SAML Component
Properties Methods Events Configuration Settings Errors
The SAML component is used to obtain security tokens and assertions.
Syntax
TipaSAML
Remarks
The SAML component provides an easy-to-use interface to obtain security tokens and assertions. The component can also be used to parse assertions and inspect the claims within.
The component has built in support for working with Microsoft SharePoint Online and Microsoft Dynamics CRM Online. This support means only a minimum of information needs to be supplied to the component.
Microsoft SharePoint Online and Dynamics CRM Online
To begin working with SharePoint Online or Dynamics CRM Online first set the AuthMode to the appropriate value. The component will automatically populate several properties to known values. Set the User, Password, ApplicationURN properties and call GetSecurityToken. For instance:
component.AuthMode = SAMLAuthModes.amDynamicsCRM; //dynamic crm component.User = "user@mycrm.onmicrosoft.com"; component.Password = "password"; component.ApplicationURN = "urn:crmapac:dynamics.com"; component.GetSecurityToken();After calling GetSecurityToken the SecurityTokenXML property will be populated.
ADFS and Others
When working with ADFS or another Security Token Service (STS) the GetAssertion method may be used to obtain an assertion. To begin set AuthMode to either amADFS or amCustom. Then set LocalSTS, User, Password, and ApplicationURN. For instance:
component.AuthMode = SAMLAuthModes.amADFS; component.User = "administrator"; component.Password = "admin"; component.LocalSTS = "https://adfs.contoso.com"; component.ApplicationURN = "https://fsweb.contoso.com/ClaimsAwareWebAppWithManagedSTS/"; component.GetAssertion();If the assertion is signed the component will use the certificate specified in SignerCert to verify the signature. If SignerCert is not set the component will attempt to parse the certificate present in the assertion to perform verification.
After the assertion is parsed and the signature is verified (if present) the following properties will be populated:
- AssertionId
- AssertionIssueInstant
- AssertionIssuer
- AssertionNotBefore
- AssertionNotOnOrAfter
- AssertionSubject
- AssertionVersion
- AssertionXML
- Claim* properties
Parsing an Assertion
The component may also be used to parse an existing assertion without contacting a STS. To parse an existing assertion call ParseAssertion with the assertion XML. If the assertion is signed the component will use the certificate specified in SignerCert to verify the signature. If SignerCert is not set the component will attempt to parse the certificate present in the assertion to perform verification.
After the assertion is parsed and the signature is verified (if present) the following properties will be populated:
- AssertionId
- AssertionIssueInstant
- AssertionIssuer
- AssertionNotBefore
- AssertionNotOnOrAfter
- AssertionSubject
- AssertionVersion
- AssertionXML
- Claim* properties
Property List
The following is the full list of the properties of the component with short descriptions. Click on the links for further details.
| ApplicationURN | The application's Uniform Resource Name (URN). |
| AssertionId | The assertion id. |
| AssertionIssueInstant | The time in UTC that the assertion was issued. |
| AssertionIssuer | The assertion issuer. |
| AssertionNotBefore | The date on which the assertion becomes valid. |
| AssertionNotOnOrAfter | The time at which the assertion expires. |
| AssertionSubject | The subject of the assertion. |
| AssertionVersion | The version of the assertion. |
| AssertionXML | The assertion XML. |
| AuthMode | The authentication mode. |
| CertEncoded | The certificate (PEM/base64 encoded). |
| CertStore | The name of the certificate store for the client certificate. |
| CertStorePassword | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| CertStoreType | The type of certificate store for this certificate. |
| CertSubject | The subject of the certificate used for client authentication. |
| Claims | A collection of claims. |
| FederationSTS | The URL of the federation Security Token Service (STS). |
| FederationURN | The federation Uniform Resource Name (URN). |
| LocalSTS | The local Security Token Service (STS). |
| Password | The user's password. |
| Proxy | A set of properties related to proxy access. |
| SecurityTokenXML | The security token XML. |
| SignerCertEncoded | The certificate (PEM/base64 encoded). |
| SignerCertStore | The name of the certificate store for the client certificate. |
| SignerCertStorePassword | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| SignerCertStoreType | The type of certificate store for this certificate. |
| SignerCertSubject | The subject of the certificate used for client authentication. |
| SSLAcceptServerCertEncoded | The certificate (PEM/base64 encoded). |
| SSLCertEncoded | The certificate (PEM/base64 encoded). |
| SSLCertStore | The name of the certificate store for the client certificate. |
| SSLCertStorePassword | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| SSLCertStoreType | The type of certificate store for this certificate. |
| SSLCertSubject | The subject of the certificate used for client authentication. |
| SSLServerCertEncoded | The certificate (PEM/base64 encoded). |
| User | The username. |
| XAttributes | A collection of attributes of the current element. |
| XChildren | Collection of child elements of the current element. |
| XElement | The name of the current element. |
| XNamespace | The namespace of the current element. |
| XParent | The parent of the current element. |
| XPath | Provides a way to point to a specific element in the document. |
| XPrefix | The prefix of the current element. |
| XSubTree | A snapshot of the current element in the document. |
| XText | The text of the current element. |
Method List
The following is the full list of the methods of the component with short descriptions. Click on the links for further details.
| Config | Sets or retrieves a configuration setting. |
| GetAssertion | Gets the assertion. |
| GetSecurityToken | Gets the security token. |
| ParseAssertion | Parses the specified assertion. |
Event List
The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.
| Characters | Fired for plain text segments of the input stream. |
| Comment | Fired when a comment section is encountered. |
| EndElement | Fired when an end-element tag is encountered. |
| Error | Information about errors during data delivery. |
| PI | Fired when a processing instruction section is encountered. |
| SSLServerAuthentication | Fired after the server presents its certificate to the client. |
| SSLStatus | Shows the progress of the secure connection. |
| StartElement | Fired when a begin-element tag is encountered in the document. |
Configuration Settings
The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.
| AssertionXPath | The XPath to the assertion. |
| DecryptAssertion | Whether to decrypt the assertion. |
| EncryptedAssertionXPath | The XPath to the encrypted assertion. |
| RawRequest | Returns the raw HTTP request. |
| RawResponse | Returns the raw HTTP response. |
| UserRealm | The URL of a web service to determine the LocalSTS (if any). |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |