Saml2SecurityTokenHandler Class

.NET Framework (current version)
 

Represents a security token handler that creates security tokens from SAML 2.0 Assertions.

Namespace:   System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

System.Object
  System.IdentityModel.Tokens.SecurityTokenHandler
    System.IdentityModel.Tokens.Saml2SecurityTokenHandler

public class Saml2SecurityTokenHandler : SecurityTokenHandler

NameDescription
System_CAPS_pubmethodSaml2SecurityTokenHandler()

Initializes a new instance of the Saml2SecurityTokenHandler class with default security token requirements.

System_CAPS_pubmethodSaml2SecurityTokenHandler(SamlSecurityTokenRequirement)

Initializes a new instance of the Saml2SecurityTokenHandler class with the specified security token requirements.

NameDescription
System_CAPS_pubpropertyCanValidateToken

Gets a value that indicates if this handler can validate tokens of type Saml2SecurityToken.(Overrides SecurityTokenHandler.CanValidateToken.)

System_CAPS_pubpropertyCanWriteToken

Gets a value that indicates whether this handler can serialize tokens of type Saml2SecurityToken.(Overrides SecurityTokenHandler.CanWriteToken.)

System_CAPS_pubpropertyCertificateValidator

Gets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.

System_CAPS_pubpropertyConfiguration

Gets or sets the SecurityTokenHandlerConfiguration object that provides configuration for the current instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubpropertyContainingCollection

Gets the token handler collection that contains the current instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubpropertyKeyInfoSerializer

Gets or sets the security token serializer that is used to serialize and deserialize key identifiers.

System_CAPS_pubpropertySamlSecurityTokenRequirement

Gets or sets the security token requirements for this instance.

System_CAPS_pubpropertyTokenType

Gets the token type supported by this handler.(Overrides SecurityTokenHandler.TokenType.)

NameDescription
System_CAPS_protmethodAddDelegateToAttributes(ClaimsIdentity, ICollection<Saml2Attribute>, SecurityTokenDescriptor)

Adds all of the delegates associated with the subject into the attribute collection.

System_CAPS_pubmethodCanReadKeyIdentifierClause(XmlReader)

Indicates if the current XML element is pointing to a key identifier clause that can be serialized by this instance.(Overrides SecurityTokenHandler.CanReadKeyIdentifierClause(XmlReader).)

System_CAPS_pubmethodCanReadToken(String)

Returns a value that indicates whether the specified string can be deserialized as a token of the type processed by this instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodCanReadToken(XmlReader)

Indicates whether the current XML element can be read as a token of the type handled by this instance.(Overrides SecurityTokenHandler.CanReadToken(XmlReader).)

System_CAPS_pubmethodCanWriteKeyIdentifierClause(SecurityKeyIdentifierClause)

Indicates if the specified key identifier clause can be serialized by this instance.(Overrides SecurityTokenHandler.CanWriteKeyIdentifierClause(SecurityKeyIdentifierClause).)

System_CAPS_protmethodCollectAttributeValues(ICollection<Saml2Attribute>)

Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.

System_CAPS_protmethodCreateAdvice(SecurityTokenDescriptor)

Creates a Saml2Advice object for the assertion.

System_CAPS_protmethodCreateAttribute(Claim, SecurityTokenDescriptor)

Creates a Saml2Attribute object from a claim.

System_CAPS_protmethodCreateAttributeStatement(ClaimsIdentity, SecurityTokenDescriptor)

Creates a Saml2AttributeStatement object from a token descriptor.

System_CAPS_protmethodCreateAuthenticationStatement(AuthenticationInformation, SecurityTokenDescriptor)

Creates a SAML 2.0 authentication statement from the specified authentication information.

System_CAPS_protmethodCreateClaims(Saml2SecurityToken)

Creates claims from a SAML 2.0 token.

System_CAPS_protmethodCreateConditions(Lifetime, String, SecurityTokenDescriptor)

Creates the conditions for the assertion.

System_CAPS_protmethodCreateIssuerNameIdentifier(SecurityTokenDescriptor)

Creates a name identifier that identifies the assertion issuer.

System_CAPS_protmethodCreateSamlSubject(SecurityTokenDescriptor)

Creates a SAML 2.0 subject for the assertion.

System_CAPS_pubmethodCreateSecurityTokenReference(SecurityToken, Boolean)

Creates the security token reference when the token is not attached to the message.(Overrides SecurityTokenHandler.CreateSecurityTokenReference(SecurityToken, Boolean).)

