Share via


SamlSecurityTokenHandler Class

Definition

A SecurityTokenHandler designed for creating and validating Saml Tokens, which supports validating tokens passed as strings using TokenValidationParameters.

public class SamlSecurityTokenHandler : Microsoft.IdentityModel.Tokens.SecurityTokenHandler
type SamlSecurityTokenHandler = class
    inherit SecurityTokenHandler
Public Class SamlSecurityTokenHandler
Inherits SecurityTokenHandler
Inheritance
SamlSecurityTokenHandler

Constructors

SamlSecurityTokenHandler()

Properties

CanValidateToken

Gets a value indicating whether this handler supports validation of tokens handled by this instance.

CanWriteToken

Gets a value indicating whether the class provides serialization functionality to serialize securityToken handled by this instance.

MaximumTokenSizeInBytes

Gets and sets the maximum token size in bytes that will be processed.

(Inherited from TokenHandler)
SamlSubjectEqualityComparer

Gets or sets the SamlSubject comparer.

Serializer

Gets or set the SamlSerializer that will be used to read and write a SamlSecurityToken.

SetDefaultTimesOnTokenCreation

Gets or sets a bool that controls if token creation will set default 'exp', 'nbf' and 'iat' if not specified.

(Inherited from TokenHandler)
TokenLifetimeInMinutes

Gets or sets the token lifetime in minutes.

(Inherited from TokenHandler)
TokenType

Gets the securityToken type supported by this handler.

Methods

AddActorToAttributes(ICollection<SamlAttribute>, ClaimsIdentity)

Adds all Actors.

CanReadToken(String)

Determines if the string is a valid Saml token by examining the xml for the correct start element.

CanReadToken(XmlReader)

Indicates whether the current reader is positioned at a Saml assertion.

ConsolidateAttributes(ICollection<SamlAttribute>)

Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.

CreateAdvice(SecurityTokenDescriptor)

Override this method to provide a SamlAdvice to place in the Samltoken.

CreateAttribute(Claim)

Generates a SamlAttribute from a claim.

CreateAttributeStatement(SamlSubject, SecurityTokenDescriptor)

Creates SamlAttributeStatements and adds them to a collection. Override this method to provide a custom implementation.

Default behavior is to create a new SamlAttributeStatement for each Subject in the tokenDescriptor.Subjects collection.

CreateAuthenticationStatement(SamlSubject, AuthenticationInformation)

Creates a SamlAuthenticationStatement for each AuthenticationInformation found in AuthenticationInformation. Override this method to provide a custom implementation.

CreateAuthorizationDecisionStatement(SecurityTokenDescriptor)

Creates a SamlAuthorizationDecisionStatement from a SecurityTokenDescriptor.

CreateClaimsIdentities(SamlSecurityToken, String, TokenValidationParameters)

Creates claims from a Saml securityToken.

CreateConditions(SecurityTokenDescriptor)

Generates all the conditions for saml

CreateSecurityTokenReference(SecurityToken, Boolean)

Returns SecurityKeyIdentifierClause.

(Inherited from SecurityTokenHandler)
CreateStatements(SecurityTokenDescriptor, AuthenticationInformation)

Generates an enumeration of SamlStatements from a SecurityTokenDescriptor. Only SamlAttributeStatements and SamlAuthenticationStatements are generated. Overwrite this method to customize the creation of statements.

Calls in order (all are virtual): 1. CreateSamlSubject 2. CreateAttributeStatements 3. CreateAuthenticationStatements 4. CreateAuthorizationDecisionStatement

CreateSubject(SecurityTokenDescriptor)

Returns the SamlSubject to use for all the statements that will be created. Overwrite this method to customize the creation of the SamlSubject.

CreateToken(SecurityTokenDescriptor, AuthenticationInformation)

Creates a SamlSecurityToken based on a information contained in the SecurityTokenDescriptor.

CreateToken(SecurityTokenDescriptor)

Creates a SamlSecurityToken based on a information contained in the SecurityTokenDescriptor.

