Skip to content

Commit 8b08474

Browse files
RevsgaardRevsgaard
authored
Merge pull request #34 from schotime/master
Add CustomCertificateValidator property to Saml2Configuration
2 parents 52248b6 + cfd1595 commit 8b08474

File tree

2 files changed

+20
-2
lines changed

2 files changed

+20
-2
lines changed

src/ITfoxtec.Identity.Saml2/Configuration/Saml2Configuration.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
using System.Collections.Generic;
44
using System.Security.Cryptography.X509Certificates;
55
using System.ServiceModel.Security;
6+
using System.IdentityModel.Selectors;
67

78
namespace ITfoxtec.Identity.Saml2
89
{
@@ -25,6 +26,7 @@ public class Saml2Configuration
2526
public List<X509Certificate2> SignatureValidationCertificates { get; protected set; } = new List<X509Certificate2>();
2627
public X509CertificateValidationMode CertificateValidationMode { get; set; } = X509CertificateValidationMode.ChainTrust;
2728
public X509RevocationMode RevocationMode { get; set; } = X509RevocationMode.Online;
29+
public X509CertificateValidator CustomCertificateValidator { get; set; }
2830

2931
public bool SaveBootstrapContext { get; set; } = false;
3032

src/ITfoxtec.Identity.Saml2/Configuration/Saml2IdentityConfiguration.cs

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
1-
using System.Security.Cryptography.X509Certificates;
2-
using ITfoxtec.Identity.Saml2.Util;
1+
using System.ServiceModel.Security;
32
#if NETFULL
43
using ITfoxtec.Identity.Saml2.Tokens;
54
using System;
@@ -8,6 +7,7 @@
87
using System.IdentityModel.Tokens;
98
#else
109
using System.Linq;
10+
using ITfoxtec.Identity.Saml2.Util;
1111
using Microsoft.IdentityModel.Tokens;
1212
using System.Security.Claims;
1313
using System.IdentityModel.Selectors;
@@ -54,9 +54,25 @@ public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configura
5454
RevocationMode = config.RevocationMode,
5555
};
5656
#endif
57+
58+
SetCustomCertificateValidator(configuration, config);
59+
5760
return configuration;
5861
}
5962

63+
private static void SetCustomCertificateValidator(Saml2IdentityConfiguration configuration, Saml2Configuration config)
64+
{
65+
if (config.CertificateValidationMode == X509CertificateValidationMode.Custom)
66+
{
67+
if (config.CustomCertificateValidator is null)
68+
{
69+
throw new Saml2ConfigurationException("A CustomCertificateValidator is required when setting CertificateValidationMode = X509CertificateValidationMode.Custom");
70+
}
71+
72+
configuration.CertificateValidator = config.CustomCertificateValidator;
73+
}
74+
}
75+
6076
#if NETFULL
6177
private static AudienceRestriction GetAudienceRestriction(bool audienceRestricted, IEnumerable<string> allowedAudienceUris)
6278
{

0 commit comments

Comments
 (0)