private SecurityToken CreateOutputSamlToken(ClaimsIdentity identity, ProofDescriptor proof,
X509Certificate2 encryptingCertificate)
{
var adfsIssuerUri = _configuration.AdfsIntegration.IssuerUri;
var encryptingCredentials = new EncryptedKeyEncryptingCredentials(
new X509EncryptingCredentials(encryptingCertificate),
256,
"http://www.w3.org/2001/04/xmlenc#aes256-cbc");
var descriptor = new SecurityTokenDescriptor
{
AppliesToAddress = adfsIssuerUri,
TokenIssuerName = _configuration.Global.IssuerUri,
SigningCredentials = new X509SigningCredentials(_configuration.Keys.SigningCertificate),
// signing creds of IdSrv
EncryptingCredentials = encryptingCredentials,
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(1)),
Proof = proof,
Subject = identity,
TokenType = TokenTypes.Saml2TokenProfile11
};
return(_handler.CreateToken(descriptor) as Saml2SecurityToken);
}