aspnet
diff --git a/‎build/CommonAssemblyInfo.cs
Lines changed: 2 additions & 2 deletions b/‎build/CommonAssemblyInfo.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎build/DevAssemblyInfo.cs
Lines changed: 2 additions & 2 deletions b/‎build/DevAssemblyInfo.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎build/Katana.version.targets
Lines changed: 4 additions & 4 deletions b/‎build/Katana.version.targets
Lines changed: 4 additions & 4 deletions
diff --git a/‎build/Sakefile.shade
Lines changed: 6 additions & 8 deletions b/‎build/Sakefile.shade
Lines changed: 6 additions & 8 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationExtensions.cs
Lines changed: 1 addition & 2 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationExtensions.cs
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationOptions.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/ActiveDirectoryFederationServicesBearerAuthenticationOptions.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/IssuerSigningKeys.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/IssuerSigningKeys.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.csproj
Lines changed: 32 additions & 5 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.csproj
Lines changed: 32 additions & 5 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.nuspec
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.Owin.Security.ActiveDirectory/Microsoft.Owin.Security.ActiveDirectory.nuspec
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationOptions.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/WindowsAzureActiveDirectoryBearerAuthenticationOptions.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityTokenProvider.cs renamed to ‎src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityKeyProvider.cs
Lines changed: 11 additions & 10 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityTokenProvider.cs renamed to ‎src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityKeyProvider.cs
Lines changed: 11 additions & 10 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/WsFedMetadataRetriever.cs
Lines changed: 6 additions & 31 deletions b/‎src/Microsoft.Owin.Security.ActiveDirectory/WsFedMetadataRetriever.cs
Lines changed: 6 additions & 31 deletions
diff --git a/‎src/Microsoft.Owin.Security.ActiveDirectory/packages.config
Lines changed: 8 additions & 1 deletion b/‎src/Microsoft.Owin.Security.ActiveDirectory/packages.config
Lines changed: 8 additions & 1 deletion
diff --git a/‎src/Microsoft.Owin.Security.Cookies/Microsoft.Owin.Security.Cookies.csproj
Lines changed: 0 additions & 1 deletion b/‎src/Microsoft.Owin.Security.Cookies/Microsoft.Owin.Security.Cookies.csproj
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.csproj
Lines changed: 3 additions & 4 deletions b/‎src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.csproj
Lines changed: 3 additions & 4 deletions
diff --git a/‎src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.nuspec
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.Owin.Security.Facebook/Microsoft.Owin.Security.Facebook.nuspec
Lines changed: 1 addition & 1 deletion
@@ -8,6 +8,6 @@
 [assembly: AssemblyCopyright("\x00a9 Microsoft Corporation All rights reserved.")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyVersion("4.0.0.0")]
-[assembly: AssemblyFileVersion("4.0.60210.0")]
-[assembly: AssemblyInformationalVersion("4.0.0-alpha1-60210-000")]
+[assembly: AssemblyFileVersion("4.0.60801.0")]
+[assembly: AssemblyInformationalVersion("4.0.0-alpha1-60801-000")]
 [assembly: AssemblyMetadata("Serviceable", "True")]
@@ -8,6 +8,6 @@
 [assembly: AssemblyCopyright("\x00a9 Microsoft Corporation All rights reserved.")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyVersion("0.31.0.0")]
-[assembly: AssemblyFileVersion("0.31.60210.0")]
-[assembly: AssemblyInformationalVersion("0.31.0-pre-60210-000")]
+[assembly: AssemblyFileVersion("0.31.60801.0")]
+[assembly: AssemblyInformationalVersion("0.31.0-pre-60801-000")]
 [assembly: AssemblyMetadata("Serviceable", "True")]
@@ -3,15 +3,15 @@
   <PropertyGroup>
     <ShipVersion>4.0.0</ShipVersion>
     <ShipStrongNameVersion>4.0.0.0</ShipStrongNameVersion>
-    <ShipFullVersion>4.0.0-alpha1-60210-000</ShipFullVersion>
-    <ShipFileVersion>4.0.60210.0</ShipFileVersion>
+    <ShipFullVersion>4.0.0-alpha1-60801-000</ShipFullVersion>
+    <ShipFileVersion>4.0.60801.0</ShipFileVersion>
     <MajorVersion>4</MajorVersion>
     <MinorVersion>0</MinorVersion>
     <PatchVersion>0</PatchVersion>
     <BuildQuality>alpha1</BuildQuality>
-    <BuildDate>60210</BuildDate>
+    <BuildDate>60801</BuildDate>
     <BranchSuffix></BranchSuffix>
-    <Eula>http://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm</Eula>
+    <Eula>https://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm</Eula>
     <ProjectUrl>https://github.com/aspnet/AspNetKatana/</ProjectUrl>
     <Tags>Microsoft OWIN Katana</Tags>
   </PropertyGroup>
 
