IssuedSecurityTokenProvider CreateIssuedProviderBase(SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider(); p.TargetAddress = r.GetProperty <EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty <Binding> (ReqType.IssuerBindingProperty, out binding)) { binding = new CustomBinding(sbe, new TextMessageEncodingBindingElement(), new HttpTransportBindingElement()); } p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty <BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll <IEndpointBehavior> ()) { p.IssuerChannelBehaviors.Add(b); } SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty <EndpointAddress> (ReqType.IssuerAddressProperty, out address)) { address = p.TargetAddress; } p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return(p); }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { if (base.IsIssuedSecurityTokenRequirement(tokenRequirement)) { EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty); IssuedSecurityTokenParameters parameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); return(InfoCardHelper.CreateTokenProviderForNextLeg(tokenRequirement, property, parameters.IssuerAddress, this.m_relyingPartyIssuer, this, this.m_infocardChannelParameter)); } return(base.CreateSecurityTokenProvider(tokenRequirement)); }
void InitializeAuthenticatorCommunicationObject(AuthenticatorCommunicationObject p, SecurityTokenRequirement r) { p.ListenUri = r.GetProperty <Uri> (ReqType.ListenUriProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty <SecurityBindingElement> (ReqType.SecurityBindingElementProperty); p.SecurityBindingElement = sbe; /* * // I doubt the binding is acquired this way ... * Binding binding; * if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) * binding = new CustomBinding ( * new TextMessageEncodingBindingElement (), * new HttpTransportBindingElement ()); * p.IssuerBinding = binding; * * // not sure if it is used only for this purpose though ... * BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty); * foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ()) * p.IssuerChannelBehaviors.Add (b); */ SecurityTokenVersion ver = r.GetProperty <SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer(ver); /* * // seems like they are optional here ... (but possibly * // used later) * EndpointAddress address; * if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) * address = p.TargetAddress; * p.IssuerAddress = address; */ // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty <SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; }
public override SecurityTokenProvider CreateSecurityTokenProvider( SecurityTokenRequirement tokenRequirement) { // Return your implementation of the SecurityTokenProvider based on the // tokenRequirement argument. SecurityTokenProvider result; if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate) { MessageDirection direction = tokenRequirement.GetProperty<MessageDirection>( ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Output) { result = new MySecurityTokenProvider(credentials.ClientCertificate.Certificate); } else { result = base.CreateSecurityTokenProvider(tokenRequirement); } } else { result = base.CreateSecurityTokenProvider(tokenRequirement); } return result; }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { // Return your implementation of the SecurityTokenProvider based on the // tokenRequirement argument. SecurityTokenAuthenticator result; if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { MessageDirection direction = tokenRequirement.GetProperty <MessageDirection> (ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Input) { outOfBandTokenResolver = null; result = new MySecurityTokenAuthenticator(); } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } return(result); }
public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { // Return your implementation of the SecurityTokenProvider based on the // tokenRequirement argument. SecurityTokenAuthenticator result; if (tokenRequirement.TokenType == SecurityTokenTypes.UserName) { MessageDirection direction = tokenRequirement.GetProperty<MessageDirection> (ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Input) { outOfBandTokenResolver = null; result = new MySecurityTokenAuthenticator(); } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } } else { result = base.CreateSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } return result; }
public override SecurityTokenProvider CreateSecurityTokenProvider( SecurityTokenRequirement requirement) { SecurityTokenProvider result = null; if (requirement.TokenType == SecurityTokenTypes.X509Certificate) { var direction = requirement.GetProperty<MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Output) { if (requirement.KeyUsage == SecurityKeyUsage.Signature) result = new X509SecurityTokenProvider(this._credentials.ClientSigningCertificate); else result = new X509SecurityTokenProvider(this._credentials.ServiceEncryptingCertificate); } else { if (requirement.KeyUsage == SecurityKeyUsage.Signature) result = new X509SecurityTokenProvider(this._credentials.ServiceSigningCertificate); else result = new X509SecurityTokenProvider(_credentials.ClientEncryptingCertificate); } } else { result = base.CreateSecurityTokenProvider(requirement); } return result; }
