private void FillSigningKey(RoleDescriptor sts)
        {
            var signingKey = new KeyDescriptor(SigningCredentials.SigningKeyIdentifier)
            {
                Use = KeyType.Signing
            };

            sts.Keys.Add(signingKey);
        }
        private KeyDescriptor GetSigningKeyDescriptor()
        {
            var certificate = _options.SigningCertificate;

            var clause = new X509SecurityToken(certificate).CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>();
            var key = new KeyDescriptor(new SecurityKeyIdentifier(clause));
            key.Use = KeyType.Signing;

            return key;
        }
        public string GetFederationMetadata(Uri endpoint)
        {
            // hostname
            var passiveEndpoint = new EndpointReference(endpoint.AbsoluteUri);
            var activeEndpoint = new EndpointReference(endpoint.AbsoluteUri);

            // metadata document 
            var entity = new EntityDescriptor(new EntityId(TwitterClaims.IssuerName));
            var sts = new SecurityTokenServiceDescriptor();
            entity.RoleDescriptors.Add(sts);

            // signing key
            var signingKey = new KeyDescriptor(SigningCredentials.SigningKeyIdentifier) { Use = KeyType.Signing };
            sts.Keys.Add(signingKey);

            // claim types
            sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name, "Name", "User name"));
            sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.NameIdentifier, "Name Identifier", "User name identifier"));
            sts.ClaimTypesOffered.Add(new DisplayClaim(TwitterClaims.TwitterToken, "Token", "Service token"));
            sts.ClaimTypesOffered.Add(new DisplayClaim(TwitterClaims.TwitterTokenSecret, "Token Secret", "Service token secret"));

            // passive federation endpoint
            sts.PassiveRequestorEndpoints.Add(passiveEndpoint);

            // supported protocols

            //Inaccessable due to protection level
            //sts.ProtocolsSupported.Add(new Uri(WSFederationConstants.Namespace));
            sts.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706"));

            // add passive STS endpoint
            sts.SecurityTokenServiceEndpoints.Add(activeEndpoint);

            // metadata signing
            entity.SigningCredentials = SigningCredentials;

            // serialize 
            var serializer = new MetadataSerializer();

            using (var memoryStream = new MemoryStream())
            {
                serializer.WriteMetadata(memoryStream, entity);
                return Encoding.UTF8.GetString(memoryStream.ToArray());
            }
        }
        public byte[] GetFederationMetadata(Uri passiveSignInUrl, Uri identifier, X509Certificate2 signingCertificate)
        {
            var credentials = new X509SigningCredentials(signingCertificate);

            // Figure out the hostname exposed from Azure and what port the service is listening on
            var realm = new EndpointAddress(identifier);
            var passiveEndpoint = new EndpointReference(passiveSignInUrl.AbsoluteUri);

            // Create metadata document for relying party
            EntityDescriptor entity = new EntityDescriptor(new EntityId(realm.Uri.AbsoluteUri));
            SecurityTokenServiceDescriptor sts = new SecurityTokenServiceDescriptor();
            entity.RoleDescriptors.Add(sts);

            // Add STS's signing key
            KeyDescriptor signingKey = new KeyDescriptor(credentials.SigningKeyIdentifier);
            signingKey.Use = KeyType.Signing;
            sts.Keys.Add(signingKey);

            // Add offered claim types
            sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.AuthenticationMethod));
            sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.AuthenticationInstant));
            sts.ClaimTypesOffered.Add(new DisplayClaim(ClaimTypes.Name));

            // Add passive federation endpoint
            sts.PassiveRequestorEndpoints.Add(passiveEndpoint);

            // Add supported protocols
            sts.ProtocolsSupported.Add(new Uri(WSFederationConstants.Namespace));

            // Add passive STS endpoint
            sts.SecurityTokenServiceEndpoints.Add(passiveEndpoint);

            // Set credentials with which to sign the metadata
            entity.SigningCredentials = credentials;

            // Serialize the metadata and convert it to an XElement
            MetadataSerializer serializer = new MetadataSerializer();
            MemoryStream stream = new MemoryStream();
            serializer.WriteMetadata(stream, entity);
            stream.Flush();

            return stream.ToArray();
        }
        public ActionResult FederationMetadata()
        {
            var endpoint = Request.Url.Scheme + "://" + Request.Url.Host + ":" + Request.Url.Port;
            var entityDescriptor = new EntityDescriptor(new EntityId(ConfigurationManager.AppSettings["stsName"]))
                                   {
                                       SigningCredentials = CertificateFactory.GetSigningCredentials()
                                   };

            var roleDescriptor = new SecurityTokenServiceDescriptor();
            roleDescriptor.Contacts.Add(new ContactPerson(ContactType.Administrative));

            var clause = new X509RawDataKeyIdentifierClause(CertificateFactory.GetCertificate());
            var securityKeyIdentifier = new SecurityKeyIdentifier(clause);
            var signingKey = new KeyDescriptor(securityKeyIdentifier) {Use = KeyType.Signing};
            roleDescriptor.Keys.Add(signingKey);

            var endpointAddress =
                new System.IdentityModel.Protocols.WSTrust.EndpointReference(endpoint + "/Security/Authorize");

            roleDescriptor.PassiveRequestorEndpoints.Add(endpointAddress);
            roleDescriptor.SecurityTokenServiceEndpoints.Add(endpointAddress);

            roleDescriptor.ProtocolsSupported.Add(new Uri("http://docs.oasis-open.org/wsfed/federation/200706"));

            entityDescriptor.RoleDescriptors.Add(roleDescriptor);

            var serializer = new MetadataSerializer();
            var settings = new XmlWriterSettings {Encoding = Encoding.UTF8};

            var memoryStream = new MemoryStream();
            var writer = XmlWriter.Create(memoryStream, settings);
            serializer.WriteMetadata(writer,entityDescriptor);
            writer.Flush();

            var content = Content(Encoding.UTF8.GetString(memoryStream.GetBuffer()), "text/xml");
            writer.Dispose();

            return content;
        }
        private KeyDescriptor GetEncryptionDescriptor(X509Certificate2 certificate)
        {
            var clause = new X509SecurityToken(certificate).CreateKeyIdentifierClause<X509RawDataKeyIdentifierClause>();
            var key = new KeyDescriptor(new SecurityKeyIdentifier(clause));
            key.Use = KeyType.Encryption;

            return key;
        }