private SecurityContextSecurityToken TryResolveSecurityContextToken(UniqueId contextId, UniqueId generation, string id, SecurityTokenResolver tokenResolver, out ISecurityContextSecurityTokenCache sctCache)
{
SecurityContextSecurityToken sourceToken = null;
sctCache = null;
if (tokenResolver is ISecurityContextSecurityTokenCache)
{
sctCache = (ISecurityContextSecurityTokenCache)tokenResolver;
sourceToken = sctCache.GetContext(contextId, generation);
}
else if (tokenResolver is AggregateTokenResolver)
{
AggregateTokenResolver resolver = tokenResolver as AggregateTokenResolver;
for (int i = 0; i < resolver.OutOfBandTokenResolver.Count; i++)
{
ISecurityContextSecurityTokenCache cache = resolver.OutOfBandTokenResolver[i] as ISecurityContextSecurityTokenCache;
if (cache != null)
{
if (sctCache == null)
{
sctCache = cache;
}
sourceToken = cache.GetContext(contextId, generation);
if (sourceToken != null)
{
break;
}
}
}
}
if (sourceToken == null)
{
return(null);
}
if (sourceToken.Id == id)
{
return(sourceToken);
}
return(new SecurityContextSecurityToken(sourceToken, id));
}
/// <summary>
/// This method creates a SAML security token authenticator when token type is null.
/// It wraps the SAML 1.1 and the SAML 2.0 token handlers that are configured.
/// If no token handler was found, then the inner token manager is created.
/// </summary>
SecurityTokenAuthenticator CreateSamlSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
outOfBandTokenResolver = null;
SecurityTokenAuthenticator securityTokenAuthenticator = null;
SamlSecurityTokenHandler saml11SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.SamlTokenProfile11] as SamlSecurityTokenHandler;
Saml2SecurityTokenHandler saml2SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.Saml2TokenProfile11] as Saml2SecurityTokenHandler;
if (saml11SecurityTokenHandler != null && saml11SecurityTokenHandler.Configuration == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274));
}
if (saml2SecurityTokenHandler != null && saml2SecurityTokenHandler.Configuration == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274));
}
if (saml11SecurityTokenHandler != null && saml2SecurityTokenHandler != null)
{
//
// Both SAML 1.1 and SAML 2.0 token handlers have been configured.
//
WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper);
WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper);
securityTokenAuthenticator = new WrappedSamlSecurityTokenAuthenticator(wrappedSaml11SecurityTokenAuthenticator, wrappedSaml2SecurityTokenAuthenticator);
// The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens.
List <SecurityTokenResolver> resolvers = new List <SecurityTokenResolver>();
resolvers.Add(saml11SecurityTokenHandler.Configuration.ServiceTokenResolver);
resolvers.Add(saml2SecurityTokenHandler.Configuration.ServiceTokenResolver);
outOfBandTokenResolver = new AggregateTokenResolver(resolvers);
}
else if (saml11SecurityTokenHandler == null && saml2SecurityTokenHandler != null)
{
//
// SAML 1.1 token handler is not present but SAML 2.0 is. Set the token type to SAML 2.0
//
securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper);
// The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens.
outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver;
}
else if (saml11SecurityTokenHandler != null && saml2SecurityTokenHandler == null)
{
//
// SAML 1.1 token handler is present but SAML 2.0 is not. Set the token type to SAML 1.1
//
securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper);
// The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens.
outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver;
}
else
{
securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver);
}
return(securityTokenAuthenticator);
}
