public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (
			SecurityTokenRequirement requirement,
			out SecurityTokenResolver outOfBandTokenResolver)
		{
			outOfBandTokenResolver = null;
			if (requirement.TokenType == SecurityTokenTypes.UserName)
				return CreateUserNameAuthenticator (requirement);
			if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
				return CreateX509Authenticator (requirement);
			if (requirement.TokenType == SecurityTokenTypes.Rsa)
				return new RsaSecurityTokenAuthenticator ();
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) {
				// FIXME: get parameters from somewhere
				SecurityContextSecurityTokenResolver resolver =
					new SecurityContextSecurityTokenResolver (0x1000, true);
				outOfBandTokenResolver = resolver;
				SecurityContextSecurityTokenAuthenticator sc =
					new SecurityContextSecurityTokenAuthenticator ();
				return new SecureConversationSecurityTokenAuthenticator (requirement, sc, resolver);
			}
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego)
				return CreateSslTokenAuthenticator (requirement);
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego)
				return CreateSslTokenAuthenticator (requirement);
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego)
				return CreateSpnegoTokenAuthenticator (requirement);
			else
				throw new NotImplementedException ("Not implemented token type: " + requirement.TokenType);
		}
		public SecureConversationSecurityTokenAuthenticator (
			SecurityTokenRequirement r,
			SecurityContextSecurityTokenAuthenticator scAuth,
			SecurityContextSecurityTokenResolver scResolver)
		{
			this.req = r;
			this.sc_auth = scAuth;
			this.sc_res = scResolver;
			comm = new WsscAuthenticatorCommunicationObject ();
		}
 public SecureConversationSecurityTokenAuthenticator(
     SecurityTokenRequirement r,
     SecurityContextSecurityTokenAuthenticator scAuth,
     SecurityContextSecurityTokenResolver scResolver)
 {
     this.req     = r;
     this.sc_auth = scAuth;
     this.sc_res  = scResolver;
     comm         = new WsscAuthenticatorCommunicationObject();
 }
 private SecurityTokenAuthenticator CreateTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool requireClientCertificate, out SecurityTokenResolver sctResolver)
 {
     SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
     if (securityBindingElement == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement }));
     }
     bool flag = !recipientRequirement.SupportSecurityContextCancellation;
     LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
     sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true);
     TlsnegoTokenAuthenticator authenticator = new TlsnegoTokenAuthenticator {
         IsClientAnonymous = !requireClientCertificate
     };
     if (requireClientCertificate)
     {
         authenticator.ClientTokenAuthenticator = this.CreateTlsnegoClientX509TokenAuthenticator(recipientRequirement);
         authenticator.MapCertificateToWindowsAccount = this.ServiceCredentials.ClientCertificate.Authentication.MapClientCertificateToWindowsAccount;
     }
     authenticator.EncryptStateInServiceToken = flag;
     authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
     authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache) sctResolver;
     authenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
     authenticator.ListenUri = recipientRequirement.ListenUri;
     authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
     authenticator.StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this);
     authenticator.SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder;
     authenticator.KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes;
     authenticator.ServerTokenProvider = this.CreateTlsnegoServerX509TokenProvider(recipientRequirement);
     authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
     authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
     authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
     authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
     if (securityBindingElement is TransportSecurityBindingElement)
     {
         authenticator.MaxMessageSize = System.ServiceModel.Security.SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext);
     }
     authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
     authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
     authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
     return authenticator;
 }
 private SecurityTokenAuthenticator CreateSpnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver sctResolver)
 {
     SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
     if (securityBindingElement == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement }));
     }
     bool flag = !recipientRequirement.SupportSecurityContextCancellation;
     LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
     sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true);
     ExtendedProtectionPolicy result = null;
     recipientRequirement.TryGetProperty<ExtendedProtectionPolicy>(ServiceModelSecurityTokenRequirement.ExtendedProtectionPolicy, out result);
     SpnegoTokenAuthenticator authenticator = new SpnegoTokenAuthenticator {
         ExtendedProtectionPolicy = result,
         AllowUnauthenticatedCallers = this.parent.WindowsAuthentication.AllowAnonymousLogons,
         ExtractGroupsForWindowsAccounts = this.parent.WindowsAuthentication.IncludeWindowsGroups,
         IsClientAnonymous = false,
         EncryptStateInServiceToken = flag,
         IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty),
         IssuedTokenCache = (ISecurityContextSecurityTokenCache) sctResolver,
         IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty),
         ListenUri = recipientRequirement.ListenUri,
         SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite,
         StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this),
         SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder,
         KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes
     };
     if (securityBindingElement is TransportSecurityBindingElement)
     {
         authenticator.MaxMessageSize = System.ServiceModel.Security.SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext);
     }
     authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
     authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
     authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
     authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
     authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
     authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
     authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
     return authenticator;
 }
 protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver)
 {
     SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
     if (securityBindingElement == null)
     {
         throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.ServiceModel.SR.GetString("TokenAuthenticatorRequiresSecurityBindingElement", new object[] { recipientRequirement }));
     }
     bool flag = !recipientRequirement.SupportSecurityContextCancellation;
     LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
     IMessageFilterTable<EndpointAddress> propertyOrDefault = recipientRequirement.GetPropertyOrDefault<IMessageFilterTable<EndpointAddress>>(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null);
     if (!flag)
     {
         sctResolver = new SecurityContextSecurityTokenResolver(0x7fffffff, false);
         return new SecuritySessionSecurityTokenAuthenticator { BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache) sctResolver, IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), KeyEntropyMode = securityBindingElement.KeyEntropyMode, ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, SessionTokenLifetime = TimeSpan.MaxValue, KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), EndpointFilterTable = propertyOrDefault, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, PreserveBootstrapTokens = preserveBootstrapTokens };
     }
     sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew);
     return new AcceleratedTokenAuthenticator { 
         BootstrapSecurityBindingElement = System.ServiceModel.Security.SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement), KeyEntropyMode = securityBindingElement.KeyEntropyMode, EncryptStateInServiceToken = true, IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty), IssuedTokenCache = (ISecurityContextSecurityTokenCache) sctResolver, IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty), ListenUri = recipientRequirement.ListenUri, SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite, StandardsManager = System.ServiceModel.Security.SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this), SecurityStateEncoder = this.parent.SecureConversationAuthentication.SecurityStateEncoder, KnownTypes = this.parent.SecureConversationAuthentication.SecurityContextClaimTypes, PreserveBootstrapTokens = preserveBootstrapTokens, MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations, NegotiationTimeout = localServiceSettings.NegotiationTimeout, ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime, MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations, 
         AuditLogLocation = recipientRequirement.AuditLogLocation, SuppressAuditFailure = recipientRequirement.SuppressAuditFailure, MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel, EndpointFilterTable = propertyOrDefault
      };
 }
        protected SecurityTokenAuthenticator CreateSecureConversationTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool preserveBootstrapTokens, out SecurityTokenResolver sctResolver)
        {
            SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
            if (securityBindingElement == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement));
            }
            bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation;
            LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
            IMessageFilterTable<EndpointAddress> endpointFilterTable = recipientRequirement.GetPropertyOrDefault<IMessageFilterTable<EndpointAddress>>(ServiceModelSecurityTokenRequirement.EndpointFilterTableProperty, null);

