public void CreateAndValidateTokens_DuplicateClaims()
{
SecurityToken validatedToken;
string encodedJwt = IdentityUtilities.CreateJwtToken(
new SecurityTokenDescriptor
{
AppliesToAddress = IdentityUtilities.DefaultAudience,
SigningCredentials = IdentityUtilities.DefaultSymmetricSigningCredentials,
Subject = new ClaimsIdentity(ClaimSets.DuplicateTypes(IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer)),
TokenIssuerName = IdentityUtilities.DefaultIssuer,
});
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
JwtSecurityTokenHandler.InboundClaimFilter.Add("aud");
JwtSecurityTokenHandler.InboundClaimFilter.Add("exp");
JwtSecurityTokenHandler.InboundClaimFilter.Add("iat");
JwtSecurityTokenHandler.InboundClaimFilter.Add("iss");
JwtSecurityTokenHandler.InboundClaimFilter.Add("nbf");
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(encodedJwt, IdentityUtilities.DefaultSymmetricTokenValidationParameters, out validatedToken);
Assert.IsTrue(IdentityComparer.AreEqual <IEnumerable <Claim> >(claimsPrincipal.Claims, ClaimSets.DuplicateTypes(IdentityUtilities.DefaultIssuer, IdentityUtilities.DefaultIssuer), new CompareContext {
IgnoreProperties = true, IgnoreSubject = true
}));
JwtSecurityTokenHandler.InboundClaimFilter.Clear();
}
public void CrossToken_ValidateToken()
{
JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler();
Saml2TokenHandler saml2Handler = new Saml2TokenHandler();
SamlTokenHandler samlHandler = new SamlTokenHandler();
JwtSecurityTokenHandler.InboundClaimFilter.Add("aud");
JwtSecurityTokenHandler.InboundClaimFilter.Add("exp");
JwtSecurityTokenHandler.InboundClaimFilter.Add("iat");
JwtSecurityTokenHandler.InboundClaimFilter.Add("iss");
JwtSecurityTokenHandler.InboundClaimFilter.Add("nbf");
string jwtToken = IdentityUtilities.CreateJwtToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, jwtHandler);
// saml tokens created using Microsoft.IdentityModel.Extensions
string imSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSaml2Handler);
string imSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSamlHandler);
// saml tokens created using System.IdentityModel.Tokens
string smSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSaml2Handler);
string smSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSamlHandler);
ClaimsPrincipal jwtPrincipal = ValidateToken(jwtToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, jwtHandler, ExpectedException.NoExceptionExpected);
ClaimsPrincipal imSaml2Principal = ValidateToken(imSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected);
ClaimsPrincipal imSamlPrincipal = ValidateToken(imSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected);
ClaimsPrincipal smSaml2Principal = ValidateToken(smSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected);
ClaimsPrincipal smSamlPrincipal = ValidateToken(smSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected);
Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(imSamlPrincipal, imSaml2Principal, new CompareContext {
IgnoreSubject = true
}));
Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(smSamlPrincipal, imSaml2Principal, new CompareContext {
IgnoreSubject = true
}));
Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(smSaml2Principal, imSaml2Principal, new CompareContext {
IgnoreSubject = true
}));
// false = ignore type of objects, we expect all objects in the principal to be of same type (no derived types)
// true = ignore subject, claims have a backpointer to their ClaimsIdentity. Most of the time this will be different as we are comparing two different ClaimsIdentities.
// true = ignore properties of claims, any mapped claims short to long for JWT's will have a property that represents the short type.
Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(jwtPrincipal, imSaml2Principal, new CompareContext {
IgnoreType = false, IgnoreSubject = true, IgnoreProperties = true
}));
JwtSecurityTokenHandler.InboundClaimFilter.Clear();
}