@@ -4,9 +4,8 @@ var AUTHORS='Microsoft'
 var SHIP='${Version(4, 0, 0, "alpha1")}'
 var DEV='${Version(0, 31, 0, "pre")}'
 set FINAL_MILESTONE='${false}'
-
-var AZUREAD_JWT_SUFFIX=''
-var AZUREAD_EXT_SUFFIX=''
+var AZUREAD_VERSION='5.2.0'
+var AZUREAD_SUFFIX='.407281058-pre'
 var VERSION='${SHIP.VERSION}'
 var FULL_VERSION='${SHIP.FULL_VERSION}'
 var EULA='https://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm'
@@ -271,16 +270,15 @@ var signing='${new List<string>()}'
     test if='OFFICIAL_BUILD && !RELEASE_BUILD'
       -title = title.Split(new[]{"("}, StringSplitOptions.None)[0] + string.Format(" (nightly {0:yyyy MMM dd})", DateTime.Now);
 
-    var azureAdJwtSuffix='${AZUREAD_JWT_SUFFIX}'
-    set azureAdJwtSuffix='' if='OFFICIAL_BUILD && RELEASE_BUILD && FINAL_MILESTONE'
-    var azureAdExtSuffix='${AZUREAD_EXT_SUFFIX}'
-    set azureAdExtSuffix='' if='OFFICIAL_BUILD && RELEASE_BUILD && FINAL_MILESTONE'
+    var azureAdVersion='${AZUREAD_VERSION}'
+    var azureAdSuffix='${AZUREAD_SUFFIX}'
+    set azureAdSuffix='' if='OFFICIAL_BUILD && RELEASE_BUILD && FINAL_MILESTONE'
 
     var licenseUrl='${EULA}'
     var projectUrl='${PROJECT_URL}'
     var tags='${TAGS}'
 
-    nuget-pack nuspecFile='${file}' outputDir='${TARGET_DIR}' extra='-NoPackageAnalysis -Symbols -Properties "id=${baseName};authors=${AUTHORS};author=${AUTHORS};title=${title};description=${description};licenseUrl=${licenseUrl};projectUrl=${projectUrl};tags=${tags};azureAdJwtSuffix=${azureAdJwtSuffix};azureAdExtSuffix=${azureAdExtSuffix}"'
+    nuget-pack nuspecFile='${file}' outputDir='${TARGET_DIR}' extra='-NoPackageAnalysis -Symbols -Properties "id=${baseName};authors=${AUTHORS};author=${AUTHORS};title=${title};description=${description};licenseUrl=${licenseUrl};projectUrl=${projectUrl};tags=${tags};azureAdVersion=${azureAdVersion};azureAdSuffix=${azureAdSuffix}"'
 
 #nuget-deploy target='deploy' description='Upload NuGet packages to gallery'
   var extra=''
 
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Globalization;
 using System.Linq;
 using Microsoft.Owin.Security.ActiveDirectory;
 using Microsoft.Owin.Security.Jwt;
@@ -28,7 +27,7 @@ public static IAppBuilder UseActiveDirectoryFederationServicesBearerAuthenticati
                 throw new ArgumentNullException("options");
             }
 
-            var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataEndpoint,
+            var cachingSecurityTokenProvider = new WsFedCachingSecurityKeyProvider(options.MetadataEndpoint,
                     options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);
 
