SamlSecurityTokenHandler Class

.NET Framework (current version)
 

Represents a security token handler that creates security tokens from SAML 1.1 Assertions.

Namespace:   System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

System.Object
  System.IdentityModel.Tokens.SecurityTokenHandler
    System.IdentityModel.Tokens.SamlSecurityTokenHandler

public class SamlSecurityTokenHandler : SecurityTokenHandler

NameDescription
System_CAPS_pubmethodSamlSecurityTokenHandler()

Initializes a new instance of the SamlSecurityTokenHandler class with default security token requirements.

System_CAPS_pubmethodSamlSecurityTokenHandler(SamlSecurityTokenRequirement)

Initializes a new instance of the SamlSecurityTokenHandler class with the specified security token requirements.

NameDescription
System_CAPS_pubpropertyCanValidateToken

Gets a value that indicates if this handler can validate tokens of type SamlSecurityToken.(Overrides SecurityTokenHandler.CanValidateToken.)

System_CAPS_pubpropertyCanWriteToken

Gets a value that indicates whether this handler can serialize tokens of type SamlSecurityToken.(Overrides SecurityTokenHandler.CanWriteToken.)

System_CAPS_pubpropertyCertificateValidator

Gets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.

System_CAPS_pubpropertyConfiguration

Gets or sets the SecurityTokenHandlerConfiguration object that provides configuration for the current instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubpropertyContainingCollection

Gets the token handler collection that contains the current instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubpropertyKeyInfoSerializer

Gets or sets the security token serializer that is used to serialize and deserialize key identifiers.

System_CAPS_pubpropertySamlSecurityTokenRequirement

Gets or sets the security token requirements for this instance.

System_CAPS_pubpropertyTokenType

Gets the token type supported by this handler.(Overrides SecurityTokenHandler.TokenType.)

NameDescription
System_CAPS_protmethodAddDelegateToAttributes(ClaimsIdentity, ICollection<SamlAttribute>, SecurityTokenDescriptor)

Adds all of the delegates associated with the ActAs subject into the attribute collection.

System_CAPS_pubmethodCanReadKeyIdentifierClause(XmlReader)

Returns a value that indicates whether the XML element referred to by the specified XML reader is a key identifier clause that can be deserialized by this instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodCanReadToken(String)

Returns a value that indicates whether the specified string can be deserialized as a token of the type processed by this instance.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodCanReadToken(XmlReader)

Indicates whether the current XML element can be read as a token of the type handled by this instance.(Overrides SecurityTokenHandler.CanReadToken(XmlReader).)

System_CAPS_pubmethodCanWriteKeyIdentifierClause(SecurityKeyIdentifierClause)

Returns a value that indicates whether the specified key identifier clause can be serialized by this instance.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodCollectAttributeValues(ICollection<SamlAttribute>)

Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.

System_CAPS_protmethodCreateAdvice(SecurityTokenDescriptor)

When overridden in a derived class, creates a SamlAdvice object for the assertion.

System_CAPS_protmethodCreateAssertion(String, SamlConditions, SamlAdvice, IEnumerable<SamlStatement>)

Creates a SamlAssertion object by using the specified issuer, conditions, advice and statements. You can override this method to customize the parameters used to create the assertion.

System_CAPS_protmethodCreateAttribute(Claim, SecurityTokenDescriptor)

Creates a SamlAttribute object from a claim.

System_CAPS_protmethodCreateAttributeStatement(SamlSubject, ClaimsIdentity, SecurityTokenDescriptor)

Creates a SamlAttributeStatement object from a token descriptor.

System_CAPS_protmethodCreateAuthenticationStatement(SamlSubject, AuthenticationInformation, SecurityTokenDescriptor)

Creates a SAML 1.1 authentication statement from the specified authentication information.

System_CAPS_protmethodCreateClaims(SamlSecurityToken)

Creates claims from a SAML 1.1 token.

System_CAPS_protmethodCreateConditions(Lifetime, String, SecurityTokenDescriptor)

Creates the conditions for the assertion.

System_CAPS_protmethodCreateSamlSubject(SecurityTokenDescriptor)

Creates a SAML 1.1 subject for the assertion.

