dotnet · HongGit · Oct 19, 2020 · Apr 29, 2020 · Oct 16, 2020 · Oct 19, 2020
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -24,7 +24,7 @@
   </PropertyGroup>
 
   <PropertyGroup>
-    <MicrosoftIdentityModelProtocolsWsTrustPackageVersion>6.7.2-preview-10803222715</MicrosoftIdentityModelProtocolsWsTrustPackageVersion>
+    <MicrosoftIdentityModelProtocolsWsTrustPackageVersion>6.8.0</MicrosoftIdentityModelProtocolsWsTrustPackageVersion>
   </PropertyGroup>
 
   <PropertyGroup>

diff --git a/NuGet.config b/NuGet.config
@@ -2,6 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
+    <add key="myget" value ="https://www.myget.org/F/azureadwebstacknightly/api/v3/index.json" />
     <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
     <add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
     <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />

diff --git a/src/System.Private.ServiceModel/tests/Common/Scenarios/Endpoints.cs b/src/System.Private.ServiceModel/tests/Common/Scenarios/Endpoints.cs
@@ -436,15 +436,15 @@ public static string WSFederationAuthorityLocalSTS
     {
         get
         {
-            return GetEndpointAddress("LocalSTS.svc/transport", protocol: "https");
+            return GetEndpointAddress("LocalSTS.svc/", protocol: "https");
         }
     }
 
     public static string Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2
     {
         get
         {
-            return GetEndpointAddress("Saml2IssuedToken.svc/issued-token-using-tls", protocol: "https");
+            return GetEndpointAddress("Saml2IssuedToken.svc/issued-token-using-tls/", protocol: "https");
         }
     }
 

diff --git a/...te.ServiceModel/tests/Scenarios/Binding/WS/FederationHttp/WSFederationHttpBindingTests.cs b/...te.ServiceModel/tests/Scenarios/Binding/WS/FederationHttp/WSFederationHttpBindingTests.cs
@@ -3,6 +3,7 @@
 // See the LICENSE file in the project root for more information.
 
 using System;
+using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
@@ -13,14 +14,16 @@
 
