public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configuration config) { var configuration = new Saml2IdentityConfiguration(); #if NETFULL configuration.SaveBootstrapContext = config.SaveBootstrapContext; configuration.AudienceRestriction = GetAudienceRestriction(config.AudienceRestricted, config.AllowedAudienceUris); configuration.IssuerNameRegistry = new Saml2ResponseIssuerNameRegistry(); configuration.CertificateValidationMode = config.CertificateValidationMode; configuration.RevocationMode = config.RevocationMode; configuration.DetectReplayedTokens = config.DetectReplayedTokens; configuration.Initialize(); #else configuration.SaveSigninToken = config.SaveBootstrapContext; configuration.ValidateAudience = config.AudienceRestricted; configuration.ValidAudiences = config.AllowedAudienceUris.Select(a => a); configuration.ValidIssuer = config.Issuer; configuration.ValidateTokenReplay = config.DetectReplayedTokens; configuration.NameClaimType = ClaimTypes.NameIdentifier; configuration.CertificateValidator = new Saml2CertificateValidator { CertificateValidationMode = config.CertificateValidationMode, RevocationMode = config.RevocationMode, }; #endif SetCustomCertificateValidator(configuration, config); return(configuration); }
private static void SetCustomCertificateValidator(Saml2IdentityConfiguration configuration, Saml2Configuration config) { if (config.CertificateValidationMode == X509CertificateValidationMode.Custom) { if (config.CustomCertificateValidator is null) { throw new Saml2ConfigurationException("A CustomCertificateValidator is required when setting CertificateValidationMode = X509CertificateValidationMode.Custom"); } configuration.CertificateValidator = config.CustomCertificateValidator; } }