/// <summary> /// This method creates a SAML security token authenticator when token type is null. /// It wraps the SAML 1.1 and the SAML 2.0 token handlers that are configured. /// If no token handler was found, then the inner token manager is created. /// </summary> SecurityTokenAuthenticator CreateSamlSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver) { outOfBandTokenResolver = null; SecurityTokenAuthenticator securityTokenAuthenticator = null; SamlSecurityTokenHandler saml11SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.SamlTokenProfile11] as SamlSecurityTokenHandler; Saml2SecurityTokenHandler saml2SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.Saml2TokenProfile11] as Saml2SecurityTokenHandler; if (saml11SecurityTokenHandler != null && saml11SecurityTokenHandler.Configuration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274)); } if (saml2SecurityTokenHandler != null && saml2SecurityTokenHandler.Configuration == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4274)); } if (saml11SecurityTokenHandler != null && saml2SecurityTokenHandler != null) { // // Both SAML 1.1 and SAML 2.0 token handlers have been configured. // WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper); WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper); securityTokenAuthenticator = new WrappedSamlSecurityTokenAuthenticator(wrappedSaml11SecurityTokenAuthenticator, wrappedSaml2SecurityTokenAuthenticator); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. List <SecurityTokenResolver> resolvers = new List <SecurityTokenResolver>(); resolvers.Add(saml11SecurityTokenHandler.Configuration.ServiceTokenResolver); resolvers.Add(saml2SecurityTokenHandler.Configuration.ServiceTokenResolver); outOfBandTokenResolver = new AggregateTokenResolver(resolvers); } else if (saml11SecurityTokenHandler == null && saml2SecurityTokenHandler != null) { // // SAML 1.1 token handler is not present but SAML 2.0 is. Set the token type to SAML 2.0 // securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator(saml2SecurityTokenHandler, _exceptionMapper); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if (saml11SecurityTokenHandler != null && saml2SecurityTokenHandler == null) { // // SAML 1.1 token handler is present but SAML 2.0 is not. Set the token type to SAML 1.1 // securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator(saml11SecurityTokenHandler, _exceptionMapper); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver; } else { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator(tokenRequirement, out outOfBandTokenResolver); } return(securityTokenAuthenticator); }
/// <summary> /// This method creates a SAML security token authenticator when token type is null. /// It wraps the SAML 1.1 and the SAML 2.0 token handlers that are configured. /// If no token handler was found, then the inner token manager is created. /// </summary> SecurityTokenAuthenticator CreateSamlSecurityTokenAuthenticator( SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver ) { outOfBandTokenResolver = null; SecurityTokenAuthenticator securityTokenAuthenticator = null; SamlSecurityTokenHandler saml11SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.SamlTokenProfile11] as SamlSecurityTokenHandler; Saml2SecurityTokenHandler saml2SecurityTokenHandler = _securityTokenHandlerCollection[SecurityTokenTypes.Saml2TokenProfile11] as Saml2SecurityTokenHandler; if ( saml11SecurityTokenHandler != null && saml11SecurityTokenHandler.Configuration == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4274 ) ); } if ( saml2SecurityTokenHandler != null && saml2SecurityTokenHandler.Configuration == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation( SR.GetString( SR.ID4274 ) ); } if ( saml11SecurityTokenHandler != null && saml2SecurityTokenHandler != null ) { // // Both SAML 1.1 and SAML 2.0 token handlers have been configured. // WrappedSaml11SecurityTokenAuthenticator wrappedSaml11SecurityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator( saml11SecurityTokenHandler, _exceptionMapper ); WrappedSaml2SecurityTokenAuthenticator wrappedSaml2SecurityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator( saml2SecurityTokenHandler, _exceptionMapper ); securityTokenAuthenticator = new WrappedSamlSecurityTokenAuthenticator( wrappedSaml11SecurityTokenAuthenticator, wrappedSaml2SecurityTokenAuthenticator ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. List<SecurityTokenResolver> resolvers = new List<SecurityTokenResolver>(); resolvers.Add( saml11SecurityTokenHandler.Configuration.ServiceTokenResolver ); resolvers.Add( saml2SecurityTokenHandler.Configuration.ServiceTokenResolver ); outOfBandTokenResolver = new AggregateTokenResolver( resolvers ); } else if ( saml11SecurityTokenHandler == null && saml2SecurityTokenHandler != null ) { // // SAML 1.1 token handler is not present but SAML 2.0 is. Set the token type to SAML 2.0 // securityTokenAuthenticator = new WrappedSaml2SecurityTokenAuthenticator( saml2SecurityTokenHandler, _exceptionMapper ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml2SecurityTokenHandler.Configuration.ServiceTokenResolver; } else if ( saml11SecurityTokenHandler != null && saml2SecurityTokenHandler == null ) { // // SAML 1.1 token handler is present but SAML 2.0 is not. Set the token type to SAML 1.1 // securityTokenAuthenticator = new WrappedSaml11SecurityTokenAuthenticator( saml11SecurityTokenHandler, _exceptionMapper ); // The out-of-band token resolver will be used by WCF to decrypt any encrypted SAML tokens. outOfBandTokenResolver = saml11SecurityTokenHandler.Configuration.ServiceTokenResolver; } else { securityTokenAuthenticator = CreateInnerSecurityTokenAuthenticator( tokenRequirement, out outOfBandTokenResolver ); } return securityTokenAuthenticator; }