 public class WSFederationHttpBindingTests : ConditionalWcfTest
 {
-    [WcfFact]
     [Issue(2870, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed),
            nameof(Client_Certificate_Installed),
            nameof(SSL_Available))]
     [OuterLoop]
-    public static void WSFederationHttpBindingTests_Succeeds()
+    [WcfTheory]
+    [MemberData(nameof(GetTestVariations))]
+    public static void WSFederationHttpBindingTests_Succeeds(MessageSecurityVersion messageSecurityVersion, SecurityKeyType securityKeyType, bool useSecureConversation, string endpointSuffix)
     {
+        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
         EndpointAddress issuerAddress = null;
         EndpointAddress serviceEndpointAddress = null;
         string tokenTargetAddress = null;
@@ -31,8 +34,8 @@ public static void WSFederationHttpBindingTests_Succeeds()
         try
         {
             // *** SETUP *** \\
-            issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS));
-            tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2;
+            issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + endpointSuffix));
+            tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + endpointSuffix + (useSecureConversation ? "/sc" : string.Empty);
             serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
             var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
             issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
@@ -42,17 +45,113 @@ public static void WSFederationHttpBindingTests_Succeeds()
                 {
                     IssuerAddress = issuerAddress,
                     IssuerBinding = issuerBinding,
-                    KeyType = SecurityKeyType.BearerKey,
-                    Target = tokenTargetAddress,
-                    TokenType = Saml2Constants.OasisWssSaml2TokenProfile11
+                    KeyType = securityKeyType,
+                    TokenType = Saml2Constants.OasisWssSaml2TokenProfile11,
+                    MessageSecurityVersion = messageSecurityVersion,
                 });
-            //federationBinding.Security.Message.EstablishSecurityContext = false;
-            var customBinding = new CustomBinding(federationBinding);
-            var sbe = customBinding.Elements.Find<SecurityBindingElement>();
-            sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
+            federationBinding.Security.Message.EstablishSecurityContext = useSecureConversation;
+            factory = new ChannelFactory<IWcfService>(federationBinding, serviceEndpointAddress);
+
+            factory.Credentials.UserName.UserName = "AUser";
+            factory.Credentials.UserName.Password = "MyPassword";
+            serviceProxy = factory.CreateChannel();
+
+            // *** EXECUTE *** \\
+            string result = serviceProxy.Echo(testString);
+
+            // *** VALIDATE *** \\
+            Assert.Equal(testString, result);
+
+            // *** CLEANUP *** \\
+            ((ICommunicationObject)serviceProxy).Close();
+            factory.Close();
+        }
+        finally
+        {
+            // *** ENSURE CLEANUP *** \\
+            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
+        }
+    }
+
+    [Issue(2870, OS = OSID.AnyOSX)]
+    [Condition(nameof(Root_Certificate_Installed),
+       nameof(Client_Certificate_Installed),
+       nameof(SSL_Available))]
+    [OuterLoop]
+    [WcfFact]
+    public static void WSTrustTokeParameters_WSStaticHelper()
+    {
+        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
+        EndpointAddress issuerAddress = null;
+        EndpointAddress serviceEndpointAddress = null;
+        string tokenTargetAddress = null;
+        string testString = "Hello";
+        ChannelFactory<IWcfService> factory = null;
+        IWcfService serviceProxy = null;
+
+        try
+        {
+            // *** SETUP *** \\
+            issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + "wsHttp/wstrustFeb2005"));
+            tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + "wsHttp/wstrustFeb2005";
+            serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
+            var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
+            issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
+
+            WSFederationHttpBinding federationBinding = new WSFederationHttpBinding(WSTrustTokenParameters.CreateWSFederationTokenParameters(issuerBinding, issuerAddress));
+            federationBinding.Security.Message.EstablishSecurityContext = false;
+            factory = new ChannelFactory<IWcfService>(federationBinding, serviceEndpointAddress);
+
+            factory.Credentials.UserName.UserName = "AUser";
+            factory.Credentials.UserName.Password = "MyPassword";
+            serviceProxy = factory.CreateChannel();
+
+            // *** EXECUTE *** \\
+            string result = serviceProxy.Echo(testString);
+
+            // *** VALIDATE *** \\
+            Assert.Equal(testString, result);
+
+            // *** CLEANUP *** \\
+            ((ICommunicationObject)serviceProxy).Close();
+            factory.Close();
+        }
+        finally
+        {
+            // *** ENSURE CLEANUP *** \\
+            ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
+        }
+    }
+
+    [Issue(2870, OS = OSID.AnyOSX)]
+    [Condition(nameof(Root_Certificate_Installed),
+   nameof(Client_Certificate_Installed),
+   nameof(SSL_Available))]
+    [OuterLoop]
+    [WcfFact]
+    public static void WS2007TrustTokeParameters_WSStaticHelper()
+    {
+        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
+        EndpointAddress issuerAddress = null;
+        EndpointAddress serviceEndpointAddress = null;
+        string tokenTargetAddress = null;
+        string testString = "Hello";
+        ChannelFactory<IWcfService> factory = null;
+        IWcfService serviceProxy = null;
+
+        try
+        {
+            // *** SETUP *** \\
+            issuerAddress = new EndpointAddress(new Uri(Endpoints.WSFederationAuthorityLocalSTS + "wsHttp/wstrust13"));
+            tokenTargetAddress = Endpoints.Https_SecModeTransWithMessCred_ClientCredTypeIssuedTokenSaml2 + "wsHttp/wstrust13";
+            serviceEndpointAddress = new EndpointAddress(new Uri(tokenTargetAddress));
+            var issuerBinding = new WSHttpBinding(SecurityMode.Transport);
+            issuerBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
+
+            WSFederationHttpBinding federationBinding = new WSFederationHttpBinding(WSTrustTokenParameters.CreateWS2007FederationTokenParameters(issuerBinding, issuerAddress));
+            federationBinding.Security.Message.EstablishSecurityContext = false;
+            factory = new ChannelFactory<IWcfService>(federationBinding, serviceEndpointAddress);
 
