains parameters for validating the securityToken.</param>
/// <returns>An IClaimIdentity.</returns>
protected virtual ClaimsIdentity CreateClaimsIdentity(Saml2SecurityToken samlToken, string issuer, TokenValidationParameters validationParameters)
{
if (samlToken == null)
{
throw new ArgumentNullException("samlToken");
}
if (string.IsNullOrWhiteSpace(issuer))
{
throw new ArgumentException(ErrorMessages.IDX10221);
}
Saml2Assertion assertion = samlToken.Assertion;
if (assertion == null)
{
throw new ArgumentException(ErrorMessages.IDX10202);
}
ClaimsIdentity identity = validationParameters.CreateClaimsIdentity(samlToken, issuer);
_smSaml2HandlerPrivateNeverSetAnyProperties.ProcessSamlSubjectPublic(samlToken.Assertion.Subject, identity, issuer);
_smSaml2HandlerPrivateNeverSetAnyProperties.ProcessStatmentPublic(samlToken.Assertion.Statements, identity, issuer);
return identity;
}