System_CAPS_protmethodCreateStatements(SecurityTokenDescriptor)

Creates SAML 2.0 statements to be included in the assertion.

System_CAPS_pubmethodCreateToken(SecurityTokenDescriptor)

Creates a security token based on a token descriptor.(Overrides SecurityTokenHandler.CreateToken(SecurityTokenDescriptor).)

System_CAPS_protmethodCreateWindowsIdentity(String)

Creates a WindowsIdentity object using the specified User Principal Name (UPN).

System_CAPS_protmethodCreateXmlStringFromAttributes(IEnumerable<Saml2Attribute>)

Builds an XML formatted string from a collection of SAML 2.0 attributes that represent the Actor.

System_CAPS_protmethodDenormalizeAuthenticationType(String)

Returns the T:System.IdentityModel.Tokens.Saml2Constants.AuthenticationContextClasses value matching a normalized value for a SAML authentication context class reference.

System_CAPS_protmethodDetectReplayedToken(SecurityToken)

Throws an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache.(Overrides SecurityTokenHandler.DetectReplayedToken(SecurityToken).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_protmethodFindUpn(ClaimsIdentity)

Finds the UPN claim value in the specified ClaimsIdentity object for the purpose of mapping the identity to a WindowsIdentity object.

System_CAPS_protmethodGetEncryptingCredentials(SecurityTokenDescriptor)

Gets the token encrypting credentials. Override this method to change the token encrypting credentials.

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_protmethodGetSigningCredentials(SecurityTokenDescriptor)

Gets the credentials for signing the assertion.

System_CAPS_protmethodGetTokenReplayCacheEntryExpirationTime(Saml2SecurityToken)

Returns the time until which the token should be held in the token replay cache.

System_CAPS_pubmethodGetTokenTypeIdentifiers()

Gets the token type identifier(s) supported by this handler.(Overrides SecurityTokenHandler.GetTokenTypeIdentifiers().)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodLoadCustomConfiguration(XmlNodeList)

Loads custom configuration from XML.(Overrides SecurityTokenHandler.LoadCustomConfiguration(XmlNodeList).)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_protmethodNormalizeAuthenticationContextClassReference(String)

Returns the normalized value matching a SAML authentication context class reference.

System_CAPS_protmethodProcessAttributeStatement(Saml2AttributeStatement, ClaimsIdentity, String)

Creates claims from a SAML 2.0 attribute statement and adds them to the specified subject.

System_CAPS_protmethodProcessAuthenticationStatement(Saml2AuthenticationStatement, ClaimsIdentity, String)

Creates claims from a SAML 2.0 authentication statement and adds them to the specified subject.

System_CAPS_protmethodProcessAuthorizationDecisionStatement(Saml2AuthorizationDecisionStatement, ClaimsIdentity, String)

Creates claims from a SAML 2.0 authorization decision statement and adds them to the specified subject.

System_CAPS_protmethodProcessSamlSubject(Saml2Subject, ClaimsIdentity, String)

Creates claims from the SAML 2.0 subject and adds them to the specified subject.

System_CAPS_protmethodProcessStatement(Collection<Saml2Statement>, ClaimsIdentity, String)

Creates claims from a collection of SAML 2.0 statements and adds them to the specified subject.

System_CAPS_protmethodReadAction(XmlReader)

Reads the <saml:Action> element.

System_CAPS_protmethodReadAdvice(XmlReader)

Reads the <saml:Advice> element.

System_CAPS_protmethodReadAssertion(XmlReader)

Reads the <saml:Assertion> element.

System_CAPS_protmethodReadAttribute(XmlReader)

Reads the <saml:Attribute> element.

System_CAPS_protmethodReadAttributeStatement(XmlReader)

Reads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.

System_CAPS_protmethodReadAttributeValue(XmlReader, Saml2Attribute)

Reads an attribute value.

System_CAPS_protmethodReadAudienceRestriction(XmlReader)

Reads the <saml:AudienceRestriction> element or a <saml:Condition> element that specifies an xsi:type of saml:AudienceRestrictionType.

System_CAPS_protmethodReadAuthenticationContext(XmlReader)

Reads the <saml:AuthnContext> element.

System_CAPS_protmethodReadAuthenticationStatement(XmlReader)

Reads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.

System_CAPS_protmethodReadAuthorizationDecisionStatement(XmlReader)

Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.

System_CAPS_protmethodReadConditions(XmlReader)

Reads the <saml:Conditions> element.

System_CAPS_protmethodReadEncryptedId(XmlReader)

Reads the <saml:EncryptedId> element.

