0 out of 2 rated this helpful - Rate this topic

SamlSecurityTokenHandler Class

.NET Framework 4.5

Represents a security token handler that creates security tokens from SAML 1.1 Assertions.

System.Object
  System.IdentityModel.Tokens.SecurityTokenHandler
    System.IdentityModel.Tokens.SamlSecurityTokenHandler

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)
public class SamlSecurityTokenHandler : SecurityTokenHandler

The SamlSecurityTokenHandler type exposes the following members.

  NameDescription
Public methodSamlSecurityTokenHandler()Initializes a new instance of the SamlSecurityTokenHandler class with default security token requirements.
Public methodSamlSecurityTokenHandler(SamlSecurityTokenRequirement)Initializes a new instance of the SamlSecurityTokenHandler class with the specified security token requirements.
Top
  NameDescription
Public propertyCanValidateTokenGets a value that indicates if this handler can validate tokens of type SamlSecurityToken. (Overrides SecurityTokenHandler.CanValidateToken.)
Public propertyCanWriteTokenGets a value that indicates whether this handler can serialize tokens of type SamlSecurityToken. (Overrides SecurityTokenHandler.CanWriteToken.)
Public propertyCertificateValidatorGets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.
Public propertyConfigurationGets or sets the SecurityTokenHandlerConfiguration object that provides configuration for the current instance. (Inherited from SecurityTokenHandler.)
Public propertyContainingCollectionGets the token handler collection that contains the current instance. (Inherited from SecurityTokenHandler.)
Public propertyKeyInfoSerializerGets or sets the security token serializer that is used to serialize and deserialize key identifiers.
Public propertySamlSecurityTokenRequirementGets or sets the security token requirements for this instance.
Public propertyTokenTypeGets the token type supported by this handler. (Overrides SecurityTokenHandler.TokenType.)
Top
  NameDescription
Protected methodAddDelegateToAttributesAdds all of the delegates associated with the ActAs subject into the attribute collection.
Public methodCanReadKeyIdentifierClauseReturns a value that indicates whether the XML element referred to by the specified XML reader is a key identifier clause that can be deserialized by this instance. (Inherited from SecurityTokenHandler.)
Public methodCanReadToken(String)Returns a value that indicates whether the specified string can be deserialized as a token of the type processed by this instance. (Inherited from SecurityTokenHandler.)
Public methodCanReadToken(XmlReader)Indicates whether the current XML element can be read as a token of the type handled by this instance. (Overrides SecurityTokenHandler.CanReadToken(XmlReader).)
Public methodCanWriteKeyIdentifierClauseReturns a value that indicates whether the specified key identifier clause can be serialized by this instance. (Inherited from SecurityTokenHandler.)
Protected methodCollectAttributeValuesCollects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.
Protected methodCreateAdviceWhen overridden in a derived class, creates a SamlAdvice object for the assertion.
Protected methodCreateAssertionCreates a SamlAssertion object by using the specified issuer, conditions, advice and statements. You can override this method to customize the parameters used to create the assertion.
Protected methodCreateAttributeCreates a SamlAttribute object from a claim.
Protected methodCreateAttributeStatementCreates a SamlAttributeStatement object from a token descriptor.
Protected methodCreateAuthenticationStatementCreates a SAML 1.1 authentication statement from the specified authentication information.
Protected methodCreateClaimsCreates claims from a SAML 1.1 token.
Protected methodCreateConditionsCreates the conditions for the assertion.
Protected methodCreateSamlSubjectCreates a SAML 1.1 subject for the assertion.
Public methodCreateSecurityTokenReferenceCreates the security token reference when the token is not attached to the message. (Overrides SecurityTokenHandler.CreateSecurityTokenReference(SecurityToken, Boolean).)
Protected methodCreateStatementsCreates SAML 1.1 statements to be included in the assertion.
Public methodCreateTokenCreates a security token based on a token descriptor. (Overrides SecurityTokenHandler.CreateToken(SecurityTokenDescriptor).)
Protected methodCreateWindowsIdentityCreates a WindowsIdentity object using the specified User Principal Name (UPN).
Protected methodCreateXmlStringFromAttributesBuilds an XML formatted string from a collection of SAML 1.1 attributes that represent the Actor.
Protected methodDenormalizeAuthenticationTypeReturns the SAML11 authentication method identifier that matches the specified normalized value for a SAML authentication method.
