SAMLDesktop Component

Properties   Methods   Events   Config Settings   Errors  

The SAMLDesktop component provides an easy way to add SAML-based SSO to your desktop application.

Syntax

TciSAMLDesktop

Remarks

-------------TBD-----------

Property List

---

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AssertionAttributeInfoCount Property (SAMLDesktop Component)

The number of records in the AssertionAttributeInfo arrays.

Syntax

__property int AssertionAttributeInfoCount = { read=FAssertionAttributeInfoCount, write=FSetAssertionAttributeInfoCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• AssertionAttributeInfoAttributeContent
• AssertionAttributeInfoAttributeValueCount
• AssertionAttributeInfoAttributeValueData
• AssertionAttributeInfoAttributeValueIndex
• AssertionAttributeInfoFriendlyName
• AssertionAttributeInfoName
• AssertionAttributeInfoNameFormat

The array indices start at 0 and end at AssertionAttributeInfoCount - 1.

This property is not available at design time.

Data Type

Integer

AssertionAttributeInfoAttributeContent Property (SAMLDesktop Component)

The raw XML of the attribute.

Syntax

__property String AssertionAttributeInfoAttributeContent[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoAttributeContent };

Default Value

""

Remarks

The raw XML of the attribute. In cases where the content of the attribute is complex, this property can be used to do additional XML parsing.

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAttributeInfoAttributeValueCount Property (SAMLDesktop Component)

In cases where there are multiple values for a single attribute, this count will be updated to reflect the size of the list.

Syntax

__property int AssertionAttributeInfoAttributeValueCount[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoAttributeValueCount };

Default Value

0

Remarks

In cases where there are multiple values for a single attribute, this count will be updated to reflect the size of the list. If the value of the attribute is not a list, the count will be set to 1. See AssertionAttributeValueIndex for more information.

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is read-only and not available at design time.

Data Type

Integer

AssertionAttributeInfoAttributeValueData Property (SAMLDesktop Component)

The content of the attribute value selected by AttributeValueIndex .

Syntax

__property String AssertionAttributeInfoAttributeValueData[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoAttributeValueData };

Default Value

""

Remarks

The content of the attribute value selected by AssertionAttributeValueIndex.

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAttributeInfoAttributeValueIndex Property (SAMLDesktop Component)

The index of the attribute value that should be populated in the AttributeValueData property.

Syntax

__property int AssertionAttributeInfoAttributeValueIndex[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoAttributeValueIndex, write=FSetAssertionAttributeInfoAttributeValueIndex };

Default Value

0

Remarks

The index of the attribute value that should be populated in the AssertionAttributeValueData property. Valid ranges for this property are from 0 to AssertionAttributeValueCount - 1. By default, this property is set to 0. In cases where there is only a singular value, that value will be at index 0. For example:

Multi-value attribute

<Attribute Name="ValueName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <AttributeValue>Value1</AttributeValue> <AttributeValue>Value2</AttributeValue> </Attribute>

Iterating through each value in an attribute

for (int i = 0; i < saml.AssertionAttributeInfo[0].AttributeValueCount; i++) { saml.AssertionAttributeInfo[0].AttributeValueIndex = i; string attribute_value = saml.AssertionAttributeInfo[0].AttributeValueData; //... the rest of the processing }

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is not available at design time.

Data Type

Integer

AssertionAttributeInfoFriendlyName Property (SAMLDesktop Component)

A human-readable version of the attribute name, if provided.

Syntax

__property String AssertionAttributeInfoFriendlyName[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoFriendlyName };

Default Value

""

Remarks

A human-readable version of the attribute name, if provided. This value is intended to be used for informational and logging purposes only.

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAttributeInfoName Property (SAMLDesktop Component)

The name of the attribute.

Syntax

__property String AssertionAttributeInfoName[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoName };

Default Value

""

Remarks

The name of the attribute. The format of the name (if provided) can be found in the AssertionNameFormat property.

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAttributeInfoNameFormat Property (SAMLDesktop Component)

A URI reference to how the Name of the attribute is formatted.

Syntax

__property String AssertionAttributeInfoNameFormat[int AssertionAttributeInfoIndex] = { read=FAssertionAttributeInfoNameFormat };

Default Value

""

Remarks

A URI reference to how the AssertionName of the attribute is formatted. If not set, Unspecified is used.

Some common values are:

The AssertionAttributeInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAttributeInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoCount Property (SAMLDesktop Component)

The number of records in the AssertionAuthnInfo arrays.

Syntax

__property int AssertionAuthnInfoCount = { read=FAssertionAuthnInfoCount, write=FSetAssertionAuthnInfoCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• AssertionAuthnInfoAuthenticatingAuthorites
• AssertionAuthnInfoAuthnInstant
• AssertionAuthnInfoContextClassReference
• AssertionAuthnInfoContextDeclaration
• AssertionAuthnInfoSessionExpiration
• AssertionAuthnInfoSessionIndex
• AssertionAuthnInfoStatementContent

The array indices start at 0 and end at AssertionAuthnInfoCount - 1.

This property is not available at design time.

Data Type

Integer

AssertionAuthnInfoAuthenticatingAuthorites Property (SAMLDesktop Component)

A semicolon-separated list of authorities involved with the current authentication context.

Syntax

__property String AssertionAuthnInfoAuthenticatingAuthorites[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoAuthenticatingAuthorites };

Default Value

""

Remarks

A semicolon-separated list of authorities involved with the current authentication context. Typically, this list includes other parties involved with the authentication of the subject besides the issuer that issued the assertion.

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoAuthnInstant Property (SAMLDesktop Component)

The time at which the authentication took place.

Syntax

__property String AssertionAuthnInfoAuthnInstant[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoAuthnInstant };

Default Value

""

Remarks

The time at which the authentication took place.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoContextClassReference Property (SAMLDesktop Component)

A per-defined URI reference identifying an authentication context class that describes how authentication was provided.

Syntax

__property String AssertionAuthnInfoContextClassReference[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoContextClassReference };

Default Value

""

Remarks

A per-defined URI reference identifying an authentication context class that describes how authentication was provided. For example, if the user used a password to perform authentication, this will be set to urn:oasis:names:tc:SAML:2.0:ac:classes:Password.

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoContextDeclaration Property (SAMLDesktop Component)

A description or URI that describes additional information about the authentication context past the ContextClassReference .

Syntax

__property String AssertionAuthnInfoContextDeclaration[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoContextDeclaration };

Default Value

""

Remarks

A description or URI that describes additional information about the authentication context past the AssertionContextClassReference. This provides more detail about the authentication process when provided by the Identity Provider.

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoSessionExpiration Property (SAMLDesktop Component)

The time at which the session between the principal and Identity Provider must be considered ended.

Syntax

__property String AssertionAuthnInfoSessionExpiration[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoSessionExpiration };

Default Value

""

Remarks

The time at which the session between the principal and Identity Provider must be considered ended.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoSessionIndex Property (SAMLDesktop Component)

The unique identifier for a particular session established between the user (principal) and the Service Provider (SP), as provided by the Identity Provider (IdP).

Syntax

__property String AssertionAuthnInfoSessionIndex[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoSessionIndex };

Default Value

""

Remarks

The unique identifier for a particular session established between the user (principal) and the Service Provider (SP), as provided by the Identity Provider (IdP). It is common (but not required) to use this value as the session identifier between the user and the Service Provider (your application).

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAuthnInfoStatementContent Property (SAMLDesktop Component)

The raw XML of the Authn statement.

Syntax

__property String AssertionAuthnInfoStatementContent[int AssertionAuthnInfoIndex] = { read=FAssertionAuthnInfoStatementContent };

Default Value

""

Remarks

The raw XML of the Authn statement. Typically, this is used in cases to get additional information from the Authn statement that is not provided by the component.

The AssertionAuthnInfoIndex parameter specifies the index of the item in the array. The size of the array is controlled by the AssertionAuthnInfoCount property.

This property is read-only and not available at design time.

Data Type

String

AssertionAssertionContent Property (SAMLDesktop Component)

The raw XML of the assertion.

Syntax

__property String AssertionAssertionContent = { read=FAssertionAssertionContent, write=FSetAssertionAssertionContent };
__property DynamicArray<Byte> AssertionAssertionContentB = { read=FAssertionAssertionContentB, write=FSetAssertionAssertionContentB };

Default Value

""

Remarks

The raw XML of the assertion. This property can be set to provide the assertion to the component for the ParseAssertion method to parse the assertion without the SAML response.

Data Type

Byte Array

AssertionExpirationDate Property (SAMLDesktop Component)

When the assertion expires.

Syntax

__property String AssertionExpirationDate = { read=FAssertionExpirationDate };

Default Value

""

Remarks

When the assertion expires. This represents the NotOnOrAfter attribute of the Conditions element if the attribute is present in the assertion.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

This property is read-only.

Data Type

String

AssertionId Property (SAMLDesktop Component)

The unique Id of the assertion generated by the identity provider.

Syntax

__property String AssertionId = { read=FAssertionId };

Default Value

""

Remarks

The unique Id of the assertion generated by the identity provider. This is not an Id that is tied to a user but rather to the assertion itself.

This property is read-only.

Data Type

String

AssertionIsSigned Property (SAMLDesktop Component)

Whether the assertion has been signed by the identity provider.

Syntax

__property bool AssertionIsSigned = { read=FAssertionIsSigned };

Default Value

false

Remarks

Whether the assertion has been signed by the identity provider. This is set to true when the Signature element is present in the assertion.

This property is read-only.

Data Type

Boolean

AssertionIssuedTime Property (SAMLDesktop Component)

The time at which the assertion was issued by the Issuer (typically the identity provider).

Syntax

__property String AssertionIssuedTime = { read=FAssertionIssuedTime };

Default Value

""

Remarks

The time at which the assertion was issued by the AssertionIssuer (typically the identity provider). This property represents the IssueInstant attribute of the Assertion element.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

This property is read-only.

Data Type

String

AssertionIssuer Property (SAMLDesktop Component)

The issuer of the assertion.

Syntax

__property String AssertionIssuer = { read=FAssertionIssuer };

Default Value

""

Remarks

The issuer of the assertion. Typically, this is the same as the identity provider that provided the SAML response. This property represents the Issuer element in the Assertion element.

This property is read-only.

Data Type

String

AssertionNotBeforeDate Property (SAMLDesktop Component)

The time at which the assertion becomes valid.

Syntax

__property String AssertionNotBeforeDate = { read=FAssertionNotBeforeDate };

Default Value

""

Remarks

The time at which the assertion becomes valid. If the current time is before this property, then the assertion is not considered valid yet. This represents the NotBefore attribute of the Conditions element if the attribute is present in the assertion.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

This property is read-only.

Data Type

String

AssertionOneTimeUse Property (SAMLDesktop Component)

Whether the issuer only considers this information valid for this single instance.

Syntax

__property bool AssertionOneTimeUse = { read=FAssertionOneTimeUse };

Default Value

false

Remarks

Whether the issuer only considers this information valid for this single instance. The information saved here typically should not be cached or saved for future use. This represents the OneTimeUse element of the Conditions element if the element is present in the assertion.

This property is read-only.

Data Type

Boolean

AssertionSubjectNameId Property (SAMLDesktop Component)

The name identifier for the subject of the current assertion.

Syntax

__property String AssertionSubjectNameId = { read=FAssertionSubjectNameId };

Default Value

""

Remarks

The name identifier for the subject of the current assertion. Typically, the subject is the user that is being authenticated. The format of this name Id can be found in the AssertionSubjectNameIdFormat property. This represents the NameId element of the Subject element if the element is present in the assertion.

This property is read-only.

Data Type

String

AssertionSubjectNameIdFormat Property (SAMLDesktop Component)

A URI reference to how the SubjectNameId of the element is formatted.

Syntax

__property String AssertionSubjectNameIdFormat = { read=FAssertionSubjectNameIdFormat };

Default Value

""

Remarks

A URI reference to how the AssertionSubjectNameId of the element is formatted. If not set, Unspecified is used. This represents the Format attribute of the NameID element if the attribute is present in the assertion.

Some common values are:

This property is read-only.

Data Type

String

FirewallAutoDetect Property (SAMLDesktop Component)

Whether to automatically detect and use firewall system settings, if available.

Syntax

__property bool FirewallAutoDetect = { read=FFirewallAutoDetect, write=FSetFirewallAutoDetect };

Default Value

False

Remarks

Whether to automatically detect and use firewall system settings, if available.

Data Type

Boolean

FirewallType Property (SAMLDesktop Component)

The type of firewall to connect through.

Syntax

__property TciSAMLDesktopFirewallTypes FirewallType = { read=FFirewallType, write=FSetFirewallType };

enum TciSAMLDesktopFirewallTypes {
  fwNone=0,
  fwTunnel=1,
  fwSOCKS4=2,
  fwSOCKS5=3,
  fwSOCKS4A=10
};

Default Value

fwNone

Remarks

The type of firewall to connect through. The applicable values are as follows:

Data Type

Integer

FirewallHost Property (SAMLDesktop Component)

The name or IP address of the firewall (optional).