public override SecurityTokenProvider CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenProvider result = null; if (tokenRequirement.TokenType == SecurityTokenTypes.X509Certificate) { MessageDirection direction = tokenRequirement.GetProperty <MessageDirection>(ServiceModelSecurityTokenRequirement.MessageDirectionProperty); if (direction == MessageDirection.Input) { if (tokenRequirement.KeyUsage == SecurityKeyUsage.Exchange) { result = new CustomX509SecurityTokenProvider(credentials.ServiceCertificate.Certificate); } } else { if (tokenRequirement.KeyUsage == SecurityKeyUsage.Signature) { result = new CustomX509SecurityTokenProvider(credentials.ServiceCertificate.Certificate); } } } if (result == null) { result = base.CreateSecurityTokenProvider(tokenRequirement); } return(result); }
/// <summary> /// Creates a <see cref="WsTrustRequest"/> from the <see cref="WSTrustTokenParameters"/> /// </summary> /// <returns></returns> protected virtual WsTrustRequest CreateWsTrustRequest() { EndpointAddress target = SecurityTokenRequirement.GetProperty <EndpointAddress>(TargetAddressProperty); int keySize; string keyType; switch (WSTrustTokenParameters.KeyType) { case SecurityKeyType.AsymmetricKey: keySize = DefaultPublicKeySize; keyType = _requestSerializationContext.TrustKeyTypes.PublicKey; break; case SecurityKeyType.SymmetricKey: keySize = _securityAlgorithmSuite.DefaultSymmetricKeyLength; keyType = _requestSerializationContext.TrustKeyTypes.Symmetric; break; case SecurityKeyType.BearerKey: keySize = 0; keyType = _requestSerializationContext.TrustKeyTypes.Bearer; break; default: throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new NotSupportedException(LogHelper.FormatInvariant("KeyType is not supported: {0}", WSTrustTokenParameters.KeyType)), System.Diagnostics.Tracing.EventLevel.Error); } Entropy entropy = null; if (WSTrustTokenParameters.KeyType != SecurityKeyType.BearerKey && (KeyEntropyMode == SecurityKeyEntropyMode.ClientEntropy || KeyEntropyMode == SecurityKeyEntropyMode.CombinedEntropy)) { byte[] entropyBytes = new byte[keySize / 8]; Psha1KeyGenerator.FillRandomBytes(entropyBytes); entropy = new Entropy(new BinarySecret(entropyBytes)); } var trustRequest = new WsTrustRequest(_requestSerializationContext.TrustActions.Issue) { AppliesTo = new AppliesTo(new EndpointReference(target.Uri.OriginalString)), Context = RequestContext, KeySizeInBits = keySize, KeyType = keyType, WsTrustVersion = _requestSerializationContext.TrustVersion }; if (SecurityTokenRequirement.TokenType != null) { trustRequest.TokenType = SecurityTokenRequirement.TokenType; } if (entropy != null) { trustRequest.Entropy = entropy; trustRequest.ComputedKeyAlgorithm = _requestSerializationContext.TrustKeyTypes.PSHA1; } return(trustRequest); }
public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } if (clientCredentialsTokenManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager"); } provider = null; if ((clientCredentialsTokenManager.ClientCredentials.SupportInteractive && ((null == clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress) || (clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding == null))) && clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement)) { ChannelParameterCollection parameters; Uri uri; int num; InfoCardChannelParameter infocardChannelParameter = null; if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out parameters)) { foreach (object obj2 in parameters) { if (obj2 is InfoCardChannelParameter) { infocardChannelParameter = (InfoCardChannelParameter)obj2; break; } } } if ((infocardChannelParameter == null) || !infocardChannelParameter.RequiresInfoCard) { return(false); } EndpointAddress property = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty); IssuedSecurityTokenParameters parameters2 = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out uri)) { uri = null; } if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out num)) { num = 0; } provider = CreateTokenProviderForNextLeg(tokenRequirement, property, parameters2.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter); } return(provider != null); }
public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenRequirement = tokenRequirement ?? throw new ArgumentNullException(nameof(tokenRequirement)); SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite); WSTrustTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty) as WSTrustTokenParameters; InitializeKeyEntropyMode(); SetInboundSerializationContext(); RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext; }
