protected virtual SecurityTokenHandler GetSecurityTokenHandler() { var authPlugin = PluginManager.GetSingleton <SamlOAuthClient>(); //var config = System.IdentityModel.Services.Configuration..FederationConfiguration..; SecurityTokenHandler handler = null; var securityRequirements = new SamlSecurityTokenRequirement(); var securityTokenHandlerConfig = new SecurityTokenHandlerConfiguration(); switch (authPlugin.IdpBindingType) { case SamlBinding.SAML11_POST: handler = new SamlSecurityTokenHandler(securityRequirements) { Configuration = securityTokenHandlerConfig }; break; case SamlBinding.SAML20_POST: handler = new SubjectConfirmationDataSaml2SecurityTokenHandler(securityRequirements, authPlugin.SubjectRecipientValidationMode) { Configuration = securityTokenHandlerConfig }; break; } if (handler == null) { throw new InvalidOperationException( string.Format("No suitable token handler was loaded for the SAML binding type : {0}", tokenProcessorConfiguration.IdpBindingType)); } handler.Configuration.IssuerNameRegistry = new CodeBasedIssuerNameRegistry(tokenProcessorConfiguration.TrustedIssuerThumbprint.Split(',')); handler.Configuration.CertificateValidationMode = tokenProcessorConfiguration.CertificateValidationMode; if (typeof(SamlSecurityTokenHandler).IsAssignableFrom(handler.GetType())) { ((SamlSecurityTokenHandler)handler).CertificateValidator = GetCertificateValidator(handler.Configuration.CertificateValidationMode); } if (typeof(Saml2SecurityTokenHandler).IsAssignableFrom(handler.GetType())) { ((Saml2SecurityTokenHandler)handler).CertificateValidator = GetCertificateValidator(handler.Configuration.CertificateValidationMode); } handler.Configuration.AudienceRestriction.AudienceMode = System.IdentityModel.Selectors.AudienceUriMode.Never; return(handler); }
protected virtual SecurityTokenHandler GetSecurityTokenHandler() { var authPlugin = PluginManager.GetSingleton<SamlOAuthClient>(); //var config = System.IdentityModel.Services.Configuration..FederationConfiguration..; SecurityTokenHandler handler = null; var securityRequirements = new SamlSecurityTokenRequirement(); var securityTokenHandlerConfig = new SecurityTokenHandlerConfiguration(); switch (authPlugin.IdpBindingType) { case SamlBinding.SAML11_POST: handler = new SamlSecurityTokenHandler(securityRequirements) { Configuration = securityTokenHandlerConfig }; break; case SamlBinding.SAML20_POST: handler = new SubjectConfirmationDataSaml2SecurityTokenHandler(securityRequirements, authPlugin.SubjectRecipientValidationMode) { Configuration = securityTokenHandlerConfig }; break; } if (handler == null) throw new InvalidOperationException( string.Format("No suitable token handler was loaded for the SAML binding type : {0}", tokenProcessorConfiguration.IdpBindingType)); handler.Configuration.IssuerNameRegistry = new CodeBasedIssuerNameRegistry(tokenProcessorConfiguration.TrustedIssuerThumbprint.Split(',')); handler.Configuration.CertificateValidationMode = tokenProcessorConfiguration.CertificateValidationMode; if (typeof(SamlSecurityTokenHandler).IsAssignableFrom(handler.GetType())) ((SamlSecurityTokenHandler)handler).CertificateValidator = GetCertificateValidator(handler.Configuration.CertificateValidationMode); if (typeof(Saml2SecurityTokenHandler).IsAssignableFrom(handler.GetType())) ((Saml2SecurityTokenHandler)handler).CertificateValidator = GetCertificateValidator(handler.Configuration.CertificateValidationMode); handler.Configuration.AudienceRestriction.AudienceMode = System.IdentityModel.Selectors.AudienceUriMode.Never; return handler; }