public void Process(AssertionRequest request) { var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers; var config = new SimpleWrapIssuerConfiguration(); var values = new Dictionary<String, String>(); // Read received token SecurityToken token = null; using (XmlReader reader = XmlReader.Create(new StringReader(request.Assertion))) { token = handlers.ReadToken(reader); } ClaimsIdentityCollection claims = handlers.ValidateToken(token); // Copy claims foreach (var claim in claims[0].Claims) values[claim.ClaimType] = claim.Value; // TODO values[WrapConstants.SimpleWebTokenParameters.Audience] = "http://wrap.resource"; // Create SWT with the same claims SimpleWebToken swt = new SimpleWebToken(values, token.ValidTo, config.SigningCredentials); StringBuilder sb = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true })) { FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, swt); } // Create response var response = new AccessTokenResponse(); response.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString()); response.SetParameter( WrapConstants.Parameters.AccessTokenExpiresIn, Convert.ToUInt64((swt.ValidTo - DateTime.UtcNow).TotalSeconds).ToString()); Response.WriteResponse(response); }
private Boolean IsIssuerTrusted(SimpleWebToken token) { // TODO return true; }
private Boolean IsAudienceTrusted(SimpleWebToken token) { if (null == token) throw new ArgumentNullException("token"); // Must have an Audience parameter in the token ... String audience; if (false == token.Values.TryGetValue(WrapConstants.SimpleWebTokenParameters.Audience, out audience)) return false; Uri audienceUri; if (false == Uri.TryCreate(audience, UriKind.RelativeOrAbsolute, out audienceUri)) return false; // ... that exists in the audience uri's list in configuration return FederatedAuthentication.ServiceConfiguration.AudienceRestriction.AllowedAudienceUris.Contains(audienceUri); }