public WrappedSamlSecurityTokenAuthenticator( WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator, WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator ) { if ( wrappedSaml11SecurityTokenAuthenticator == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedSaml11SecurityTokenAuthenticator" ); } if ( wrappedSaml2SecurityTokenAuthenticator == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedSaml2SecurityTokenAuthenticator" ); } _wrappedSaml11SecurityTokenAuthenticator = wrappedSaml11SecurityTokenAuthenticator; _wrappedSaml2SecurityTokenAuthenticator = wrappedSaml2SecurityTokenAuthenticator; }
public WrappedSamlSecurityTokenAuthenticator(WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator, WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator) { if (wrappedSaml11SecurityTokenAuthenticator == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappedSaml11SecurityTokenAuthenticator"); } if (wrappedSaml2SecurityTokenAuthenticator == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("wrappedSaml2SecurityTokenAuthenticator"); } _wrappedSaml11SecurityTokenAuthenticator = wrappedSaml11SecurityTokenAuthenticator; _wrappedSaml2SecurityTokenAuthenticator = wrappedSaml2SecurityTokenAuthenticator; }
/// <summary> /// This method creates a SAML security token authenticator when token type is null. /// It wraps the SAML 1.1 and the SAML 2.0 token handlers that are configured. /// If no token handler was found, then the inner token manager is created. /// </summary> SecurityTokenAuthenticator CreateSamlSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { outOfBandTokenResolver = null; SecurityTokenAuthenticator securityTokenAuthenticator = null; SamlSecurityTokenHandler saml11SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.SamlTokenProfile11] as SamlSecurityTokenHandler; Saml2SecurityTokenHandler saml2SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.Saml2TokenProfile11] as Saml2SecurityTokenHandler; if (saml11SecurityTokenHandler != null && saml11SecurityTokenHandler.Configuration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274)); } if (saml2SecurityTokenHandler != null && saml2SecurityTokenHandler.Configuration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274)); } if (saml11SecurityTokenHandler != null && saml2SecurityTokenHandler != null) { // // Both SAML 1.1 and SAML 2.0 token handlers have been configured. // WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper); WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper); securityTokenAuthenticator = new WrappedSamlSecurityTokenAuthenticator(wrappedSaml11SecurityTokenAuthenticator, wrappedSaml2SecurityTokenAuthenticator); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. List <SecurityTokenResolver> resolvers = new List <SecurityTokenResolver>(); resolvers.Add(saml11SecurityTokenHandler.Configuration.ServiceTokenResolver); resolvers.Add(saml2SecurityTokenHandler.Configuration.ServiceTokenResolver); outOfBandTokenResolver = new AggregateTokenResolver(resolvers); } else if (saml11SecurityTokenHandler == null && saml2SecurityTokenHandler != null) { // // SAML 1.1 token handler is not present but SAML 2.0 is. Set the token type to SAML 2.0 // securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if (saml11SecurityTokenHandler != null && saml2SecurityTokenHandler == null) { // // SAML 1.1 token handler is present but SAML 2.0 is not. Set the token type to SAML 1.1 // securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver; } else { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } return(securityTokenAuthenticator); }
/// <summary> /// Overriden from the base class. Creates the requested Token Authenticator. /// Looks up the list of Token Handlers registered with the token Manager /// based on the TokenType Uri in the SecurityTokenRequirement. If none is found, /// then the call is delegated to the inner Token Manager. /// </summary> /// <param name="tokenRequirement">Security Token Requirement for which the Authenticator should be created.</param> /// <param name="outOfBandTokenResolver">Token resolver that resolves any out-of-band tokens.</param> /// <returns>Instance of Security Token Authenticator.</returns> /// <exception cref="ArgumentNullException">'tokenRequirement' parameter is null.</exception> /// <exception cref="NotSupportedException">No Authenticator is registered for the given token type.