Syntax

__property String FirewallHost = { read=FFirewallHost, write=FSetFirewallHost };

Default Value

""

Remarks

The name or IP address of the firewall (optional). If a FirewallHost is given, the requested connections will be authenticated through the specified firewall when connecting.

If this property is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, the component raises an exception.

Data Type

String

FirewallPassword Property (SAMLDesktop Component)

A password if authentication is to be used when connecting through the firewall.

Syntax

__property String FirewallPassword = { read=FFirewallPassword, write=FSetFirewallPassword };

Default Value

""

Remarks

A password if authentication is to be used when connecting through the firewall. If FirewallHost is specified, the FirewallUser and FirewallPassword properties are used to connect and authenticate to the given firewall. If the authentication fails, the component raises an exception.

Data Type

String

FirewallPort Property (SAMLDesktop Component)

The Transmission Control Protocol (TCP) port for the firewall Host .

Syntax

__property int FirewallPort = { read=FFirewallPort, write=FSetFirewallPort };

Default Value

0

Remarks

The Transmission Control Protocol (TCP) port for the firewall FirewallHost. See the description of the FirewallHost property for details.

Note: This property is set automatically when FirewallType is set to a valid value. See the description of the FirewallType property for details.

Data Type

Integer

FirewallUser Property (SAMLDesktop Component)

A username if authentication is to be used when connecting through a firewall.

Syntax

__property String FirewallUser = { read=FFirewallUser, write=FSetFirewallUser };

Default Value

""

Remarks

A username if authentication is to be used when connecting through a firewall. If FirewallHost is specified, this property and the FirewallPassword property are used to connect and authenticate to the given Firewall. If the authentication fails, the component raises an exception.

Data Type

String

FollowRedirects Property (SAMLDesktop Component)

Determines what happens when the server issues a redirect.

Syntax

__property TciSAMLDesktopFollowRedirects FollowRedirects = { read=FFollowRedirects, write=FSetFollowRedirects };

enum TciSAMLDesktopFollowRedirects {
  frNever=0,
  frAlways=1,
  frSameScheme=2
};

Default Value

frNever

Remarks

This property determines what happens when the server issues a redirect. Normally, the component returns an error if the server responds with an "Object Moved" message. If this property is set to frAlways (1), the new URL for the object is retrieved automatically every time.

If this property is set to frSameScheme (2), the new URL is retrieved automatically only if the URLScheme is the same; otherwise, the component raises an exception.

Note: Following the HTTP specification, unless this property is set to frAlways (1), automatic redirects will be performed only for GET or HEAD requests. Other methods potentially could change the conditions of the initial request and create security vulnerabilities.

Furthermore, if either the new URL server or port are different from the existing one, User and Password are also reset to empty. If, however, this property is set to frAlways (1), the same credentials are used to connect to the new server.

A Redirect event is fired for every URL the product is redirected to. In the case of automatic redirections, the Redirect event is a good place to set properties related to the new connection (e.g., new authentication parameters).

The default value is frNever (0). In this case, redirects are never followed, and the component raises an exception instead.

Data Type

Integer

IdentityProviderEncryptingCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String IdentityProviderEncryptingCertEffectiveDate = { read=FIdentityProviderEncryptingCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String IdentityProviderEncryptingCertExpirationDate = { read=FIdentityProviderEncryptingCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String IdentityProviderEncryptingCertExtendedKeyUsage = { read=FIdentityProviderEncryptingCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String IdentityProviderEncryptingCertFingerprint = { read=FIdentityProviderEncryptingCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String IdentityProviderEncryptingCertFingerprintSHA1 = { read=FIdentityProviderEncryptingCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String IdentityProviderEncryptingCertFingerprintSHA256 = { read=FIdentityProviderEncryptingCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String IdentityProviderEncryptingCertIssuer = { read=FIdentityProviderEncryptingCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String IdentityProviderEncryptingCertPrivateKey = { read=FIdentityProviderEncryptingCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The IdentityProviderEncryptingCertPrivateKey may be available but not exportable. In this case, IdentityProviderEncryptingCertPrivateKey returns an empty string.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool IdentityProviderEncryptingCertPrivateKeyAvailable = { read=FIdentityProviderEncryptingCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a IdentityProviderEncryptingCertPrivateKey is available for the selected certificate. If IdentityProviderEncryptingCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only and not available at design time.

Data Type

Boolean

IdentityProviderEncryptingCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String IdentityProviderEncryptingCertPrivateKeyContainer = { read=FIdentityProviderEncryptingCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the IdentityProviderEncryptingCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String IdentityProviderEncryptingCertPublicKey = { read=FIdentityProviderEncryptingCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String IdentityProviderEncryptingCertPublicKeyAlgorithm = { read=FIdentityProviderEncryptingCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int IdentityProviderEncryptingCertPublicKeyLength = { read=FIdentityProviderEncryptingCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only and not available at design time.

Data Type

Integer

IdentityProviderEncryptingCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String IdentityProviderEncryptingCertSerialNumber = { read=FIdentityProviderEncryptingCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String IdentityProviderEncryptingCertSignatureAlgorithm = { read=FIdentityProviderEncryptingCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String IdentityProviderEncryptingCertStore = { read=FIdentityProviderEncryptingCertStore, write=FSetIdentityProviderEncryptingCertStore };
__property DynamicArray<Byte> IdentityProviderEncryptingCertStoreB = { read=FIdentityProviderEncryptingCertStoreB, write=FSetIdentityProviderEncryptingCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The IdentityProviderEncryptingCertStoreType property denotes the type of the certificate store specified by IdentityProviderEncryptingCertStore. If the store is password-protected, specify the password in IdentityProviderEncryptingCertStorePassword.

IdentityProviderEncryptingCertStore is used in conjunction with the IdentityProviderEncryptingCertSubject property to specify client certificates. If IdentityProviderEncryptingCertStore has a value, and IdentityProviderEncryptingCertSubject or IdentityProviderEncryptingCertEncoded is set, a search for a certificate is initiated. Please see the IdentityProviderEncryptingCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is not available at design time.

Data Type

Byte Array

IdentityProviderEncryptingCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String IdentityProviderEncryptingCertStorePassword = { read=FIdentityProviderEncryptingCertStorePassword, write=FSetIdentityProviderEncryptingCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is not available at design time.

Data Type

String

IdentityProviderEncryptingCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopIdentityProviderEncryptingCertStoreTypes IdentityProviderEncryptingCertStoreType = { read=FIdentityProviderEncryptingCertStoreType, write=FSetIdentityProviderEncryptingCertStoreType };

enum TciSAMLDesktopIdentityProviderEncryptingCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

This property is not available at design time.

Data Type

Integer

IdentityProviderEncryptingCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String IdentityProviderEncryptingCertSubjectAltNames = { read=FIdentityProviderEncryptingCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String IdentityProviderEncryptingCertThumbprintMD5 = { read=FIdentityProviderEncryptingCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String IdentityProviderEncryptingCertThumbprintSHA1 = { read=FIdentityProviderEncryptingCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String IdentityProviderEncryptingCertThumbprintSHA256 = { read=FIdentityProviderEncryptingCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String IdentityProviderEncryptingCertUsage = { read=FIdentityProviderEncryptingCertUsage };

Default Value

""

Remarks

The text description of IdentityProviderEncryptingCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int IdentityProviderEncryptingCertUsageFlags = { read=FIdentityProviderEncryptingCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of IdentityProviderEncryptingCertUsageFlags is a combination of the following flags:

Please see the IdentityProviderEncryptingCertUsage property for a text representation of IdentityProviderEncryptingCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only and not available at design time.

Data Type

Integer

IdentityProviderEncryptingCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String IdentityProviderEncryptingCertVersion = { read=FIdentityProviderEncryptingCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only and not available at design time.

Data Type

String

IdentityProviderEncryptingCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String IdentityProviderEncryptingCertSubject = { read=FIdentityProviderEncryptingCertSubject, write=FSetIdentityProviderEncryptingCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is not available at design time.

Data Type

String

IdentityProviderEncryptingCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String IdentityProviderEncryptingCertEncoded = { read=FIdentityProviderEncryptingCertEncoded, write=FSetIdentityProviderEncryptingCertEncoded };
__property DynamicArray<Byte> IdentityProviderEncryptingCertEncodedB = { read=FIdentityProviderEncryptingCertEncodedB, write=FSetIdentityProviderEncryptingCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The IdentityProviderEncryptingCertStore and IdentityProviderEncryptingCertSubject properties also may be used to specify a certificate.

When IdentityProviderEncryptingCertEncoded is set, a search is initiated in the current IdentityProviderEncryptingCertStore for the private key of the certificate. If the key is found, IdentityProviderEncryptingCertSubject is updated to reflect the full subject of the selected certificate; otherwise, IdentityProviderEncryptingCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

IdentityProviderMetadataEntityId Property (SAMLDesktop Component)

The unique Id for the identity provider that is being described.

Syntax

__property String IdentityProviderMetadataEntityId = { read=FIdentityProviderMetadataEntityId, write=FSetIdentityProviderMetadataEntityId };

Default Value

""

Remarks

The unique Id for the identity provider that is being described. This is used for verification purposes when verifying the issuer of an SAML response or assertion.

Data Type

String

IdentityProviderMetadataExpirationDate Property (SAMLDesktop Component)

The expiration date of the Identity Provider description provided by the metadata document.

Syntax

__property String IdentityProviderMetadataExpirationDate = { read=FIdentityProviderMetadataExpirationDate };

Default Value

""

Remarks

The expiration date of the Identity Provider description provided by the metadata document. This represents the valid attribute of the IDPSSODescriptor element if the attribute is present in the document.

This property is read-only.

Data Type

String

IdentityProviderMetadataMetadataContent Property (SAMLDesktop Component)

The raw metadata for the identity provider.

Syntax

__property String IdentityProviderMetadataMetadataContent = { read=FIdentityProviderMetadataMetadataContent, write=FSetIdentityProviderMetadataMetadataContent };
__property DynamicArray<Byte> IdentityProviderMetadataMetadataContentB = { read=FIdentityProviderMetadataMetadataContentB, write=FSetIdentityProviderMetadataMetadataContentB };

Default Value

""

Remarks

The raw metadata for the identity provider. To avoid repeated requests to the Identity Provider, this value can be saved for later to be used with the LoadIdentityMetadata method.

Data Type

Byte Array

IdentityProviderMetadataRequestsSignedAuthnRequests Property (SAMLDesktop Component)

Whether the identity provider requests that authentication (Authn) requests are signed.

Syntax

__property bool IdentityProviderMetadataRequestsSignedAuthnRequests = { read=FIdentityProviderMetadataRequestsSignedAuthnRequests, write=FSetIdentityProviderMetadataRequestsSignedAuthnRequests };

Default Value

false

Remarks

Whether the identity provider requests that authentication (Authn) requests are signed.

Data Type

Boolean

IdentityProviderMetadataSignedMetadata Property (SAMLDesktop Component)

Whether the identity provider's parsed metadata is signed.

Syntax

__property bool IdentityProviderMetadataSignedMetadata = { read=FIdentityProviderMetadataSignedMetadata };

Default Value

false

Remarks

Whether the identity provider's parsed metadata is signed.

This property is read-only.

Data Type

Boolean

IdentityProviderMetadataSupportedAttributeProfiles Property (SAMLDesktop Component)

A semicolon-separated list of attribute profiles supported by the identity provider.

Syntax

__property String IdentityProviderMetadataSupportedAttributeProfiles = { read=FIdentityProviderMetadataSupportedAttributeProfiles };

Default Value

""

Remarks

A semicolon-separated list of attribute profiles supported by the identity provider.

Some common attribute profiles are:

• urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic
• urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500
• urn:oasis:names:tc:SAML:2.0:profiles:attribute:UUID
• urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE
• urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML

This property is read-only.

Data Type

String

IdentityProviderMetadataSupportedAttributes Property (SAMLDesktop Component)

A semicolon-separated list of attributes supported by the identity provider as presented by the Identity Provider's metadata document.

Syntax

__property String IdentityProviderMetadataSupportedAttributes = { read=FIdentityProviderMetadataSupportedAttributes };

Default Value

""

Remarks

A semicolon-separated list of attributes supported by the identity provider as presented by the Identity Provider's metadata document. This is a list of attributes that are explicitly supported by the Identity Provider but is not a full list of all the supported attributes. The list will contain the Name of each attribute found in the IDPSSODescriptor element.

This property is read-only.

Data Type

String

IdentityProviderMetadataSupportedNameIdFormats Property (SAMLDesktop Component)

The name identifier formats supported by the identity provider if provided by the metadata document.

Syntax

__property String IdentityProviderMetadataSupportedNameIdFormats = { read=FIdentityProviderMetadataSupportedNameIdFormats };

Default Value

""

Remarks

The name identifier formats supported by the identity provider if provided by the metadata document. Some common values are:

• Unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
• Email Address - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
• Windows Domain Qualified Name - urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName

This property is read-only.

