static MorePublicSaml2SecurityTokenHandler()
{
var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always);
audienceRestriction.AllowedAudienceUris.Add(
new Uri(KentorAuthServicesSection.Current.Issuer));
defaultInstance = new MorePublicSaml2SecurityTokenHandler()
{
Configuration = new SecurityTokenHandlerConfiguration()
{
IssuerNameRegistry = new ReturnRequestedIssuerNameRegistry(),
AudienceRestriction = audienceRestriction
}
};
}
public Saml2PSecurityTokenHandler(ISPOptions spOptions)
{
if(spOptions== null)
{
throw new ArgumentNullException(nameof(spOptions));
}
var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always);
audienceRestriction.AllowedAudienceUris.Add(
new Uri(spOptions.EntityId.Id));
Configuration = new SecurityTokenHandlerConfiguration
{
IssuerNameRegistry = new ReturnRequestedIssuerNameRegistry(),
AudienceRestriction = audienceRestriction,
SaveBootstrapContext = spOptions.SystemIdentityModelIdentityConfiguration.SaveBootstrapContext
};
}
/// <summary>
/// Check if an audience restriction from configuration should be
/// applied or if we should revert to the default behaviour of
/// restricting the audience to the entity id.
/// </summary>
/// <param name="spOptions">Sp Options with configuration</param>
/// <returns>Configured or created audience restriction.</returns>
private static AudienceRestriction GetAudienceRestriction(ISPOptions spOptions)
{
var audienceRestriction = spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction;
if (audienceRestriction.AudienceMode != AudienceUriMode.Never
&& ! audienceRestriction.AllowedAudienceUris.Any())
{
// Create a new instance instead of modifying the one from the
// configuration.
audienceRestriction = new AudienceRestriction(audienceRestriction.AudienceMode);
audienceRestriction.AllowedAudienceUris.Add(new Uri(spOptions.EntityId.Id));
}
return audienceRestriction;
}