Protected methodDetectReplayedTokenThrows an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache. (Overrides SecurityTokenHandler.DetectReplayedToken(SecurityToken).)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Protected methodFindUpnFinds the UPN claim value in the specified ClaimsIdentity object for the purpose of mapping the identity to a WindowsClaimsIdentity object.
Protected methodGetEncryptingCredentialsGets the token encrypting credentials. Override this method to change the token encrypting credentials.
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Protected methodGetSigningCredentialsGets the credentials for signing the assertion.
Protected methodGetTokenReplayCacheEntryExpirationTimeReturns the time until which the token should be held in the token replay cache.
Public methodGetTokenTypeIdentifiersGets the token type identifier(s) supported by this handler. (Overrides SecurityTokenHandler.GetTokenTypeIdentifiers().)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodLoadCustomConfigurationLoads custom configuration from XML. (Overrides SecurityTokenHandler.LoadCustomConfiguration(XmlNodeList).)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Protected methodNormalizeAuthenticationTypeReturns the normalized value that matches a SAML 1.1 authentication method identifier.
Protected methodProcessAttributeStatementCreates claims from a SAML 1.1 attribute statement and adds them to the specified subject.
Protected methodProcessAuthenticationStatementCreates claims from a SAML 1.1 authentication statement and adds them to the specified subject.
Protected methodProcessAuthorizationDecisionStatementCreates claims from a SAML 1.1 authorization decision statement and adds them to the specified subject.
Protected methodProcessSamlSubjectCreates claims from the SAML 1.1 subject and adds them to the specified subject.
Protected methodProcessStatementCreates claims from a collection of SAML 1.1 statements and adds them to the specified subject.
Protected methodReadActionReads the <saml:Action> element.
Protected methodReadAdviceReads the <saml:Advice> element.
Protected methodReadAssertionReads the <saml:Assertion> element.
Protected methodReadAttributeReads the <saml:Attribute> element.
Protected methodReadAttributeStatementReads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.
Protected methodReadAttributeValueReads an attribute value.
Protected methodReadAudienceRestrictionConditionReads the <saml:AudienceRestrictionCondition> element from the specified XML reader.
Protected methodReadAuthenticationStatementReads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.
Protected methodReadAuthorityBindingRead the <saml:AuthorityBinding> element.
Protected methodReadAuthorizationDecisionStatementReads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.
Protected methodReadConditionReads a saml:AudienceRestrictionCondition or a saml:DoNotCacheCondition from the specified reader
Protected methodReadConditionsReads the <saml:Conditions> element.
Protected methodReadDoNotCacheConditionReads a saml:DoNotCacheCondition element from the specified XML reader.
Protected methodReadEvidenceReads the <saml:Evidence> element.
Public methodReadKeyIdentifierClauseWhen overridden in a derived class, deserializes the XML referenced by the specified XML reader to a key identifier clause that references a token processed by the derived class. (Inherited from SecurityTokenHandler.)
Protected methodReadSigningKeyInfoDeserializes the SAML Signing KeyInfo.
Protected methodReadStatementReads the <saml:Statement> element.
Protected methodReadSubjectReads the <saml:Subject> element.
Protected methodReadSubjectKeyInfoDeserializes the SAML Subject <ds:KeyInfo> element.
Public methodReadToken(String)When overridden in a derived class, deserializes the specified string to a token of the type processed by the derived class. (Inherited from SecurityTokenHandler.)
Public methodReadToken(XmlReader)Reads a SAML 1.1 token from the specified stream. (Overrides SecurityTokenHandler.ReadToken(XmlReader).)
Public methodReadToken(XmlReader, SecurityTokenResolver)When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver. (Inherited from SecurityTokenHandler.)
Protected methodResolveIssuerTokenResolves the Signing Key Identifier to a SecurityToken.
Protected methodResolveSubjectKeyIdentifierResolves the SecurityKeyIdentifier specified in a saml:Subject element.