Data Type

String

IdentityProviderSigningCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String IdentityProviderSigningCertEffectiveDate = { read=FIdentityProviderSigningCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String IdentityProviderSigningCertExpirationDate = { read=FIdentityProviderSigningCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String IdentityProviderSigningCertExtendedKeyUsage = { read=FIdentityProviderSigningCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String IdentityProviderSigningCertFingerprint = { read=FIdentityProviderSigningCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String IdentityProviderSigningCertFingerprintSHA1 = { read=FIdentityProviderSigningCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String IdentityProviderSigningCertFingerprintSHA256 = { read=FIdentityProviderSigningCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String IdentityProviderSigningCertIssuer = { read=FIdentityProviderSigningCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String IdentityProviderSigningCertPrivateKey = { read=FIdentityProviderSigningCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The IdentityProviderSigningCertPrivateKey may be available but not exportable. In this case, IdentityProviderSigningCertPrivateKey returns an empty string.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool IdentityProviderSigningCertPrivateKeyAvailable = { read=FIdentityProviderSigningCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a IdentityProviderSigningCertPrivateKey is available for the selected certificate. If IdentityProviderSigningCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only and not available at design time.

Data Type

Boolean

IdentityProviderSigningCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String IdentityProviderSigningCertPrivateKeyContainer = { read=FIdentityProviderSigningCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the IdentityProviderSigningCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String IdentityProviderSigningCertPublicKey = { read=FIdentityProviderSigningCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String IdentityProviderSigningCertPublicKeyAlgorithm = { read=FIdentityProviderSigningCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int IdentityProviderSigningCertPublicKeyLength = { read=FIdentityProviderSigningCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only and not available at design time.

Data Type

Integer

IdentityProviderSigningCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String IdentityProviderSigningCertSerialNumber = { read=FIdentityProviderSigningCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String IdentityProviderSigningCertSignatureAlgorithm = { read=FIdentityProviderSigningCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String IdentityProviderSigningCertStore = { read=FIdentityProviderSigningCertStore, write=FSetIdentityProviderSigningCertStore };
__property DynamicArray<Byte> IdentityProviderSigningCertStoreB = { read=FIdentityProviderSigningCertStoreB, write=FSetIdentityProviderSigningCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The IdentityProviderSigningCertStoreType property denotes the type of the certificate store specified by IdentityProviderSigningCertStore. If the store is password-protected, specify the password in IdentityProviderSigningCertStorePassword.

IdentityProviderSigningCertStore is used in conjunction with the IdentityProviderSigningCertSubject property to specify client certificates. If IdentityProviderSigningCertStore has a value, and IdentityProviderSigningCertSubject or IdentityProviderSigningCertEncoded is set, a search for a certificate is initiated. Please see the IdentityProviderSigningCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is not available at design time.

Data Type

Byte Array

IdentityProviderSigningCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String IdentityProviderSigningCertStorePassword = { read=FIdentityProviderSigningCertStorePassword, write=FSetIdentityProviderSigningCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is not available at design time.

Data Type

String

IdentityProviderSigningCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopIdentityProviderSigningCertStoreTypes IdentityProviderSigningCertStoreType = { read=FIdentityProviderSigningCertStoreType, write=FSetIdentityProviderSigningCertStoreType };

enum TciSAMLDesktopIdentityProviderSigningCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

This property is not available at design time.

Data Type

Integer

IdentityProviderSigningCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String IdentityProviderSigningCertSubjectAltNames = { read=FIdentityProviderSigningCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String IdentityProviderSigningCertThumbprintMD5 = { read=FIdentityProviderSigningCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String IdentityProviderSigningCertThumbprintSHA1 = { read=FIdentityProviderSigningCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String IdentityProviderSigningCertThumbprintSHA256 = { read=FIdentityProviderSigningCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String IdentityProviderSigningCertUsage = { read=FIdentityProviderSigningCertUsage };

Default Value

""

Remarks

The text description of IdentityProviderSigningCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int IdentityProviderSigningCertUsageFlags = { read=FIdentityProviderSigningCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of IdentityProviderSigningCertUsageFlags is a combination of the following flags:

Please see the IdentityProviderSigningCertUsage property for a text representation of IdentityProviderSigningCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only and not available at design time.

Data Type

Integer

IdentityProviderSigningCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String IdentityProviderSigningCertVersion = { read=FIdentityProviderSigningCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only and not available at design time.

Data Type

String

IdentityProviderSigningCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String IdentityProviderSigningCertSubject = { read=FIdentityProviderSigningCertSubject, write=FSetIdentityProviderSigningCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is not available at design time.

Data Type

String

IdentityProviderSigningCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String IdentityProviderSigningCertEncoded = { read=FIdentityProviderSigningCertEncoded, write=FSetIdentityProviderSigningCertEncoded };
__property DynamicArray<Byte> IdentityProviderSigningCertEncodedB = { read=FIdentityProviderSigningCertEncodedB, write=FSetIdentityProviderSigningCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The IdentityProviderSigningCertStore and IdentityProviderSigningCertSubject properties also may be used to specify a certificate.

When IdentityProviderSigningCertEncoded is set, a search is initiated in the current IdentityProviderSigningCertStore for the private key of the certificate. If the key is found, IdentityProviderSigningCertSubject is updated to reflect the full subject of the selected certificate; otherwise, IdentityProviderSigningCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

IdentityProviderURICount Property (SAMLDesktop Component)

The number of records in the IdentityProviderURI arrays.

Syntax

__property int IdentityProviderURICount = { read=FIdentityProviderURICount, write=FSetIdentityProviderURICount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• IdentityProviderURIBindingRef
• IdentityProviderURIBindingType
• IdentityProviderURIIndex
• IdentityProviderURIIsDefault
• IdentityProviderURILocation
• IdentityProviderURIType

The array indices start at 0 and end at IdentityProviderURICount - 1.

This property is not available at design time.

Data Type

Integer

IdentityProviderURIBindingRef Property (SAMLDesktop Component)

The URI reference for the set BindingType .

Syntax

__property String IdentityProviderURIBindingRef[int IdentityProviderURIIdx] = { read=FIdentityProviderURIBindingRef, write=FSetIdentityProviderURIBindingRef };

Default Value

""

Remarks

The URI reference for the set IdentityProviderURIBindingType. When the IdentityProviderURIBindingType is set, this property will be updated to match. The exception is the subCustom value, which allows for any value to be placed in this property.

If this property is set instead, the component will attempt to set the IdentityProviderURIBindingType property to match. If it can't, subCustom will also be used.

When parsing a metadata document, the component will also use the subCustom value for any binding types that are not recognized by the component.

The IdentityProviderURIIdx parameter specifies the index of the item in the array. The size of the array is controlled by the IdentityProviderURICount property.

This property is not available at design time.

Data Type

String

IdentityProviderURIBindingType Property (SAMLDesktop Component)

The type of binding that is supported for this URI.

Syntax

__property TciSAMLDesktopIdentityProviderURIBindingTypes IdentityProviderURIBindingType[int IdentityProviderURIIdx] = { read=FIdentityProviderURIBindingType, write=FSetIdentityProviderURIBindingType };

enum TciSAMLDesktopIdentityProviderURIBindingTypes {
  subRedirect=0,
  subPost=1,
  subArtifact=2,
  subCustom=3
};

Default Value

subRedirect

Remarks

The type of binding that is supported for this URI. The component only supports using the HTTP Redirect and HTTP POST bindings. The HTTP Artifact and other bindings are informational, and support for them must be implemented directly.

When setting this property, the IdentityProviderURIBindingRef property will also be updated with the matching URI. The exception is the subCustom value, which allows for any value to be placed in the IdentityProviderURIBindingRef property.

If the IdentityProviderURIBindingRef property is set, during the processing of a metadata document the component will attempt to set this property as well with the matching value. If it can't, subCustom will be used instead.

The IdentityProviderURIIdx parameter specifies the index of the item in the array. The size of the array is controlled by the IdentityProviderURICount property.

This property is not available at design time.

Data Type

Integer

IdentityProviderURIIsDefault Property (SAMLDesktop Component)

Whether this URI is the default URI that should be used for the specific URIType and BindingType combination.

Syntax

__property bool IdentityProviderURIIsDefault[int IdentityProviderURIIdx] = { read=FIdentityProviderURIIsDefault, write=FSetIdentityProviderURIIsDefault };

Default Value

false

Remarks

Whether this URI is the default URI that should be used for the specific IdentityProviderURIURIType and IdentityProviderURIBindingType combination.

The IdentityProviderURIIdx parameter specifies the index of the item in the array. The size of the array is controlled by the IdentityProviderURICount property.

This property is not available at design time.

Data Type

Boolean

IdentityProviderURILocation Property (SAMLDesktop Component)

The address of the URI.

Syntax

__property String IdentityProviderURILocation[int IdentityProviderURIIdx] = { read=FIdentityProviderURILocation, write=FSetIdentityProviderURILocation };

Default Value

""

Remarks

The address of the URI.

The IdentityProviderURIIdx parameter specifies the index of the item in the array. The size of the array is controlled by the IdentityProviderURICount property.

This property is not available at design time.

Data Type

String

IdentityProviderURIIndex Property (SAMLDesktop Component)

The index for the URI that can be optionally used if multiple URIs of the same URIType and BindingType are provided.

Syntax

__property int IdentityProviderURIIndex[int IdentityProviderURIIdx] = { read=FIdentityProviderURIIndex, write=FSetIdentityProviderURIIndex };

Default Value

0

Remarks

The index for the URI that can be optionally used if multiple URIs of the same IdentityProviderURIURIType and IdentityProviderURIBindingType are provided.

The IdentityProviderURIIdx parameter specifies the index of the item in the array. The size of the array is controlled by the IdentityProviderURICount property.

This property is not available at design time.

Data Type

Integer

IdentityProviderURIType Property (SAMLDesktop Component)

The purpose of the URI.

Syntax

__property TciSAMLDesktopIdentityProviderURITypes IdentityProviderURIType[int IdentityProviderURIIdx] = { read=FIdentityProviderURIType, write=FSetIdentityProviderURIType };

enum TciSAMLDesktopIdentityProviderURITypes {
  sutSignon=0,
  sutLogout=1,
  sutACS=2
};

Default Value

sutSignon

Remarks

The purpose of the URI.

Possible values are:

The IdentityProviderURIIdx parameter specifies the index of the item in the array. The size of the array is controlled by the IdentityProviderURICount property.

This property is not available at design time.

Data Type

Integer

ProxyAuthScheme Property (SAMLDesktop Component)

The type of authorization to perform when connecting to the proxy.

Syntax

__property TciSAMLDesktopProxyAuthSchemes ProxyAuthScheme = { read=FProxyAuthScheme, write=FSetProxyAuthScheme };

enum TciSAMLDesktopProxyAuthSchemes {
  authBasic=0,
  authDigest=1,
  authProprietary=2,
  authNone=3,
  authNtlm=4,
  authNegotiate=5
};

Default Value

authBasic

Remarks

The type of authorization to perform when connecting to the proxy. This is used only when the ProxyUser and ProxyPassword properties are set.

ProxyAuthScheme should be set to authNone (3) when no authentication is expected.

By default, ProxyAuthScheme is authBasic (0), and if the ProxyUser and ProxyPassword properties are set, the component will attempt basic authentication.

If ProxyAuthScheme is set to authDigest (1), digest authentication will be attempted instead.

If ProxyAuthScheme is set to authProprietary (2), then the authorization token will not be generated by the component. Look at the configuration file for the component being used to find more information about manually setting this token.

If ProxyAuthScheme is set to authNtlm (4), NTLM authentication will be used.

For security reasons, setting this property will clear the values of ProxyUser and ProxyPassword.

Data Type

Integer

ProxyAutoDetect Property (SAMLDesktop Component)

Whether to automatically detect and use proxy system settings, if available.

Syntax

__property bool ProxyAutoDetect = { read=FProxyAutoDetect, write=FSetProxyAutoDetect };

Default Value

False

Remarks

Whether to automatically detect and use proxy system settings, if available. The default value is false.

Data Type

Boolean

ProxyPassword Property (SAMLDesktop Component)

A password if authentication is to be used for the proxy.

Syntax

__property String ProxyPassword = { read=FProxyPassword, write=FSetProxyPassword };

Default Value

""

Remarks

A password if authentication is to be used for the proxy.

If ProxyAuthScheme is set to Basic Authentication, the ProxyUser and ProxyPassword properties are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If ProxyAuthScheme is set to Digest Authentication, the ProxyUser and ProxyPassword properties are used to respond to the Digest Authentication challenge from the server.

If ProxyAuthScheme is set to NTLM Authentication, the ProxyUser and ProxyPassword properties are used to authenticate through NTLM negotiation.

Data Type

String

ProxyPort Property (SAMLDesktop Component)

The Transmission Control Protocol (TCP) port for the proxy Server (default 80).

Syntax

__property int ProxyPort = { read=FProxyPort, write=FSetProxyPort };

Default Value

80

Remarks

The Transmission Control Protocol (TCP) port for the proxy ProxyServer (default 80). See the description of the ProxyServer property for details.

