/// <summary>
/// Analyzes the token request
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="request">The request.</param>
/// <returns>A PolicyScope that describes the relying party and policy options</returns>
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken rst)
{
if (rst.AppliesTo == null)
{
Tracing.Error(string.Format("token request from {0} - but no realm specified.",
principal.Identity.Name));
throw new Exception();
//throw new MissingAppliesToException();
}
Tracing.Information(string.Format("Starting token request from {0} for {1}",
principal.Identity.Name,
rst.AppliesTo.Uri.AbsoluteUri));
Tracing.Information("Authentication method: " + principal.Identities.First().FindFirst(ClaimTypes.AuthenticationMethod).Value);
// analyze request
var request = new Request(GlobalConfiguration);
var details = request.Analyze(rst, principal);
// validate against policy
request.Validate(details);
// create scope
var scope = new RequestDetailsScope(
details,
SecurityTokenServiceConfiguration.SigningCredentials,
GlobalConfiguration.RequireEncryption);
return scope;
}
public void Setup()
{
repo = ConfigurationRepositoryFactory.Create(Constants.ConfigurationModes.LockedDownAllowReplyTo);
request = new Request(repo, new TestRelyingPartyRepository(), null);
_alice = PrincipalFactory.Create(Constants.Principals.AliceUserName);
}
public void Setup()
{
config = ConfigurationFactory.Create(Constants.ConfigurationModes.LockedDown);
request = new Request(config, new TestRelyingPartyRepository(), null);
_alice = PrincipalFactory.Create(Constants.Principals.AliceUserName);
}
/// <summary>
/// Analyzes the token request
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="request">The request.</param>
/// <returns>A PolicyScope that describes the relying party and policy options</returns>
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken rst)
{
if (rst.AppliesTo == null)
{
Tracing.Error(string.Format("token request from {0} - but no realm specified.",
principal.Identity.Name));
throw new InvalidRequestException();
}
Tracing.Information(string.Format("Starting token request from {0} for {1}",
principal.Identity.Name,
rst.AppliesTo.Uri.AbsoluteUri));
var authenticationMethod = principal.Identities.First().FindFirst(ClaimTypes.AuthenticationMethod);
if (authenticationMethod != null)
{
Tracing.Information("Authentication method: " + authenticationMethod.Value);
}
// analyze request
var request = new Request(ConfigurationRepository);
var details = request.Analyze(rst, principal);
// validate against policy
request.Validate(details);
// create scope
var scope = new RequestDetailsScope(
details,
SecurityTokenServiceConfiguration.SigningCredentials,
ConfigurationRepository.Global.RequireEncryption);
// set token type
if (!string.IsNullOrWhiteSpace(details.TokenType))
{
rst.TokenType = details.TokenType;
}
return scope;
}