            if (!isCookieMode)
            {
                sctResolver = new SecurityContextSecurityTokenResolver(Int32.MaxValue, false);

                // remember this authenticator for future reference
                SecuritySessionSecurityTokenAuthenticator authenticator = new SecuritySessionSecurityTokenAuthenticator();
                authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement);
                authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
                authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
                authenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
                authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
                authenticator.ListenUri = recipientRequirement.ListenUri;
                authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
                authenticator.SessionTokenLifetime = TimeSpan.MaxValue;
                authenticator.KeyRenewalInterval = securityBindingElement.LocalServiceSettings.SessionKeyRenewalInterval;
                authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this);
                authenticator.EndpointFilterTable = endpointFilterTable;
                authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
                authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
                authenticator.PreserveBootstrapTokens = preserveBootstrapTokens;
                return authenticator;
            }
            else
            {
                sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true, localServiceSettings.MaxClockSkew);

                AcceleratedTokenAuthenticator authenticator = new AcceleratedTokenAuthenticator();
                authenticator.BootstrapSecurityBindingElement = SecurityUtils.GetIssuerSecurityBindingElement(recipientRequirement);
                authenticator.KeyEntropyMode = securityBindingElement.KeyEntropyMode;
                authenticator.EncryptStateInServiceToken = true;
                authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
                authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
                authenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
                authenticator.ListenUri = recipientRequirement.ListenUri;
                authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
                authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this);
                authenticator.SecurityStateEncoder = parent.SecureConversationAuthentication.SecurityStateEncoder;
                authenticator.KnownTypes = parent.SecureConversationAuthentication.SecurityContextClaimTypes;
                authenticator.PreserveBootstrapTokens = preserveBootstrapTokens;

                // local security quotas
                authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
                authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
                authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
                authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;

                // audit settings
                authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
                authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
                authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
                authenticator.EndpointFilterTable = endpointFilterTable;
                return authenticator;
            }
        }
        SecurityTokenAuthenticator CreateTlsnegoSecurityTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, bool requireClientCertificate, out SecurityTokenResolver sctResolver)
        {
            SecurityBindingElement securityBindingElement = recipientRequirement.SecurityBindingElement;
            if (securityBindingElement == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(SR.GetString(SR.TokenAuthenticatorRequiresSecurityBindingElement, recipientRequirement));
            }
            bool isCookieMode = !recipientRequirement.SupportSecurityContextCancellation;
            LocalServiceSecuritySettings localServiceSettings = securityBindingElement.LocalServiceSettings;
            sctResolver = new SecurityContextSecurityTokenResolver(localServiceSettings.MaxCachedCookies, true);