-            factory = new ChannelFactory<IWcfService>(customBinding, serviceEndpointAddress);
-            // TODO: Fix the need for this
             factory.Credentials.UserName.UserName = "AUser";
             factory.Credentials.UserName.Password = "MyPassword";
             serviceProxy = factory.CreateChannel();
@@ -73,4 +172,14 @@ public static void WSFederationHttpBindingTests_Succeeds()
             ScenarioTestHelpers.CloseCommunicationObjects((ICommunicationObject)serviceProxy, factory);
         }
     }
+
+    public static IEnumerable<object[]> GetTestVariations()
+    {
+        // Equivalent to WS2007FederationHttpBinding
+        yield return new object[] { MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, SecurityKeyType.BearerKey, false, "wsHttp/wstrust13" };
+        yield return new object[] { MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10, SecurityKeyType.BearerKey, true, "wsHttp/wstrust13" };
+        // Equivalent to WSFederationHttpBinding
+        yield return new object[] { MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, SecurityKeyType.SymmetricKey, false, "wsHttp/wstrustFeb2005" };
+        yield return new object[] { MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, SecurityKeyType.SymmetricKey, true, "wsHttp/wstrustFeb2005" };
+    }
 }
diff --git a/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/TestDefinitionHelper.cs b/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/TestDefinitionHelper.cs
@@ -87,8 +87,21 @@ internal static void StartHosts()
                     if (success)
                     {
                         var serviceHost = (ServiceHostBase)Activator.CreateInstance(sht, serviceBaseAddresses.ToArray());
-                        Console.WriteLine("  {0} at {1}", sht.Name, string.Join(", ", serviceBaseAddresses.Select(sba => sba.ToString())));
                         serviceHost.Open();
+                        Console.Write("  {0} at ", sht.Name);
+                        bool first = true;
+                        foreach (var endpoint in serviceHost.Description.Endpoints)
+                        {
+                            if (endpoint.IsSystemEndpoint)
+                                continue;
+                            if(first)
+                                first = false;
+                            else
+                                Console.Write(", ");
+
+                            Console.Write(endpoint.Address);
+                        }
+                        Console.WriteLine();
                     }
                 }
                 catch (Exception e)

diff --git a/...Model/tools/IISHostedWcfService/App_code/testhosts/Federation/FederationSTSServiceHost.cs b/...Model/tools/IISHostedWcfService/App_code/testhosts/Federation/FederationSTSServiceHost.cs
@@ -3,6 +3,7 @@
 // See the LICENSE file in the project root for more information.
 
 using System;
+using System.Collections.Generic;
 using System.IdentityModel.Configuration;
 using System.IdentityModel.Tokens;
 using System.Security.Cryptography.X509Certificates;
@@ -17,18 +18,25 @@ namespace WcfService
     public class FederationSTSServiceHost : WSTrustServiceHost
     {
         internal const string BasePath = "LocalSTS.svc";
-        internal const string RelativePath = "transport";
+        internal static List<Tuple<Type, Binding, string>> EndpointList = new List<Tuple<Type, Binding, string>>
+        {
+            Tuple.Create(typeof(IWSTrust13SyncContract), GetBinding(), "wsHttp/wstrust13"),
+            Tuple.Create(typeof(IWSTrustFeb2005SyncContract), GetBinding(), "wsHttp/wstrustFeb2005"),
+        };
 
         public FederationSTSServiceHost(params Uri[] baseAddresses)
             : base(new SecurityTokenServiceConfiguration(), baseAddresses)
         {
             ConfigureService();
-            AddServiceEndpoint(typeof(IWSTrust13SyncContract), GetBinding(), RelativePath);
+            foreach(var tuple in EndpointList)
+            {
+                AddServiceEndpoint(tuple.Item1, tuple.Item2, tuple.Item3);
+            }
         }
 
-        private Binding GetBinding()
+        private static Binding GetBinding()
         {
-            var binding = new WS2007HttpBinding(SecurityMode.Transport);
+            var binding = new WSHttpBinding(SecurityMode.Transport);
             if (HostingEnvironment.IsHosted)
             {
                 binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

diff --git a/...l/tools/IISHostedWcfService/App_code/testhosts/Federation/SelfHostSecurityTokenService.cs b/...l/tools/IISHostedWcfService/App_code/testhosts/Federation/SelfHostSecurityTokenService.cs
@@ -13,10 +13,7 @@ namespace WcfService
 {
     internal class SelfHostSecurityTokenService : SecurityTokenService
     {
-        public SelfHostSecurityTokenService(SecurityTokenServiceConfiguration configuration)
-            : base(configuration)
-        {
-        }
+        public SelfHostSecurityTokenService(SecurityTokenServiceConfiguration configuration) : base(configuration) { }
 
         protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
         {
@@ -37,9 +34,8 @@ protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToke
 
             var scope = new Scope(request.AppliesTo.Uri.OriginalString, SecurityTokenServiceConfiguration.SigningCredentials)
             {
-                TokenEncryptionRequired = false
-                //EncryptingCredentials = new X509EncryptingCredentials(SecurityTokenServiceConfiguration.ServiceCertificate),
-                //SymmetricKeyEncryptionRequired = true
+                TokenEncryptionRequired = false,
+                SymmetricKeyEncryptionRequired = false
             };
 
             if (string.IsNullOrEmpty(request.ReplyTo))