/// <summary> /// Loads a SecurityTokenHandlerConfiguration using the elements directly under the ServiceElement. /// </summary> protected SecurityTokenHandlerConfiguration LoadHandlerConfiguration(IdentityConfigurationElement element) { SecurityTokenHandlerConfiguration handlerConfiguration = new SecurityTokenHandlerConfiguration(); try { if (element.ElementInformation.Properties[ConfigurationStrings.MaximumClockSkew].ValueOrigin != PropertyValueOrigin.Default) { handlerConfiguration.MaxClockSkew = element.MaximumClockSkew; } else { handlerConfiguration.MaxClockSkew = _serviceMaxClockSkew; } } catch (ArgumentException inner) { throw DiagnosticUtility.ThrowHelperConfigurationError(element, ConfigurationStrings.MaximumClockSkew, inner); } if (element.AudienceUris.IsConfigured) { handlerConfiguration.AudienceRestriction.AudienceMode = element.AudienceUris.Mode; foreach (AudienceUriElement audienceUriElement in element.AudienceUris) { handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUriElement.Value, UriKind.RelativeOrAbsolute)); } } if (element.Caches.IsConfigured) { if (element.Caches.TokenReplayCache.IsConfigured) { handlerConfiguration.Caches.TokenReplayCache = CustomTypeElement.Resolve <TokenReplayCache>(element.Caches.TokenReplayCache); } if (element.Caches.SessionSecurityTokenCache.IsConfigured) { handlerConfiguration.Caches.SessionSecurityTokenCache = CustomTypeElement.Resolve <SessionSecurityTokenCache>(element.Caches.SessionSecurityTokenCache); } } if (element.CertificateValidation.IsConfigured) { handlerConfiguration.RevocationMode = element.CertificateValidation.RevocationMode; handlerConfiguration.CertificateValidationMode = element.CertificateValidation.CertificateValidationMode; handlerConfiguration.TrustedStoreLocation = element.CertificateValidation.TrustedStoreLocation; if (element.CertificateValidation.CertificateValidator.IsConfigured) { handlerConfiguration.CertificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(element.CertificateValidation.CertificateValidator); } } // // Load the issuer name registry // if (element.IssuerNameRegistry.IsConfigured) { handlerConfiguration.IssuerNameRegistry = GetIssuerNameRegistry(element.IssuerNameRegistry); } // // Load the issuer token resolver // if (element.IssuerTokenResolver.IsConfigured) { handlerConfiguration.IssuerTokenResolver = GetIssuerTokenResolver(element); } // // SaveBootstrapContext // handlerConfiguration.SaveBootstrapContext = element.SaveBootstrapContext; // // Load the service token resolver // if (element.ServiceTokenResolver.IsConfigured) { handlerConfiguration.ServiceTokenResolver = GetServiceTokenResolver(element); } // // TokenReplayCache related items // if (element.TokenReplayDetection.IsConfigured) { // // Set on SecurityTokenHandlerConfiguration // // DetectReplayedTokens set - { true | false } // handlerConfiguration.DetectReplayedTokens = element.TokenReplayDetection.Enabled; // ExpirationPeriod { TimeSpan } // handlerConfiguration.TokenReplayCacheExpirationPeriod = element.TokenReplayDetection.ExpirationPeriod; } return(handlerConfiguration); }
/// <summary> /// Loads configuration elements pertaining to the <see cref="SecurityTokenHandlerCollection"/> /// </summary> /// <param name="baseConfiguration">Base <see cref="SecurityTokenHandlerConfiguration"/> from which to inherit default values.</param> /// <param name="element">The <see cref="SecurityTokenHandlerConfigurationElement"/> from the configuration file.</param> /// <returns></returns> protected SecurityTokenHandlerConfiguration LoadHandlerConfiguration(SecurityTokenHandlerConfiguration baseConfiguration, SecurityTokenHandlerConfigurationElement element) { SecurityTokenHandlerConfiguration handlerConfiguration = (baseConfiguration == null) ? new SecurityTokenHandlerConfiguration() : baseConfiguration; if (element.AudienceUris.IsConfigured) { // // There is no inheritance of the content of the element from base to child, only the whole element. If the // user specifies any part, they must specify it all. // handlerConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Always; handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Clear(); handlerConfiguration.AudienceRestriction.AudienceMode = element.AudienceUris.Mode; foreach (AudienceUriElement audienceUriElement in element.AudienceUris) { handlerConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUriElement.Value, UriKind.RelativeOrAbsolute)); } } if (element.Caches.IsConfigured) { if (element.Caches.TokenReplayCache.IsConfigured) { handlerConfiguration.Caches.TokenReplayCache = CustomTypeElement.Resolve <TokenReplayCache>(element.Caches.TokenReplayCache); } if (element.Caches.SessionSecurityTokenCache.IsConfigured) { handlerConfiguration.Caches.SessionSecurityTokenCache = CustomTypeElement.Resolve <SessionSecurityTokenCache>(element.Caches.SessionSecurityTokenCache); } } if (element.CertificateValidation.IsConfigured) { handlerConfiguration.RevocationMode = element.CertificateValidation.RevocationMode; handlerConfiguration.CertificateValidationMode = element.CertificateValidation.CertificateValidationMode; handlerConfiguration.TrustedStoreLocation = element.CertificateValidation.TrustedStoreLocation; if (element.CertificateValidation.CertificateValidator.IsConfigured) { handlerConfiguration.CertificateValidator = CustomTypeElement.Resolve <X509CertificateValidator>(element.CertificateValidation.CertificateValidator); } } // // Load the issuer name registry // if (element.IssuerNameRegistry.IsConfigured) { handlerConfiguration.IssuerNameRegistry = GetIssuerNameRegistry(element.IssuerNameRegistry); } // // Load the issuer token resolver // if (element.IssuerTokenResolver.IsConfigured) { handlerConfiguration.IssuerTokenResolver = CustomTypeElement.Resolve <SecurityTokenResolver>(element.IssuerTokenResolver); } // // Load MaxClockSkew // try { if (element.ElementInformation.Properties[ConfigurationStrings.MaximumClockSkew].ValueOrigin != PropertyValueOrigin.Default) { handlerConfiguration.MaxClockSkew = element.MaximumClockSkew; } } catch (ArgumentException inner) { throw DiagnosticUtility.ThrowHelperConfigurationError(element, ConfigurationStrings.MaximumClockSkew, inner); } // // SaveBootstrapTokens // if (element.ElementInformation.Properties[ConfigurationStrings.SaveBootstrapContext].ValueOrigin != PropertyValueOrigin.Default) { handlerConfiguration.SaveBootstrapContext = element.SaveBootstrapContext; } // // Load the service token resolver // if (element.ServiceTokenResolver.IsConfigured) { handlerConfiguration.ServiceTokenResolver = CustomTypeElement.Resolve <SecurityTokenResolver>(element.ServiceTokenResolver); } // // TokenReplayCache related items // if (element.TokenReplayDetection.IsConfigured) { // // Set on SecurityTokenHandlerConfiguration // // // DetectReplayedTokens set - { true | false } // handlerConfiguration.DetectReplayedTokens = element.TokenReplayDetection.Enabled; // // ExpirationPeriod { TimeSpan } // handlerConfiguration.TokenReplayCacheExpirationPeriod = element.TokenReplayDetection.ExpirationPeriod; } return(handlerConfiguration); }
/// <summary> /// Loads the <see cref="SecurityTokenHandlerCollectionManager"/> defined for a given service. /// </summary> /// <param name="serviceElement">The <see cref="IdentityConfigurationElement"/> used to configure this instance.</param> /// <returns></returns> protected SecurityTokenHandlerCollectionManager LoadHandlers(IdentityConfigurationElement serviceElement) { // // We start with a token handler collection manager that contains a single collection that includes the default // handlers for the system. // SecurityTokenHandlerCollectionManager manager = SecurityTokenHandlerCollectionManager.CreateEmptySecurityTokenHandlerCollectionManager(); if (serviceElement != null) { // // Load any token handler collections that appear as part of this service element // if (serviceElement.SecurityTokenHandlerSets.Count > 0) { foreach (SecurityTokenHandlerElementCollection handlerElementCollection in serviceElement.SecurityTokenHandlerSets) { try { SecurityTokenHandlerConfiguration handlerConfiguration; SecurityTokenHandlerCollection handlerCollection; if (string.IsNullOrEmpty(handlerElementCollection.Name) || StringComparer.Ordinal.Equals(handlerElementCollection.Name, ConfigurationStrings.DefaultConfigurationElementName)) { // // For the default collection, merge the IdentityConfiguration with the underlying config, if it exists. // if (handlerElementCollection.SecurityTokenHandlerConfiguration.IsConfigured) { // // Configuration from a nested configuration object. We start with Service level configuration for // handlers and then override the collection specific configuration. The result is a new configuration // object that can only be modified by accessing the collection or handlers configuration properties. // _serviceHandlerConfiguration = LoadHandlerConfiguration(serviceElement); handlerConfiguration = LoadHandlerConfiguration(_serviceHandlerConfiguration, handlerElementCollection.SecurityTokenHandlerConfiguration); } else { // // No nested configuration object. We use the values from the ServiceElement for this case. // handlerConfiguration = LoadHandlerConfiguration(serviceElement); } _serviceHandlerConfiguration = handlerConfiguration; } else { // // This is a non-default collection. There should be no settings inherited from IdentityConfiguration. // if (handlerElementCollection.SecurityTokenHandlerConfiguration.IsConfigured) { handlerConfiguration = LoadHandlerConfiguration(null, handlerElementCollection.SecurityTokenHandlerConfiguration); } else { // // If there is no underlying config, set everything as default. // handlerConfiguration = new SecurityTokenHandlerConfiguration(); } } handlerCollection = new SecurityTokenHandlerCollection(handlerConfiguration); manager[handlerElementCollection.Name] = handlerCollection; foreach (CustomTypeElement handlerElement in handlerElementCollection) { handlerCollection.Add(CustomTypeElement.Resolve <SecurityTokenHandler>(handlerElement)); } } catch (ArgumentException inner) { throw DiagnosticUtility.ThrowHelperConfigurationError(serviceElement, handlerElementCollection.Name, inner); } } } // // Ensure that the default usage collection always exists // if (!manager.ContainsKey(SecurityTokenHandlerCollectionManager.Usage.Default)) { manager[SecurityTokenHandlerCollectionManager.Usage.Default] = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(_serviceHandlerConfiguration); } } else { // // Ensure that the default usage collection always exists // _serviceHandlerConfiguration = new SecurityTokenHandlerConfiguration(); _serviceHandlerConfiguration.MaxClockSkew = _serviceMaxClockSkew; if (!manager.ContainsKey(SecurityTokenHandlerCollectionManager.Usage.Default)) { manager[SecurityTokenHandlerCollectionManager.Usage.Default] = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(_serviceHandlerConfiguration); } } return(manager); }