private void Init(string piIssuerCertificateThumbPrint) { var usernameHandler = new STSUserNameHandler(); SecurityTokenService = typeof(STSService); usernameHandler.Configuration = new SecurityTokenHandlerConfiguration(); usernameHandler.Configuration.AudienceRestriction = new AudienceRestriction(); usernameHandler.Configuration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; usernameHandler.Configuration.SaveBootstrapContext = true; usernameHandler.Configuration.IssuerNameRegistry = new STSIssuerNameRegister(piIssuerCertificateThumbPrint); SecurityTokenHandlers.AddOrReplace(usernameHandler); }
public SimpleStsConfiguration(IRelyingParty rp) : base(rp.IssuerName) { RelyingParty = rp; SecurityTokenService = typeof(SimpleSts); SecurityTokenHandlers.Clear(); SecurityTokenHandlers.Add(TokenTypes.GetSecurityTokenHandler(rp.TokenType)); ServiceCertificate = rp.GetEncryptingCertificate(); if (ServiceCertificate != null) { SecurityTokenHandlers.Add(new EncryptedSecurityTokenHandler()); } }
/// <summary> /// Creates configuration for the basic security token service. /// </summary> public BasicSecurityTokenServiceConfiguration() : base(ConfigurationProvider.Instance.IssuerTokenName.Uri.AbsoluteUri) { DisableWsdl = true; SaveBootstrapTokens = true; TokenIssuerName = ConfigurationProvider.Instance.IssuerTokenName.Uri.AbsoluteUri; SigningCredentials = new X509SigningCredentials(CertificateHelper.GetCertificate(StoreName.My, StoreLocation.LocalMachine, ConfigurationProvider.Instance.SigningCertificate.SubjetName)); var userNameSecurityTokenHandler = SecurityTokenHandlers.OfType <UserNameSecurityTokenHandler>().FirstOrDefault(); while (userNameSecurityTokenHandler != null) { SecurityTokenHandlers.Remove(userNameSecurityTokenHandler); userNameSecurityTokenHandler = SecurityTokenHandlers.OfType <UserNameSecurityTokenHandler>().FirstOrDefault(); } SecurityTokenHandlers.Add(new UserNameAsMailAddressSecurityTokenHandler()); SecurityTokenService = typeof(BasicSecurityTokenService); }
private ReadOnlyCollection <ClaimsIdentity> ValidateAssertion(string assertionXml) { ReadOnlyCollection <ClaimsIdentity> claimsIdentities = null; Saml2SecurityToken securityToken; StringReader reader = new StringReader(assertionXml); using (XmlReader xmlReader = XmlReader.Create(reader)) { if (!xmlReader.ReadToFollowing("saml2:Assertion")) { throw new SecurityTokenValidationException("SAML2 Assertion not found."); } FixedSaml2SecurityTokenHandler tokenHandler = new FixedSaml2SecurityTokenHandler(Recipient); SecurityTokenHandler[] tokenHandlers = new SecurityTokenHandlers[] { tokenHandler }; SecurityTokenHandlerCollection handlerCollection = new SecurityTokenHandlerCollection(tokenHandlers); ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry(); foreach (TrustedIssuer issuer in TrustedIssuers) { issuerNameRegistry.AddTrustedIssuer(issuer.CertificateThumbprint, issuer.IssuerName); } handlerCollection.Configuration.IssuerNameRegistry = issuerNameRegistry; AudienceRestriction restriction = new AudienceRestriction(AudienceUriMode.Always); foreach (Uri allowedAudience in AllowedAudiences) { restriction.AllowedAudiencesUris.Add(allowedAudience); } handlerCollection.Configuration.AudienceRestriction = restriction; securityToken = (Saml2SecurityToken)handlerCollection.ReadToken(xmlReader.ReadSubtree()); claimsIdentities = handlerCollection.ValidateToken(securityToken); } return(claimsIdentities); }
public WsTrustOptions AddSecurityTokenHandler(Func <IServiceProvider, SecurityTokenHandler> factory, params string[] requestedTokenTypes) { SecurityTokenHandlers.Add(new SecurityTokenHandlerDescriptor(requestedTokenTypes, factory)); return(this); }