I have a WCF service in which I issue a SAMLSecurityToken to an external client for authentication.
I need to make sure that the token was not intercepted by a third party when it comes back and is attempted to be used for service calls. Any suggestions on how to do this type of validation?
I'm currently doing the following validation on the token already:
- Validating token is not expired
- Validating token was signed by our server certificate