Data Type

Integer

ProxyServer Property (SAMLDesktop Component)

If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

Syntax

__property String ProxyServer = { read=FProxyServer, write=FSetProxyServer };

Default Value

""

Remarks

If a proxy ProxyServer is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

If the ProxyServer property is set to a domain name, a DNS request is initiated. Upon successful termination of the request, the ProxyServer property is set to the corresponding address. If the search is not successful, an error is returned.

Data Type

String

ProxySSL Property (SAMLDesktop Component)

When to use a Secure Sockets Layer (SSL) for the connection to the proxy.

Syntax

__property TciSAMLDesktopProxySSLs ProxySSL = { read=FProxySSL, write=FSetProxySSL };

enum TciSAMLDesktopProxySSLs {
  psAutomatic=0,
  psAlways=1,
  psNever=2,
  psTunnel=3
};

Default Value

psAutomatic

Remarks

When to use a Secure Sockets Layer (SSL) for the connection to the proxy. The applicable values are as follows:

Data Type

Integer

ProxyUser Property (SAMLDesktop Component)

A username if authentication is to be used for the proxy.

Syntax

__property String ProxyUser = { read=FProxyUser, write=FSetProxyUser };

Default Value

""

Remarks

A username if authentication is to be used for the proxy.

If ProxyAuthScheme is set to Basic Authentication, the ProxyUser and ProxyPassword properties are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If ProxyAuthScheme is set to Digest Authentication, the ProxyUser and ProxyPassword properties are used to respond to the Digest Authentication challenge from the server.

If ProxyAuthScheme is set to NTLM Authentication, the ProxyUser and ProxyPassword properties are used to authenticate through NTLM negotiation.

Data Type

String

RelayState Property (SAMLDesktop Component)

The RelayState for a SAML request or response.

Syntax

__property String RelayState = { read=FRelayState, write=FSetRelayState };

Default Value

""

Remarks

When set before building a request using the AuthenticateUser method, this property will set the RelayState parameter that is provided with the SAML request. Any value may be specified here and it will be returned exactly as it was sent. This can be used to maintain state within the application, and also may be used for security purposes. The contents of this property are treated as an opaque value.

After receiving the response from the Identity Provider, this setting will then be set to match the RelayState parameter if it was provided by the Identity Provider. This does not work if the SAML response was provided directly to the methods using the SAMLResponseInfo property.

Data Type

String

SAMLRequestAllowCreate Property (SAMLDesktop Component)

This setting is only used for authentication requests.

Syntax

__property bool SAMLRequestAllowCreate = { read=FSAMLRequestAllowCreate, write=FSetSAMLRequestAllowCreate };

Default Value

false

Remarks

This setting is only used for authentication requests. It controls whether the component will set the AllowCreate attribute in the NameIDPolicy element that is specific to the AuthnRequest element. When set to true, this will inform the Identity Provider that it is allowed to create a new identifier to represent the principal. When set to false (default), the Identity Provider should only issue an assertion if an acceptable identifier is already created.

Data Type

Boolean

SAMLRequestConsent Property (SAMLDesktop Component)

This setting specifies whether consent from a principal was provided when this request was sent.

Syntax

__property TciSAMLDesktopSAMLRequestConsents SAMLRequestConsent = { read=FSAMLRequestConsent, write=FSetSAMLRequestConsent };

enum TciSAMLDesktopSAMLRequestConsents {
  scidUnspecified=0,
  scidObtained=1,
  scidPrior=2,
  scidImplicit=3,
  scidExplicit=4,
  scidUnavailable=5,
  scidInapplicable=6,
  scidCustom=7
};

Default Value

scidUnspecified

Remarks

This setting specifies whether consent from a principal was provided when this request was sent. This typically is set to some URI reference that was used by the application to obtain consent from the principal (user). This setting specifically sets the Consent attribute in the AuthnRequest or LogoutRequest elements in a SAML request.

By default, the scidUnspecified value is used. If a format needs to be used that is not listed here, the snidCustom value can be used instead. When set, the CustomConsent configuration setting will be used instead.

Data Type

Integer

SAMLRequestDestination Property (SAMLDesktop Component)

This setting specifies a URI reference for the intended destination for the SAML request.

Syntax

__property String SAMLRequestDestination = { read=FSAMLRequestDestination, write=FSetSAMLRequestDestination };

Default Value

""

Remarks

This setting specifies a URI reference for the intended destination for the SAML request. This is useful to prevent malicious forwarding of responses to unintended recipients. If left blank the component will set this to match the endpoint selected by the component. See SAMLRequestUseDefaultEndpoint and SAMLRequestSelectedEndpoint for more information.

Data Type

String

SAMLRequestId Property (SAMLDesktop Component)

This setting specifies the unique Id of the SAML request.

Syntax

__property String SAMLRequestId = { read=FSAMLRequestId, write=FSetSAMLRequestId };

Default Value

""

Remarks

This setting specifies the unique Id of the SAML request.

When building a SAML request using the BuildAuthnRequest or BuildLogoutRequest methods, the component will use this value for the Id attribute in the request. If left empty before building the request, the component will generate a new one.

When validating a SAML response or assertion, this property is used to provide the Id of the request to the component. The SAML response and assertion both have an InResponseTo attribute that needs to match this property. See SAMLRequestInResponseTo for more information. This is important, to check to ensure that the SAML response or assertion was in response to a request that was made by this application.

Due to needing the value for validation purposes this setting, (along with the SAMLRequestIssuer property) should be cached in a secure location for later. This Id should match the Id of the InResponseTo attribute of the matching SAMLResponse . Due to this, after BuildAuthnRequest or BuildLogoutRequest is used to create a request, this setting

Data Type

String

SAMLRequestIssuedTime Property (SAMLDesktop Component)

This setting sets the time at which the SAML request was issued.

Syntax

__property String SAMLRequestIssuedTime = { read=FSAMLRequestIssuedTime, write=FSetSAMLRequestIssuedTime };

Default Value

""

Remarks

This setting sets the time at which the SAML request was issued. If not set, the component will use the current time.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

Data Type

String

SAMLRequestIssuer Property (SAMLDesktop Component)

The issuer for the SAML request.

Syntax

__property String SAMLRequestIssuer = { read=FSAMLRequestIssuer, write=FSetSAMLRequestIssuer };

Default Value

""

Remarks

The issuer for the SAML request. Typically, this should be set to the Entity Id configured for the Identity Provider.

Data Type

String

SAMLRequestNameIdFormat Property (SAMLDesktop Component)

This setting is only used for authentication requests.

Syntax

__property TciSAMLDesktopSAMLRequestNameIdFormats SAMLRequestNameIdFormat = { read=FSAMLRequestNameIdFormat, write=FSetSAMLRequestNameIdFormat };

enum TciSAMLDesktopSAMLRequestNameIdFormats {
  snidUnspecified=0,
  snidEmail=1,
  snidX509=2,
  snidWindowsDQ=3,
  snidKerberos=4,
  snidEntity=5,
  snidPersistent=6,
  snidTransitent=7,
  snidCustom=8
};

Default Value

snidUnspecified

Remarks

This setting is only used for authentication requests. If supported by the Identity Provider, this setting can be used to tailor the name identifier for the subject in the response to an authentication request.

By default, the snidUnspecified format will be used, which informs the Identity Provider to use whatever name identifier format they prefer. This setting specifically sets the Format attribute in the NameIDPolicy element in an authentication request. If a format needs to be used that is not listed here, the snidCustom value can be used instead. When set, the CustomNameIdFormat configuration setting will be used instead.

Data Type

Integer

SAMLRequestRequestBinding Property (SAMLDesktop Component)

This setting controls the binding that will be used to make the request.

Syntax

__property TciSAMLDesktopSAMLRequestRequestBindings SAMLRequestRequestBinding = { read=FSAMLRequestRequestBinding, write=FSetSAMLRequestRequestBinding };

enum TciSAMLDesktopSAMLRequestRequestBindings {
  srbHTTPRedirect=0,
  srbHTTPPost=1
};

Default Value

srbHTTPRedirect

Remarks

This setting controls the binding that will be used to make the request.

By default, the component will use the srbHTTPRedirect binding which provides the SAMLRequest value through a query parameter. The srbHTTPRedirect binding will set just the SAMLRequestURL property.

If set to the srbHTTPPost binding, the SAMLRequest value is provided in an HTML body that should be used to make a form post request. This will set both the SAMLRequestURL and SAMLRequestBody properties.

Note: This setting does not control the binding of the response, just how the request will be made.

Data Type

Integer

SAMLRequestSelectedEndpoint Property (SAMLDesktop Component)

This setting only applies to Authn Requests since there can be multiple Assertion Consumer Service (ACS) endpoints per service provider.

Syntax

__property int SAMLRequestSelectedEndpoint = { read=FSAMLRequestSelectedEndpoint, write=FSetSAMLRequestSelectedEndpoint };

Default Value

-1

Remarks

This setting only applies to Authn Requests since there can be multiple Assertion Consumer Service (ACS) endpoints per service provider. When building an Authn Request, the component will select the the ACS endpoint depending on how SAMLRequestSettings is configured. If SAMLRequestUseDefaultEndpoint is set to true, the request will specify that the Identity Provider should use the URI that is configured as the default. If SAMLRequestSelectedEndpoint is set, the component will use that index in the request. Otherwise, the component will select the first URI available in the ServiceProviderURIs properties.

Data Type

Integer

SAMLRequestSessionIndex Property (SAMLDesktop Component)

This setting only applies when building SAML logout requests.

Syntax

__property String SAMLRequestSessionIndex = { read=FSAMLRequestSessionIndex, write=FSetSAMLRequestSessionIndex };

Default Value

""

Remarks

This setting only applies when building SAML logout requests. SAMLRequestSessionIndex identifies the current session of the user that is being ended when the BuildLogoutRequest method is called. When the ProcessSAMLResponse or ParseAssertion methods are called, the SAMLRequestSessionIndex property will be set to the session index from the Identity Provider. Providing the session index with the logout request will typically cause the Identity Provider to send logout requests to all participating services that are also part of the session.

Data Type

String

SAMLRequestSignRequest Property (SAMLDesktop Component)

This setting controls whether the SAML request should be signed when using the BuildAuthnRequest or BuildLogoutRequest methods.

Syntax

__property bool SAMLRequestSignRequest = { read=FSAMLRequestSignRequest, write=FSetSAMLRequestSignRequest };

Default Value

false

Remarks

This setting controls whether the SAML request should be signed when using the BuildAuthnRequest or BuildLogoutRequest methods. The component will use the certificate set in the ServiceProviderSigningCert property to sign the request.

Data Type

Boolean

SAMLRequestUseDefaultEndpoint Property (SAMLDesktop Component)

This setting only applies to Authn Requests since there can be multiple Assertion Consumer Service (ACS) endpoints per service provider.

Syntax

__property bool SAMLRequestUseDefaultEndpoint = { read=FSAMLRequestUseDefaultEndpoint, write=FSetSAMLRequestUseDefaultEndpoint };

Default Value

false

Remarks

This setting only applies to Authn Requests since there can be multiple Assertion Consumer Service (ACS) endpoints per service provider. When multiple ACS endpoints are available, a single endpoint can be selected as the default endpoint. When building an Authn Request, the component will select the the ACS endpoint depending on how SAMLRequestSettings is configured. If SAMLRequestUseDefaultEndpoint is set to true, the request will specify that the Identity Provider should use the URI that is configured as the default. If SAMLRequestSelectedEndpoint is set, then the component will use that index in the request. Otherwise, the component will select the first URI available in the ServiceProviderURIs properties.

Data Type

Boolean

SAMLResponseConsent Property (SAMLDesktop Component)

Whether consent from a principal was provided when this response was sent.

Syntax

__property String SAMLResponseConsent = { read=FSAMLResponseConsent };

Default Value

""

Remarks

Whether consent from a principal was provided when this response was sent. This typically is set to some URI reference that matches the method that was used by the application to obtain consent from the principal (user).

Some common URI values are:

• Unspecified - urn:oasis:names:tc:SAML:2.0:consent:unspecified
• Obtained - urn:oasis:names:tc:SAML:2.0:consent:obtained
• Prior - urn:oasis:names:tc:SAML:2.0:consent:prior
• Implicit - urn:oasis:names:tc:SAML:2.0:consent:current-implicit
• Explicit - urn:oasis:names:tc:SAML:2.0:consent:current-explicit
• Unavailable - urn:oasis:names:tc:SAML:2.0:consent:unavailable
• Inapplicable - urn:oasis:names:tc:SAML:2.0:consent:inapplicable

This property is read-only.

Data Type

String

SAMLResponseDestination Property (SAMLDesktop Component)

A URI reference for the intended destination for the SAML response.

Syntax

__property String SAMLResponseDestination = { read=FSAMLResponseDestination };

Default Value

""

Remarks

A URI reference for the intended destination for the SAML response. This is useful to prevent malicious forwarding of responses to unintended recipients.

This property is read-only.

