//protected override SecurityTokenDescriptor CreateSecurityTokenDescriptor(RequestSecurityToken request, Scope scope) //{ // StreamWriter file = new StreamWriter("c:\\temp\\IdentityProviderSts.CustomSecurityTokenService - CreateSecurityTokenDescriptor.txt", true); // file.WriteLine("_________________________________________"); // file.WriteLine("DateTime: " + DateTime.Now.ToString()); // SecurityTokenDescriptor descriptor = null; // try // { // descriptor = base.CreateSecurityTokenDescriptor(request, scope); // if (descriptor == null) // { // file.WriteLine("descriptor: " + "null"); // } // if (descriptor.Subject == null) // { // file.WriteLine("descriptor.Subject: " + "null"); // } // string authType = Saml2Constants.AuthenticationContextClasses.Password.ToString(); // DateTime now = DateTime.UtcNow; // if (string.IsNullOrEmpty(authType)) // { // file.WriteLine("authType: " + "null"); // } // else // { // file.WriteLine("authType: " + authType); // file.WriteLine("now: " + now.ToString()); // descriptor.AddAuthenticationClaims( authType, now); // } // } // catch (Exception e) // { // file.WriteLine("Exception: " + e.Message); // if (e.InnerException != null) // { // file.WriteLine("InnerException: " + e.InnerException.Message); // } // throw; // } // finally // { // if (file != null) // { // file.Close(); // } // } // return descriptor; //} /// <summary> /// Validates appliesTo and throws an exception if the appliesTo is null or contains an unexpected address. /// </summary> /// <param name="appliesTo">The AppliesTo value that came in the RST.</param> /// <exception cref="ArgumentNullException">If 'appliesTo' parameter is null.</exception> /// <exception cref="InvalidRequestException">If 'appliesTo' is not valid.</exception> void ValidateAppliesTo(EndpointAddress appliesTo) { if (appliesTo == null) { throw new ArgumentNullException("appliesTo"); } if (appliesTo != null) { Type type = appliesTo.GetType(); } // TODO: Enable AppliesTo validation for allowed relying party Urls by setting enableAppliesToValidation to true. By default it is false. if (enableAppliesToValidation) { bool validAppliesTo = false; foreach (string rpUrl in ActiveClaimsAwareApps) { if (appliesTo.Uri.Equals(new Uri(rpUrl))) { validAppliesTo = true; break; } } if (!validAppliesTo) { throw new InvalidRequestException(String.Format("The 'appliesTo' address '{0}' is not valid.", appliesTo.Uri.OriginalString)); } } }