Protected methodSetDelegateFromAttributeThis method gets called when a special type of SamlAttribute is detected. The SamlAttribute passed in wraps a SamlAttribute that contains a collection of attribute values (in the Values property), each of which will get mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Protected methodTraceTokenValidationFailureTraces the failure event during the validation of security tokens when tracing is enabled. (Inherited from SecurityTokenHandler.)
Protected methodTraceTokenValidationSuccessTraces the successful validation of security tokens event when tracing is enabled. (Inherited from SecurityTokenHandler.)
Protected methodTryResolveIssuerTokenResolves the Signing Key Identifier to a SecurityToken.
Protected methodValidateConditionsValidates the specified SamlConditions object.
Public methodValidateTokenValidates the token data and returns its claims. (Overrides SecurityTokenHandler.ValidateToken(SecurityToken).)
Protected methodWriteActionWrites the <saml:Action> element.
Protected methodWriteAdviceWrites the <saml:Advice> element.
Protected methodWriteAssertionSerializes the specified SAML assertion to the specified XML writer.
Protected methodWriteAttributeWrites the <saml:Attribute> element.
Protected methodWriteAttributeStatementWrites the <saml:AttributeStatement> element.
Protected methodWriteAttributeValueWrites the saml:Attribute value.
Protected methodWriteAudienceRestrictionConditionWrites the <saml:AudienceRestriction> element.
Protected methodWriteAuthenticationStatementWrites the <saml:AuthnStatement> element.
Protected methodWriteAuthorityBindingWrites the <saml:AuthorityBinding> element.
Protected methodWriteAuthorizationDecisionStatementWrites the <saml:AuthzDecisionStatement> element.
Protected methodWriteConditionSerializes the specified SamlCondition object.
Protected methodWriteConditionsWrites the <saml:Conditions> element.
Protected methodWriteDoNotCacheConditionWrites the <saml:DoNotCacheCondition> element.
Protected methodWriteEvidenceWrites the <saml:Evidence> element.
Public methodWriteKeyIdentifierClauseWhen overridden in a derived class, serializes the specified key identifier clause to XML. The key identifier clause must be of the type supported by the derived class. (Inherited from SecurityTokenHandler.)
Protected methodWriteSigningKeyInfoWrites the Signing <ds:KeyInfo> element using the specified XML writer.
Protected methodWriteStatementWrites a SamlStatement.
Protected methodWriteSubjectWrites the <saml:Subject> element.
Protected methodWriteSubjectKeyInfoSerializes the Subject <ds:KeyInfo> element using the specified XML writer.
Public methodWriteToken(SecurityToken)When overridden in a derived class, serializes the specified security token to a string. The token must be of the type processed by the derived class. (Inherited from SecurityTokenHandler.)
Public methodWriteToken(XmlWriter, SecurityToken)Writes a Saml Token to the specified XML writer. (Overrides SecurityTokenHandler.WriteToken(XmlWriter, SecurityToken).)
Top
  NameDescription
Public fieldStatic memberAssertionurn:oasis:names:tc:SAML:1.0:assertion
Public fieldStatic memberBearerConfirmationMethodurn:oasis:names:tc:SAML:1.0:cm:bearer
Public fieldStatic memberNamespaceurn:oasis:names:tc:SAML:1.0
Public fieldStatic memberUnspecifiedAuthenticationMethodurn:oasis:names:tc:SAML:1.0:am:unspecified
Top

The SamlSecurityTokenHandler class serializes and deserializes security tokens backed by SAML 1.1 Assertions into SamlSecurityToken objects. Security token handlers are responsible for creating, reading, writing, and validating tokens.

You can configure a security token service (STS) or relying party (RP) application to process SAML 1.1 Assertion-backed security tokens by adding an instance of the SamlSecurityTokenHandler class to the SecurityTokenHandlerCollection object configured for the service (or application). This can be done either programmatically or in the configuration file. The handler itself is configured from the configuration specified for the collection through the collection’s Configuration property when it is added to the collection. While it is possible to configure the handler individually by setting its Configuration property, this is not normally necessary; however, if the handler must be configured individually, the property should be set after the handler is added to the collection.

For many scenarios, the SamlSecurityTokenHandler class can be used as-is; however, the class provides many extension points through the methods it exposes. By deriving from the SamlSecurityTokenHandler and overriding specific methods, you can modify the functionality of the token processing provided in the default implementation, or you can add processing for extensions to the SAML Assertion specification that may be needed in some custom scenarios.

.NET Framework

Supported in: 4.5.1, 4.5

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.