Data Type

String

SAMLResponseInResponseTo Property (SAMLDesktop Component)

The Id of the SAML request that requested the Identity Provider to issue this SAML response.

Syntax

__property String SAMLResponseInResponseTo = { read=FSAMLResponseInResponseTo };

Default Value

""

Remarks

The Id of the SAML request that requested the Identity Provider to issue this SAML response. The component validates this property against the original Id of the SAML request which SAMLResponseId should be set to.

This property is read-only.

Data Type

String

SAMLResponseIssuedTime Property (SAMLDesktop Component)

The time at which the SAML response was issued by the Issuer .

Syntax

__property String SAMLResponseIssuedTime = { read=FSAMLResponseIssuedTime };

Default Value

""

Remarks

The time at which the SAML response was issued by the SAMLResponseIssuer.

Time-based values are specified by the SAML specification to be in UTC in the following format: YYYY-MM-DDTHH:mm:ss.sssZ

This property is read-only.

Data Type

String

SAMLResponseIssuer Property (SAMLDesktop Component)

The Entity Id of the issuer of the SAML response.

Syntax

__property String SAMLResponseIssuer = { read=FSAMLResponseIssuer };

Default Value

""

Remarks

The Entity Id of the issuer of the SAML response. Typically, this will be the SAMLResponseEntityId of the Identity Provider.

This property is read-only.

Data Type

String

SAMLResponseResponseContent Property (SAMLDesktop Component)

The full XML of the SAML response after being parsed or processed by the component.

Syntax

__property String SAMLResponseResponseContent = { read=FSAMLResponseResponseContent, write=FSetSAMLResponseResponseContent };
__property DynamicArray<Byte> SAMLResponseResponseContentB = { read=FSAMLResponseResponseContentB, write=FSetSAMLResponseResponseContentB };

Default Value

""

Remarks

The full XML of the SAML response after being parsed or processed by the component. Optionally, this setting can be set to provide a SAML response directly to the component to be parsed or processed.

Data Type

Byte Array

SAMLResponseResponseId Property (SAMLDesktop Component)

The unique Id for the SAML response that was created by the Issuer .

Syntax

__property String SAMLResponseResponseId = { read=FSAMLResponseResponseId };

Default Value

""

Remarks

The unique Id for the SAML response that was created by the SAMLResponseIssuer.

This property is read-only.

Data Type

String

SAMLResponseResponseType Property (SAMLDesktop Component)

The type of SAML response that was parsed or processed.

Syntax

__property TciSAMLDesktopSAMLResponseResponseTypes SAMLResponseResponseType = { read=FSAMLResponseResponseType };

enum TciSAMLDesktopSAMLResponseResponseTypes {
  srtUnknown=0,
  srtAuthn=1,
  srtLogout=2
};

Default Value

srtUnknown

Remarks

The type of SAML response that was parsed or processed.

This property is read-only.

Data Type

Integer

SAMLResponseSigned Property (SAMLDesktop Component)

Whether the SAML response is signed.

Syntax

__property bool SAMLResponseSigned = { read=FSAMLResponseSigned };

Default Value

false

Remarks

Whether the SAML response is signed. If the SAML response contains no signatures, or only the assertion is signed, then this property will be set to false.

This property is read-only.

Data Type

Boolean

SAMLResponseStatusCodes Property (SAMLDesktop Component)

A semicolon-separated list of status codes found in the SAML response.

Syntax

__property String SAMLResponseStatusCodes = { read=FSAMLResponseStatusCodes };

Default Value

""

Remarks

A semicolon-separated list of status codes found in the SAML response. A compliant SAML response will always contain a top-level response with one of the following values.

After the top-level status code, second-level codes can also be included to provide additional information about the top-level status code. These second-level codes are also typically a URI reference like the top-level codes. For example, if the Identity Provider was unable to authenticate the user, this setting could be set to:

urn:oasis:names:tc:SAML:2.0:status:Responder;urn:oasis:names:tc:SAML:2.0:status:AuthnFailed

Sometimes, a message is also provided with the Status. See SAMLResponseStatusMessage for more information.

This property is read-only.

Data Type

String

SAMLResponseStatusMessage Property (SAMLDesktop Component)

The message that was provided in the status of the SAML response.

Syntax

__property String SAMLResponseStatusMessage = { read=FSAMLResponseStatusMessage };

Default Value

""

Remarks

The message that was provided in the status of the SAML response. This property is set alongside the SAMLResponseStatusCodes and can be used to provide more information about the status.

This property is read-only.

Data Type

String

ServiceProviderMetadataAuthnRequestSigned Property (SAMLDesktop Component)

Whether the generated metadata document will inform the identity provider that this service provider will be sending signed requests.

Syntax

__property bool ServiceProviderMetadataAuthnRequestSigned = { read=FServiceProviderMetadataAuthnRequestSigned, write=FSetServiceProviderMetadataAuthnRequestSigned };

Default Value

false

Remarks

Whether the generated metadata document will inform the identity provider that this service provider will be sending signed requests.

Data Type

Boolean

ServiceProviderMetadataEntityId Property (SAMLDesktop Component)

The Entity Id for this service provider.

Syntax

__property String ServiceProviderMetadataEntityId = { read=FServiceProviderMetadataEntityId, write=FSetServiceProviderMetadataEntityId };

Default Value

""

Remarks

The Entity Id for this service provider. This is the unique Id that will be used by the Identity Provider and should be unique to this service provider.

Data Type

String

ServiceProviderMetadataMetadataContent Property (SAMLDesktop Component)

The raw XML document that represents the metadata document for the configured service provider.

Syntax

__property String ServiceProviderMetadataMetadataContent = { read=FServiceProviderMetadataMetadataContent, write=FSetServiceProviderMetadataMetadataContent };
__property DynamicArray<Byte> ServiceProviderMetadataMetadataContentB = { read=FServiceProviderMetadataMetadataContentB, write=FSetServiceProviderMetadataMetadataContentB };

Default Value

""

Remarks

The raw XML document that represents the metadata document for the configured service provider. This property is populated when the BuildServiceMetadata method is used to generate a new document.

Data Type

Byte Array

ServiceProviderMetadataSignedMetadata Property (SAMLDesktop Component)

Whether the component will sign the metadata document when it is being generated.

Syntax

__property bool ServiceProviderMetadataSignedMetadata = { read=FServiceProviderMetadataSignedMetadata, write=FSetServiceProviderMetadataSignedMetadata };

Default Value

false

Remarks

Whether the component will sign the metadata document when it is being generated. When the BuildServiceMetadata method is used to generate the metadata document, the component will use the ServiceProviderSigningCert property to sign the document.

Data Type

Boolean

ServiceProviderMetadataSupportedNameIdFormats Property (SAMLDesktop Component)

A semicolon-separated list of NameId formats that are supported by this service provider.

Syntax

__property String ServiceProviderMetadataSupportedNameIdFormats = { read=FServiceProviderMetadataSupportedNameIdFormats, write=FSetServiceProviderMetadataSupportedNameIdFormats };

Default Value

""

Remarks

A semicolon-separated list of NameId formats that are supported by this service provider.

Some common values are:

To support both email addresses and Windows domain qualified name, this property would be set to:

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName

Data Type

String

ServiceProviderMetadataWantAssertionsSigned Property (SAMLDesktop Component)

Whether the metadata document will inform the identity provider that this service provider wants issued assertions to be signed.

Syntax

__property bool ServiceProviderMetadataWantAssertionsSigned = { read=FServiceProviderMetadataWantAssertionsSigned, write=FSetServiceProviderMetadataWantAssertionsSigned };

Default Value

false

Remarks

Whether the metadata document will inform the identity provider that this service provider wants issued assertions to be signed.

Data Type

Boolean

ServiceProviderSigningCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String ServiceProviderSigningCertEffectiveDate = { read=FServiceProviderSigningCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String ServiceProviderSigningCertExpirationDate = { read=FServiceProviderSigningCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String ServiceProviderSigningCertExtendedKeyUsage = { read=FServiceProviderSigningCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String ServiceProviderSigningCertFingerprint = { read=FServiceProviderSigningCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String ServiceProviderSigningCertFingerprintSHA1 = { read=FServiceProviderSigningCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String ServiceProviderSigningCertFingerprintSHA256 = { read=FServiceProviderSigningCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String ServiceProviderSigningCertIssuer = { read=FServiceProviderSigningCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String ServiceProviderSigningCertPrivateKey = { read=FServiceProviderSigningCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ServiceProviderSigningCertPrivateKey may be available but not exportable. In this case, ServiceProviderSigningCertPrivateKey returns an empty string.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool ServiceProviderSigningCertPrivateKeyAvailable = { read=FServiceProviderSigningCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a ServiceProviderSigningCertPrivateKey is available for the selected certificate. If ServiceProviderSigningCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only and not available at design time.

Data Type

Boolean

ServiceProviderSigningCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String ServiceProviderSigningCertPrivateKeyContainer = { read=FServiceProviderSigningCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the ServiceProviderSigningCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String ServiceProviderSigningCertPublicKey = { read=FServiceProviderSigningCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String ServiceProviderSigningCertPublicKeyAlgorithm = { read=FServiceProviderSigningCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int ServiceProviderSigningCertPublicKeyLength = { read=FServiceProviderSigningCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only and not available at design time.

Data Type

Integer

ServiceProviderSigningCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String ServiceProviderSigningCertSerialNumber = { read=FServiceProviderSigningCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String ServiceProviderSigningCertSignatureAlgorithm = { read=FServiceProviderSigningCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String ServiceProviderSigningCertStore = { read=FServiceProviderSigningCertStore, write=FSetServiceProviderSigningCertStore };
__property DynamicArray<Byte> ServiceProviderSigningCertStoreB = { read=FServiceProviderSigningCertStoreB, write=FSetServiceProviderSigningCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ServiceProviderSigningCertStoreType property denotes the type of the certificate store specified by ServiceProviderSigningCertStore. If the store is password-protected, specify the password in ServiceProviderSigningCertStorePassword.

ServiceProviderSigningCertStore is used in conjunction with the ServiceProviderSigningCertSubject property to specify client certificates. If ServiceProviderSigningCertStore has a value, and ServiceProviderSigningCertSubject or ServiceProviderSigningCertEncoded is set, a search for a certificate is initiated. Please see the ServiceProviderSigningCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is not available at design time.

Data Type

Byte Array

ServiceProviderSigningCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String ServiceProviderSigningCertStorePassword = { read=FServiceProviderSigningCertStorePassword, write=FSetServiceProviderSigningCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is not available at design time.

Data Type

String

ServiceProviderSigningCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopServiceProviderSigningCertStoreTypes ServiceProviderSigningCertStoreType = { read=FServiceProviderSigningCertStoreType, write=FSetServiceProviderSigningCertStoreType };

enum TciSAMLDesktopServiceProviderSigningCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

This property is not available at design time.

Data Type

Integer

ServiceProviderSigningCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String ServiceProviderSigningCertSubjectAltNames = { read=FServiceProviderSigningCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String ServiceProviderSigningCertThumbprintMD5 = { read=FServiceProviderSigningCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String ServiceProviderSigningCertThumbprintSHA1 = { read=FServiceProviderSigningCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String ServiceProviderSigningCertThumbprintSHA256 = { read=FServiceProviderSigningCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String ServiceProviderSigningCertUsage = { read=FServiceProviderSigningCertUsage };

Default Value

""

Remarks

The text description of ServiceProviderSigningCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int ServiceProviderSigningCertUsageFlags = { read=FServiceProviderSigningCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ServiceProviderSigningCertUsageFlags is a combination of the following flags:

Please see the ServiceProviderSigningCertUsage property for a text representation of ServiceProviderSigningCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only and not available at design time.

Data Type

Integer

ServiceProviderSigningCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String ServiceProviderSigningCertVersion = { read=FServiceProviderSigningCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only and not available at design time.

Data Type

String

ServiceProviderSigningCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String ServiceProviderSigningCertSubject = { read=FServiceProviderSigningCertSubject, write=FSetServiceProviderSigningCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is not available at design time.

Data Type

String

ServiceProviderSigningCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String ServiceProviderSigningCertEncoded = { read=FServiceProviderSigningCertEncoded, write=FSetServiceProviderSigningCertEncoded };
__property DynamicArray<Byte> ServiceProviderSigningCertEncodedB = { read=FServiceProviderSigningCertEncodedB, write=FSetServiceProviderSigningCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ServiceProviderSigningCertStore and ServiceProviderSigningCertSubject properties also may be used to specify a certificate.

When ServiceProviderSigningCertEncoded is set, a search is initiated in the current ServiceProviderSigningCertStore for the private key of the certificate. If the key is found, ServiceProviderSigningCertSubject is updated to reflect the full subject of the selected certificate; otherwise, ServiceProviderSigningCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

ServiceProviderURIBindingRef Property (SAMLDesktop Component)

The URI reference for the set BindingType .

Syntax

__property String ServiceProviderURIBindingRef = { read=FServiceProviderURIBindingRef, write=FSetServiceProviderURIBindingRef };

Default Value

""

Remarks

The URI reference for the set ServiceProviderURIBindingType. When the ServiceProviderURIBindingType is set, this property will be updated to match. The exception is the subCustom value, which allows for any value to be placed in this property.

