Saml11SecurityTokenHandler Members

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

This class implements a SecurityTokenHandler for a Saml11 token. It contains functionality for: Creating, Serializing and Validating a Saml 11 Token.

The following tables list the members exposed by the Saml11SecurityTokenHandler type.

Public Constructors

  Name Description
  Saml11SecurityTokenHandler Overloaded.  


Public Fields

  Name Description
public fieldstatic Assertion  
public fieldstatic BearerConfirmationMethod  
public fieldstatic Namespace  
public fieldstatic UnspecifiedAuthenticationMethod  


Public Properties

  Name Description
public property CanValidateToken Overridden. Returns value indicates if this handler can validate tokens of type SamlSecurityToken.
public property CanWriteToken Overridden. Gets a boolean indicating if the SecurityTokenHandler can Serialize Tokens. Return true by default.
public property CertificateValidator Gets or sets the X509CeritificateValidator that is used by the current instance.
public property Configuration  Gets or sets the SecurityTokenHandlerConfiguration (Inherited from SecurityTokenHandler)
public property ContainingCollection  Gets or sets the SecurityTokenHandlerCollection that this SecurityTokenHandler is part of. This property should never be set directly. When the SecurityTokenHandler is added to a collection this property is automatically set. (Inherited from SecurityTokenHandler)
public property KeyInfoSerializer Gets or Sets a SecurityTokenSerializers that will be used to serialize and deserializer SecurtyKeyIdentifier. For example, SamlSubject SecurityKeyIdentifier or Signature SecurityKeyIdentifier.
public property SamlSecurityTokenRequirement Gets or sets the SamlSecurityTokenRequirement
public property TokenType Overridden. Gets the System.Type of the SecurityToken is supported by ththis handler.


Public Methods

(see also Protected Methods)

  Name Description
public method CanReadKeyIdentifierClause  Indicates if the current XML element is pointing to a KeyIdentifierClause that can be serialized by this instance. (Inherited from SecurityTokenHandler)
public method CanReadToken Overridden. Indicates whether the current XML element can be read as a token of the type handled by this instance.
public method CanWriteKeyIdentifierClause  Indicates if the given SecurityKeyIdentifierClause can be serialized by this instance. (Inherited from SecurityTokenHandler)
public method CreateSecurityTokenReference Overridden. Creates the security token reference when the token is not attached to the message.
public method CreateToken Overridden. Creates the security token based on the tokenDescriptor passed in.
public method Equals  (Inherited from Object)
public method GetHashCode  (Inherited from Object)
public method GetTokenTypeIdentifiers Overridden. Returns the saml token's token type that is supported by this handler.
public method GetType  (Inherited from Object)
public method ReadKeyIdentifierClause  Deserializes the XML to a KeyIdentifierClause that references a token handled by this instance. (Inherited from SecurityTokenHandler)
public method ReadToken Overridden. Deserializes from XML a token of the type handled by this instance.
public method ReadToken  Overloaded. (Inherited from SecurityTokenHandler)
public method ToString  (Inherited from Object)
public method ValidateToken Overridden. Validates a given token and returns a SubjectCollection.
public method WriteKeyIdentifierClause  Serializes to XML a SecurityKeyIdentifierClause that this instance supports. (Inherited from SecurityTokenHandler)
public method WriteToken Overridden. Serializes the given SecurityToken to the XmlWriter.


