1
Vote

ClientSaml11SecurityTokenHandlerBase should honor config for SaveBootstrapTokens

description

I couldn't understand why my backend WCF service wasn't able to see any bootstrap tokens, despite trying to set SaveBootstrapToken=true in config and in code.
After comparing ClientSaml11SecurityTokenHandlerBase with source of other Token handlers from Microsoft.IdentityModel, it turns out the custom clientsaml handler just doesn't consider saving bootstrap tokens. In my case I'm working with services that are consumed only internally and so using a clientsaml token in an ActAs scenario is legitimate.
 
IMO ClientSaml11SecurityTokenHandlerBase should always check config for SaveBootstrapTokens and either (preferably) save the bootstrap token or throw an exception if config setting is true.
 
To get around this I added the following to my TokenHandler (: ClientSaml11SecurityTokenHandlerBase). It would be really good if this override was added to the ClientSaml11SecurityTokenHandlerBase class.
 
    public override ClaimsIdentityCollection ValidateToken(SecurityToken token) {
        ClaimsIdentityCollection claimsIdentityCollection = base.ValidateToken(token);
 
        // save bootstrap token
        if (Configuration.SaveBootstrapTokens) {
            claimsIdentityCollection[0].BootstrapToken = token;
        }
 
        return claimsIdentityCollection;
    }
 
thanks
justin

comments