/// <summary> /// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request. /// </summary> /// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param> /// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception> /// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception> public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), EventLevel.Error); SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite); IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty); WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters; if (WSTrustTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant(SR.GetResourceString(SR.IssuedSecurityTokenParametersIncorrectType), issuedSecurityTokenParameters), nameof(tokenRequirement)), EventLevel.Error); } _communicationObject = new WrapperSecurityCommunicationObject(this); }
/// <summary> /// Instantiates a <see cref="WSTrustChannelSecurityTokenProvider"/> that describe the parameters for a WSTrust request. /// </summary> /// <param name="tokenRequirement">the <see cref="SecurityTokenRequirement"/> that must contain a <see cref="WSTrustTokenParameters"/> as the <see cref="IssuedSecurityTokenParameters"/> property.</param> /// <exception cref="ArgumentNullException">thrown if <paramref name="tokenRequirement"/> is null.</exception> /// <exception cref="ArgumentException">thrown if <see cref="SecurityTokenRequirement.GetProperty{TValue}(string)"/> (IssuedSecurityTokenParameters) is not a <see cref="WSTrustTokenParameters"/>.</exception> public WSTrustChannelSecurityTokenProvider(SecurityTokenRequirement tokenRequirement) { SecurityTokenRequirement = tokenRequirement ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentNullException(nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error); SecurityTokenRequirement.TryGetProperty(SecurityAlgorithmSuiteProperty, out _securityAlgorithmSuite); IssuedSecurityTokenParameters issuedSecurityTokenParameters = SecurityTokenRequirement.GetProperty <IssuedSecurityTokenParameters>(IssuedSecurityTokenParametersProperty); WSTrustTokenParameters = issuedSecurityTokenParameters as WSTrustTokenParameters; if (WSTrustTokenParameters == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelper(new ArgumentException(LogHelper.FormatInvariant("tokenRequirement.GetProperty<IssuedSecurityTokenParameters> must be of type: WSTrustTokenParameters. Was: '{0}.", issuedSecurityTokenParameters), nameof(tokenRequirement)), System.Diagnostics.Tracing.EventLevel.Error); } InitializeKeyEntropyMode(); SetInboundSerializationContext(); RequestContext = string.IsNullOrEmpty(WSTrustTokenParameters.RequestContext) ? Guid.NewGuid().ToString() : WSTrustTokenParameters.RequestContext; }
public override SecurityTokenProvider CreateSecurityTokenProvider( SecurityTokenRequirement requirement) { SecurityTokenProvider result = null; if (requirement.TokenType == SecurityTokenTypes.X509Certificate) { MessageDirection direction = requirement. GetProperty <MessageDirection>( ServiceModelSecurityTokenRequirement. MessageDirectionProperty); if (direction == MessageDirection.Input) { if (requirement.KeyUsage == SecurityKeyUsage.Exchange) { result = new X509SecurityTokenProvider( credentials.ServiceEncryptingCertificate); } else { result = new X509SecurityTokenProvider( credentials.ClientSigningCertificate); } } else { if (requirement.KeyUsage == SecurityKeyUsage.Signature) { result = new X509SecurityTokenProvider( credentials.ServiceSigningCertificate); } else { result = new X509SecurityTokenProvider( credentials.ClientEncryptingCertificate); } } } else { result = base.CreateSecurityTokenProvider(requirement); } return(result); }
internal static SecurityStandardsManager CreateSecurityStandardsManager(SecurityTokenRequirement requirement, SecurityTokenManager tokenManager) { MessageSecurityTokenVersion securityVersion = (MessageSecurityTokenVersion)requirement.GetProperty <MessageSecurityTokenVersion>(ServiceModelSecurityTokenRequirement.MessageSecurityVersionProperty); if (securityVersion == MessageSecurityTokenVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10) { return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, tokenManager)); } if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005) { return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11, tokenManager)); } if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005BasicSecurityProfile10) { return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, tokenManager)); } if (securityVersion == MessageSecurityTokenVersion.WSSecurity10WSTrust13WSSecureConversation13BasicSecurityProfile10) { return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, tokenManager)); } if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrust13WSSecureConversation13) { return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12, tokenManager)); } if (securityVersion == MessageSecurityTokenVersion.WSSecurity11WSTrust13WSSecureConversation13BasicSecurityProfile10) { return(CreateSecurityStandardsManager(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, tokenManager)); } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException()); }
