public IPrincipal ProcessResponse(string samlResponse, IFederatedAuthenticationSettings settings)
{
ThrowIf.ArgumentNull(samlResponse, nameof(samlResponse));
ThrowIf.ArgumentNull(settings, nameof(settings));
var token = ReadSecurityToken(samlResponse, settings);
if (token == null)
{
// TODO add logging
// Log.DebugFormat("[SAMLHandler] Cannot read non SAML2 token.\n {0}", tokenString);
throw new FederatedAuthenticationException("Cannot read token",
FederatedAuthenticationErrorCode.WrongFormat);
}
var samlSecurityTokenRequirement = new SamlSecurityTokenRequirement
{
NameClaimType = settings.NameClaimType, // "Username",
MapToWindows = false
};
var handler = new BpSaml2SecurityTokenHandler(samlResponse, samlSecurityTokenRequirement)
{
Configuration = new SecurityTokenHandlerConfiguration()
};
ConfigureHandler(handler.Configuration, settings);
ReadOnlyCollection <ClaimsIdentity> validateToken;
try
{
validateToken = handler.ValidateToken(token);
}
catch (FederatedAuthenticationException faEx)
{
if (faEx.ErrorCode != FederatedAuthenticationErrorCode.WrongFormat)
{
throw;
}
token = (Saml2SecurityToken)handler.ReadToken(samlResponse);
validateToken = handler.ValidateToken(token);
}
return(new ClaimsPrincipal(validateToken));
}
public WrappedSerializer(BpSaml2SecurityTokenHandler parent, Saml2Assertion assertion)
{
_assertion = assertion;
_parent = parent;
}
