static MorePublicSaml2SecurityTokenHandler() { var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always); audienceRestriction.AllowedAudienceUris.Add( new Uri(KentorAuthServicesSection.Current.Issuer)); defaultInstance = new MorePublicSaml2SecurityTokenHandler() { Configuration = new SecurityTokenHandlerConfiguration() { IssuerNameRegistry = new ReturnRequestedIssuerNameRegistry(), AudienceRestriction = audienceRestriction } }; }
public Saml2PSecurityTokenHandler(ISPOptions spOptions) { if(spOptions== null) { throw new ArgumentNullException(nameof(spOptions)); } var audienceRestriction = new AudienceRestriction(AudienceUriMode.Always); audienceRestriction.AllowedAudienceUris.Add( new Uri(spOptions.EntityId.Id)); Configuration = new SecurityTokenHandlerConfiguration { IssuerNameRegistry = new ReturnRequestedIssuerNameRegistry(), AudienceRestriction = audienceRestriction, SaveBootstrapContext = spOptions.SystemIdentityModelIdentityConfiguration.SaveBootstrapContext }; }
/// <summary> /// Check if an audience restriction from configuration should be /// applied or if we should revert to the default behaviour of /// restricting the audience to the entity id. /// </summary> /// <param name="spOptions">Sp Options with configuration</param> /// <returns>Configured or created audience restriction.</returns> private static AudienceRestriction GetAudienceRestriction(ISPOptions spOptions) { var audienceRestriction = spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction; if (audienceRestriction.AudienceMode != AudienceUriMode.Never && ! audienceRestriction.AllowedAudienceUris.Any()) { // Create a new instance instead of modifying the one from the // configuration. audienceRestriction = new AudienceRestriction(audienceRestriction.AudienceMode); audienceRestriction.AllowedAudienceUris.Add(new Uri(spOptions.EntityId.Id)); } return audienceRestriction; }