// Summary: // If interactive support is requested and an IssuedSecurityTokenParameters is specified this method // will return an instance of an InfoCardTokenProvider. // Otherwise this method defers to the base implementation. // // Parameters // parameters - The security token parameters associated with this ChannelFactory. // // Note // The target and issuer information will not be available in this call // public static bool TryCreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement, ClientCredentialsSecurityTokenManager clientCredentialsTokenManager, out SecurityTokenProvider provider) { if (tokenRequirement == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tokenRequirement"); } if (clientCredentialsTokenManager == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("clientCredentialsTokenManager"); } provider = null; if (!clientCredentialsTokenManager.ClientCredentials.SupportInteractive || (null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerAddress && null != clientCredentialsTokenManager.ClientCredentials.IssuedToken.LocalIssuerBinding) || !clientCredentialsTokenManager.IsIssuedSecurityTokenRequirement(tokenRequirement) ) { //IDT.TraceDebug("ICARDTOKPROV: Non Issued SecurityToken requirement submitted to InfoCardClientCredentialsSecurityTokenManager:\n{0}", tokenRequirement); //IDT.TraceDebug("ICARDTOKPROV: Defering to the base class to create the token provider"); } else { ChannelParameterCollection channelParameter; InfoCardChannelParameter infocardChannelParameter = null; if (tokenRequirement.TryGetProperty <ChannelParameterCollection>(ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out channelParameter)) { foreach (object obj in channelParameter) { if (obj is InfoCardChannelParameter) { infocardChannelParameter = (InfoCardChannelParameter)obj; break; } } } if (null == infocardChannelParameter || !infocardChannelParameter.RequiresInfoCard) { return(false); } EndpointAddress target = tokenRequirement.GetProperty <EndpointAddress>(ServiceModelSecurityTokenRequirement.TargetAddressProperty); IssuedSecurityTokenParameters issuedTokenParameters = tokenRequirement.GetProperty <IssuedSecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty); Uri privacyNoticeLink; if (!tokenRequirement.TryGetProperty <Uri>(ServiceModelSecurityTokenRequirement.PrivacyNoticeUriProperty, out privacyNoticeLink)) { privacyNoticeLink = null; } int privacyNoticeVersion; if (!tokenRequirement.TryGetProperty <int>(ServiceModelSecurityTokenRequirement.PrivacyNoticeVersionProperty, out privacyNoticeVersion)) { privacyNoticeVersion = 0; } // // This analysis of this chain indicates that interactive support will be required // The InternalClientCredentials class handles that. // provider = CreateTokenProviderForNextLeg(tokenRequirement, target, issuedTokenParameters.IssuerAddress, infocardChannelParameter.RelyingPartyIssuer, clientCredentialsTokenManager, infocardChannelParameter); } return(provider != null); }
IssuedSecurityTokenProvider CreateIssuedProviderBase (SecurityTokenRequirement r) { IssuedSecurityTokenProvider p = new IssuedSecurityTokenProvider (); p.TargetAddress = r.GetProperty<EndpointAddress> (ReqType.TargetAddressProperty); // FIXME: use it somewhere, probably to build // IssuerBinding. However, there is also IssuerBinding // property. SecureConversationSecurityBindingElement // as well. SecurityBindingElement sbe = r.GetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty); // I doubt the binding is acquired this way ... Binding binding; if (!r.TryGetProperty<Binding> (ReqType.IssuerBindingProperty, out binding)) binding = new CustomBinding (sbe, new TextMessageEncodingBindingElement (), new HttpTransportBindingElement ()); p.IssuerBinding = binding; // not sure if it is used only for this purpose though ... BindingContext ctx = r.GetProperty<BindingContext> (ReqType.IssuerBindingContextProperty); foreach (IEndpointBehavior b in ctx.BindingParameters.FindAll<IEndpointBehavior> ()) p.IssuerChannelBehaviors.Add (b); SecurityTokenVersion ver = r.GetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty); p.SecurityTokenSerializer = CreateSecurityTokenSerializer (ver); // seems like they are optional here ... (but possibly // used later) EndpointAddress address; if (!r.TryGetProperty<EndpointAddress> (ReqType.IssuerAddressProperty, out address)) address = p.TargetAddress; p.IssuerAddress = address; // It is somehow not checked as mandatory ... SecurityAlgorithmSuite suite = null; r.TryGetProperty<SecurityAlgorithmSuite> (ReqType.SecurityAlgorithmSuiteProperty, out suite); p.SecurityAlgorithmSuite = suite; return p; }