public void CrossToken_ValidateToken() { JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler(); Saml2TokenHandler saml2Handler = new Saml2TokenHandler(); SamlTokenHandler samlHandler = new SamlTokenHandler(); JwtSecurityTokenHandler.InboundClaimFilter.Add("aud"); JwtSecurityTokenHandler.InboundClaimFilter.Add("exp"); JwtSecurityTokenHandler.InboundClaimFilter.Add("iat"); JwtSecurityTokenHandler.InboundClaimFilter.Add("iss"); JwtSecurityTokenHandler.InboundClaimFilter.Add("nbf"); string jwtToken = IdentityUtilities.CreateJwtToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, jwtHandler); // saml tokens created using Microsoft.IdentityModel.Extensions string imSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSaml2Handler); string imSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSamlHandler); // saml tokens created using System.IdentityModel.Tokens string smSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSaml2Handler); string smSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSamlHandler); ClaimsPrincipal jwtPrincipal = ValidateToken(jwtToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, jwtHandler, ExpectedException.NoExceptionExpected); ClaimsPrincipal imSaml2Principal = ValidateToken(imSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected); ClaimsPrincipal imSamlPrincipal = ValidateToken(imSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected); ClaimsPrincipal smSaml2Principal = ValidateToken(smSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected); ClaimsPrincipal smSamlPrincipal = ValidateToken(smSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected); Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(imSamlPrincipal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(smSamlPrincipal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(smSaml2Principal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); // false = ignore type of objects, we expect all objects in the principal to be of same type (no derived types) // true = ignore subject, claims have a backpointer to their ClaimsIdentity. Most of the time this will be different as we are comparing two different ClaimsIdentities. // true = ignore properties of claims, any mapped claims short to long for JWT's will have a property that represents the short type. Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(jwtPrincipal, imSaml2Principal, new CompareContext { IgnoreType = false, IgnoreSubject = true, IgnoreProperties = true })); JwtSecurityTokenHandler.InboundClaimFilter.Clear(); }
private void CanReadToken() { // CanReadToken Saml2SecurityTokenHandler samlSecurityTokenHandler = new Saml2SecurityTokenHandler(); Assert.False(CanReadToken(securityToken: null, samlSecurityTokenHandler: samlSecurityTokenHandler, expectedException: ExpectedException.NoExceptionExpected)); string samlString = new string('S', TokenValidationParameters.DefaultMaximumTokenSizeInBytes + 1); Assert.False(CanReadToken(samlString, samlSecurityTokenHandler, ExpectedException.NoExceptionExpected)); samlString = new string('S', TokenValidationParameters.DefaultMaximumTokenSizeInBytes); CanReadToken(securityToken: samlString, samlSecurityTokenHandler: samlSecurityTokenHandler, expectedException: ExpectedException.NoExceptionExpected); samlString = IdentityUtilities.CreateSamlToken(); Assert.False(CanReadToken(securityToken: samlString, samlSecurityTokenHandler: samlSecurityTokenHandler, expectedException: ExpectedException.NoExceptionExpected)); samlString = IdentityUtilities.CreateSaml2Token(); Assert.True(CanReadToken(securityToken: samlString, samlSecurityTokenHandler: samlSecurityTokenHandler, expectedException: ExpectedException.NoExceptionExpected)); }