public SamlResponse(SsoSettings ssoSettings)
{
_ssoSettings = ssoSettings;
_certificate = new Certificate();
_certificate.LoadCertificate(_ssoSettings.PublicKey);
}
public void ValidateJsonWebToken(string tokenString, SsoSettings settings, IList<string> audiences)
{
try
{
TokenString = tokenString;
SecurityToken securityToken;
_log.DebugFormat("JWT Validation securityAlgorithm={0}, audience[0]={1}, audience[1]={2}", settings.ValidationType, audiences[0], audiences[1]);
switch (settings.ValidationType)
{
case ValidationTypes.RSA_SHA256:
RSACryptoServiceProvider publicOnly = new RSACryptoServiceProvider();
//"<RSAKeyValue><Modulus>zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xt1WkAcWNu24/UeS3pETu08rVTqHJUMfhHcSKgL7LAk/MMj2inGFxop1LipGZSnqZhnjsfj1ERJL5eXs1O9hqyAcXvY4A2wo67qqv/lbHLKTW59W+YQkbIOVR4nQlbh1lK1TIY+oqK0J/5Ileb4QfERn0Rv/J/K0fy6VzLmVt+kg9MRNxYwnVsC3m5/kIu1fw3OpZxcaCC68SRqLLb/UXmaJM8NXYKkAkHKxT4DQqSk6KbFSQG6qi49Q34akohekzxjxmmGeoO5tsFCuMJofKAsBKKtOkLPaJD2rQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
publicOnly.FromXmlString(settings.PublicKey);
securityToken = new RsaSecurityToken(publicOnly);
break;
case ValidationTypes.HMAC_SHA256:
//var key = "zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xu24/UeS3pETu";
securityToken = new System.ServiceModel.Security.Tokens.BinarySecretSecurityToken(GetBytes(settings.PublicKey));
break;
case ValidationTypes.X509:
var certificate = new Certificate();
certificate.LoadCertificate(settings.PublicKey);
securityToken = new X509SecurityToken(certificate.cert);
break;
default:
_log.ErrorFormat("ValidationType has wrong value: {0}", settings.ValidationType);
throw new ArgumentException("ValidationType has wrong value");
}
TokenValidationParameters validationParams = new TokenValidationParameters();
validationParams.ValidIssuer = settings.Issuer;
validationParams.ValidAudiences = audiences;
validationParams.ValidateIssuer = true;
validationParams.ValidateIssuerSigningKey = true;
validationParams.ValidateAudience = true;
validationParams.ValidateActor = true;
validationParams.IssuerSigningToken = securityToken;
JwtSecurityTokenHandler recipientTokenHandler = new JwtSecurityTokenHandler();
recipientTokenHandler.TokenLifetimeInMinutes = MAX_CLOCK_SKEW;
SecurityToken validatedToken = null;
ClaimsPrincipalReceived = recipientTokenHandler.ValidateToken(TokenString, validationParams, out validatedToken);
JwtSecurityToken = validatedToken;
}
catch (Exception e)
{
_log.ErrorFormat("JWT Validation error. {0}", e);
}
}