How to accept SAML2 tokens via tt.idm based on application configuration

177 views Asked by At

Okay, so, I'm using Thinktecture IdentityModel 4.0 (tt.idm) to accept incoming SAML2 security tokens via my WebAPIs and translate them into ClaimsPrincipals. And I have a project that works the way I expect, based on the samples that come with tt.idm.

The only problem is that all of the samples (and, by extension, my project) use hardcoded SecurityTokenHandlerConfiguration objects, and I'd like to use the settings in my WIF configuration.

So, I currently have something that looks like this:

 public static AuthenticationConfiguration Create()
    {
        var config = new AuthenticationConfiguration();
        var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();

        idsrvRegistry.AddTrustedIssuer("*THUMBPRINT REDACTED*", "*ISSUERNAME REDACTED*");

        var idsrvConfig = new SecurityTokenHandlerConfiguration();

        idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://somerealm.com"));
        idsrvConfig.IssuerNameRegistry = idsrvRegistry;
        idsrvConfig.CertificateValidator = X509CertificateValidator.None;

        config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("SSO_SAML"));

        return config;
    }

But, I'd like to load those values from my configuration - whether automatically, by loading the microsoft.identityModel configuration section, or...whatever makes sense.

So far, though, nothing has worked - just newing up a ConfigurationBasedIssuerNameRegistry, for instance, yields an empty IssuerNameRegistry. And loading up the microsoft.identityModel configuration section yields ... a configuration section with essentially no properties.

Is there a way to tell tt.idm to load from the current configuration? Or a way to tell WIF to?

How should I proceed? o.O

1

There are 1 answers

0
leastprivilege On BEST ANSWER

You have to manually read the values from config and assign them in your Create Method.

You can use FederatedAuthentication or IdentityConfiguration to read from config.