If this property is set instead, the component will attempt to set the ServiceProviderURIBindingType property to match. If it can't, subCustom will also be used.

When parsing a metadata document, the component will also use the subCustom value for any binding types that are not recognized by the component.

Data Type

String

ServiceProviderURIBindingType Property (SAMLDesktop Component)

The type of binding that is supported for this URI.

Syntax

__property TciSAMLDesktopServiceProviderURIBindingTypes ServiceProviderURIBindingType = { read=FServiceProviderURIBindingType, write=FSetServiceProviderURIBindingType };

enum TciSAMLDesktopServiceProviderURIBindingTypes {
  subRedirect=0,
  subPost=1,
  subArtifact=2,
  subCustom=3
};

Default Value

subRedirect

Remarks

The type of binding that is supported for this URI. The component only supports using the HTTP Redirect and HTTP POST bindings. The HTTP Artifact and other bindings are informational, and support for them must be implemented directly.

When setting this property, the ServiceProviderURIBindingRef property will also be updated with the matching URI. The exception is the subCustom value, which allows for any value to be placed in the ServiceProviderURIBindingRef property.

If the ServiceProviderURIBindingRef property is set, during the processing of a metadata document the component will attempt to set this property as well with the matching value. If it can't, subCustom will be used instead.

Data Type

Integer

ServiceProviderURIIsDefault Property (SAMLDesktop Component)

Whether this URI is the default URI that should be used for the specific URIType and BindingType combination.

Syntax

__property bool ServiceProviderURIIsDefault = { read=FServiceProviderURIIsDefault, write=FSetServiceProviderURIIsDefault };

Default Value

false

Remarks

Whether this URI is the default URI that should be used for the specific ServiceProviderURIURIType and ServiceProviderURIBindingType combination.

Data Type

Boolean

ServiceProviderURILocation Property (SAMLDesktop Component)

The address of the URI.

Syntax

__property String ServiceProviderURILocation = { read=FServiceProviderURILocation, write=FSetServiceProviderURILocation };

Default Value

""

Remarks

The address of the URI.

Data Type

String

ServiceProviderURIIndex Property (SAMLDesktop Component)

The index for the URI that can be optionally used if multiple URIs of the same URIType and BindingType are provided.

Syntax

__property int ServiceProviderURIIndex = { read=FServiceProviderURIIndex, write=FSetServiceProviderURIIndex };

Default Value

0

Remarks

The index for the URI that can be optionally used if multiple URIs of the same ServiceProviderURIURIType and ServiceProviderURIBindingType are provided.

Data Type

Integer

ServiceProviderURIType Property (SAMLDesktop Component)

The purpose of the URI.

Syntax

__property TciSAMLDesktopServiceProviderURITypes ServiceProviderURIType = { read=FServiceProviderURIType, write=FSetServiceProviderURIType };

enum TciSAMLDesktopServiceProviderURITypes {
  sutSignon=0,
  sutLogout=1,
  sutACS=2
};

Default Value

sutSignon

Remarks

The purpose of the URI.

Possible values are:

Data Type

Integer

SSLAcceptServerCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String SSLAcceptServerCertEffectiveDate = { read=FSSLAcceptServerCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String SSLAcceptServerCertExpirationDate = { read=FSSLAcceptServerCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLAcceptServerCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String SSLAcceptServerCertExtendedKeyUsage = { read=FSSLAcceptServerCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String SSLAcceptServerCertFingerprint = { read=FSSLAcceptServerCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String SSLAcceptServerCertFingerprintSHA1 = { read=FSSLAcceptServerCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLAcceptServerCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String SSLAcceptServerCertFingerprintSHA256 = { read=FSSLAcceptServerCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLAcceptServerCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String SSLAcceptServerCertIssuer = { read=FSSLAcceptServerCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String SSLAcceptServerCertPrivateKey = { read=FSSLAcceptServerCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLAcceptServerCertPrivateKey may be available but not exportable. In this case, SSLAcceptServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLAcceptServerCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool SSLAcceptServerCertPrivateKeyAvailable = { read=FSSLAcceptServerCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a SSLAcceptServerCertPrivateKey is available for the selected certificate. If SSLAcceptServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLAcceptServerCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String SSLAcceptServerCertPrivateKeyContainer = { read=FSSLAcceptServerCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the SSLAcceptServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String SSLAcceptServerCertPublicKey = { read=FSSLAcceptServerCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String SSLAcceptServerCertPublicKeyAlgorithm = { read=FSSLAcceptServerCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int SSLAcceptServerCertPublicKeyLength = { read=FSSLAcceptServerCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String SSLAcceptServerCertSerialNumber = { read=FSSLAcceptServerCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLAcceptServerCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String SSLAcceptServerCertSignatureAlgorithm = { read=FSSLAcceptServerCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLAcceptServerCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String SSLAcceptServerCertStore = { read=FSSLAcceptServerCertStore, write=FSetSSLAcceptServerCertStore };
__property DynamicArray<Byte> SSLAcceptServerCertStoreB = { read=FSSLAcceptServerCertStoreB, write=FSetSSLAcceptServerCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLAcceptServerCertStoreType property denotes the type of the certificate store specified by SSLAcceptServerCertStore. If the store is password-protected, specify the password in SSLAcceptServerCertStorePassword.

SSLAcceptServerCertStore is used in conjunction with the SSLAcceptServerCertSubject property to specify client certificates. If SSLAcceptServerCertStore has a value, and SSLAcceptServerCertSubject or SSLAcceptServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLAcceptServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Byte Array

SSLAcceptServerCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String SSLAcceptServerCertStorePassword = { read=FSSLAcceptServerCertStorePassword, write=FSetSSLAcceptServerCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLAcceptServerCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopSSLAcceptServerCertStoreTypes SSLAcceptServerCertStoreType = { read=FSSLAcceptServerCertStoreType, write=FSetSSLAcceptServerCertStoreType };

enum TciSAMLDesktopSSLAcceptServerCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLAcceptServerCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String SSLAcceptServerCertSubjectAltNames = { read=FSSLAcceptServerCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String SSLAcceptServerCertThumbprintMD5 = { read=FSSLAcceptServerCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String SSLAcceptServerCertThumbprintSHA1 = { read=FSSLAcceptServerCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String SSLAcceptServerCertThumbprintSHA256 = { read=FSSLAcceptServerCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String SSLAcceptServerCertUsage = { read=FSSLAcceptServerCertUsage };

Default Value

""

Remarks

The text description of SSLAcceptServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLAcceptServerCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int SSLAcceptServerCertUsageFlags = { read=FSSLAcceptServerCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLAcceptServerCertUsageFlags is a combination of the following flags:

Please see the SSLAcceptServerCertUsage property for a text representation of SSLAcceptServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLAcceptServerCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String SSLAcceptServerCertVersion = { read=FSSLAcceptServerCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLAcceptServerCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String SSLAcceptServerCertSubject = { read=FSSLAcceptServerCertSubject, write=FSetSSLAcceptServerCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLAcceptServerCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String SSLAcceptServerCertEncoded = { read=FSSLAcceptServerCertEncoded, write=FSetSSLAcceptServerCertEncoded };
__property DynamicArray<Byte> SSLAcceptServerCertEncodedB = { read=FSSLAcceptServerCertEncodedB, write=FSetSSLAcceptServerCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLAcceptServerCertStore and SSLAcceptServerCertSubject properties also may be used to specify a certificate.

When SSLAcceptServerCertEncoded is set, a search is initiated in the current SSLAcceptServerCertStore for the private key of the certificate. If the key is found, SSLAcceptServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLAcceptServerCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

SSLCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String SSLCertEffectiveDate = { read=FSSLCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String SSLCertExpirationDate = { read=FSSLCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String SSLCertExtendedKeyUsage = { read=FSSLCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String SSLCertFingerprint = { read=FSSLCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String SSLCertFingerprintSHA1 = { read=FSSLCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String SSLCertFingerprintSHA256 = { read=FSSLCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String SSLCertIssuer = { read=FSSLCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String SSLCertPrivateKey = { read=FSSLCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLCertPrivateKey may be available but not exportable. In this case, SSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool SSLCertPrivateKeyAvailable = { read=FSSLCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a SSLCertPrivateKey is available for the selected certificate. If SSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String SSLCertPrivateKeyContainer = { read=FSSLCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the SSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String SSLCertPublicKey = { read=FSSLCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String SSLCertPublicKeyAlgorithm = { read=FSSLCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int SSLCertPublicKeyLength = { read=FSSLCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String SSLCertSerialNumber = { read=FSSLCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String SSLCertSignatureAlgorithm = { read=FSSLCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String SSLCertStore = { read=FSSLCertStore, write=FSetSSLCertStore };
__property DynamicArray<Byte> SSLCertStoreB = { read=FSSLCertStoreB, write=FSetSSLCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLCertStoreType property denotes the type of the certificate store specified by SSLCertStore. If the store is password-protected, specify the password in SSLCertStorePassword.

SSLCertStore is used in conjunction with the SSLCertSubject property to specify client certificates. If SSLCertStore has a value, and SSLCertSubject or SSLCertEncoded is set, a search for a certificate is initiated. Please see the SSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Byte Array

SSLCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String SSLCertStorePassword = { read=FSSLCertStorePassword, write=FSetSSLCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

SSLCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopSSLCertStoreTypes SSLCertStoreType = { read=FSSLCertStoreType, write=FSetSSLCertStoreType };

enum TciSAMLDesktopSSLCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

Data Type

Integer

SSLCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String SSLCertSubjectAltNames = { read=FSSLCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String SSLCertThumbprintMD5 = { read=FSSLCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String SSLCertThumbprintSHA1 = { read=FSSLCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String SSLCertThumbprintSHA256 = { read=FSSLCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String SSLCertUsage = { read=FSSLCertUsage };

Default Value

""

Remarks

The text description of SSLCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int SSLCertUsageFlags = { read=FSSLCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLCertUsageFlags is a combination of the following flags:

Please see the SSLCertUsage property for a text representation of SSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String SSLCertVersion = { read=FSSLCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String SSLCertSubject = { read=FSSLCertSubject, write=FSetSSLCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

SSLCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String SSLCertEncoded = { read=FSSLCertEncoded, write=FSetSSLCertEncoded };
__property DynamicArray<Byte> SSLCertEncodedB = { read=FSSLCertEncodedB, write=FSetSSLCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLCertStore and SSLCertSubject properties also may be used to specify a certificate.

When SSLCertEncoded is set, a search is initiated in the current SSLCertStore for the private key of the certificate. If the key is found, SSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

SSLProvider Property (SAMLDesktop Component)

The Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation to use.

Syntax

__property TciSAMLDesktopSSLProviders SSLProvider = { read=FSSLProvider, write=FSetSSLProvider };

enum TciSAMLDesktopSSLProviders {
  sslpAutomatic=0,
  sslpPlatform=1,
  sslpInternal=2
};

Default Value

sslpAutomatic

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic), the component will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are as follows:

Additional Notes

In most cases using the default value (Automatic) is recommended. The component will select a provider depending on the current platform.

When Automatic is selected, the platform implementation is used by default. When TLS 1.3 is enabled via SSLEnabledProtocols, the internal implementation is used.

Data Type

Integer

SSLServerCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String SSLServerCertEffectiveDate = { read=FSSLServerCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String SSLServerCertExpirationDate = { read=FSSLServerCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

SSLServerCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String SSLServerCertExtendedKeyUsage = { read=FSSLServerCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

SSLServerCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String SSLServerCertFingerprint = { read=FSSLServerCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String SSLServerCertFingerprintSHA1 = { read=FSSLServerCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

SSLServerCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String SSLServerCertFingerprintSHA256 = { read=FSSLServerCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

SSLServerCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String SSLServerCertIssuer = { read=FSSLServerCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

SSLServerCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String SSLServerCertPrivateKey = { read=FSSLServerCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The SSLServerCertPrivateKey may be available but not exportable. In this case, SSLServerCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

SSLServerCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool SSLServerCertPrivateKeyAvailable = { read=FSSLServerCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a SSLServerCertPrivateKey is available for the selected certificate. If SSLServerCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

SSLServerCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String SSLServerCertPrivateKeyContainer = { read=FSSLServerCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the SSLServerCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

SSLServerCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String SSLServerCertPublicKey = { read=FSSLServerCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String SSLServerCertPublicKeyAlgorithm = { read=FSSLServerCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int SSLServerCertPublicKeyLength = { read=FSSLServerCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

SSLServerCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String SSLServerCertSerialNumber = { read=FSSLServerCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

SSLServerCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String SSLServerCertSignatureAlgorithm = { read=FSSLServerCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

SSLServerCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String SSLServerCertStore = { read=FSSLServerCertStore };
__property DynamicArray<Byte> SSLServerCertStoreB = { read=FSSLServerCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The SSLServerCertStoreType property denotes the type of the certificate store specified by SSLServerCertStore. If the store is password-protected, specify the password in SSLServerCertStorePassword.

