IssuedSecurityTokenProvider CreateIssuedSecurityTokenProvider(InitiatorServiceModelSecurityTokenRequirement initiatorRequirement, FederatedClientCredentialsParameters actAsOnBehalfOfParameters)
{
if (initiatorRequirement.TargetAddress == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenRequirementDoesNotSpecifyTargetAddress, initiatorRequirement));
}
SecurityBindingElement securityBindingElement = initiatorRequirement.SecurityBindingElement;
if (securityBindingElement == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenProviderRequiresSecurityBindingElement, initiatorRequirement));
}
EndpointAddress issuerAddress = initiatorRequirement.IssuerAddress;
Binding issuerBinding = initiatorRequirement.IssuerBinding;
//
// If the issuer address is indeed anonymous or null, we will try the local issuer
//
bool isLocalIssuer = (issuerAddress == null || issuerAddress.Equals(EndpointAddress.AnonymousAddress));
if (isLocalIssuer)
{
issuerAddress = parent.IssuedToken.LocalIssuerAddress;
issuerBinding = parent.IssuedToken.LocalIssuerBinding;
}
if (issuerAddress == null)
{
// if issuer address is still null then the user forgot to specify the local issuer
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsAddressNotSet, initiatorRequirement.TargetAddress)));
}
if (issuerBinding == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.StsBindingNotSet, issuerAddress)));
}
Uri issuerUri = issuerAddress.Uri;
KeyedByTypeCollection<IEndpointBehavior> issuerChannelBehaviors;
if (!parent.IssuedToken.IssuerChannelBehaviors.TryGetValue(issuerAddress.Uri, out issuerChannelBehaviors) && isLocalIssuer)
{
issuerChannelBehaviors = parent.IssuedToken.LocalIssuerChannelBehaviors;
}
IssuedSecurityTokenProvider federationTokenProvider = new IssuedSecurityTokenProvider(GetCredentialsHandle(initiatorRequirement));
federationTokenProvider.TokenHandlerCollectionManager = this.parent.SecurityTokenHandlerCollectionManager;
federationTokenProvider.TargetAddress = initiatorRequirement.TargetAddress;
CopyIssuerChannelBehaviorsAndAddSecurityCredentials(federationTokenProvider, issuerChannelBehaviors, issuerAddress);
federationTokenProvider.CacheIssuedTokens = parent.IssuedToken.CacheIssuedTokens;
federationTokenProvider.IdentityVerifier = securityBindingElement.LocalClientSettings.IdentityVerifier;
federationTokenProvider.IssuerAddress = issuerAddress;
federationTokenProvider.IssuerBinding = issuerBinding;
federationTokenProvider.KeyEntropyMode = GetIssuerBindingKeyEntropyModeOrDefault(issuerBinding);
federationTokenProvider.MaxIssuedTokenCachingTime = parent.IssuedToken.MaxIssuedTokenCachingTime;
federationTokenProvider.SecurityAlgorithmSuite = initiatorRequirement.SecurityAlgorithmSuite;
MessageSecurityVersion issuerSecurityVersion;
SecurityTokenSerializer issuerSecurityTokenSerializer;
IssuedSecurityTokenParameters issuedTokenParameters = initiatorRequirement.GetProperty<IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
GetIssuerBindingSecurityVersion(issuerBinding, issuedTokenParameters.DefaultMessageSecurityVersion, initiatorRequirement.SecurityBindingElement, out issuerSecurityVersion, out issuerSecurityTokenSerializer);
federationTokenProvider.MessageSecurityVersion = issuerSecurityVersion;
federationTokenProvider.SecurityTokenSerializer = issuerSecurityTokenSerializer;
federationTokenProvider.IssuedTokenRenewalThresholdPercentage = parent.IssuedToken.IssuedTokenRenewalThresholdPercentage;
IEnumerable<XmlElement> tokenRequestParameters = issuedTokenParameters.CreateRequestParameters(issuerSecurityVersion, issuerSecurityTokenSerializer);
if (tokenRequestParameters != null)
{
foreach (XmlElement requestParameter in tokenRequestParameters)
{
federationTokenProvider.TokenRequestParameters.Add(requestParameter);
}
}
ChannelParameterCollection channelParameters;
if (initiatorRequirement.TryGetProperty<ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameters))
{
federationTokenProvider.ChannelParameters = channelParameters;
}
federationTokenProvider.SetupActAsOnBehalfOfParameters(actAsOnBehalfOfParameters);
return federationTokenProvider;
}
