/// <summary> /// Initializes the object with a UA identity token /// </summary> private void Initialize(IssuedIdentityToken token, SecurityTokenSerializer serializer, SecurityTokenResolver resolver) { if (token == null) { throw new ArgumentNullException("token"); } string text = new UTF8Encoding().GetString(token.DecryptedTokenData); XmlDocument document = new XmlDocument(); document.InnerXml = text.Trim(); XmlNodeReader reader = new XmlNodeReader(document.DocumentElement); try { if (document.DocumentElement.NamespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion") { SecurityToken samlToken = new SamlSerializer().ReadToken(reader, serializer, resolver); Initialize(samlToken); } else { SecurityToken securityToken = serializer.ReadToken(reader, resolver); Initialize(securityToken); } } finally { reader.Close(); } }
/// <summary> /// Validates a SAML WSS user token. /// </summary> private SecurityToken ParseAndVerifySamlToken(byte[] tokenData) { XmlDocument document = new XmlDocument(); XmlNodeReader reader = null; try { string text = new UTF8Encoding().GetString(tokenData); document.InnerXml = text.Trim(); if (document.DocumentElement.NamespaceURI != "urn:oasis:names:tc:SAML:1.0:assertion") { throw new ServiceResultException(StatusCodes.BadNotSupported); } reader = new XmlNodeReader(document.DocumentElement); SecurityToken samlToken = new SamlSerializer().ReadToken( reader, m_tokenSerializer, m_tokenResolver); return(samlToken); } catch (Exception e) { // construct translation object with default text. TranslationInfo info = new TranslationInfo( "InvalidSamlToken", "en-US", "'{0}' is not a valid SAML token.", document.DocumentElement.LocalName); // create an exception with a vendor defined sub-code. throw new ServiceResultException(new ServiceResult( e, StatusCodes.BadIdentityTokenRejected, "InvalidSamlToken", "http://opcfoundation.org/UA/Sample/", new LocalizedText(info))); } finally { if (reader != null) { reader.Close(); } } }