SSLServerCertStore is used in conjunction with the SSLServerCertSubject property to specify client certificates. If SSLServerCertStore has a value, and SSLServerCertSubject or SSLServerCertEncoded is set, a search for a certificate is initiated. Please see the SSLServerCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is read-only.

Data Type

Byte Array

SSLServerCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String SSLServerCertStorePassword = { read=FSSLServerCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

Data Type

String

SSLServerCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopSSLServerCertStoreTypes SSLServerCertStoreType = { read=FSSLServerCertStoreType };

enum TciSAMLDesktopSSLServerCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

This property is read-only.

Data Type

Integer

SSLServerCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String SSLServerCertSubjectAltNames = { read=FSSLServerCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

SSLServerCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String SSLServerCertThumbprintMD5 = { read=FSSLServerCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String SSLServerCertThumbprintSHA1 = { read=FSSLServerCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String SSLServerCertThumbprintSHA256 = { read=FSSLServerCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

SSLServerCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String SSLServerCertUsage = { read=FSSLServerCertUsage };

Default Value

""

Remarks

The text description of SSLServerCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

SSLServerCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int SSLServerCertUsageFlags = { read=FSSLServerCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of SSLServerCertUsageFlags is a combination of the following flags:

Please see the SSLServerCertUsage property for a text representation of SSLServerCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

SSLServerCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String SSLServerCertVersion = { read=FSSLServerCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

SSLServerCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String SSLServerCertSubject = { read=FSSLServerCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is read-only.

Data Type

String

SSLServerCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String SSLServerCertEncoded = { read=FSSLServerCertEncoded };
__property DynamicArray<Byte> SSLServerCertEncodedB = { read=FSSLServerCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The SSLServerCertStore and SSLServerCertSubject properties also may be used to specify a certificate.

When SSLServerCertEncoded is set, a search is initiated in the current SSLServerCertStore for the private key of the certificate. If the key is found, SSLServerCertSubject is updated to reflect the full subject of the selected certificate; otherwise, SSLServerCertSubject is set to an empty string.

This property is read-only and not available at design time.

Data Type

Byte Array

Timeout Property (SAMLDesktop Component)

The timeout for the component.

Syntax

__property int Timeout = { read=FTimeout, write=FSetTimeout };

Default Value

60

Remarks

If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If Timeout is set to a positive value, the component will wait for the operation to complete before returning control.

The component will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the component raises an exception.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 60 seconds.

Data Type

Integer

WebServerPort Property (SAMLDesktop Component)

The local port on which the embedded web server listens.

Syntax

__property int WebServerPort = { read=FWebServerPort, write=FSetWebServerPort };

Default Value

0

Remarks

This property specifies the port on which the embedded web server listens. Setting this to 0 (default) enables the system to choose a port at random. The chosen port will be returned when this setting is queried after the server has started listening.

Data Type

Integer

WebServerSSLCertEffectiveDate Property (SAMLDesktop Component)

The date on which this certificate becomes valid.

Syntax

__property String WebServerSSLCertEffectiveDate = { read=FWebServerSSLCertEffectiveDate };

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

Data Type

String

WebServerSSLCertExpirationDate Property (SAMLDesktop Component)

The date on which the certificate expires.

Syntax

__property String WebServerSSLCertExpirationDate = { read=FWebServerSSLCertExpirationDate };

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

Data Type

String

WebServerSSLCertExtendedKeyUsage Property (SAMLDesktop Component)

A comma-delimited list of extended key usage identifiers.

Syntax

__property String WebServerSSLCertExtendedKeyUsage = { read=FWebServerSSLCertExtendedKeyUsage };

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

Data Type

String

WebServerSSLCertFingerprint Property (SAMLDesktop Component)

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

__property String WebServerSSLCertFingerprint = { read=FWebServerSSLCertFingerprint };

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

Data Type

String

WebServerSSLCertFingerprintSHA1 Property (SAMLDesktop Component)

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

__property String WebServerSSLCertFingerprintSHA1 = { read=FWebServerSSLCertFingerprintSHA1 };

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

Data Type

String

WebServerSSLCertFingerprintSHA256 Property (SAMLDesktop Component)

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

__property String WebServerSSLCertFingerprintSHA256 = { read=FWebServerSSLCertFingerprintSHA256 };

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

Data Type

String

WebServerSSLCertIssuer Property (SAMLDesktop Component)

The issuer of the certificate.

Syntax

__property String WebServerSSLCertIssuer = { read=FWebServerSSLCertIssuer };

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

Data Type

String

WebServerSSLCertPrivateKey Property (SAMLDesktop Component)

The private key of the certificate (if available).

Syntax

__property String WebServerSSLCertPrivateKey = { read=FWebServerSSLCertPrivateKey };

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The WebServerSSLCertPrivateKey may be available but not exportable. In this case, WebServerSSLCertPrivateKey returns an empty string.

This property is read-only.

Data Type

String

WebServerSSLCertPrivateKeyAvailable Property (SAMLDesktop Component)

Whether a PrivateKey is available for the selected certificate.

Syntax

__property bool WebServerSSLCertPrivateKeyAvailable = { read=FWebServerSSLCertPrivateKeyAvailable };

Default Value

false

Remarks

Whether a WebServerSSLCertPrivateKey is available for the selected certificate. If WebServerSSLCertPrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

Data Type

Boolean

WebServerSSLCertPrivateKeyContainer Property (SAMLDesktop Component)

The name of the PrivateKey container for the certificate (if available).

Syntax

__property String WebServerSSLCertPrivateKeyContainer = { read=FWebServerSSLCertPrivateKeyContainer };

Default Value

""

Remarks

The name of the WebServerSSLCertPrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

Data Type

String

WebServerSSLCertPublicKey Property (SAMLDesktop Component)

The public key of the certificate.

Syntax

__property String WebServerSSLCertPublicKey = { read=FWebServerSSLCertPublicKey };

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

Data Type

String

WebServerSSLCertPublicKeyAlgorithm Property (SAMLDesktop Component)

The textual description of the certificate's public key algorithm.

Syntax

__property String WebServerSSLCertPublicKeyAlgorithm = { read=FWebServerSSLCertPublicKeyAlgorithm };

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

WebServerSSLCertPublicKeyLength Property (SAMLDesktop Component)

The length of the certificate's public key (in bits).

Syntax

__property int WebServerSSLCertPublicKeyLength = { read=FWebServerSSLCertPublicKeyLength };

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

Data Type

Integer

WebServerSSLCertSerialNumber Property (SAMLDesktop Component)

The serial number of the certificate encoded as a string.

Syntax

__property String WebServerSSLCertSerialNumber = { read=FWebServerSSLCertSerialNumber };

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

Data Type

String

WebServerSSLCertSignatureAlgorithm Property (SAMLDesktop Component)

The text description of the certificate's signature algorithm.

Syntax

__property String WebServerSSLCertSignatureAlgorithm = { read=FWebServerSSLCertSignatureAlgorithm };

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

Data Type

String

WebServerSSLCertStore Property (SAMLDesktop Component)

The name of the certificate store for the client certificate.

Syntax

__property String WebServerSSLCertStore = { read=FWebServerSSLCertStore, write=FSetWebServerSSLCertStore };
__property DynamicArray<Byte> WebServerSSLCertStoreB = { read=FWebServerSSLCertStoreB, write=FSetWebServerSSLCertStoreB };

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The WebServerSSLCertStoreType property denotes the type of the certificate store specified by WebServerSSLCertStore. If the store is password-protected, specify the password in WebServerSSLCertStorePassword.

WebServerSSLCertStore is used in conjunction with the WebServerSSLCertSubject property to specify client certificates. If WebServerSSLCertStore has a value, and WebServerSSLCertSubject or WebServerSSLCertEncoded is set, a search for a certificate is initiated. Please see the WebServerSSLCertSubject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

Data Type

Byte Array

WebServerSSLCertStorePassword Property (SAMLDesktop Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

__property String WebServerSSLCertStorePassword = { read=FWebServerSSLCertStorePassword, write=FSetWebServerSSLCertStorePassword };

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Data Type

String

WebServerSSLCertStoreType Property (SAMLDesktop Component)

The type of certificate store for this certificate.

Syntax

__property TciSAMLDesktopWebServerSSLCertStoreTypes WebServerSSLCertStoreType = { read=FWebServerSSLCertStoreType, write=FSetWebServerSSLCertStoreType };

enum TciSAMLDesktopWebServerSSLCertStoreTypes {
  cstUser=0,
  cstMachine=1,
  cstPFXFile=2,
  cstPFXBlob=3,
  cstJKSFile=4,
  cstJKSBlob=5,
  cstPEMKeyFile=6,
  cstPEMKeyBlob=7,
  cstPublicKeyFile=8,
  cstPublicKeyBlob=9,
  cstSSHPublicKeyBlob=10,
  cstP7BFile=11,
  cstP7BBlob=12,
  cstSSHPublicKeyFile=13,
  cstPPKFile=14,
  cstPPKBlob=15,
  cstXMLFile=16,
  cstXMLBlob=17,
  cstJWKFile=18,
  cstJWKBlob=19,
  cstSecurityKey=20,
  cstBCFKSFile=21,
  cstBCFKSBlob=22,
  cstPKCS11=23,
  cstAuto=99
};

Default Value

cstUser

Remarks

The type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used, the component will automatically determine the type. This property can take one of the following values:

Data Type

Integer

WebServerSSLCertSubjectAltNames Property (SAMLDesktop Component)

Comma-separated lists of alternative subject names for the certificate.

Syntax

__property String WebServerSSLCertSubjectAltNames = { read=FWebServerSSLCertSubjectAltNames };

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

Data Type

String

WebServerSSLCertThumbprintMD5 Property (SAMLDesktop Component)

The MD5 hash of the certificate.

Syntax

__property String WebServerSSLCertThumbprintMD5 = { read=FWebServerSSLCertThumbprintMD5 };

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

WebServerSSLCertThumbprintSHA1 Property (SAMLDesktop Component)

The SHA-1 hash of the certificate.

Syntax

__property String WebServerSSLCertThumbprintSHA1 = { read=FWebServerSSLCertThumbprintSHA1 };

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

WebServerSSLCertThumbprintSHA256 Property (SAMLDesktop Component)

The SHA-256 hash of the certificate.

Syntax

__property String WebServerSSLCertThumbprintSHA256 = { read=FWebServerSSLCertThumbprintSHA256 };

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

Data Type

String

WebServerSSLCertUsage Property (SAMLDesktop Component)

The text description of UsageFlags .

Syntax

__property String WebServerSSLCertUsage = { read=FWebServerSSLCertUsage };

Default Value

""

Remarks

The text description of WebServerSSLCertUsageFlags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

Data Type

String

WebServerSSLCertUsageFlags Property (SAMLDesktop Component)

The flags that show intended use for the certificate.

Syntax

__property int WebServerSSLCertUsageFlags = { read=FWebServerSSLCertUsageFlags };

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of WebServerSSLCertUsageFlags is a combination of the following flags:

Please see the WebServerSSLCertUsage property for a text representation of WebServerSSLCertUsageFlags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

Data Type

Integer

WebServerSSLCertVersion Property (SAMLDesktop Component)

The certificate's version number.

Syntax

__property String WebServerSSLCertVersion = { read=FWebServerSSLCertVersion };

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

Data Type

String

WebServerSSLCertSubject Property (SAMLDesktop Component)

The subject of the certificate used for client authentication.

Syntax

__property String WebServerSSLCertSubject = { read=FWebServerSSLCertSubject, write=FSetWebServerSSLCertSubject };

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

Data Type

String

WebServerSSLCertEncoded Property (SAMLDesktop Component)

The certificate (PEM/Base64 encoded).

Syntax

__property String WebServerSSLCertEncoded = { read=FWebServerSSLCertEncoded, write=FSetWebServerSSLCertEncoded };
__property DynamicArray<Byte> WebServerSSLCertEncodedB = { read=FWebServerSSLCertEncodedB, write=FSetWebServerSSLCertEncodedB };

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The WebServerSSLCertStore and WebServerSSLCertSubject properties also may be used to specify a certificate.

When WebServerSSLCertEncoded is set, a search is initiated in the current WebServerSSLCertStore for the private key of the certificate. If the key is found, WebServerSSLCertSubject is updated to reflect the full subject of the selected certificate; otherwise, WebServerSSLCertSubject is set to an empty string.

This property is not available at design time.

Data Type

Byte Array

WebServerSSLEnabled Property (SAMLDesktop Component)

Whether the web server requires Secure Sockets Layer (SSL) connections.

Syntax

__property bool WebServerSSLEnabled = { read=FWebServerSSLEnabled, write=FSetWebServerSSLEnabled };

Default Value

false

Remarks

This setting specifies whether the embedded web server uses a Secure Sockets Layer (SSL). If set to True, WebServerSSLCert is required and the server will accept only SSL connections. If set to False, only plaintext connects are supported.

