SamlSecurityTokenHandler Class

Definition

Namespace:

System.IdentityModel.Tokens

Assembly:

System.IdentityModel.dll

Represents a security token handler that creates security tokens from SAML 1.1 Assertions.

public ref class SamlSecurityTokenHandler : System::IdentityModel::Tokens::SecurityTokenHandler

public class SamlSecurityTokenHandler : System.IdentityModel.Tokens.SecurityTokenHandler

type SamlSecurityTokenHandler = class
    inherit SecurityTokenHandler

Public Class SamlSecurityTokenHandler
Inherits SecurityTokenHandler

Inheritance

Object

SecurityTokenHandler

SamlSecurityTokenHandler

Remarks

The SamlSecurityTokenHandler class serializes and deserializes security tokens backed by SAML 1.1 Assertions into SamlSecurityToken objects. Security token handlers are responsible for creating, reading, writing, and validating tokens.

You can configure a security token service (STS) or relying party (RP) application to process SAML 1.1 Assertion-backed security tokens by adding an instance of the SamlSecurityTokenHandler class to the SecurityTokenHandlerCollection object configured for the service (or application). This can be done either programmatically or in the configuration file. The handler itself is configured from the configuration specified for the collection through the collection's Configuration property when it is added to the collection. While it is possible to configure the handler individually by setting its Configuration property, this is not normally necessary; however, if the handler must be configured individually, the property should be set after the handler is added to the collection.

For many scenarios, the SamlSecurityTokenHandler class can be used as-is; however, the class provides many extension points through the methods it exposes. By deriving from the SamlSecurityTokenHandler and overriding specific methods, you can modify the functionality of the token processing provided in the default implementation, or you can add processing for extensions to the SAML Assertion specification that may be needed in some custom scenarios.

Constructors

SamlSecurityTokenHandler()	Initializes a new instance of the SamlSecurityTokenHandler class with default security token requirements.
SamlSecurityTokenHandler(SamlSecurityTokenRequirement)	Initializes a new instance of the SamlSecurityTokenHandler class with the specified security token requirements.

Fields

Assertion	urn:oasis:names:tc:SAML:1.0:assertion.
BearerConfirmationMethod	urn:oasis:names:tc:SAML:1.0:cm:bearer.
Namespace	urn:oasis:names:tc:SAML:1.0
UnspecifiedAuthenticationMethod	urn:oasis:names:tc:SAML:1.0:am:unspecified.

Properties

CanValidateToken	Gets a value that indicates if this handler can validate tokens of type SamlSecurityToken.
CanWriteToken	Gets a value that indicates whether this handler can serialize tokens of type SamlSecurityToken.
CertificateValidator	Gets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.
Configuration	Gets or sets the SecurityTokenHandlerConfiguration object that provides configuration for the current instance. (Inherited from SecurityTokenHandler)
ContainingCollection	Gets the token handler collection that contains the current instance. (Inherited from SecurityTokenHandler)
KeyInfoSerializer	Gets or sets the security token serializer that is used to serialize and deserialize key identifiers.
SamlSecurityTokenRequirement	Gets or sets the security token requirements for this instance.
TokenType	Gets the token type supported by this handler.

Methods

AddDelegateToAttributes(ClaimsIdentity, ICollection<SamlAttribute>, SecurityTokenDescriptor)	Adds all of the delegates associated with the ActAs subject into the attribute collection.
CanReadKeyIdentifierClause(XmlReader)	Returns a value that indicates whether the XML element referred to by the specified XML reader is a key identifier clause that can be deserialized by this instance. (Inherited from SecurityTokenHandler)
CanReadToken(String)	Returns a value that indicates whether the specified string can be deserialized as a token of the type processed by this instance. (Inherited from SecurityTokenHandler)
CanReadToken(XmlReader)	Indicates whether the current XML element can be read as a token of the type handled by this instance.
CanWriteKeyIdentifierClause(SecurityKeyIdentifierClause)	Returns a value that indicates whether the specified key identifier clause can be serialized by this instance. (Inherited from SecurityTokenHandler)
CollectAttributeValues(ICollection<SamlAttribute>)	Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.
CreateAdvice(SecurityTokenDescriptor)	When overridden in a derived class, creates a SamlAdvice object for the assertion.
CreateAssertion(String, SamlConditions, SamlAdvice, IEnumerable<SamlStatement>)	Creates a SamlAssertion object by using the specified issuer, conditions, advice and statements. You can override this method to customize the parameters used to create the assertion.
CreateAttribute(Claim, SecurityTokenDescriptor)	Creates a SamlAttribute object from a claim.
CreateAttributeStatement(SamlSubject, ClaimsIdentity, SecurityTokenDescriptor)	Creates a SamlAttributeStatement object from a token descriptor.
CreateAuthenticationStatement(SamlSubject, AuthenticationInformation, SecurityTokenDescriptor)	Creates a SAML 1.1 authentication statement from the specified authentication information.
CreateClaims(SamlSecurityToken)	Creates claims from a SAML 1.1 token.
CreateConditions(Lifetime, String, SecurityTokenDescriptor)	Creates the conditions for the assertion.
CreateSamlSubject(SecurityTokenDescriptor)	Creates a SAML 1.1 subject for the assertion.
CreateSecurityTokenReference(SecurityToken, Boolean)	Creates the security token reference when the token is not attached to the message.
CreateStatements(SecurityTokenDescriptor)	Creates SAML 1.1 statements to be included in the assertion.
CreateToken(SecurityTokenDescriptor)	Creates a security token based on a token descriptor.
CreateWindowsIdentity(String)	Creates a WindowsIdentity object using the specified User Principal Name (UPN).
CreateXmlStringFromAttributes(IEnumerable<SamlAttribute>)	Builds an XML formatted string from a collection of SAML 1.1 attributes that represent the Actor.
DenormalizeAuthenticationType(String)	Returns the SAML11 authentication method identifier that matches the specified normalized value for a SAML authentication method.
DetectReplayedToken(SecurityToken)	Throws an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache.
Equals(Object)	Determines whether the specified object is equal to the current object. (Inherited from Object)
FindUpn(ClaimsIdentity)	Finds the UPN claim value in the specified ClaimsIdentity object for the purpose of mapping the identity to a WindowsIdentity object.
GetEncryptingCredentials(SecurityTokenDescriptor)	Gets the token encrypting credentials. Override this method to change the token encrypting credentials.
GetHashCode()	Serves as the default hash function. (Inherited from Object)
GetSigningCredentials(SecurityTokenDescriptor)	Gets the credentials for signing the assertion.
GetTokenReplayCacheEntryExpirationTime(SamlSecurityToken)	Returns the time until which the token should be held in the token replay cache.
GetTokenTypeIdentifiers()	Gets the token type identifier(s) supported by this handler.
GetType()	Gets the Type of the current instance. (Inherited from Object)
LoadCustomConfiguration(XmlNodeList)	Loads custom configuration from XML.
MemberwiseClone()	Creates a shallow copy of the current Object. (Inherited from Object)
NormalizeAuthenticationType(String)	Returns the normalized value that matches a SAML 1.1 authentication method identifier.
ProcessAttributeStatement(SamlAttributeStatement, ClaimsIdentity, String)	Creates claims from a SAML 1.1 attribute statement and adds them to the specified subject.
ProcessAuthenticationStatement(SamlAuthenticationStatement, ClaimsIdentity, String)	Creates claims from a SAML 1.1 authentication statement and adds them to the specified subject.
ProcessAuthorizationDecisionStatement(SamlAuthorizationDecisionStatement, ClaimsIdentity, String)	Creates claims from a SAML 1.1 authorization decision statement and adds them to the specified subject.
ProcessSamlSubject(SamlSubject, ClaimsIdentity, String)	Creates claims from the SAML 1.1 subject and adds them to the specified subject.
ProcessStatement(IList<SamlStatement>, ClaimsIdentity, String)	Creates claims from a collection of SAML 1.1 statements and adds them to the specified subject.
ReadAction(XmlReader)	Reads the <saml:Action> element.
ReadAdvice(XmlReader)	Reads the <saml:Advice> element.
ReadAssertion(XmlReader)	Reads the <saml:Assertion> element.
ReadAttribute(XmlReader)	Reads the <saml:Attribute> element.
ReadAttributeStatement(XmlReader)	Reads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.
