private void Init(string piIssuerCertificateThumbPrint)
{
var usernameHandler = new STSUserNameHandler();
SecurityTokenService = typeof(STSService);
usernameHandler.Configuration = new SecurityTokenHandlerConfiguration();
usernameHandler.Configuration.AudienceRestriction = new AudienceRestriction();
usernameHandler.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never;
usernameHandler.Configuration.SaveBootstrapContext = true;
usernameHandler.Configuration.IssuerNameRegistry = new STSIssuerNameRegister(piIssuerCertificateThumbPrint);
SecurityTokenHandlers.AddOrReplace(usernameHandler);
}
public SimpleStsConfiguration(IRelyingParty rp)
: base(rp.IssuerName)
{
RelyingParty = rp;
SecurityTokenService = typeof(SimpleSts);
SecurityTokenHandlers.Clear();
SecurityTokenHandlers.Add(TokenTypes.GetSecurityTokenHandler(rp.TokenType));
ServiceCertificate = rp.GetEncryptingCertificate();
if (ServiceCertificate != null)
{
SecurityTokenHandlers.Add(new EncryptedSecurityTokenHandler());
}
}
/// <summary>
/// Creates configuration for the basic security token service.
/// </summary>
public BasicSecurityTokenServiceConfiguration() :
base(ConfigurationProvider.Instance.IssuerTokenName.Uri.AbsoluteUri)
{
DisableWsdl = true;
SaveBootstrapTokens = true;
TokenIssuerName = ConfigurationProvider.Instance.IssuerTokenName.Uri.AbsoluteUri;
SigningCredentials = new X509SigningCredentials(CertificateHelper.GetCertificate(StoreName.My, StoreLocation.LocalMachine, ConfigurationProvider.Instance.SigningCertificate.SubjetName));
var userNameSecurityTokenHandler = SecurityTokenHandlers.OfType <UserNameSecurityTokenHandler>().FirstOrDefault();
while (userNameSecurityTokenHandler != null)
{
SecurityTokenHandlers.Remove(userNameSecurityTokenHandler);
userNameSecurityTokenHandler = SecurityTokenHandlers.OfType <UserNameSecurityTokenHandler>().FirstOrDefault();
}
SecurityTokenHandlers.Add(new UserNameAsMailAddressSecurityTokenHandler());
SecurityTokenService = typeof(BasicSecurityTokenService);
}
private ReadOnlyCollection <ClaimsIdentity> ValidateAssertion(string assertionXml)
{
ReadOnlyCollection <ClaimsIdentity> claimsIdentities = null;
Saml2SecurityToken securityToken;
StringReader reader = new StringReader(assertionXml);
using (XmlReader xmlReader = XmlReader.Create(reader))
{
if (!xmlReader.ReadToFollowing("saml2:Assertion"))
{
throw new SecurityTokenValidationException("SAML2 Assertion not found.");
}
FixedSaml2SecurityTokenHandler tokenHandler = new FixedSaml2SecurityTokenHandler(Recipient);
SecurityTokenHandler[] tokenHandlers = new SecurityTokenHandlers[] { tokenHandler };
SecurityTokenHandlerCollection handlerCollection = new SecurityTokenHandlerCollection(tokenHandlers);
ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry();
foreach (TrustedIssuer issuer in TrustedIssuers)
{
issuerNameRegistry.AddTrustedIssuer(issuer.CertificateThumbprint, issuer.IssuerName);
}
handlerCollection.Configuration.IssuerNameRegistry = issuerNameRegistry;
AudienceRestriction restriction = new AudienceRestriction(AudienceUriMode.Always);
foreach (Uri allowedAudience in AllowedAudiences)
{
restriction.AllowedAudiencesUris.Add(allowedAudience);
}
handlerCollection.Configuration.AudienceRestriction = restriction;
securityToken = (Saml2SecurityToken)handlerCollection.ReadToken(xmlReader.ReadSubtree());
claimsIdentities = handlerCollection.ValidateToken(securityToken);
}
return(claimsIdentities);
}
public WsTrustOptions AddSecurityTokenHandler(Func <IServiceProvider, SecurityTokenHandler> factory, params string[] requestedTokenTypes)
{
SecurityTokenHandlers.Add(new SecurityTokenHandlerDescriptor(requestedTokenTypes, factory));
return(this);
}