 #pragma warning disable 618
 
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.OAuth;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using System.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
@@ -19,6 +19,6 @@ internal class IssuerSigningKeys
         /// <summary>
         /// Signing tokens.
         /// </summary>
-        public IEnumerable<X509SecurityToken> Tokens { get; set; }
+        public IEnumerable<SecurityKey> Keys { get; set; }
     }
 }
@@ -40,17 +40,44 @@
     <StartupObject />
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Logging.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Logging.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Protocols.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Protocols.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols.WsFederation, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Protocols.WsFederation.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Protocols.WsFederation.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Tokens.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Tokens.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens.Saml, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Tokens.Saml.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Tokens.Saml.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Xml, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Microsoft.IdentityModel.Xml.5.2.0.407281058-pre\lib\net451\Microsoft.IdentityModel.Xml.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.4.0.0\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.5.2.0.407281058-pre\lib\net451\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+      <Private>True</Private>
     </Reference>
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.WebRequest" />
@@ -68,7 +95,7 @@
       <DesignTime>True</DesignTime>
       <DependentUpon>Resources.resx</DependentUpon>
     </Compile>
-    <Compile Include="WsFedCachingSecurityTokenProvider.cs" />
+    <Compile Include="WsFedCachingSecurityKeyProvider.cs" />
     <Compile Include="IssuerSigningKeys.cs" />
     <Compile Include="WsFedMetadataRetriever.cs" />
     <Compile Include="WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs" />
 
@@ -21,7 +21,7 @@
       <dependency id="Microsoft.Owin.Security" version="$version$" />
       <dependency id="Microsoft.Owin.Security.OAuth" version="$version$" />
       <dependency id="Microsoft.Owin.Security.Jwt" version="$version$" />
-      <dependency id="System.IdentityModel.Tokens.Jwt" version="4.0.0$azureAdJwtSuffix$" />
+      <dependency id="System.IdentityModel.Tokens.Jwt" version="$azureAdVersion$$azureAdSuffix$" />
     </dependencies>
   </metadata>
   <files>
 
@@ -40,7 +40,7 @@ public static IAppBuilder UseWindowsAzureActiveDirectoryBearerAuthentication(thi
                 options.MetadataAddress = string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, options.Tenant);
             }
 
-            var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataAddress,
+            var cachingSecurityTokenProvider = new WsFedCachingSecurityKeyProvider(options.MetadataAddress,
                         options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);
 
 #pragma warning disable 618
 
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.OAuth;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 
@@ -4,18 +4,18 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
 using System.Net.Http;
 using System.Threading;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Owin.Security.Jwt;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
     /// <summary>
-    /// A security token provider which retrieves the issuer and signing tokens from a WSFed metadata endpoint.
+    /// A security key provider which retrieves the issuer and signing tokens from a WSFed metadata endpoint.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "This type is only controlled through the interface, which is not disposable.")]
-    internal class WsFedCachingSecurityTokenProvider : IIssuerSecurityTokenProvider
+    internal class WsFedCachingSecurityKeyProvider : IIssuerSecurityKeyProvider
     {
         private readonly TimeSpan _refreshInterval = new TimeSpan(1, 0, 0, 0);
 
@@ -28,9 +28,9 @@ internal class WsFedCachingSecurityTokenProvider : IIssuerSecurityTokenProvider
 
         private string _issuer;
 
-        private IEnumerable<SecurityToken> _tokens;
+        private IEnumerable<SecurityKey> _keys;
 
-        public WsFedCachingSecurityTokenProvider(string metadataEndpoint, ICertificateValidator backchannelCertificateValidator,
+        public WsFedCachingSecurityKeyProvider(string metadataEndpoint, ICertificateValidator backchannelCertificateValidator,
             TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)
         {
             _metadataEndpoint = metadataEndpoint;
@@ -67,20 +67,21 @@ public string Issuer
         }
 
         /// <summary>
-        /// Gets all known security tokens.
+        /// Gets all known security keys.
         /// </summary>
         /// <value>
-        /// All known security tokens.
+        /// All known security keys.
         /// </value>
-        public IEnumerable<SecurityToken> SecurityTokens
+        public IEnumerable<SecurityKey> SecurityKeys
         {
             get
             {
                 RefreshMetadata();
-                return _tokens;
+                return _keys;
             }
         }
 
+        [SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Can't throw exceptions on a background thread.")]
         private void RefreshMetadata()
         {
             if (_syncAfter >= DateTimeOffset.UtcNow)
@@ -109,7 +110,7 @@ private void RetrieveMetadata()
             IssuerSigningKeys metaData = WsFedMetadataRetriever.GetSigningKeys(_metadataEndpoint,
                 _backchannelTimeout, _backchannelHttpHandler);
             _issuer = metaData.Issuer;
-            _tokens = metaData.Tokens;
+            _keys = metaData.Keys;
         }
     }
 }
@@ -2,15 +2,12 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.IdentityModel.Metadata;
-using System.IdentityModel.Tokens;
+using System.Collections.ObjectModel;
 using System.IO;
-using System.Linq;
 using System.Net.Http;
-using System.Security.Cryptography.X509Certificates;
-using System.ServiceModel.Security;
 using System.Xml;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Owin.Security.ActiveDirectory
 {
@@ -23,9 +20,6 @@ internal static class WsFedMetadataRetriever
 
