Export (0) Print
Expand All

Saml2SecurityTokenHandler Class

.NET Framework 4.5

Represents a security token handler that creates security tokens from SAML 2.0 Assertions.

System.Object
  System.IdentityModel.Tokens.SecurityTokenHandler
    System.IdentityModel.Tokens.Saml2SecurityTokenHandler

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public class Saml2SecurityTokenHandler : SecurityTokenHandler

The Saml2SecurityTokenHandler type exposes the following members.

  NameDescription
Public methodSaml2SecurityTokenHandler()Initializes a new instance of the Saml2SecurityTokenHandler class with default security token requirements.
Public methodSaml2SecurityTokenHandler(SamlSecurityTokenRequirement)Initializes a new instance of the Saml2SecurityTokenHandler class with the specified security token requirements.
Top

  NameDescription
Public propertyCanValidateTokenGets a value that indicates if this handler can validate tokens of type Saml2SecurityToken. (Overrides SecurityTokenHandler.CanValidateToken.)
Public propertyCanWriteTokenGets a value that indicates whether this handler can serialize tokens of type Saml2SecurityToken. (Overrides SecurityTokenHandler.CanWriteToken.)
Public propertyCertificateValidatorGets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.
Public propertyConfigurationGets or sets the SecurityTokenHandlerConfiguration object that provides configuration for the current instance. (Inherited from SecurityTokenHandler.)
Public propertyContainingCollectionGets the token handler collection that contains the current instance. (Inherited from SecurityTokenHandler.)
Public propertyKeyInfoSerializerGets or sets the security token serializer that is used to serialize and deserialize key identifiers.
Public propertySamlSecurityTokenRequirementGets or sets the security token requirements for this instance.
Public propertyTokenTypeGets the token type supported by this handler. (Overrides SecurityTokenHandler.TokenType.)
Top

