Saml2SecurityTokenHandler.CreateConditions(SecurityTokenDescriptor) Method

Definition

Creates the conditions for the assertion.

protected virtual Microsoft.IdentityModel.Tokens.Saml2.Saml2Conditions CreateConditions (Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor tokenDescriptor);
abstract member CreateConditions : Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor -> Microsoft.IdentityModel.Tokens.Saml2.Saml2Conditions
override this.CreateConditions : Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor -> Microsoft.IdentityModel.Tokens.Saml2.Saml2Conditions
Protected Overridable Function CreateConditions (tokenDescriptor As SecurityTokenDescriptor) As Saml2Conditions

Parameters

tokenDescriptor
SecurityTokenDescriptor

contains the details of the conditions.

Returns

A Saml2Conditions object.

Exceptions

If tokenDescriptor is null.

Remarks

Generally, conditions should be included in assertions to limit the impact of misuse of the assertion. Specifying the NotBefore and NotOnOrAfter conditions can limit the period of vulnerability in the case of a compromised assertion. The AudienceRestrictionCondition can be used to explicitly state the intended relying party or parties of the assertion, which coupled with appropriate audience restriction enforcement at relying parties can help to mitigate spoofing attacks between relying parties.

The default implementation creates NotBefore and NotOnOrAfter conditions based on the tokenDescriptor.Lifetime. It will also generate an AudienceRestrictionCondition limiting consumption of the assertion to tokenDescriptor.Scope.Address.

Applies to