</exception> public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } outOfBandTokenResolver = null; // Check for a registered authenticator SecurityTokenAuthenticator securityTokenAuthenticator = null; string tokenType = tokenRequirement.TokenType; // // When the TokenRequirement.TokenType is null, we treat this as a SAML issued token case. It may be SAML 1.1 or SAML 2.0. // if (String.IsNullOrEmpty(tokenType)) { return(CreateSamlSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver)); } // // When the TokenType is set, build a token authenticator for the specified token type. // SecurityTokenHandler securityTokenHandler = _securityTokenHandlerCollection[tokenType]; if ((securityTokenHandler != null) && (securityTokenHandler.CanValidateToken)) { outOfBandTokenResolver = GetDefaultOutOfBandTokenResolver(); if (StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.UserName)) { UserNameSecurityTokenHandler upSecurityTokenHandler = securityTokenHandler as UserNameSecurityTokenHandler; if (upSecurityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException(SR.GetString(SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof(UserNameSecurityTokenHandler)))); } securityTokenAuthenticator = new WrappedUserNameSecurityTokenAuthenticator(upSecurityTokenHandler, _exceptionMapper); } else if (StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.Kerberos)) { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } else if (StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.Rsa)) { RsaSecurityTokenHandler rsaSecurityTokenHandler = securityTokenHandler as RsaSecurityTokenHandler; if (rsaSecurityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException(SR.GetString(SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof(RsaSecurityTokenHandler)))); } securityTokenAuthenticator = new WrappedRsaSecurityTokenAuthenticator(rsaSecurityTokenHandler, _exceptionMapper); } else if (StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.X509Certificate)) { X509SecurityTokenHandler x509SecurityTokenHandler = securityTokenHandler as X509SecurityTokenHandler; if (x509SecurityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException(SR.GetString(SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof(X509SecurityTokenHandler)))); } securityTokenAuthenticator = new WrappedX509SecurityTokenAuthenticator(x509SecurityTokenHandler, _exceptionMapper); } else if (StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.SamlTokenProfile11) || StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.OasisWssSamlTokenProfile11)) { SamlSecurityTokenHandler saml11SecurityTokenHandler = securityTokenHandler as SamlSecurityTokenHandler; if (saml11SecurityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException(SR.GetString(SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof(SamlSecurityTokenHandler)))); } if (saml11SecurityTokenHandler.Configuration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274)); } securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if (StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.Saml2TokenProfile11) || StringComparer.Ordinal.Equals(tokenType, SecurityTokenTypes.OasisWssSaml2TokenProfile11)) { Saml2SecurityTokenHandler saml2SecurityTokenHandler = securityTokenHandler as Saml2SecurityTokenHandler; if (saml2SecurityTokenHandler == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException(SR.GetString(SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof(Saml2SecurityTokenHandler)))); } if (saml2SecurityTokenHandler.Configuration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274)); } securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if (StringComparer.Ordinal.Equals(tokenType, ServiceModelSecurityTokenTypes.SecureConversation)) { RecipientServiceModelSecurityTokenRequirement tr = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if (tr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4240, tokenRequirement.GetType().ToString())); } securityTokenAuthenticator = SetupSecureConversationWrapper(tr, securityTokenHandler as SessionSecurityTokenHandler, out outOfBandTokenResolver); } else { securityTokenAuthenticator = new SecurityTokenAuthenticatorAdapter(securityTokenHandler, _exceptionMapper); } } else { if (tokenType == ServiceModelSecurityTokenTypes.SecureConversation || tokenType == ServiceModelSecurityTokenTypes.MutualSslnego || tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego || tokenType == ServiceModelSecurityTokenTypes.SecurityContext || tokenType == ServiceModelSecurityTokenTypes.Spnego) { RecipientServiceModelSecurityTokenRequirement tr = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if (tr == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4240, tokenRequirement.GetType().ToString())); } securityTokenAuthenticator = SetupSecureConversationWrapper(tr, null, out outOfBandTokenResolver); } else { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } } return(securityTokenAuthenticator); }
