internal static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm) { IssuedSecurityTokenParameters result = new IssuedSecurityTokenParameters(SecurityXXX2005Strings.SamlTokenType); result.KeyType = SecurityKeyType.AsymmetricKey; result.ClaimTypeRequirements.Add(new ClaimTypeRequirement(s_wsidPPIClaim)); result.IssuerAddress = null; result.AddAlgorithmParameters(algorithm, standardsManager, result.KeyType); return(result); }
public static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm) { IssuedSecurityTokenParameters securityTokenParameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"); securityTokenParameters.KeyType = SecurityKeyType.AsymmetricKey; securityTokenParameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement(IssuedSecurityTokenParameters.wsidPPIClaim)); securityTokenParameters.IssuerAddress = (EndpointAddress)null; securityTokenParameters.AddAlgorithmParameters(algorithm, standardsManager, securityTokenParameters.KeyType); return(securityTokenParameters); }
internal static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm) { IssuedSecurityTokenParameters parameters = new IssuedSecurityTokenParameters("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1") { KeyType = SecurityKeyType.AsymmetricKey }; parameters.ClaimTypeRequirements.Add(new ClaimTypeRequirement(wsidPPIClaim)); parameters.IssuerAddress = null; parameters.AddAlgorithmParameters(algorithm, standardsManager, parameters.KeyType); return parameters; }
internal static IssuedSecurityTokenParameters CreateInfoCardParameters(SecurityStandardsManager standardsManager, SecurityAlgorithmSuite algorithm) { IssuedSecurityTokenParameters result = new IssuedSecurityTokenParameters(SecurityXXX2005Strings.SamlTokenType); result.KeyType = SecurityKeyType.AsymmetricKey; result.ClaimTypeRequirements.Add(new ClaimTypeRequirement(wsidPPIClaim)); result.IssuerAddress = null; result.AddAlgorithmParameters(algorithm, standardsManager, result.KeyType); return result; }
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { if ((this.IssuedKeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.BearerKeyIncompatibleWithWSFederationHttpBinding))); } if (isReliableSession && !this.EstablishSecurityContext) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.SecureConversationRequiredByReliableSession))); } SecurityBindingElement result; bool emitBspAttributes = true; IssuedSecurityTokenParameters issuedParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding); issuedParameters.IssuerMetadataAddress = this.issuerMetadataAddress; issuedParameters.KeyType = this.IssuedKeyType; if (this.IssuedKeyType == SecurityKeyType.SymmetricKey) { issuedParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength; } else { issuedParameters.KeySize = 0; } foreach (ClaimTypeRequirement c in this.claimTypeRequirements) { issuedParameters.ClaimTypeRequirements.Add(c); } foreach (XmlElement p in this.TokenRequestParameters) { issuedParameters.AdditionalRequestParameters.Add(p); } WSSecurityTokenSerializer versionSpecificSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspAttributes, null, null, null); SecurityStandardsManager versionSpecificStandardsManager = new SecurityStandardsManager(version, versionSpecificSerializer); issuedParameters.AddAlgorithmParameters(this.AlgorithmSuite, versionSpecificStandardsManager, this.issuedKeyType); SecurityBindingElement issuedTokenSecurity; if (isSecureTransportMode) { issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedParameters); } else { if (negotiateServiceCredential) { // We should have passed 'true' as RequireCancelation to be consistent with other standard bindings. // However, to limit the change for Orcas, we scope down to just newer version of WSSecurityPolicy. issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11); } else { issuedTokenSecurity = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedParameters); } } issuedTokenSecurity.MessageSecurityVersion = version; issuedTokenSecurity.DefaultAlgorithmSuite = this.AlgorithmSuite; if (this.EstablishSecurityContext) { result = SecurityBindingElement.CreateSecureConversationBindingElement(issuedTokenSecurity, true); } else { result = issuedTokenSecurity; } result.MessageSecurityVersion = version; result.DefaultAlgorithmSuite = this.AlgorithmSuite; result.IncludeTimestamp = true; if (!isReliableSession) { result.LocalServiceSettings.ReconnectTransportOnFailure = false; result.LocalClientSettings.ReconnectTransportOnFailure = false; } else { result.LocalServiceSettings.ReconnectTransportOnFailure = true; result.LocalClientSettings.ReconnectTransportOnFailure = true; } if (this.establishSecurityContext) { // issue the transition SCT for a short duration only issuedTokenSecurity.LocalServiceSettings.IssuedCookieLifetime = SpnegoTokenAuthenticator.defaultServerIssuedTransitionTokenLifetime; } return result; }
internal SecurityBindingElement CreateSecurityBindingElement(bool isSecureTransportMode, bool isReliableSession, MessageSecurityVersion version) { SecurityBindingElement element; SecurityBindingElement element3; if ((this.IssuedKeyType == SecurityKeyType.BearerKey) && (version.TrustVersion == TrustVersion.WSTrustFeb2005)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("BearerKeyIncompatibleWithWSFederationHttpBinding"))); } if (isReliableSession && !this.EstablishSecurityContext) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(System.ServiceModel.SR.GetString("SecureConversationRequiredByReliableSession"))); } bool emitBspRequiredAttributes = true; IssuedSecurityTokenParameters issuedTokenParameters = new IssuedSecurityTokenParameters(this.IssuedTokenType, this.IssuerAddress, this.IssuerBinding) { IssuerMetadataAddress = this.issuerMetadataAddress, KeyType = this.IssuedKeyType }; if (this.IssuedKeyType == SecurityKeyType.SymmetricKey) { issuedTokenParameters.KeySize = this.AlgorithmSuite.DefaultSymmetricKeyLength; } else { issuedTokenParameters.KeySize = 0; } foreach (ClaimTypeRequirement requirement in this.claimTypeRequirements) { issuedTokenParameters.ClaimTypeRequirements.Add(requirement); } foreach (XmlElement element2 in this.TokenRequestParameters) { issuedTokenParameters.AdditionalRequestParameters.Add(element2); } WSSecurityTokenSerializer tokenSerializer = new WSSecurityTokenSerializer(version.SecurityVersion, version.TrustVersion, version.SecureConversationVersion, emitBspRequiredAttributes, null, null, null); SecurityStandardsManager standardsManager = new SecurityStandardsManager(version, tokenSerializer); issuedTokenParameters.AddAlgorithmParameters(this.AlgorithmSuite, standardsManager, this.issuedKeyType); if (isSecureTransportMode) { element3 = SecurityBindingElement.CreateIssuedTokenOverTransportBindingElement(issuedTokenParameters); } else if (this.negotiateServiceCredential) { element3 = SecurityBindingElement.CreateIssuedTokenForSslBindingElement(issuedTokenParameters, version.SecurityPolicyVersion != SecurityPolicyVersion.WSSecurityPolicy11); } else { element3 = SecurityBindingElement.CreateIssuedTokenForCertificateBindingElement(issuedTokenParameters); } element3.MessageSecurityVersion = version; element3.DefaultAlgorithmSuite = this.AlgorithmSuite; if (this.EstablishSecurityContext) { element = SecurityBindingElement.CreateSecureConversationBindingElement(element3, true); } else { element = element3; } element.MessageSecurityVersion = version; element.DefaultAlgorithmSuite = this.AlgorithmSuite; element.IncludeTimestamp = true; if (!isReliableSession) { element.LocalServiceSettings.ReconnectTransportOnFailure = false; element.LocalClientSettings.ReconnectTransportOnFailure = false; } else { element.LocalServiceSettings.ReconnectTransportOnFailure = true; element.LocalClientSettings.ReconnectTransportOnFailure = true; } if (this.establishSecurityContext) { element3.LocalServiceSettings.IssuedCookieLifetime = NegotiationTokenAuthenticator<SspiNegotiationTokenAuthenticatorState>.defaultServerIssuedTransitionTokenLifetime; } return element; }