            TlsnegoTokenAuthenticator authenticator = new TlsnegoTokenAuthenticator();
            authenticator.IsClientAnonymous = !requireClientCertificate;
            if (requireClientCertificate)
            {
                authenticator.ClientTokenAuthenticator = this.CreateTlsnegoClientX509TokenAuthenticator(recipientRequirement);
                authenticator.MapCertificateToWindowsAccount = this.ServiceCredentials.ClientCertificate.Authentication.MapClientCertificateToWindowsAccount;
            }
            authenticator.EncryptStateInServiceToken = isCookieMode;
            authenticator.IssuedSecurityTokenParameters = recipientRequirement.GetProperty<SecurityTokenParameters>(ServiceModelSecurityTokenRequirement.IssuedSecurityTokenParametersProperty);
            authenticator.IssuedTokenCache = (ISecurityContextSecurityTokenCache)sctResolver;
            authenticator.IssuerBindingContext = recipientRequirement.GetProperty<BindingContext>(ServiceModelSecurityTokenRequirement.IssuerBindingContextProperty);
            authenticator.ListenUri = recipientRequirement.ListenUri;
            authenticator.SecurityAlgorithmSuite = recipientRequirement.SecurityAlgorithmSuite;
            authenticator.StandardsManager = SecurityUtils.CreateSecurityStandardsManager(recipientRequirement, this);
            authenticator.SecurityStateEncoder = parent.SecureConversationAuthentication.SecurityStateEncoder;
            authenticator.KnownTypes = parent.SecureConversationAuthentication.SecurityContextClaimTypes;
            authenticator.ServerTokenProvider = CreateTlsnegoServerX509TokenProvider(recipientRequirement);
            // local security quotas
            authenticator.MaximumCachedNegotiationState = localServiceSettings.MaxStatefulNegotiations;
            authenticator.NegotiationTimeout = localServiceSettings.NegotiationTimeout;
            authenticator.ServiceTokenLifetime = localServiceSettings.IssuedCookieLifetime;
            authenticator.MaximumConcurrentNegotiations = localServiceSettings.MaxStatefulNegotiations;
            // if the TLSNEGO is being done in mixed-mode, the nego blobs are from an anonymous client and so there size bound needs to be enforced.
            if (securityBindingElement is TransportSecurityBindingElement)
            {
                authenticator.MaxMessageSize = SecurityUtils.GetMaxNegotiationBufferSize(authenticator.IssuerBindingContext);
            }
            // audit settings
            authenticator.AuditLogLocation = recipientRequirement.AuditLogLocation;
            authenticator.SuppressAuditFailure = recipientRequirement.SuppressAuditFailure;
            authenticator.MessageAuthenticationAuditLevel = recipientRequirement.MessageAuthenticationAuditLevel;
            return authenticator;
        }
		public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator (
			SecurityTokenRequirement requirement,
			out SecurityTokenResolver outOfBandTokenResolver)
		{
			outOfBandTokenResolver = null;
			if (requirement.TokenType == SecurityTokenTypes.UserName)
				return CreateUserNameAuthenticator (requirement);
			if (requirement.TokenType == SecurityTokenTypes.X509Certificate)
				return CreateX509Authenticator (requirement);
			if (requirement.TokenType == SecurityTokenTypes.Rsa)
				return new RsaSecurityTokenAuthenticator ();
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.SecureConversation) {
				SecurityBindingElement binding;
				if (!requirement.TryGetProperty<SecurityBindingElement> (ReqType.SecurityBindingElementProperty, out binding))
					throw new ArgumentException ("SecurityBindingElement is required in the security token requirement");
				SecureConversationSecurityTokenParameters issuedParams;
				if (!requirement.TryGetProperty<SecureConversationSecurityTokenParameters> (ReqType.IssuedSecurityTokenParametersProperty, out issuedParams))
					throw new ArgumentException ("IssuedSecurityTokenParameters are required in the security token requirement");
				BindingContext issuerBC;
				if (!requirement.TryGetProperty<BindingContext> (ReqType.IssuerBindingContextProperty, out issuerBC))
					throw new ArgumentException ("IssuerBindingContext is required in the security token requirement");
				SecurityTokenVersion secVer;
				if (!requirement.TryGetProperty<SecurityTokenVersion> (ReqType.MessageSecurityVersionProperty, out secVer))
					throw new ArgumentException ("MessageSecurityVersion property (of type SecurityTokenVersion) is required in the security token requirement");

				// FIXME: get parameters from somewhere
				SecurityContextSecurityTokenResolver resolver =
					new SecurityContextSecurityTokenResolver (0x1000, true);
				outOfBandTokenResolver = resolver;
				SecurityContextSecurityTokenAuthenticator sc =
					new SecurityContextSecurityTokenAuthenticator ();
				return new SecureConversationSecurityTokenAuthenticator (requirement, sc, resolver);
			}
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.AnonymousSslnego)
				return CreateSslTokenAuthenticator (requirement);
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.MutualSslnego)
				return CreateSslTokenAuthenticator (requirement);
			if (requirement.TokenType == ServiceModelSecurityTokenTypes.Spnego)
				return CreateSpnegoTokenAuthenticator (requirement);
			else
				throw new NotImplementedException ("Not implemented token type: " + requirement.TokenType);
		}