System_CAPS_protmethodReadEvidence(XmlReader)

Reads the <saml:Evidence> element.

System_CAPS_protmethodReadIssuer(XmlReader)

Reads the <saml:Issuer> element.

System_CAPS_pubmethodReadKeyIdentifierClause(XmlReader)

Reads a SecurityKeyIdentifierClause.(Overrides SecurityTokenHandler.ReadKeyIdentifierClause(XmlReader).)

System_CAPS_protmethodReadNameId(XmlReader)

Reads the <saml:NameID> element.

System_CAPS_protmethodReadNameIdType(XmlReader)

Both <Issuer> and <NameID> are of NameIDType. This method reads the content of either one of those elements.

System_CAPS_protmethodReadProxyRestriction(XmlReader)

Reads the <saml:ProxyRestriction> element, or a <saml:Condition> element that specifies an xsi:type of saml:ProxyRestrictionType.

System_CAPS_protmethodReadSigningKeyInfo(XmlReader, Saml2Assertion)

Deserializes the SAML Signing KeyInfo.

System_CAPS_protmethodReadStatement(XmlReader)

Reads the <saml:Statement> element.

System_CAPS_protmethodReadSubject(XmlReader)

Reads the <saml:Subject> element.

System_CAPS_protmethodReadSubjectConfirmation(XmlReader)

Reads the <SubjectConfirmation> element.

System_CAPS_protmethodReadSubjectConfirmationData(XmlReader)

Reads the <saml:SubjectConfirmationData> element.

System_CAPS_protmethodReadSubjectId(XmlReader, String)

This method handles the construct used in the <Subject> and <SubjectConfirmation> elements for ID.

System_CAPS_protmethodReadSubjectKeyInfo(XmlReader)

Deserializes the SAML Subject <ds:KeyInfo> element.

System_CAPS_protmethodReadSubjectLocality(XmlReader)

Reads the <saml:SubjectLocality> element.

System_CAPS_pubmethodReadToken(String)

When overridden in a derived class, deserializes the specified string to a token of the type processed by the derived class.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodReadToken(XmlReader)

Reads a SAML 2.0 token from the specified stream.(Overrides SecurityTokenHandler.ReadToken(XmlReader).)

System_CAPS_pubmethodReadToken(XmlReader, SecurityTokenResolver)

When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodResolveIssuerToken(Saml2Assertion, SecurityTokenResolver)

Resolves the Signing Key Identifier to a SecurityToken.

System_CAPS_protmethodResolveSecurityKeys(Saml2Assertion, SecurityTokenResolver)

Resolves the collection of SecurityKey referenced in a Saml2Assertion.

System_CAPS_protmethodSetDelegateFromAttribute(Saml2Attribute, ClaimsIdentity, String)

This method gets called when a special type of Saml2Attribute is detected. The Saml2Attribute passed in wraps a Saml2Attribute that contains a collection of attribute values (in the Values property), each of which will get mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

System_CAPS_protmethodTraceTokenValidationFailure(SecurityToken, String)

Traces the failure event during the validation of security tokens when tracing is enabled.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodTraceTokenValidationSuccess(SecurityToken)

Traces the successful validation of security tokens event when tracing is enabled.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodTryResolveIssuerToken(Saml2Assertion, SecurityTokenResolver, SecurityToken)

Resolves the Signing Key Identifier to a SecurityToken.

System_CAPS_protmethodValidateConditions(Saml2Conditions, Boolean)

Validates the specified Saml2Conditions object.

System_CAPS_protmethodValidateConfirmationData(Saml2SubjectConfirmationData)

Validates the specified Saml2SubjectConfirmationData object.

System_CAPS_pubmethodValidateToken(SecurityToken)

Validates the token data and returns its claims.(Overrides SecurityTokenHandler.ValidateToken(SecurityToken).)

System_CAPS_protmethodWriteAction(XmlWriter, Saml2Action)

Writes the <saml:Action> element.

System_CAPS_protmethodWriteAdvice(XmlWriter, Saml2Advice)

Writes the <saml:Advice> element.

System_CAPS_protmethodWriteAssertion(XmlWriter, Saml2Assertion)

Serializes the specified SAML assertion to the specified XML writer.

System_CAPS_protmethodWriteAttribute(XmlWriter, Saml2Attribute)

Writes the <saml:Attribute> element.

System_CAPS_protmethodWriteAttributeStatement(XmlWriter, Saml2AttributeStatement)

Writes the <saml:AttributeStatement> element.

System_CAPS_protmethodWriteAttributeValue(XmlWriter, String, Saml2Attribute)

Writes the saml:Attribute value.

System_CAPS_protmethodWriteAudienceRestriction(XmlWriter, Saml2AudienceRestriction)

Writes the <saml:AudienceRestriction> element.

System_CAPS_protmethodWriteAuthenticationContext(XmlWriter, Saml2AuthenticationContext)

Writes the <saml:AuthnContext> element.

System_CAPS_protmethodWriteAuthenticationStatement(XmlWriter, Saml2AuthenticationStatement)

Writes the <saml:AuthnStatement> element.

System_CAPS_protmethodWriteAuthorizationDecisionStatement(XmlWriter, Saml2AuthorizationDecisionStatement)

Writes the <saml:AuthzDecisionStatement> element.

System_CAPS_protmethodWriteConditions(XmlWriter, Saml2Conditions)

Writes the <saml:Conditions> element.

System_CAPS_protmethodWriteEvidence(XmlWriter, Saml2Evidence)

Writes the <saml:Evidence> element.

System_CAPS_protmethodWriteIssuer(XmlWriter, Saml2NameIdentifier)

Writes the <saml:Issuer> element.

System_CAPS_pubmethodWriteKeyIdentifierClause(XmlWriter, SecurityKeyIdentifierClause)
System_CAPS_protmethodWriteNameId(XmlWriter, Saml2NameIdentifier)

Writes the <saml:NameID> element.

System_CAPS_protmethodWriteNameIdType(XmlWriter, Saml2NameIdentifier)

Both <Issuer> and <NameID> are of NameIDType. This method writes the content of either one of those elements.

System_CAPS_protmethodWriteProxyRestriction(XmlWriter, Saml2ProxyRestriction)

Writes the <saml:ProxyRestriction> element.

System_CAPS_protmethodWriteSigningKeyInfo(XmlWriter, SecurityKeyIdentifier)

Writes the Signing <ds:KeyInfo> element using the specified XML writer.

System_CAPS_protmethodWriteStatement(XmlWriter, Saml2Statement)

Writes a Saml2Statement.

System_CAPS_protmethodWriteSubject(XmlWriter, Saml2Subject)

Writes the <saml:Subject> element.

System_CAPS_protmethodWriteSubjectConfirmation(XmlWriter, Saml2SubjectConfirmation)

Writes the <saml:SubjectConfirmation> element.

System_CAPS_protmethodWriteSubjectConfirmationData(XmlWriter, Saml2SubjectConfirmationData)

Writes the <saml:SubjectConfirmationData> element.

System_CAPS_protmethodWriteSubjectKeyInfo(XmlWriter, SecurityKeyIdentifier)

Serializes the Subject <ds:KeyInfo> element using the specified XML writer.

System_CAPS_protmethodWriteSubjectLocality(XmlWriter, Saml2SubjectLocality)

Writes the <saml:SubjectLocality> element.

System_CAPS_pubmethodWriteToken(SecurityToken)

When overridden in a derived class, serializes the specified security token to a string. The token must be of the type processed by the derived class.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodWriteToken(XmlWriter, SecurityToken)

Writes a Saml2 Token to the specified XML writer.(Overrides SecurityTokenHandler.WriteToken(XmlWriter, SecurityToken).)

NameDescription
System_CAPS_pubfieldSystem_CAPS_staticTokenProfile11ValueType

The key identifier value type for SAML 2.0 assertion IDs, as defined by the OASIS Web Services Security SAML Token Profile 1.1. This is a URI.

The Saml2SecurityTokenHandler class serializes and deserializes security tokens backed by SAML 2.0 Assertions into Saml2SecurityToken objects. Security token handlers are responsible for creating, reading, writing, and validating tokens.

You can configure a security token service (STS) or relying party (RP) application to process SAML 2.0 Assertion-backed security tokens by adding an instance of the Saml2SecurityTokenHandler class to the SecurityTokenHandlerCollection object configured for the service (or application). This can be done either programmatically or in the configuration file. The handler itself is configured from the configuration specified for the collection through the collection’s Configuration property when it is added to the collection. While it is possible to configure the handler individually by setting its Configuration property, this is not normally necessary; however, if the handler must be configured individually, the property should be set after the handler is added to the collection.

For many scenarios, the Saml2SecurityTokenHandler class can be used as-is; however, the class provides many extension points through the methods it exposes. By deriving from the Saml2SecurityTokenHandler and overriding specific methods, you can modify the functionality of the token processing provided in the default implementation, or you can add processing for extensions to the SAML Assertion specification that may be needed in some custom scenarios.

.NET Framework
Available since 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: