public override ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token) { var saml2SecurityToken = token as Saml2SecurityToken; this.ValidateConditions(saml2SecurityToken.Assertion.Conditions, SamlSecurityTokenRequirement.ShouldEnforceAudienceRestriction(Configuration.AudienceRestriction.AudienceMode, saml2SecurityToken)); if (this.Configuration.DetectReplayedTokens) { this.DetectReplayedToken(saml2SecurityToken); } // If the backing token is x509, validate trust X509SecurityToken issuerToken = saml2SecurityToken.IssuerToken as X509SecurityToken; if (issuerToken != null) { this.CertificateValidator.Validate(issuerToken.Certificate); } var identity = this.CreateClaims(saml2SecurityToken); if (saml2SecurityToken.Assertion.Subject.NameId != null) { identity.AddClaim(new Claim(Saml2ClaimTypes.NameId, saml2SecurityToken.Assertion.Subject.NameId.Value)); //throw new InvalidDataException("The requered NameID Assertion is null"); if (saml2SecurityToken.Assertion.Subject.NameId.Format != null) { identity.AddClaim(new Claim(Saml2ClaimTypes.NameIdFormat, saml2SecurityToken.Assertion.Subject.NameId.Format.AbsoluteUri)); //throw new InvalidDataException("The requered NameID Assertion Format is null"); } } identity.AddClaim(new Claim(Saml2ClaimTypes.SessionIndex, saml2SecurityToken.Id)); if (Configuration.SaveBootstrapContext) { identity.BootstrapContext = new BootstrapContext(saml2SecurityToken, this); } return(new List <ClaimsIdentity>(1) { identity }.AsReadOnly()); }
public ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token, Saml2Response saml2Response) { var saml2SecurityToken = token as Saml2SecurityToken; ValidateConditions(saml2SecurityToken.Assertion.Conditions, SamlSecurityTokenRequirement.ShouldEnforceAudienceRestriction(Configuration.AudienceRestriction.AudienceMode, saml2SecurityToken)); if (Configuration.DetectReplayedTokens) { DetectReplayedToken(saml2SecurityToken); } var identity = CreateClaims(saml2SecurityToken); if (saml2SecurityToken.Assertion.Subject.NameId != null) { saml2Response.NameId = saml2SecurityToken.Assertion.Subject.NameId; identity.AddClaim(new Claim(Saml2ClaimTypes.NameId, saml2Response.NameId.Value)); if (saml2Response.NameId.Format != null) { identity.AddClaim(new Claim(Saml2ClaimTypes.NameIdFormat, saml2Response.NameId.Format.OriginalString)); } } var sessionIndex = (saml2SecurityToken.Assertion.Statements.Where(s => s is Saml2AuthenticationStatement).FirstOrDefault() as Saml2AuthenticationStatement)?.SessionIndex; if (sessionIndex != null) { saml2Response.SessionIndex = sessionIndex; identity.AddClaim(new Claim(Saml2ClaimTypes.SessionIndex, saml2Response.SessionIndex)); } if (Configuration.SaveBootstrapContext) { identity.BootstrapContext = new BootstrapContext(saml2SecurityToken, this); } return(new List <ClaimsIdentity>(1) { identity }.AsReadOnly()); }
public ReadOnlyCollection <ClaimsIdentity> ValidateToken(SecurityToken token, string tokenString, Saml2Response saml2Response) #endif { var saml2SecurityToken = token as Saml2SecurityToken; #if NETFULL ValidateConditions(saml2SecurityToken.Assertion.Conditions, SamlSecurityTokenRequirement.ShouldEnforceAudienceRestriction(Configuration.AudienceRestriction.AudienceMode, saml2SecurityToken)); #else ValidateConditions(saml2SecurityToken, TokenValidationParameters); #endif #if NETFULL if (Configuration.DetectReplayedTokens) { DetectReplayedToken(saml2SecurityToken); } #else if (TokenValidationParameters.ValidateTokenReplay) { ValidateTokenReplay(saml2SecurityToken.Assertion.Conditions.NotBefore, tokenString, TokenValidationParameters); } #endif #if NETFULL var identity = CreateClaims(saml2SecurityToken); #else var identity = CreateClaimsIdentity(saml2SecurityToken, TokenValidationParameters.ValidIssuer, TokenValidationParameters); #endif if (saml2SecurityToken.Assertion.Subject.NameId != null) { saml2Response.NameId = saml2SecurityToken.Assertion.Subject.NameId; identity.AddClaim(new Claim(Saml2ClaimTypes.NameId, saml2Response.NameId.Value)); if (saml2Response.NameId.Format != null) { identity.AddClaim(new Claim(Saml2ClaimTypes.NameIdFormat, saml2Response.NameId.Format.OriginalString)); } } var sessionIndex = (saml2SecurityToken.Assertion.Statements.Where(s => s is Saml2AuthenticationStatement).FirstOrDefault() as Saml2AuthenticationStatement)?.SessionIndex; if (sessionIndex != null) { saml2Response.SessionIndex = sessionIndex; identity.AddClaim(new Claim(Saml2ClaimTypes.SessionIndex, saml2Response.SessionIndex)); } #if NETFULL if (Configuration.SaveBootstrapContext) { identity.BootstrapContext = new BootstrapContext(saml2SecurityToken, this); } #else if (TokenValidationParameters.SaveSigninToken) { identity.BootstrapContext = tokenString; } #endif return(new List <ClaimsIdentity>(1) { identity }.AsReadOnly()); }