public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configuration config)
{
var configuration = new Saml2IdentityConfiguration();
#if NETFULL
configuration.SaveBootstrapContext = config.SaveBootstrapContext;
configuration.AudienceRestriction = GetAudienceRestriction(config.AudienceRestricted, config.AllowedAudienceUris);
configuration.IssuerNameRegistry = new Saml2ResponseIssuerNameRegistry();
configuration.CertificateValidationMode = config.CertificateValidationMode;
configuration.RevocationMode = config.RevocationMode;
configuration.DetectReplayedTokens = config.DetectReplayedTokens;
configuration.Initialize();
#else
configuration.SaveSigninToken = config.SaveBootstrapContext;
configuration.ValidateAudience = config.AudienceRestricted;
configuration.ValidAudiences = config.AllowedAudienceUris.Select(a => a);
configuration.ValidIssuer = config.Issuer;
configuration.ValidateTokenReplay = config.DetectReplayedTokens;
configuration.NameClaimType = ClaimTypes.NameIdentifier;
configuration.CertificateValidator = new Saml2CertificateValidator
{
CertificateValidationMode = config.CertificateValidationMode,
RevocationMode = config.RevocationMode,
};
#endif
SetCustomCertificateValidator(configuration, config);
return(configuration);
}
private static void SetCustomCertificateValidator(Saml2IdentityConfiguration configuration, Saml2Configuration config)
{
if (config.CertificateValidationMode == X509CertificateValidationMode.Custom)
{
if (config.CustomCertificateValidator is null)
{
throw new Saml2ConfigurationException("A CustomCertificateValidator is required when setting CertificateValidationMode = X509CertificateValidationMode.Custom");
}
configuration.CertificateValidator = config.CustomCertificateValidator;
}
}
