Merge pull request #796 from cotepatrice/master

Added SAML token decription
IdentityServer · Sep 13, 2014 · 2946394 · 2946394
2 parents cfb74cd + ef1d385
commit 2946394
Showing 1 changed file with 22 additions and 2 deletions.
diff --git a/src/Libraries/Thinktecture.IdentityServer.Protocols/AdfsIntegration/AdfsController.cs b/src/Libraries/Thinktecture.IdentityServer.Protocols/AdfsIntegration/AdfsController.cs
@@ -1,8 +1,12 @@
 using System;
+using System.Collections.ObjectModel;
 using System.ComponentModel.Composition;
+using System.IdentityModel.Selectors;
 using System.IdentityModel.Tokens;
 using System.Net;
 using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
+using System.ServiceModel.Security;
 using System.Text;
 using System.Web.Http;
 using Thinktecture.IdentityModel.Constants;
@@ -190,8 +194,24 @@ private HttpResponseMessage CreateTokenResponse(GenericXmlSecurityToken token, s
  else
  {
  var bridge = new AdfsBridge(ConfigurationRepository);
-
- response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
+ if (ConfigurationRepository.Keys.DecryptionCertificate != null)
+ {
+ var configuration = new SecurityTokenHandlerConfiguration
+ {
+ AudienceRestriction = { AudienceMode = AudienceUriMode.Never },
+ CertificateValidationMode = X509CertificateValidationMode.None,
+ RevocationMode = X509RevocationMode.NoCheck,
+ CertificateValidator = X509CertificateValidator.None,
+ ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
+ new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false)
+ };
+ var handler = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection(configuration);
+ response = bridge.ConvertSamlToJwt(token.ToSecurityToken(handler), scope);
+ }
+ else
+ {
+ response = bridge.ConvertSamlToJwt(token.ToSecurityToken(), scope);
+ }
  }
 
  return Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, response);