         public static IssuerSigningKeys GetSigningKeys(string metadataEndpoint, TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)
         {
-            string issuer = string.Empty;
-            var tokens = new List<X509SecurityToken>();
-
             using (var metadataRequest = new HttpClient(backchannelHttpHandler, false))
             {
                 metadataRequest.Timeout = backchannelTimeout;
@@ -35,32 +29,13 @@ public static IssuerSigningKeys GetSigningKeys(string metadataEndpoint, TimeSpan
                     Stream metadataStream = metadataResponse.Content.ReadAsStreamAsync().Result;
                     using (XmlReader metaDataReader = XmlReader.Create(metadataStream, SafeSettings))
                     {
-                        var serializer = new MetadataSerializer { CertificateValidationMode = X509CertificateValidationMode.None };
-
-                        MetadataBase metadata = serializer.ReadMetadata(metaDataReader);
-                        var entityDescriptor = (EntityDescriptor)metadata;
-
-                        if (!string.IsNullOrWhiteSpace(entityDescriptor.EntityId.Id))
-                        {
-                            issuer = entityDescriptor.EntityId.Id;
-                        }
+                        var serializer = new WsFederationMetadataSerializer();
+                        var wsFederationConfiguration = serializer.ReadMetadata(metaDataReader);
 
-                        SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First();
-                        if (stsd == null)
-                        {
-                            throw new InvalidOperationException(Properties.Resources.Exception_MissingDescriptor);
-                        }
-
-                        IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses =
-                            stsd.Keys.Where(key => key.KeyInfo != null
-                                && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified))
-                                    .Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First());
-                        tokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData()))));
+                        return new IssuerSigningKeys { Issuer = wsFederationConfiguration.Issuer, Keys = wsFederationConfiguration.SigningKeys };
                     }
                 }
             }
-
-            return new IssuerSigningKeys { Issuer = issuer, Tokens = tokens };
         }
     }
 }
@@ -1,5 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
+  <package id="Microsoft.IdentityModel.Logging" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Protocols" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Protocols.WsFederation" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Tokens" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Tokens.Saml" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Microsoft.IdentityModel.Xml" version="5.2.0.407281058-pre" targetFramework="net451" />
+  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net451" />
   <package id="Owin" version="1.0" targetFramework="net45" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.0" targetFramework="net45" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="5.2.0.407281058-pre" targetFramework="net451" />
 </packages>
@@ -42,7 +42,6 @@
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.IdentityModel" />
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.Xml" />
   </ItemGroup>
 
@@ -37,9 +37,9 @@
     <DocumentationFile>bin\Release\Microsoft.Owin.Security.Facebook.XML</DocumentationFile>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
     </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -48,7 +48,6 @@
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.IdentityModel" />
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.WebRequest" />
   </ItemGroup>
 
