public Saml2AssertionFactory(ISaml2AssertionValidationOptions options) { if (options.Audience == null) throw new ArgumentNullException("Audience"); if (options.Recipient == null) throw new ArgumentNullException("Recipient"); if (options.Certificate == null) throw new ArgumentNullException("certificate"); configuration = GetSecurityTokenHandlerConfiguration(options); tokenHandler = new Saml2BearerGrantSecurityTokenHandler(options.Recipient); tokenHandler.Configuration = configuration; }
protected virtual SecurityTokenHandlerConfiguration GetSecurityTokenHandlerConfiguration(ISaml2AssertionValidationOptions options) { var serviceTokens = new List<SecurityToken>(); serviceTokens.Add(new X509SecurityToken(options.Certificate)); var issuers = new ConfigurationBasedIssuerNameRegistry(); issuers.AddTrustedIssuer(options.Certificate.Thumbprint, options.Certificate.Issuer); var conf = new SecurityTokenHandlerConfiguration { AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always), CertificateValidator = X509CertificateValidator.ChainTrust, RevocationMode = X509RevocationMode.NoCheck, IssuerNameRegistry = issuers, MaxClockSkew = TimeSpan.FromMinutes(5), ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(serviceTokens.AsReadOnly(), false) }; foreach (var y in options.Audience) { conf.AudienceRestriction.AllowedAudienceUris.Add(y); } return conf; }