//SamlSecurityTokenAuthenticator CreateSamlTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver outOfBandTokenResolver) //{ // if (recipientRequirement == null) // throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(recipientRequirement)); // Collection<SecurityToken> outOfBandTokens = new Collection<SecurityToken>(); // if (parent.ServiceCertificate.Certificate != null) // { // outOfBandTokens.Add(new X509SecurityToken(parent.ServiceCertificate.Certificate)); // } // List<SecurityTokenAuthenticator> supportingAuthenticators = new List<SecurityTokenAuthenticator>(); // if ((parent.IssuedTokenAuthentication.KnownCertificates != null) && (parent.IssuedTokenAuthentication.KnownCertificates.Count > 0)) // { // for (int i = 0; i < parent.IssuedTokenAuthentication.KnownCertificates.Count; ++i) // { // outOfBandTokens.Add(new X509SecurityToken(parent.IssuedTokenAuthentication.KnownCertificates[i])); // } // } // X509CertificateValidator validator = parent.IssuedTokenAuthentication.GetCertificateValidator(); // supportingAuthenticators.Add(new X509SecurityTokenAuthenticator(validator)); // if (parent.IssuedTokenAuthentication.AllowUntrustedRsaIssuers) // { // supportingAuthenticators.Add(new RsaSecurityTokenAuthenticator()); // } // outOfBandTokenResolver = (outOfBandTokens.Count > 0) ? SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(outOfBandTokens), false) : null; // SamlSecurityTokenAuthenticator ssta; // if ((recipientRequirement.SecurityBindingElement == null) || (recipientRequirement.SecurityBindingElement.LocalServiceSettings == null)) // { // ssta = new SamlSecurityTokenAuthenticator(supportingAuthenticators); // } // else // { // ssta = new SamlSecurityTokenAuthenticator(supportingAuthenticators, recipientRequirement.SecurityBindingElement.LocalServiceSettings.MaxClockSkew); // } // // set audience uri restrictions // ssta.AudienceUriMode = parent.IssuedTokenAuthentication.AudienceUriMode; // IList<string> allowedAudienceUris = ssta.AllowedAudienceUris; // if (parent.IssuedTokenAuthentication.AllowedAudienceUris != null) // { // for (int i = 0; i < parent.IssuedTokenAuthentication.AllowedAudienceUris.Count; i++) // allowedAudienceUris.Add(parent.IssuedTokenAuthentication.AllowedAudienceUris[i]); // } // if (recipientRequirement.ListenUri != null) // { // allowedAudienceUris.Add(recipientRequirement.ListenUri.AbsoluteUri); // } // return ssta; //} private X509SecurityTokenProvider CreateServerX509TokenProvider() { if (ServiceCredentials.ServiceCertificate.Certificate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.ServiceCertificateNotProvidedOnServiceCredentials)); } SecurityUtils.EnsureCertificateCanDoKeyExchange(ServiceCredentials.ServiceCertificate.Certificate); return(new ServiceX509SecurityTokenProvider(ServiceCredentials.ServiceCertificate.Certificate)); }