@@ -17,7 +17,7 @@
     </frameworkAssemblies>
     <dependencies>
       <dependency id="Owin" version="1.0" />
-      <dependency id="Newtonsoft.Json" version="6.0.4" />
+      <dependency id="Newtonsoft.Json" version="9.0.1" />
       <dependency id="Microsoft.Owin" version="$version$" />
       <dependency id="Microsoft.Owin.Security" version="$version$" />
     </dependencies>
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.`
`3`	`3`
`4`	`4`	`using System.Collections.Generic;`
`5`		`-using System.IdentityModel.Tokens;`
	`5`	`+using Microsoft.IdentityModel.Tokens;`
`6`	`6`
`7`	`7`	`namespace Microsoft.Owin.Security.ActiveDirectory`
`8`	`8`	`{`
`@@ -19,6 +19,6 @@ internal class IssuerSigningKeys`
`19`	`19`	`/// <summary>`
`20`	`20`	`/// Signing tokens.`
`21`	`21`	`/// </summary>`
`22`		`- public IEnumerable<X509SecurityToken> Tokens { get; set; }`
	`22`	`+ public IEnumerable<SecurityKey> Keys { get; set; }`
`23`	`23`	`}`
`24`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ public static IAppBuilder UseWindowsAzureActiveDirectoryBearerAuthentication(thi`
`40`	`40`	`options.MetadataAddress = string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, options.Tenant);`
`41`	`41`	`}`
`42`	`42`
`43`		`- var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataAddress,`
	`43`	`+ var cachingSecurityTokenProvider = new WsFedCachingSecurityKeyProvider(options.MetadataAddress,`
`44`	`44`	`options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);`
`45`	`45`
`46`	`46`	`#pragma warning disable 618`
Original file line number	Diff line number	Diff line change
`@@ -4,18 +4,18 @@`
`4`	`4`	`using System;`
`5`	`5`	`using System.Collections.Generic;`
`6`	`6`	`using System.Diagnostics.CodeAnalysis;`
`7`		`-using System.IdentityModel.Tokens;`
`8`	`7`	`using System.Net.Http;`
`9`	`8`	`using System.Threading;`
	`9`	`+using Microsoft.IdentityModel.Tokens;`
`10`	`10`	`using Microsoft.Owin.Security.Jwt;`
`11`	`11`
`12`	`12`	`namespace Microsoft.Owin.Security.ActiveDirectory`
`13`	`13`	`{`
`14`	`14`	`/// <summary>`
`15`		`- /// A security token provider which retrieves the issuer and signing tokens from a WSFed metadata endpoint.`
	`15`	`+ /// A security key provider which retrieves the issuer and signing tokens from a WSFed metadata endpoint.`
`16`	`16`	`/// </summary>`
`17`	`17`	`[SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "This type is only controlled through the interface, which is not disposable.")]`
`18`		`- internal class WsFedCachingSecurityTokenProvider : IIssuerSecurityTokenProvider`
	`18`	`+ internal class WsFedCachingSecurityKeyProvider : IIssuerSecurityKeyProvider`
`19`	`19`	`{`
`20`	`20`	`private readonly TimeSpan _refreshInterval = new TimeSpan(1, 0, 0, 0);`
`21`	`21`
`@@ -28,9 +28,9 @@ internal class WsFedCachingSecurityTokenProvider : IIssuerSecurityTokenProvider`
`28`	`28`
`29`	`29`	`private string _issuer;`
`30`	`30`
`31`		`- private IEnumerable<SecurityToken> _tokens;`
	`31`	`+ private IEnumerable<SecurityKey> _keys;`
`32`	`32`
`33`		`- public WsFedCachingSecurityTokenProvider(string metadataEndpoint, ICertificateValidator backchannelCertificateValidator,`
	`33`	`+ public WsFedCachingSecurityKeyProvider(string metadataEndpoint, ICertificateValidator backchannelCertificateValidator,`
`34`	`34`	`TimeSpan backchannelTimeout, HttpMessageHandler backchannelHttpHandler)`
`35`	`35`	`{`
`36`	`36`	`_metadataEndpoint = metadataEndpoint;`
`@@ -67,20 +67,21 @@ public string Issuer`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`/// <summary>`
`70`		`- /// Gets all known security tokens.`
	`70`	`+ /// Gets all known security keys.`
`71`	`71`	`/// </summary>`
`72`	`72`	`/// <value>`
`73`		`- /// All known security tokens.`
	`73`	`+ /// All known security keys.`
`74`	`74`	`/// </value>`
`75`		`- public IEnumerable<SecurityToken> SecurityTokens`
	`75`	`+ public IEnumerable<SecurityKey> SecurityKeys`
`76`	`76`	`{`
`77`	`77`	`get`
`78`	`78`	`{`
`79`	`79`	`RefreshMetadata();`
`80`		`- return _tokens;`
	`80`	`+ return _keys;`
`81`	`81`	`}`
`82`	`82`	`}`
`83`	`83`
	`84`	`+ [SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Can't throw exceptions on a background thread.")]`
`84`	`85`	`private void RefreshMetadata()`
`85`	`86`	`{`
`86`	`87`	`if (_syncAfter >= DateTimeOffset.UtcNow)`
`@@ -109,7 +110,7 @@ private void RetrieveMetadata()`
`109`	`110`	`IssuerSigningKeys metaData = WsFedMetadataRetriever.GetSigningKeys(_metadataEndpoint,`
`110`	`111`	`_backchannelTimeout, _backchannelHttpHandler);`
`111`	`112`	`_issuer = metaData.Issuer;`
`112`		`- _tokens = metaData.Tokens;`
	`113`	`+ _keys = metaData.Keys;`
`113`	`114`	`}`
`114`	`115`	`}`
`115`	`116`	`}`