  NameDescription
Protected methodAddDelegateToAttributesAdds all of the delegates associated with the subject into the attribute collection.
Public methodCanReadKeyIdentifierClauseIndicates if the current XML element is pointing to a key identifier clause that can be serialized by this instance. (Overrides SecurityTokenHandler.CanReadKeyIdentifierClause(XmlReader).)
Public methodCanReadToken(String)Returns a value that indicates whether the specified string can be deserialized as a token of the type processed by this instance. (Inherited from SecurityTokenHandler.)
Public methodCanReadToken(XmlReader)Indicates whether the current XML element can be read as a token of the type handled by this instance. (Overrides SecurityTokenHandler.CanReadToken(XmlReader).)
Public methodCanWriteKeyIdentifierClauseIndicates if the specified key identifier clause can be serialized by this instance. (Overrides SecurityTokenHandler.CanWriteKeyIdentifierClause(SecurityKeyIdentifierClause).)
Protected methodCollectAttributeValuesCollects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.
Protected methodCreateAdviceCreates a Saml2Advice object for the assertion.
Protected methodCreateAttributeCreates a Saml2Attribute object from a claim.
Protected methodCreateAttributeStatementCreates a Saml2AttributeStatement object from a token descriptor.
Protected methodCreateAuthenticationStatementCreates a SAML 2.0 authentication statement from the specified authentication information.
Protected methodCreateClaimsCreates claims from a SAML 2.0 token.
Protected methodCreateConditionsCreates the conditions for the assertion.
Protected methodCreateIssuerNameIdentifierCreates a name identifier that identifies the assertion issuer.
Protected methodCreateSamlSubjectCreates a SAML 2.0 subject for the assertion.
Public methodCreateSecurityTokenReferenceCreates the security token reference when the token is not attached to the message. (Overrides SecurityTokenHandler.CreateSecurityTokenReference(SecurityToken, Boolean).)
Protected methodCreateStatementsCreates SAML 2.0 statements to be included in the assertion.
Public methodCreateTokenCreates a security token based on a token descriptor. (Overrides SecurityTokenHandler.CreateToken(SecurityTokenDescriptor).)
Protected methodCreateWindowsIdentityCreates a WindowsIdentity object using the specified User Principal Name (UPN).
Protected methodCreateXmlStringFromAttributesBuilds an XML formatted string from a collection of SAML 2.0 attributes that represent the Actor.
Protected methodDenormalizeAuthenticationTypeReturns the AuthenticationContextClasses value matching a normalized value for a SAML authentication context class reference.
Protected methodDetectReplayedTokenThrows an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache. (Overrides SecurityTokenHandler.DetectReplayedToken(SecurityToken).)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Protected methodFindUpnFinds the UPN claim value in the specified ClaimsIdentity object for the purpose of mapping the identity to a WindowsIdentity object.
Protected methodGetEncryptingCredentialsGets the token encrypting credentials. Override this method to change the token encrypting credentials.
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Protected methodGetSigningCredentialsGets the credentials for signing the assertion.
Protected methodGetTokenReplayCacheEntryExpirationTimeReturns the time until which the token should be held in the token replay cache.
Public methodGetTokenTypeIdentifiersGets the token type identifier(s) supported by this handler. (Overrides SecurityTokenHandler.GetTokenTypeIdentifiers().)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodLoadCustomConfigurationLoads custom configuration from XML. (Overrides SecurityTokenHandler.LoadCustomConfiguration(XmlNodeList).)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Protected methodNormalizeAuthenticationContextClassReferenceReturns the normalized value matching a SAML authentication context class reference.
Protected methodProcessAttributeStatementCreates claims from a SAML 2.0 attribute statement and adds them to the specified subject.
Protected methodProcessAuthenticationStatementCreates claims from a SAML 2.0 authentication statement and adds them to the specified subject.
Protected methodProcessAuthorizationDecisionStatementCreates claims from a SAML 2.0 authorization decision statement and adds them to the specified subject.
Protected methodProcessSamlSubjectCreates claims from the SAML 2.0 subject and adds them to the specified subject.
Protected methodProcessStatementCreates claims from a collection of SAML 2.0 statements and adds them to the specified subject.
Protected methodReadActionReads the <saml:Action> element.
Protected methodReadAdviceReads the <saml:Advice> element.
Protected methodReadAssertionReads the <saml:Assertion> element.
Protected methodReadAttributeReads the <saml:Attribute> element.
Protected methodReadAttributeStatementReads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.
Protected methodReadAttributeValueReads an attribute value.
Protected methodReadAudienceRestrictionReads the <saml:AudienceRestriction> element or a <saml:Condition> element that specifies an xsi:type of saml:AudienceRestrictionType.
Protected methodReadAuthenticationContextReads the <saml:AuthnContext> element.
Protected methodReadAuthenticationStatementReads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.
Protected methodReadAuthorizationDecisionStatementReads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.
Protected methodReadConditionsReads the <saml:Conditions> element.
Protected methodReadEncryptedIdReads the <saml:EncryptedId> element.
Protected methodReadEvidenceReads the <saml:Evidence> element.
Protected methodReadIssuerReads the <saml:Issuer> element.
Public methodReadKeyIdentifierClauseReads a SecurityKeyIdentifierClause. (Overrides SecurityTokenHandler.ReadKeyIdentifierClause(XmlReader).)
Protected methodReadNameIdReads the <saml:NameID> element.
Protected methodReadNameIdTypeBoth <Issuer> and <NameID> are of NameIDType. This method reads the content of either one of those elements.
Protected methodReadProxyRestrictionReads the <saml:ProxyRestriction> element, or a <saml:Condition> element that specifies an xsi:type of saml:ProxyRestrictionType.
Protected methodReadSigningKeyInfoDeserializes the SAML Signing KeyInfo.
Protected methodReadStatementReads the <saml:Statement> element.
Protected methodReadSubjectReads the <saml:Subject> element.
Protected methodReadSubjectConfirmationReads the <SubjectConfirmation> element.
Protected methodReadSubjectConfirmationDataReads the <saml:SubjectConfirmationData> element.
Protected methodReadSubjectIdThis method handles the construct used in the <Subject> and <SubjectConfirmation> elements for ID.
Protected methodReadSubjectKeyInfoDeserializes the SAML Subject <ds:KeyInfo> element.
Protected methodReadSubjectLocalityReads the <saml:SubjectLocality> element.
Public methodReadToken(String)When overridden in a derived class, deserializes the specified string to a token of the type processed by the derived class. (Inherited from SecurityTokenHandler.)
Public methodReadToken(XmlReader)Reads a SAML 2.0 token from the specified stream. (Overrides SecurityTokenHandler.ReadToken(XmlReader).)
Public methodReadToken(XmlReader, SecurityTokenResolver)When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver. (Inherited from SecurityTokenHandler.)
Protected methodResolveIssuerTokenResolves the Signing Key Identifier to a SecurityToken.
Protected methodResolveSecurityKeysResolves the collection of SecurityKey referenced in a Saml2Assertion.
Protected methodSetDelegateFromAttributeThis method gets called when a special type of Saml2Attribute is detected. The Saml2Attribute passed in wraps a Saml2Attribute that contains a collection of attribute values (in the Values property), each of which will get mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Protected methodTraceTokenValidationFailureTraces the failure event during the validation of security tokens when tracing is enabled. (Inherited from SecurityTokenHandler.)
Protected methodTraceTokenValidationSuccessTraces the successful validation of security tokens event when tracing is enabled. (Inherited from SecurityTokenHandler.)
Protected methodTryResolveIssuerTokenResolves the Signing Key Identifier to a SecurityToken.
Protected methodValidateConditionsValidates the specified Saml2Conditions object.
Protected methodValidateConfirmationDataValidates the specified Saml2SubjectConfirmationData object.
Public methodValidateTokenValidates the token data and returns its claims. (Overrides SecurityTokenHandler.ValidateToken(SecurityToken).)
Protected methodWriteActionWrites the <saml:Action> element.
Protected methodWriteAdviceWrites the <saml:Advice> element.
Protected methodWriteAssertionSerializes the specified SAML assertion to the specified XML writer.
Protected methodWriteAttributeWrites the <saml:Attribute> element.
Protected methodWriteAttributeStatementWrites the <saml:AttributeStatement> element.
Protected methodWriteAttributeValueWrites the saml:Attribute value.
Protected methodWriteAudienceRestrictionWrites the <saml:AudienceRestriction> element.
Protected methodWriteAuthenticationContextWrites the <saml:AuthnContext> element.
Protected methodWriteAuthenticationStatementWrites the <saml:AuthnStatement> element.
Protected methodWriteAuthorizationDecisionStatementWrites the <saml:AuthzDecisionStatement> element.
Protected methodWriteConditionsWrites the <saml:Conditions> element.
Protected methodWriteEvidenceWrites the <saml:Evidence> element.
Protected methodWriteIssuerWrites the <saml:Issuer> element.
Public methodWriteKeyIdentifierClauseSerializes a Saml2AssertionKeyIdentifierClause to the specified XML writer. (Overrides SecurityTokenHandler.WriteKeyIdentifierClause(XmlWriter, SecurityKeyIdentifierClause).)
Protected methodWriteNameIdWrites the <saml:NameID> element.
Protected methodWriteNameIdTypeBoth <Issuer> and <NameID> are of NameIDType. This method writes the content of either one of those elements.
Protected methodWriteProxyRestrictionWrites the <saml:ProxyRestriction> element.
Protected methodWriteSigningKeyInfoWrites the Signing <ds:KeyInfo> element using the specified XML writer.
Protected methodWriteStatementWrites a Saml2Statement.
Protected methodWriteSubjectWrites the <saml:Subject> element.
Protected methodWriteSubjectConfirmationWrites the <saml:SubjectConfirmation> element.
Protected methodWriteSubjectConfirmationDataWrites the <saml:SubjectConfirmationData> element.
Protected methodWriteSubjectKeyInfoSerializes the Subject <ds:KeyInfo> element using the specified XML writer.
Protected methodWriteSubjectLocalityWrites the <saml:SubjectLocality> element.
Public methodWriteToken(SecurityToken)When overridden in a derived class, serializes the specified security token to a string. The token must be of the type processed by the derived class. (Inherited from SecurityTokenHandler.)
Public methodWriteToken(XmlWriter, SecurityToken)Writes a Saml2 Token to the specified XML writer. (Overrides SecurityTokenHandler.WriteToken(XmlWriter, SecurityToken).)
Top

