Esempio n. 1
0
        /// <summary>
        /// Gets claims identities from the specified SAML token as a GenericXmlSecurityToken
        /// </summary>
        /// <param name="token">SAML token to get identities from</param>
        /// <param name="audienceUri">Audience URI used to obtain the token</param>
        /// <param name="trustIssuer">True to automatically trust the issuer.
        /// False to validate the issuer against the app configuration</param>
        /// <returns>A collection of claims identities from the SAML token.</returns>
        public static IEnumerable <ClaimsIdentity> GetIdentitiesFromSamlToken(SecurityToken token, string audienceUri, bool trustIssuer)
        {
            SamlSecurityTokenHandler handler = new SamlSecurityTokenHandler
            {
                Configuration = new SecurityTokenHandlerConfiguration()
            };
            SamlSecurityToken samlToken = token as SamlSecurityToken;

            if (samlToken == null && token is GenericXmlSecurityToken)
            {
                samlToken = handler.ReadToken(new XmlNodeReader(((GenericXmlSecurityToken)token).TokenXml)) as SamlSecurityToken;
            }

            if (samlToken == null)
            {
                throw new ArgumentException("The token must be a SAML token or a generic XML SAML token");
            }

            handler.SamlSecurityTokenRequirement.CertificateValidator = X509CertificateValidator.None;
            handler.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri));
            if (trustIssuer)
            {
                // configure to auto-trust the issuer
                ConfigurationBasedIssuerNameRegistry issuers = handler.Configuration.IssuerNameRegistry as ConfigurationBasedIssuerNameRegistry;
                issuers.AddTrustedIssuer(((X509SecurityToken)samlToken.Assertion.SigningToken).Certificate.Thumbprint, "sts");
            }
            else
            {
                handler.Configuration.IssuerNameRegistry.LoadCustomConfiguration(
                    SystemIdentityModelSection.DefaultIdentityConfigurationElement.IssuerNameRegistry.ChildNodes);
            }
            return(handler.ValidateToken(samlToken));
        }
Esempio n. 2
0
        public void ReadEpamSignedSamlToken()
        {
            var tokenHandler   = new SamlSecurityTokenHandler();
            var issuerRegistry = new ConfigurationBasedIssuerNameRegistry();

            issuerRegistry.AddTrustedIssuer(CERTIFICATE_THUMBPRINT,
                                            ISSUER_NAME);

            tokenHandler.Configuration = new SecurityTokenHandlerConfiguration()
            {
                AudienceRestriction = new AudienceRestriction(AudienceUriMode.Never),
                IssuerNameRegistry  = issuerRegistry,
                MaxClockSkew        = TimeSpan.MaxValue
            };

            var xmlReader = XmlReader.Create(new StringReader(Resource.EpamToken));
            var token     = tokenHandler.ReadToken(xmlReader, new NamedKeyIssuerTokenResolver()) as SamlSecurityToken;

            var identity = tokenHandler.ValidateToken(token).First();

            PrintIdentity(identity);
        }
        internal static SamlSecurityToken ParseSaml(string tokenString)
        {
            SamlSecurityTokenHandler handler = TokenHelper.GetSamlHandler();

            return(handler.ReadToken(new XmlTextReader(new StringReader(tokenString))) as SamlSecurityToken);
        }