ReadAttributeValue(XmlReader, SamlAttribute)	Reads an attribute value.
ReadAudienceRestrictionCondition(XmlReader)	Reads the <saml:AudienceRestrictionCondition> element from the specified XML reader.
ReadAuthenticationStatement(XmlReader)	Reads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.
ReadAuthorityBinding(XmlReader)	Read the <saml:AuthorityBinding> element.
ReadAuthorizationDecisionStatement(XmlReader)	Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.
ReadCondition(XmlReader)	Reads a saml:AudienceRestrictionCondition or a saml:DoNotCacheCondition from the specified reader.
ReadConditions(XmlReader)	Reads the <saml:Conditions> element.
ReadDoNotCacheCondition(XmlReader)	Reads a saml:DoNotCacheCondition element from the specified XML reader.
ReadEvidence(XmlReader)	Reads the <saml:Evidence> element.
ReadKeyIdentifierClause(XmlReader)	When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a key identifier clause that references a token processed by the derived class. (Inherited from SecurityTokenHandler)
ReadSigningKeyInfo(XmlReader, SamlAssertion)	Deserializes the SAML Signing KeyInfo.
ReadStatement(XmlReader)	Reads the <saml:Statement> element.
ReadSubject(XmlReader)	Reads the <saml:Subject> element.
ReadSubjectKeyInfo(XmlReader)	Deserializes the SAML Subject <ds:KeyInfo> element.
ReadToken(String)	When overridden in a derived class, deserializes the specified string to a token of the type processed by the derived class. (Inherited from SecurityTokenHandler)
ReadToken(XmlReader)	Reads a SAML 1.1 token from the specified stream.
ReadToken(XmlReader, SecurityTokenResolver)	When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver. (Inherited from SecurityTokenHandler)
ResolveIssuerToken(SamlAssertion, SecurityTokenResolver)	Resolves the Signing Key Identifier to a SecurityToken.
ResolveSubjectKeyIdentifier(SecurityKeyIdentifier)	Resolves the SecurityKeyIdentifier specified in a saml:Subject element.
SetDelegateFromAttribute(SamlAttribute, ClaimsIdentity, String)	This method gets called when a special type of SamlAttribute is detected. The SamlAttribute passed in wraps a SamlAttribute that contains a collection of attribute values (in the AttributeValues property), each of which will get mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.
ToString()	Returns a string that represents the current object. (Inherited from Object)
TraceTokenValidationFailure(SecurityToken, String)	Traces the failure event during the validation of security tokens when tracing is enabled. (Inherited from SecurityTokenHandler)
TraceTokenValidationSuccess(SecurityToken)	Traces the successful validation of security tokens event when tracing is enabled. (Inherited from SecurityTokenHandler)
TryResolveIssuerToken(SamlAssertion, SecurityTokenResolver, SecurityToken)	Resolves the Signing Key Identifier to a SecurityToken.
ValidateConditions(SamlConditions, Boolean)	Validates the specified SamlConditions object.
ValidateToken(SecurityToken)	Validates the token data and returns its claims.
WriteAction(XmlWriter, SamlAction)	Writes the <saml:Action> element.
WriteAdvice(XmlWriter, SamlAdvice)	Writes the <saml:Advice> element.
WriteAssertion(XmlWriter, SamlAssertion)	Serializes the specified SAML assertion to the specified XML writer.
WriteAttribute(XmlWriter, SamlAttribute)	Writes the <saml:Attribute> element.
WriteAttributeStatement(XmlWriter, SamlAttributeStatement)	Writes the <saml:AttributeStatement> element.
WriteAttributeValue(XmlWriter, String, SamlAttribute)	Writes the saml:Attribute value.
WriteAudienceRestrictionCondition(XmlWriter, SamlAudienceRestrictionCondition)	Writes the <saml:AudienceRestriction> element.
WriteAuthenticationStatement(XmlWriter, SamlAuthenticationStatement)	Writes the <saml:AuthnStatement> element.
WriteAuthorityBinding(XmlWriter, SamlAuthorityBinding)	Writes the <saml:AuthorityBinding> element.
WriteAuthorizationDecisionStatement(XmlWriter, SamlAuthorizationDecisionStatement)	Writes the <saml:AuthzDecisionStatement> element.
WriteCondition(XmlWriter, SamlCondition)	Serializes the specified SamlCondition object.
WriteConditions(XmlWriter, SamlConditions)	Writes the <saml:Conditions> element.
WriteDoNotCacheCondition(XmlWriter, SamlDoNotCacheCondition)	Writes the <saml:DoNotCacheCondition> element.
WriteEvidence(XmlWriter, SamlEvidence)	Writes the <saml:Evidence> element.
WriteKeyIdentifierClause(XmlWriter, SecurityKeyIdentifierClause)	When overridden in a derived class, serializes the specified key identifier clause to XML. The key identifier clause must be of the type supported by the derived class. (Inherited from SecurityTokenHandler)
WriteSigningKeyInfo(XmlWriter, SecurityKeyIdentifier)	Writes the Signing <ds:KeyInfo> element using the specified XML writer.
WriteStatement(XmlWriter, SamlStatement)	Writes a SamlStatement.
WriteSubject(XmlWriter, SamlSubject)	Writes the <saml:Subject> element.
WriteSubjectKeyInfo(XmlWriter, SecurityKeyIdentifier)	Serializes the Subject <ds:KeyInfo> element using the specified XML writer.
WriteToken(SecurityToken)	When overridden in a derived class, serializes the specified security token to a string. The token must be of the type processed by the derived class. (Inherited from SecurityTokenHandler)
WriteToken(XmlWriter, SecurityToken)	Writes a Saml Token to the specified XML writer.

See also

• SamlSecurityToken
• <samlSecurityTokenRequirement>