  NameDescription
Public fieldStatic memberTokenProfile11ValueTypeThe key identifier value type for SAML 2.0 assertion IDs, as defined by the OASIS Web Services Security SAML Token Profile 1.1. This is a URI.
Top

The Saml2SecurityTokenHandler class serializes and deserializes security tokens backed by SAML 2.0 Assertions into Saml2SecurityToken objects. Security token handlers are responsible for creating, reading, writing, and validating tokens.

You can configure a security token service (STS) or relying party (RP) application to process SAML 2.0 Assertion-backed security tokens by adding an instance of the Saml2SecurityTokenHandler class to the SecurityTokenHandlerCollection object configured for the service (or application). This can be done either programmatically or in the configuration file. The handler itself is configured from the configuration specified for the collection through the collection’s Configuration property when it is added to the collection. While it is possible to configure the handler individually by setting its Configuration property, this is not normally necessary; however, if the handler must be configured individually, the property should be set after the handler is added to the collection.

For many scenarios, the Saml2SecurityTokenHandler class can be used as-is; however, the class provides many extension points through the methods it exposes. By deriving from the Saml2SecurityTokenHandler and overriding specific methods, you can modify the functionality of the token processing provided in the default implementation, or you can add processing for extensions to the SAML Assertion specification that may be needed in some custom scenarios.

.NET Framework

Supported in: 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft