andreasbotsikas/EncryptedSaml2SecurityTokenHandler

## EncryptedSaml2SecurityTokenHandler
using System.Collections.Generic;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Cryptography.X509Certificates;
using System.Xml;
using Saml2SecurityTokenHandler = Microsoft.IdentityModel.Extensions.Saml2SecurityTokenHandler;

namespace Owin.Security.WsFederation
{
    /// <summary>
    /// Saml2SecurityToken handler that can decrypt the encrypted saml2
    /// </summary>
    class EncryptedSaml2SecurityTokenHandler : Saml2SecurityTokenHandler
    {

        private SecurityTokenResolver EncryptServiceTokenResolver { get; set; }

        /// <summary>
        /// Decrypt the saml token using the given certificate
        /// </summary>
        /// <param name="encryptingCertificate">The relying party's certificate to use in order to decrypt the token</param>
        public EncryptedSaml2SecurityTokenHandler(X509Certificate2 encryptingCertificate)
        {
            // Set the encrypting certificate in order to be able to decrypt the token
            List<SecurityToken> tokens = new List<SecurityToken>() { new X509SecurityToken(encryptingCertificate) };
            this.EncryptServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false);
        }

        /// <summary>
        /// Override to replace the empty SrviceTokenResolver with the X509 one
        /// </summary>
        public override bool CanReadToken(string tokenString)
        {
            this.Configuration.ServiceTokenResolver = EncryptServiceTokenResolver;
            return base.CanReadToken(tokenString);
        }

        /// <summary>
        /// Override to replace the empty SrviceTokenResolver with the X509 one
        /// </summary>
        public override SecurityToken ReadToken(XmlReader reader)
        {
            this.Configuration.ServiceTokenResolver = EncryptServiceTokenResolver;
            return base.ReadToken(reader);
        }

    }
}
	using System.Collections.Generic;
	using System.IdentityModel.Selectors;
	using System.IdentityModel.Tokens;
	using System.Security.Cryptography.X509Certificates;
	using System.Xml;
	using Saml2SecurityTokenHandler = Microsoft.IdentityModel.Extensions.Saml2SecurityTokenHandler;

	namespace Owin.Security.WsFederation
	{
	/// <summary>
	/// Saml2SecurityToken handler that can decrypt the encrypted saml2
	/// </summary>
	class EncryptedSaml2SecurityTokenHandler : Saml2SecurityTokenHandler
	{

	private SecurityTokenResolver EncryptServiceTokenResolver { get; set; }

	/// <summary>
	/// Decrypt the saml token using the given certificate
	/// </summary>
	/// <param name="encryptingCertificate">The relying party's certificate to use in order to decrypt the token</param>
	public EncryptedSaml2SecurityTokenHandler(X509Certificate2 encryptingCertificate)
	{
	// Set the encrypting certificate in order to be able to decrypt the token
	List<SecurityToken> tokens = new List<SecurityToken>() { new X509SecurityToken(encryptingCertificate) };
	this.EncryptServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false);
	}

	/// <summary>
	/// Override to replace the empty SrviceTokenResolver with the X509 one
	/// </summary>
	public override bool CanReadToken(string tokenString)
	{
	this.Configuration.ServiceTokenResolver = EncryptServiceTokenResolver;
	return base.CanReadToken(tokenString);
	}

	/// <summary>
	/// Override to replace the empty SrviceTokenResolver with the X509 one
	/// </summary>
	public override SecurityToken ReadToken(XmlReader reader)
	{
	this.Configuration.ServiceTokenResolver = EncryptServiceTokenResolver;
	return base.ReadToken(reader);
	}

	}
	}