public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token)
{
var saml2SecurityToken = token as Saml2SecurityToken;
this.ValidateConditions(saml2SecurityToken.Assertion.Conditions, SamlSecurityTokenRequirement.ShouldEnforceAudienceRestriction(Configuration.AudienceRestriction.AudienceMode, saml2SecurityToken));
if (this.Configuration.DetectReplayedTokens)
{
this.DetectReplayedToken(saml2SecurityToken);
}
// If the backing token is x509, validate trust
X509SecurityToken issuerToken = saml2SecurityToken.IssuerToken as X509SecurityToken;
if (issuerToken != null)
{
this.CertificateValidator.Validate(issuerToken.Certificate);
}
var identity = this.CreateClaims(saml2SecurityToken);
if (saml2SecurityToken.Assertion.Subject.NameId != null)
{
identity.AddClaim(new Claim(Saml2ClaimTypes.NameId, saml2SecurityToken.Assertion.Subject.NameId.Value));
//throw new InvalidDataException("The requered NameID Assertion is null");
if (saml2SecurityToken.Assertion.Subject.NameId.Format != null)
{
identity.AddClaim(new Claim(Saml2ClaimTypes.NameIdFormat, saml2SecurityToken.Assertion.Subject.NameId.Format.AbsoluteUri));
//throw new InvalidDataException("The requered NameID Assertion Format is null");
}
}
identity.AddClaim(new Claim(Saml2ClaimTypes.SessionIndex, saml2SecurityToken.Id));
if (Configuration.SaveBootstrapContext)
{
identity.BootstrapContext = new BootstrapContext(saml2SecurityToken, this);
}
return(new List <ClaimsIdentity>(1)
{
identity
}.AsReadOnly());
}
public ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token, Saml2Response saml2Response)
{
var saml2SecurityToken = token as Saml2SecurityToken;
ValidateConditions(saml2SecurityToken.Assertion.Conditions, SamlSecurityTokenRequirement.ShouldEnforceAudienceRestriction(Configuration.AudienceRestriction.AudienceMode, saml2SecurityToken));
if (Configuration.DetectReplayedTokens)
{
DetectReplayedToken(saml2SecurityToken);
}
var identity = CreateClaims(saml2SecurityToken);
if (saml2SecurityToken.Assertion.Subject.NameId != null)
{
saml2Response.NameId = saml2SecurityToken.Assertion.Subject.NameId;
identity.AddClaim(new Claim(Saml2ClaimTypes.NameId, saml2Response.NameId.Value));
if (saml2Response.NameId.Format != null)
{
identity.AddClaim(new Claim(Saml2ClaimTypes.NameIdFormat, saml2Response.NameId.Format.OriginalString));
}
}
var sessionIndex = (saml2SecurityToken.Assertion.Statements.Where(s => s is Saml2AuthenticationStatement).FirstOrDefault() as Saml2AuthenticationStatement)?.SessionIndex;
if (sessionIndex != null)
{
saml2Response.SessionIndex = sessionIndex;
identity.AddClaim(new Claim(Saml2ClaimTypes.SessionIndex, saml2Response.SessionIndex));
}
if (Configuration.SaveBootstrapContext)
{
identity.BootstrapContext = new BootstrapContext(saml2SecurityToken, this);
}
return(new List <ClaimsIdentity>(1)
{
identity
}.AsReadOnly());
}
public ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token, string tokenString, Saml2Response saml2Response)
#endif
{
var saml2SecurityToken = token as Saml2SecurityToken;
#if NETFULL
ValidateConditions(saml2SecurityToken.Assertion.Conditions, SamlSecurityTokenRequirement.ShouldEnforceAudienceRestriction(Configuration.AudienceRestriction.AudienceMode, saml2SecurityToken));
#else
ValidateConditions(saml2SecurityToken, TokenValidationParameters);
#endif
#if NETFULL
if (Configuration.DetectReplayedTokens)
{
DetectReplayedToken(saml2SecurityToken);
}
#else
if (TokenValidationParameters.ValidateTokenReplay)
{
ValidateTokenReplay(saml2SecurityToken.Assertion.Conditions.NotBefore, tokenString, TokenValidationParameters);
}
#endif
#if NETFULL
var identity = CreateClaims(saml2SecurityToken);
#else
var identity = CreateClaimsIdentity(saml2SecurityToken, TokenValidationParameters.ValidIssuer, TokenValidationParameters);
#endif
if (saml2SecurityToken.Assertion.Subject.NameId != null)
{
saml2Response.NameId = saml2SecurityToken.Assertion.Subject.NameId;
identity.AddClaim(new Claim(Saml2ClaimTypes.NameId, saml2Response.NameId.Value));
if (saml2Response.NameId.Format != null)
{
identity.AddClaim(new Claim(Saml2ClaimTypes.NameIdFormat, saml2Response.NameId.Format.OriginalString));
}
}
var sessionIndex = (saml2SecurityToken.Assertion.Statements.Where(s => s is Saml2AuthenticationStatement).FirstOrDefault() as Saml2AuthenticationStatement)?.SessionIndex;
if (sessionIndex != null)
{
saml2Response.SessionIndex = sessionIndex;
identity.AddClaim(new Claim(Saml2ClaimTypes.SessionIndex, saml2Response.SessionIndex));
}
#if NETFULL
if (Configuration.SaveBootstrapContext)
{
identity.BootstrapContext = new BootstrapContext(saml2SecurityToken, this);
}
#else
if (TokenValidationParameters.SaveSigninToken)
{
identity.BootstrapContext = tokenString;
}
#endif
return(new List <ClaimsIdentity>(1)
{
identity
}.AsReadOnly());
}