public SamlResponse(SsoSettings ssoSettings) { _ssoSettings = ssoSettings; _certificate = new Certificate(); _certificate.LoadCertificate(_ssoSettings.PublicKey); }
public void ValidateJsonWebToken(string tokenString, SsoSettings settings, IList<string> audiences) { try { TokenString = tokenString; SecurityToken securityToken; _log.DebugFormat("JWT Validation securityAlgorithm={0}, audience[0]={1}, audience[1]={2}", settings.ValidationType, audiences[0], audiences[1]); switch (settings.ValidationType) { case ValidationTypes.RSA_SHA256: RSACryptoServiceProvider publicOnly = new RSACryptoServiceProvider(); //"<RSAKeyValue><Modulus>zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xt1WkAcWNu24/UeS3pETu08rVTqHJUMfhHcSKgL7LAk/MMj2inGFxop1LipGZSnqZhnjsfj1ERJL5eXs1O9hqyAcXvY4A2wo67qqv/lbHLKTW59W+YQkbIOVR4nQlbh1lK1TIY+oqK0J/5Ileb4QfERn0Rv/J/K0fy6VzLmVt+kg9MRNxYwnVsC3m5/kIu1fw3OpZxcaCC68SRqLLb/UXmaJM8NXYKkAkHKxT4DQqSk6KbFSQG6qi49Q34akohekzxjxmmGeoO5tsFCuMJofKAsBKKtOkLPaJD2rQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>" publicOnly.FromXmlString(settings.PublicKey); securityToken = new RsaSecurityToken(publicOnly); break; case ValidationTypes.HMAC_SHA256: //var key = "zeyPa4SwRb0IO+KMq20760ZmaUvy/qzecdOkRUNdNpdUe1E72Xu24/UeS3pETu"; securityToken = new System.ServiceModel.Security.Tokens.BinarySecretSecurityToken(GetBytes(settings.PublicKey)); break; case ValidationTypes.X509: var certificate = new Certificate(); certificate.LoadCertificate(settings.PublicKey); securityToken = new X509SecurityToken(certificate.cert); break; default: _log.ErrorFormat("ValidationType has wrong value: {0}", settings.ValidationType); throw new ArgumentException("ValidationType has wrong value"); } TokenValidationParameters validationParams = new TokenValidationParameters(); validationParams.ValidIssuer = settings.Issuer; validationParams.ValidAudiences = audiences; validationParams.ValidateIssuer = true; validationParams.ValidateIssuerSigningKey = true; validationParams.ValidateAudience = true; validationParams.ValidateActor = true; validationParams.IssuerSigningToken = securityToken; JwtSecurityTokenHandler recipientTokenHandler = new JwtSecurityTokenHandler(); recipientTokenHandler.TokenLifetimeInMinutes = MAX_CLOCK_SKEW; SecurityToken validatedToken = null; ClaimsPrincipalReceived = recipientTokenHandler.ValidateToken(TokenString, validationParams, out validatedToken); JwtSecurityToken = validatedToken; } catch (Exception e) { _log.ErrorFormat("JWT Validation error. {0}", e); } }