System_CAPS_pubmethodCreateSecurityTokenReference(SecurityToken, Boolean)

Creates the security token reference when the token is not attached to the message.(Overrides SecurityTokenHandler.CreateSecurityTokenReference(SecurityToken, Boolean).)

System_CAPS_protmethodCreateStatements(SecurityTokenDescriptor)

Creates SAML 1.1 statements to be included in the assertion.

System_CAPS_pubmethodCreateToken(SecurityTokenDescriptor)

Creates a security token based on a token descriptor.(Overrides SecurityTokenHandler.CreateToken(SecurityTokenDescriptor).)

System_CAPS_protmethodCreateWindowsIdentity(String)

Creates a WindowsIdentity object using the specified User Principal Name (UPN).

System_CAPS_protmethodCreateXmlStringFromAttributes(IEnumerable<SamlAttribute>)

Builds an XML formatted string from a collection of SAML 1.1 attributes that represent the Actor.

System_CAPS_protmethodDenormalizeAuthenticationType(String)

Returns the SAML11 authentication method identifier that matches the specified normalized value for a SAML authentication method.

System_CAPS_protmethodDetectReplayedToken(SecurityToken)

Throws an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache.(Overrides SecurityTokenHandler.DetectReplayedToken(SecurityToken).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_protmethodFindUpn(ClaimsIdentity)

Finds the UPN claim value in the specified ClaimsIdentity object for the purpose of mapping the identity to a T:System.Security.Claims.WindowsClaimsIdentity object.

System_CAPS_protmethodGetEncryptingCredentials(SecurityTokenDescriptor)

Gets the token encrypting credentials. Override this method to change the token encrypting credentials.

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_protmethodGetSigningCredentials(SecurityTokenDescriptor)

Gets the credentials for signing the assertion.

System_CAPS_protmethodGetTokenReplayCacheEntryExpirationTime(SamlSecurityToken)

Returns the time until which the token should be held in the token replay cache.

System_CAPS_pubmethodGetTokenTypeIdentifiers()

Gets the token type identifier(s) supported by this handler.(Overrides SecurityTokenHandler.GetTokenTypeIdentifiers().)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodLoadCustomConfiguration(XmlNodeList)

Loads custom configuration from XML.(Overrides SecurityTokenHandler.LoadCustomConfiguration(XmlNodeList).)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_protmethodNormalizeAuthenticationType(String)

Returns the normalized value that matches a SAML 1.1 authentication method identifier.

System_CAPS_protmethodProcessAttributeStatement(SamlAttributeStatement, ClaimsIdentity, String)

Creates claims from a SAML 1.1 attribute statement and adds them to the specified subject.

System_CAPS_protmethodProcessAuthenticationStatement(SamlAuthenticationStatement, ClaimsIdentity, String)

Creates claims from a SAML 1.1 authentication statement and adds them to the specified subject.

System_CAPS_protmethodProcessAuthorizationDecisionStatement(SamlAuthorizationDecisionStatement, ClaimsIdentity, String)

Creates claims from a SAML 1.1 authorization decision statement and adds them to the specified subject.

System_CAPS_protmethodProcessSamlSubject(SamlSubject, ClaimsIdentity, String)

Creates claims from the SAML 1.1 subject and adds them to the specified subject.

System_CAPS_protmethodProcessStatement(IList<SamlStatement>, ClaimsIdentity, String)

Creates claims from a collection of SAML 1.1 statements and adds them to the specified subject.

System_CAPS_protmethodReadAction(XmlReader)

Reads the <saml:Action> element.

System_CAPS_protmethodReadAdvice(XmlReader)

Reads the <saml:Advice> element.

System_CAPS_protmethodReadAssertion(XmlReader)

Reads the <saml:Assertion> element.

System_CAPS_protmethodReadAttribute(XmlReader)

Reads the <saml:Attribute> element.

System_CAPS_protmethodReadAttributeStatement(XmlReader)

Reads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.

System_CAPS_protmethodReadAttributeValue(XmlReader, SamlAttribute)

Reads an attribute value.

System_CAPS_protmethodReadAudienceRestrictionCondition(XmlReader)

Reads the <saml:AudienceRestrictionCondition> element from the specified XML reader.