CreateXmlStringFromAttributes(ICollection<SamlAttribute>)

Builds an XML formated string from a collection of saml attributes that represent an Actor.

ProcessAttributeStatement(SamlAttributeStatement, ClaimsIdentity, String)

Creates claims from a SamlAttributeStatement.

ProcessAuthenticationStatement(SamlAuthenticationStatement, ClaimsIdentity, String)

Creates claims from a SamlAuthenticationStatement.

ProcessAuthorizationDecisionStatement(SamlAuthorizationDecisionStatement, ClaimsIdentity, String)

Creates claims from a SamlAuthorizationDecisionStatement.

ProcessCustomSubjectStatement(SamlStatement, ClaimsIdentity, String)

Creates claims from a unknow statements.

ProcessStatements(SamlSecurityToken, String, TokenValidationParameters)

Processes all statements to generate claims.

ProcessSubject(SamlSubject, ClaimsIdentity, String)

Creates subject claims from the SamlSubject.

ReadSamlToken(String)

Converts a string into an instance of SamlSecurityToken.

ReadSamlToken(XmlReader)

Reads a SamlSecurityToken where the XmlReader is positioned the beginning of a Saml assertion.

ReadToken(String)

Converts a string into an instance of SamlSecurityToken.

ReadToken(XmlReader, TokenValidationParameters)

Deserializes from XML a token of the type handled by this instance.

ReadToken(XmlReader)

Reads a SamlSecurityToken where the XmlReader is positioned the beginning of a Saml assertion.

ResolveIssuerSigningKey(String, SamlSecurityToken, TokenValidationParameters)

Returns a SecurityKey to use for validating the signature of a token.

SetDelegateFromAttribute(SamlAttribute, ClaimsIdentity, String)

This method gets called when a special type of SamlAttribute is detected. The SamlAttribute passed in wraps a SamlAttribute that contains a collection of AttributeValues, each of which are mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.

ValidateAudience(IEnumerable<String>, SecurityToken, TokenValidationParameters)

Determines if the audiences found in a SamlSecurityToken are valid.

ValidateConditions(SamlSecurityToken, TokenValidationParameters)

Validates the Lifetime and Audience conditions.

ValidateIssuer(String, SecurityToken, TokenValidationParameters)

Determines if an issuer found in a SamlSecurityToken is valid.

ValidateIssuerSecurityKey(SecurityKey, SamlSecurityToken, TokenValidationParameters)

Validates the SigningKey is an expected value.

ValidateIssuerSecurityKey(SecurityKey, SecurityToken, TokenValidationParameters)

Validates the SecurityToken was signed by a valid SecurityKey.

ValidateLifetime(Nullable<DateTime>, Nullable<DateTime>, SecurityToken, TokenValidationParameters)

Validates the lifetime of a SamlSecurityToken.

ValidateSignature(String, TokenValidationParameters)

Validates that the signature, if found is valid.

ValidateToken(String, TokenValidationParameters, SecurityToken)

Reads and validates a well formed SamlSecurityToken.

ValidateToken(XmlReader, TokenValidationParameters, SecurityToken)

Reads and validates a well formed SamlSecurityToken.

ValidateTokenAsync(SecurityToken, TokenValidationParameters)

Validates a token. On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property. Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.

(Inherited from TokenHandler)
ValidateTokenAsync(String, TokenValidationParameters)

Validates a token. On a validation failure, no exception will be thrown; instead, the exception will be set in the returned TokenValidationResult.Exception property. Callers should always check the TokenValidationResult.IsValid property to verify the validity of the result.

ValidateTokenReplay(Nullable<DateTime>, String, TokenValidationParameters)

Validates the token replay.

WriteToken(SecurityToken)

Serializes a SamlSecurityToken to a string.

WriteToken(XmlWriter, SecurityToken)

Serializes to XML a securityToken of the type handled by this instance.

Applies to