Protected Methods

  Name Description
protected method AddDelegateToAttributes Adds all the delegates associated with the ActAs subject into the attribute collection.
protected method CollectAttributeValues Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.
protected method CreateAdvice Override this method to provide a SamlAdvice to place in the Samltoken.
protected method CreateAssertion Override this method to customize the parameters to create a SamlAssertion.
protected method CreateAttribute Generates a SamlAttribute from a claim.
protected method CreateAttributeStatement Creates SamlAttributeStatements and adds them to a collection. Override this method to provide a custom implementation.Default behavior is to create a new SamlAttributeStatement for each Subject in the tokenDescriptor.Subjects collection.
protected method CreateAuthenticationStatement Creates a SamlAuthenticationStatement for each AuthenticationInformation found in AuthenticationInformation. Override this method to provide a custom implementation.
protected method CreateClaims Generates SubjectCollection that represents a SamlToken. Only SamlAttributeStatements processed. Overwrite this method to customize the creation of statements.Calls: 1. ProcessAttributeStatement for SamlAttributeStatements. 2. ProcessAuthenticationStatement for SamlAuthenticationStatements. 3. ProcessAuthorizationDecisionStatement for SamlAuthorizationDecisionStatements. 4. ProcessCustomStatement for other SamlStatements.
protected method CreateConditions Generates all the conditions for saml 1. Lifetime condition 2. AudienceRestriction condition
protected method CreateSamlSubject Returns the SamlSubject to use for all the statements that will be created. Overwrite this method to customize the creation of the SamlSubject.
protected method CreateStatements Generates an enumeration of SamlStatements from a SecurityTokenDescriptor. Only SamlAttributeStatements and SamlAuthenticationStatements are generated. Overwrite this method to customize the creation of statements.Calls in order (all are virtual): 1. CreateSamlSubject 2. CreateAttributeStatements 3. CreateAuthenticationStatements
protected method CreateXmlStringFromAttributes Builds an XML formated string from a collection of saml attributes that represend the Actor.
protected method DenormalizeAuthenticationType Returns the Saml11 AuthenticationMethod matching a normalized value.
protected method DetectReplayedTokens Overridden. Throws if a token is detected as being replayed. If the token is not found it is added to the TokenReplayCache.
protected method Finalize  (Inherited from Object)
protected method FindUpn Finds the UPN claim value in the provided IClaimsIdentity object for the purpose of mapping the identity to a WindowsClaimsIdentity object.
protected method GetCacheExpirationTime Returns the time until which the token should be held in the token replay cache.
protected method GetEncryptingCredentials Gets the credentials for encrypting the token. Override this method to provide custom encrypting credentials.
protected method GetSigningCredentials Gets the credentials for the signing the assertion. Override this method to provide custom signing credentials.
protected method MemberwiseClone  (Inherited from Object)
protected method NormalizeAuthenticationType Returns the normalized value matching a Saml11 AuthenticationMethod.
protected method ProcessAttributeStatement Override this virtual to provide custom processing of SamlAttributeStatements.
protected method ProcessAuthenticationStatement Override this virtual to provide custom processing of the SamlAuthenticationStatement. By default it adds authentication type and instant to each claim.
protected method ProcessAuthorizationDecisionStatement Override this virtual to provide custom processing of SamlAuthorizationDecisionStatement. By default no processing is performed, you will need to access the token for SamlAuthorizationDecisionStatement information.
protected method ProcessSamlSubject For each saml statement (attribute/authentication/authz/custom), we will check if we need to create a nameid claim or a key identifier claim out of its SamlSubject.
protected method ProcessStatement Processes all statements to generate claims.
protected method ReadAction Read saml:Action element.
protected method ReadAdvice Read saml:Advice element from the given XmlReader.
protected method ReadAssertion Read saml:Assertion element from the given reader.
protected method ReadAttribute Read an saml:Attribute element.
protected method ReadAttributeStatement Read saml:AttributeStatement from the given XmlReader.
protected method ReadAttributeValue Reads an attribute value.
protected method ReadAudienceRestrictionCondition Read saml:AudienceRestrictionCondition from the given XmlReader.
protected method ReadAuthenticationStatement Read the saml:AuthenticationStatement.
protected method ReadAuthorityBinding Read the saml:AuthorityBinding element.
protected method ReadAuthorizationDecisionStatement Read the saml:AuthorizationDecisionStatement element.
protected method ReadCondition Read saml:AudienceRestrictionCondition or saml:DoNotCacheCondition from the given reader.
protected method ReadConditions Read saml:Conditions from the given XmlReader.
protected method ReadDoNotCacheCondition Read saml:DoNotCacheCondition from the given XmlReader.
protected method ReadEvidence Read the saml:Evidence element.
protected method ReadSigningKeyInfo Reads the ds:KeyInfo element inside the Saml Signature.
protected method ReadStatement Read a SamlStatement from the given XmlReader.
protected method ReadSubject Read the SamlSubject from the XmlReader.
protected method ReadSubjectKeyInfo Read the SamlSubject KeyIdentifier from a XmlReader.
protected method ResolveIssuerToken Resolves the Signing Key Identifier to a SecurityToken.
protected method ResolveSubjectKeyIdentifier Resolves the SecurityKeyIdentifier specified in a saml:Subject element.
protected method SetDelegateFromAttribute This method gets called when a special type of SamlAttribute is detected. The SamlAttribute passed in wraps a SamlAttribute that contains a collection of AttributeValues, each of which are mapped to a claim. All of the claims will be returned in an IClaimsIdentity with the specified issuer.
protected method TryResolveIssuerToken Resolves the Signing Key Identifier to a SecurityToken.
protected method ValidateConditions Rejects tokens that are not valid.
protected method WriteAction Writes the given SamlAction to the XmlWriter.
protected method WriteAdvice Serialize the given SamlAdvice to the given XmlWriter.
protected method WriteAssertion Serializes a given SamlAssertion to the XmlWriter.
protected method WriteAttribute Serializes a given SamlAttribute.
protected method WriteAttributeStatement Serialize a SamlAttributeStatement.
protected method WriteAttributeValue Writes the saml:Attribute value.
protected method WriteAudienceRestrictionCondition Serialize SamlAudienceRestrictionCondition to a XmlWriter.
protected method WriteAuthenticationStatement Serializes a given SamlAuthenticationStatement.
protected method WriteAuthorityBinding Serialize a SamlAuthorityBinding.
protected method WriteAuthorizationDecisionStatement Serialize a SamlAuthorizationDecisionStatement.
protected method WriteCondition Serializes the given SamlCondition to the given XmlWriter.
protected method WriteConditions Serialize SamlConditions to the given XmlWriter.
protected method WriteDoNotCacheCondition Serialize SamlDoNotCacheCondition to a XmlWriter.
protected method WriteEvidence Serializes a given SamlEvidence.
protected method WriteSigningKeyInfo Serializes the Signing SecurityKeyIdentifier.
protected method WriteStatement Serialize the SamlStatement to the XmlWriter.
protected method WriteSubject Serialize the given SamlSubject into an XmlWriter.
protected method WriteSubjectKeyInfo Write the SamlSubject SecurityKeyIdentifier to the XmlWriter.


See Also


Saml11SecurityTokenHandler Class
Microsoft.IdentityModel.Tokens.Saml11 Namespace

Copyright © 2008 by Microsoft Corporation. All rights reserved.