System_CAPS_protmethodReadAuthenticationStatement(XmlReader)

Reads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.

System_CAPS_protmethodReadAuthorityBinding(XmlReader)

Read the <saml:AuthorityBinding> element.

System_CAPS_protmethodReadAuthorizationDecisionStatement(XmlReader)

Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.

System_CAPS_protmethodReadCondition(XmlReader)

Reads a saml:AudienceRestrictionCondition or a saml:DoNotCacheCondition from the specified reader

System_CAPS_protmethodReadConditions(XmlReader)

Reads the <saml:Conditions> element.

System_CAPS_protmethodReadDoNotCacheCondition(XmlReader)

Reads a saml:DoNotCacheCondition element from the specified XML reader.

System_CAPS_protmethodReadEvidence(XmlReader)

Reads the <saml:Evidence> element.

System_CAPS_pubmethodReadKeyIdentifierClause(XmlReader)

When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a key identifier clause that references a token processed by the derived class.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodReadSigningKeyInfo(XmlReader, SamlAssertion)

Deserializes the SAML Signing KeyInfo.

System_CAPS_protmethodReadStatement(XmlReader)

Reads the <saml:Statement> element.

System_CAPS_protmethodReadSubject(XmlReader)

Reads the <saml:Subject> element.

System_CAPS_protmethodReadSubjectKeyInfo(XmlReader)

Deserializes the SAML Subject <ds:KeyInfo> element.

System_CAPS_pubmethodReadToken(String)

When overridden in a derived class, deserializes the specified string to a token of the type processed by the derived class.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodReadToken(XmlReader)

Reads a SAML 1.1 token from the specified stream.(Overrides SecurityTokenHandler.ReadToken(XmlReader).)

System_CAPS_pubmethodReadToken(XmlReader, SecurityTokenResolver)

When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodResolveIssuerToken(SamlAssertion, SecurityTokenResolver)

Resolves the Signing Key Identifier to a SecurityToken.

System_CAPS_protmethodResolveSubjectKeyIdentifier(SecurityKeyIdentifier)

Resolves the SecurityKeyIdentifier specified in a saml:Subject element.

System_CAPS_protmethodSetDelegateFromAttribute(SamlAttribute, ClaimsIdentity, String)

This method gets called when a special type of SamlAttribute is detected. The SamlAttribute passed in wraps a SamlAttribute that contains a collection of attribute values (in the P:System.IdentityModel.Tokens.SamlAttribute.Values property), each of which will get mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

System_CAPS_protmethodTraceTokenValidationFailure(SecurityToken, String)

Traces the failure event during the validation of security tokens when tracing is enabled.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodTraceTokenValidationSuccess(SecurityToken)

Traces the successful validation of security tokens event when tracing is enabled.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodTryResolveIssuerToken(SamlAssertion, SecurityTokenResolver, SecurityToken)

Resolves the Signing Key Identifier to a SecurityToken.

System_CAPS_protmethodValidateConditions(SamlConditions, Boolean)

Validates the specified SamlConditions object.

System_CAPS_pubmethodValidateToken(SecurityToken)

Validates the token data and returns its claims.(Overrides SecurityTokenHandler.ValidateToken(SecurityToken).)

System_CAPS_protmethodWriteAction(XmlWriter, SamlAction)

Writes the <saml:Action> element.

System_CAPS_protmethodWriteAdvice(XmlWriter, SamlAdvice)

Writes the <saml:Advice> element.

System_CAPS_protmethodWriteAssertion(XmlWriter, SamlAssertion)

Serializes the specified SAML assertion to the specified XML writer.

System_CAPS_protmethodWriteAttribute(XmlWriter, SamlAttribute)

Writes the <saml:Attribute> element.

System_CAPS_protmethodWriteAttributeStatement(XmlWriter, SamlAttributeStatement)

Writes the <saml:AttributeStatement> element.

System_CAPS_protmethodWriteAttributeValue(XmlWriter, String, SamlAttribute)

Writes the saml:Attribute value.

System_CAPS_protmethodWriteAudienceRestrictionCondition(XmlWriter, SamlAudienceRestrictionCondition)

Writes the <saml:AudienceRestriction> element.