Data Type

Boolean

AuthenticateUser Method (SAMLDesktop Component)

Authenticates a user to the application.

Syntax

void __fastcall AuthenticateUser();

Remarks

This method will attempt to authenticate the current user using the setting from the following properties and fields:

• IdentityProviderMetadata
• IdentityProviderSigningCert
• IdentityProviderURIs
• SAMLRequestSettings
• ServiceProviderSigningCert
• ServiceProviderURI

The method will first try to launch a web browser window that directs a user to the configured Identity Provider's sign-on page. The user will then go through the authentication process with the Identity Provider, and typically provide consent to allow the service provider (your application) access to their user information. Then, the Identity Provider will return the user back to the application.

At the same time that the user is directed to the sign-on page, the component will also start an internal web server that will be listening for when the user returns. Once the user has returned, the web server will parse the information and validate it.

The method that is used to send the user to the sign-on page and the method that is used to return the user depends on the configuration of the Service Provider and the Identity Provider. The component supports two bindings that define different methods for communicate.

The HTTP-Redirect binding defines communication that happens over HTTP GET requests and provides the recipient with the information for the request or response through the query parameters. Typically, and by default, this is used when directing the user to the sign-on page. The reason it is not often used for the response from the Identity Provider is that the responses are often required which makes them too long for query parameters. If the HTTP-Redirect binding needs to be used with a signed request or response, it will instead use a detached signature.

The HTTP-POST binding defines communication that happens over HTTP POST requests and provides the recipient with the information for the request or response through a form post. Typically, this is used to receive the response from the Identity Provider. Since this binding uses a form post, there are less constraints on how long the response can be. This binding can be used to direct a user to the sign-on page if required. The component will first direct the user to an empty HTML page that will then submit a form post to the sign-on page.

Once the SAML response has been received by the component, it will parse and validate the SAML response. The results are stored in the SAMLResponseInfo property if the SAMLResponse is valid. If the authentication was successful on the Identity Provider's side, it will also parse and validate the assertion. Information about the assertion can be access by accessing the AssertionInfo, AssertionAttributeInfo, and AssertionInfo properties.

This method is the equivalent of using the following methods. See each method for an in-depth review of how each step operates.

• ParseSAMLResponse
• ValidateSAMLResponse
• ParseAssertion
• ValidateAssertion

If this method completes without any exceptions, then both the SAML response and assertion are valid meaning the user that is described by the AssertionSubjectNameId can be considered authenticated to this application.

BuildServiceMetadata Method (SAMLDesktop Component)

Builds a metadata document for a service provider.

Syntax

void __fastcall BuildServiceMetadata();

Remarks

This method uses the ServiceProviderMetadata property to create a new federation metadata document that describes the service provider. This is typically used to provide information about the service provider to the identity provider.

The following fields and properties are used:

• ServiceProviderMetadataAuthnRequestSigned
• ServiceProviderMetadataEntityId
• ServiceProviderMetadataSignedMetadata
• ServiceProviderMetadataSupportedNameIdFormats
• ServiceProviderMetadataWantAssertionsSigned
• ServiceProviderSigningCert
• ServiceProviderURI

TBD

Config Method (SAMLDesktop Component)

Sets or retrieves a configuration setting.

Syntax

String __fastcall Config(String ConfigurationString);

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoEvents Method (SAMLDesktop Component)

This method processes events from the internal message queue.

Syntax

void __fastcall DoEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

GetAssertionAttribute Method (SAMLDesktop Component)

Searches for a specific assertion attribute.

Syntax

String __fastcall GetAssertionAttribute(String attrName);

Remarks

This method will search the current AssertionAttributeInfo properties for a specific attribute. The attrName parameter should be set to the attribute name. The method will then return the value of the attribute with the matching name. If there is more than one value, it will return the values in a semicolon-separated list.

Interrupt Method (SAMLDesktop Component)

This method interrupts the current method.

Syntax

void __fastcall Interrupt();

Remarks

If there is no method in progress, Interrupt simply returns, doing nothing.

LoadIdentityMetadata Method (SAMLDesktop Component)

Loads an identity provider's metadata document.

Syntax

void __fastcall LoadIdentityMetadata(String metadataDocument, bool validate);

Remarks

This method loads in the identity provider's metadata document that is provided through the metadataDocument parameter. After the document has been loaded, the IdentityProviderEncryptingCert, IdentityProviderMetadata, IdentityProviderSigningCert and IdentityProviderURIs properties will be set with the information that is available in the document. If the metadata document is signed and the validate parameter is true, the method will also validate the metadata document's signature.

ParseAssertion Method (SAMLDesktop Component)

Parses an assertion.

Syntax

void __fastcall ParseAssertion();

Remarks

This method parses the assertion found in the AssertionInfo property. The raw assertion that is parsed provided to the component by setting the AssertionAssertionContent property. If the method is able to successfully parse the assertion, the AssertionInfo property is populated along with the AssertionAttributeInfo and AssertionAuthnInfo collections, once for each type of statement found in the assertion.

ParseSAMLResponse Method (SAMLDesktop Component)

Parses a SAML response.

Syntax

void __fastcall ParseSAMLResponse();

Remarks

This method parses the SAML response found in the SAMLResponseInfo property by setting the SAMLResponseResponseContent property. If the method is able to successfully parse the SAML response, the information fields in the SAMLResponseInfo property are populated.

To validate a SAML response, see ValidateSAMLResponse.

Additionally, if the SAMLResponseResponseType is srtAuthn, the AssertionAssertionContent property will be populated. See ValidateAssertion and ParseAssertion for more information on validating and parsing the assertion.

RequestIdentityMetadata Method (SAMLDesktop Component)

Requests an identity provider's SAML metadata document.

Syntax

void __fastcall RequestIdentityMetadata(String URL);

Remarks

This method makes an HTTP GET request to get the Identity Provider metadata document from the URL location. Once the document has been retrieved, the method will parse and validate the metadata document. After the document has been parsed, the IdentityProviderEncryptingCert, IdentityProviderMetadata, IdentityProviderSigningCert, and IdentityProviderURIs properties will be populated with the information that is available in the document.

Reset Method (SAMLDesktop Component)

This method will reset the component.

Syntax

void __fastcall Reset();

Remarks

This method will reset the component's properties to their default values.

StartWebServer Method (SAMLDesktop Component)

Starts the embedded web server.

Syntax

void __fastcall StartWebServer();

Remarks

This method starts the embedded web server. This method can be used to manually start the embedded web server. Under normal circumstances, this is not needed as the component will automatically start and stop the web server when AuthenticateUser is called. You may decide, however, to start the web server manually before calling AuthenticateUser. When called, this method will also populate ServiceProviderURI with the address of the embedded server.

StopWebServer Method (SAMLDesktop Component)

Stops the embedded web server.

Syntax

void __fastcall StopWebServer();

Remarks

This method stops the embedded web server. Under normal circumstances, the web server will be stopped automatically during the authentication process when AuthenticateUser is called. If ReUseWebServer is set to True, the server will not be automatically stopped, and this method must be called to stop the embedded web server.

ValidateAssertion Method (SAMLDesktop Component)

Validates an assertion.

Syntax

void __fastcall ValidateAssertion();

Remarks

This method validates the assertion found in the AssertionInfo property. If an assertion is validated properly, then the user of the application can be authenticated as the subject of the assertion. If the validation fails, then the user should not be authenticated to the application.

The assertion needs to be parsed before it can be validated. You can either be manually set via the AssertionAssertionContent property or by first calling ParseSAMLResponse on a SAML response that contains an assertion. Before attempting this validation, the Assertion event provides an opportunity to configure the component to successfully validate the assertion. If the validation fails at any point, the method will throw an exception with the error code corresponding to the reason.

The following checks are performed on the assertion:

To skip certain checks, see AssertionValidationFlags. TBD

ValidateSAMLResponse Method (SAMLDesktop Component)

Validates a SAML response.

Syntax

void __fastcall ValidateSAMLResponse();

Remarks

This method validates a SAML response. If a SAML response is successfully validated and in response to an authentication request, then the assertion should be parsed and validated to finish the authentication process. If it is in response to a logout request, then the application should finish it's logout process for the user.

The SAML response must first be parsed by calling the ParseSAMLResponse method. Before attempting validation, the SAMLResponse event provides an opportunity to configure the component to successfully validate the SAML response.

The following checks are performed on the SAML response:

To skip certain checks, see SAMLResponseValidationFlags. Note that this method does not validate the assertion if one is found within the SAML response. See ValidateAssertion and ParseAssertion for more information on validating and parsing the assertion. TBD

Error Event (SAMLDesktop Component)

Fired when information is available about errors during data delivery.

Syntax

typedef struct {
  int ErrorCode;
  String Description;
} TciSAMLDesktopErrorEventParams;
typedef void __fastcall (__closure *TciSAMLDesktopErrorEvent)(System::TObject* Sender, TciSAMLDesktopErrorEventParams *e);
__property TciSAMLDesktopErrorEvent OnError = { read=FOnError, write=FOnError };

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

LaunchBrowser Event (SAMLDesktop Component)

Fires before launching a browser with the SAML request.

Syntax

typedef struct {
  String URL;
  String Command;
} TciSAMLDesktopLaunchBrowserEventParams;
typedef void __fastcall (__closure *TciSAMLDesktopLaunchBrowserEvent)(System::TObject* Sender, TciSAMLDesktopLaunchBrowserEventParams *e);
__property TciSAMLDesktopLaunchBrowserEvent OnLaunchBrowser = { read=FOnLaunchBrowser, write=FOnLaunchBrowser };

Remarks

When the AuthenticateUser method is called, the component will fire this event with the Command, which will be executed by the component. The URL parameter will be the URL that the user will be directed to authenticate.

Within this event, you may override the current value of either Command or URL and provide your own value. If Command is set to an empty string, the component will not attempt to launch the browser and instead you will be responsible for directing the user to the authorization URL specified by the URL parameter.

In Windows, ShellExecute is used to execute Command, which limits the verbs available for use in Command to:

• edit
• explore
• find
• open
• print

Log Event (SAMLDesktop Component)

Fired once for each log message.

Syntax

typedef struct {
  int LogLevel;
  String Message;
  String LogType;
} TciSAMLDesktopLogEventParams;
typedef void __fastcall (__closure *TciSAMLDesktopLogEvent)(System::TObject* Sender, TciSAMLDesktopLogEventParams *e);
__property TciSAMLDesktopLogEvent OnLog = { read=FOnLog, write=FOnLog };

Remarks

This event is fired once for each log message generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the level of message. Possible values are as follows:

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

Message is the log entry.

LogType identifies the type of log entry. Possible values are as follows:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"

Redirect Event (SAMLDesktop Component)

Fired when a redirection is received from the server.

Syntax

typedef struct {
  String Location;
  bool Accept;
} TciSAMLDesktopRedirectEventParams;
typedef void __fastcall (__closure *TciSAMLDesktopRedirectEvent)(System::TObject* Sender, TciSAMLDesktopRedirectEventParams *e);
__property TciSAMLDesktopRedirectEvent OnRedirect = { read=FOnRedirect, write=FOnRedirect };

Remarks

This event is fired in cases in which the client can decide whether or not to continue with the redirection process. The Accept parameter is always True by default, but if you do not want to follow the redirection, Accept may be set to False, in which case the component raises an exception. Location is the location to which the client is being redirected. Further control over redirection is provided in the FollowRedirects property.

SSLServerAuthentication Event (SAMLDesktop Component)

Fired after the server presents its certificate to the client.

Syntax

typedef struct {
  String CertEncoded;
  DynamicArray<Byte> CertEncodedB;
  String CertSubject;
  String CertIssuer;
  String Status;
  bool Accept;
} TciSAMLDesktopSSLServerAuthenticationEventParams;
typedef void __fastcall (__closure *TciSAMLDesktopSSLServerAuthenticationEvent)(System::TObject* Sender, TciSAMLDesktopSSLServerAuthenticationEventParams *e);
__property TciSAMLDesktopSSLServerAuthenticationEvent OnSSLServerAuthentication = { read=FOnSSLServerAuthentication, write=FOnSSLServerAuthentication };

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (SAMLDesktop Component)

Fired when secure connection progress messages are available.

Syntax

typedef struct {
  String Message;
} TciSAMLDesktopSSLStatusEventParams;
typedef void __fastcall (__closure *TciSAMLDesktopSSLStatusEvent)(System::TObject* Sender, TciSAMLDesktopSSLStatusEventParams *e);
__property TciSAMLDesktopSSLStatusEvent OnSSLStatus = { read=FOnSSLStatus, write=FOnSSLStatus };

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

Config Settings (SAMLDesktop Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

SAMLDesktop Config Settings

WebServer Config Settings

HTTP Config Settings

TCPClient Config Settings

SSL Config Settings

Socket Config Settings

Base Config Settings

Trappable Errors (SAMLDesktop Component)

SAMLDesktop Errors

The component may also return one of the following error codes, which are inherited from other components.

HTTP Errors

The component may also return one of the following error codes, which are inherited from other components.

TCPClient Errors

SSL Errors

TCP/IP Errors