/// <summary> /// This method creates a SAML security token authenticator when token type is null. /// It wraps the SAML 1.1 and the SAML 2.0 token handlers that are configured. /// If no token handler was found, then the inner token manager is created. /// </summary> SecurityTokenAuthenticator CreateSamlSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver ) { outOfBandTokenResolver = null; SecurityTokenAuthenticator securityTokenAuthenticator = null; SamlSecurityTokenHandler saml11SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.SamlTokenProfile11] as SamlSecurityTokenHandler; Saml2SecurityTokenHandler saml2SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.Saml2TokenProfile11] as Saml2SecurityTokenHandler; if ( saml11SecurityTokenHandler != null && saml11SecurityTokenHandler.Configuration == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4274 ) ); } if ( saml2SecurityTokenHandler != null && saml2SecurityTokenHandler.Configuration == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4274 ) ); } if ( saml11SecurityTokenHandler != null && saml2SecurityTokenHandler != null ) { // // Both SAML 1.1 and SAML 2.0 token handlers have been configured. // WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator( saml11SecurityTokenHandler, _exceptionMapper ); WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator( saml2SecurityTokenHandler, _exceptionMapper ); securityTokenAuthenticator = new WrappedSamlSecurityTokenAuthenticator( wrappedSaml11SecurityTokenAuthenticator, wrappedSaml2SecurityTokenAuthenticator ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. List<SecurityTokenResolver> resolvers = new List<SecurityTokenResolver>(); resolvers.Add( saml11SecurityTokenHandler.Configuration.ServiceTokenResolver ); resolvers.Add( saml2SecurityTokenHandler.Configuration.ServiceTokenResolver ); outOfBandTokenResolver = new AggregateTokenResolver( resolvers ); } else if ( saml11SecurityTokenHandler == null && saml2SecurityTokenHandler != null ) { // // SAML 1.1 token handler is not present but SAML 2.0 is. Set the token type to SAML 2.0 // securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator( saml2SecurityTokenHandler, _exceptionMapper ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if ( saml11SecurityTokenHandler != null && saml2SecurityTokenHandler == null ) { // // SAML 1.1 token handler is present but SAML 2.0 is not. Set the token type to SAML 1.1 // securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator( saml11SecurityTokenHandler, _exceptionMapper ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver; } else { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); } return securityTokenAuthenticator; }
/// <summary> /// Overriden from the base class. Creates the requested Token Authenticator. /// Looks up the list of Token Handlers registered with the token Manager /// based on the TokenType Uri in the SecurityTokenRequirement. If none is found, /// then the call is delegated to the inner Token Manager. /// </summary> /// <param name="tokenRequirement">Security Token Requirement for which the Authenticator should be created.</param> /// <param name="outOfBandTokenResolver">Token resolver that resolves any out-of-band tokens.</param> /// <returns>Instance of Security Token Authenticator.</returns> /// <exception cref="ArgumentNullException">'tokenRequirement' parameter is null.</exception> /// <exception cref="NotSupportedException">No Authenticator is registered for the given token type.</exception> public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver ) { if ( tokenRequirement == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "tokenRequirement" ); } outOfBandTokenResolver = null; // Check for a registered authenticator SecurityTokenAuthenticator securityTokenAuthenticator = null; string tokenType = tokenRequirement.TokenType; // // When the TokenRequirement.TokenType is null, we treat this as a SAML issued token case. It may be SAML 1.1 or SAML 2.0. // if ( String.IsNullOrEmpty( tokenType ) ) { return CreateSamlSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); } // // When the TokenType is set, build a token authenticator for the specified token type. // SecurityTokenHandler securityTokenHandler = _securityTokenHandlerCollection[tokenType]; if ( ( securityTokenHandler != null ) && ( securityTokenHandler.CanValidateToken ) ) { outOfBandTokenResolver = GetDefaultOutOfBandTokenResolver(); if ( StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.UserName ) ) { UserNameSecurityTokenHandler upSecurityTokenHandler = securityTokenHandler as UserNameSecurityTokenHandler; if ( upSecurityTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException( SR.GetString( SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof( UserNameSecurityTokenHandler ) ) ) ); } securityTokenAuthenticator = new WrappedUserNameSecurityTokenAuthenticator( upSecurityTokenHandler, _exceptionMapper ); } else if ( StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.Kerberos ) ) { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); } else if ( StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.Rsa ) ) { RsaSecurityTokenHandler rsaSecurityTokenHandler = securityTokenHandler as RsaSecurityTokenHandler; if ( rsaSecurityTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException( SR.GetString( SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof( RsaSecurityTokenHandler ) ) ) ); } securityTokenAuthenticator = new WrappedRsaSecurityTokenAuthenticator( rsaSecurityTokenHandler, _exceptionMapper ); } else if ( StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.X509Certificate ) ) { X509SecurityTokenHandler x509SecurityTokenHandler = securityTokenHandler as X509SecurityTokenHandler; if ( x509SecurityTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException( SR.GetString( SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof( X509SecurityTokenHandler ) ) ) ); } securityTokenAuthenticator = new WrappedX509SecurityTokenAuthenticator( x509SecurityTokenHandler, _exceptionMapper ); } else if ( StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.SamlTokenProfile11 ) || StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.OasisWssSamlTokenProfile11 ) ) { SamlSecurityTokenHandler saml11SecurityTokenHandler = securityTokenHandler as SamlSecurityTokenHandler; if ( saml11SecurityTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException( SR.GetString( SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof( SamlSecurityTokenHandler ) ) ) ); } if ( saml11SecurityTokenHandler.Configuration == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4274 ) ); } securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator( saml11SecurityTokenHandler, _exceptionMapper ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if ( StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.Saml2TokenProfile11 ) || StringComparer.Ordinal.Equals( tokenType, SecurityTokenTypes.OasisWssSaml2TokenProfile11 ) ) { Saml2SecurityTokenHandler saml2SecurityTokenHandler = securityTokenHandler as Saml2SecurityTokenHandler; if ( saml2SecurityTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException( SR.GetString( SR.ID4072, securityTokenHandler.GetType(), tokenType, typeof( Saml2SecurityTokenHandler ) ) ) ); } if ( saml2SecurityTokenHandler.Configuration == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4274 ) ); } securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator( saml2SecurityTokenHandler, _exceptionMapper ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if ( StringComparer.Ordinal.Equals( tokenType, ServiceModelSecurityTokenTypes.SecureConversation ) ) { RecipientServiceModelSecurityTokenRequirement tr = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if ( tr == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4240, tokenRequirement.GetType().ToString() ) ); } securityTokenAuthenticator = SetupSecureConversationWrapper( tr, securityTokenHandler as SessionSecurityTokenHandler, out outOfBandTokenResolver ); } else { securityTokenAuthenticator = new SecurityTokenAuthenticatorAdapter( securityTokenHandler, _exceptionMapper ); } } else { if ( tokenType == ServiceModelSecurityTokenTypes.SecureConversation || tokenType == ServiceModelSecurityTokenTypes.MutualSslnego || tokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego || tokenType == ServiceModelSecurityTokenTypes.SecurityContext || tokenType == ServiceModelSecurityTokenTypes.Spnego ) { RecipientServiceModelSecurityTokenRequirement tr = tokenRequirement as RecipientServiceModelSecurityTokenRequirement; if ( tr == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4240, tokenRequirement.GetType().ToString() ) ); } securityTokenAuthenticator = SetupSecureConversationWrapper( tr, null, out outOfBandTokenResolver ); } else { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); } } return securityTokenAuthenticator; }