System_CAPS_protmethodWriteAuthenticationStatement(XmlWriter, SamlAuthenticationStatement)

Writes the <saml:AuthnStatement> element.

System_CAPS_protmethodWriteAuthorityBinding(XmlWriter, SamlAuthorityBinding)

Writes the <saml:AuthorityBinding> element.

System_CAPS_protmethodWriteAuthorizationDecisionStatement(XmlWriter, SamlAuthorizationDecisionStatement)

Writes the <saml:AuthzDecisionStatement> element.

System_CAPS_protmethodWriteCondition(XmlWriter, SamlCondition)

Serializes the specified SamlCondition object.

System_CAPS_protmethodWriteConditions(XmlWriter, SamlConditions)

Writes the <saml:Conditions> element.

System_CAPS_protmethodWriteDoNotCacheCondition(XmlWriter, SamlDoNotCacheCondition)

Writes the <saml:DoNotCacheCondition> element.

System_CAPS_protmethodWriteEvidence(XmlWriter, SamlEvidence)

Writes the <saml:Evidence> element.

System_CAPS_pubmethodWriteKeyIdentifierClause(XmlWriter, SecurityKeyIdentifierClause)

When overridden in a derived class, serializes the specified key identifier clause to XML. The key identifier clause must be of the type supported by the derived class.(Inherited from SecurityTokenHandler.)

System_CAPS_protmethodWriteSigningKeyInfo(XmlWriter, SecurityKeyIdentifier)

Writes the Signing <ds:KeyInfo> element using the specified XML writer.

System_CAPS_protmethodWriteStatement(XmlWriter, SamlStatement)

Writes a SamlStatement.

System_CAPS_protmethodWriteSubject(XmlWriter, SamlSubject)

Writes the <saml:Subject> element.

System_CAPS_protmethodWriteSubjectKeyInfo(XmlWriter, SecurityKeyIdentifier)

Serializes the Subject <ds:KeyInfo> element using the specified XML writer.

System_CAPS_pubmethodWriteToken(SecurityToken)

When overridden in a derived class, serializes the specified security token to a string. The token must be of the type processed by the derived class.(Inherited from SecurityTokenHandler.)

System_CAPS_pubmethodWriteToken(XmlWriter, SecurityToken)

Writes a Saml Token to the specified XML writer.(Overrides SecurityTokenHandler.WriteToken(XmlWriter, SecurityToken).)

NameDescription
System_CAPS_pubfieldSystem_CAPS_staticAssertion

urn:oasis:names:tc:SAML:1.0:assertion

System_CAPS_pubfieldSystem_CAPS_staticBearerConfirmationMethod

urn:oasis:names:tc:SAML:1.0:cm:bearer

System_CAPS_pubfieldSystem_CAPS_staticNamespace

urn:oasis:names:tc:SAML:1.0

System_CAPS_pubfieldSystem_CAPS_staticUnspecifiedAuthenticationMethod

urn:oasis:names:tc:SAML:1.0:am:unspecified

The SamlSecurityTokenHandler class serializes and deserializes security tokens backed by SAML 1.1 Assertions into SamlSecurityToken objects. Security token handlers are responsible for creating, reading, writing, and validating tokens.

You can configure a security token service (STS) or relying party (RP) application to process SAML 1.1 Assertion-backed security tokens by adding an instance of the SamlSecurityTokenHandler class to the SecurityTokenHandlerCollection object configured for the service (or application). This can be done either programmatically or in the configuration file. The handler itself is configured from the configuration specified for the collection through the collection’s Configuration property when it is added to the collection. While it is possible to configure the handler individually by setting its Configuration property, this is not normally necessary; however, if the handler must be configured individually, the property should be set after the handler is added to the collection.

For many scenarios, the SamlSecurityTokenHandler class can be used as-is; however, the class provides many extension points through the methods it exposes. By deriving from the SamlSecurityTokenHandler and overriding specific methods, you can modify the functionality of the token processing provided in the default implementation, or you can add processing for extensions to the SAML Assertion specification that may be needed in some custom scenarios.

.NET Framework
Available since 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: