SAML Class
Properties Methods Events Configuration Settings Errors
The SAML class is used to obtain security tokens and assertions.
Syntax
ipworksauth.Saml
Remarks
The SAML class provides an easy-to-use interface to obtain security tokens and assertions. The class can also be used to parse assertions and inspect the claims within.
The component has built in support for working with Microsoft SharePoint Online and Microsoft Dynamics CRM Online. This support means only a minimum of information needs to be supplied to the component.
Microsoft SharePoint Online and Dynamics CRM Online
To begin working with SharePoint Online or Dynamics CRM Online first set the AuthMode to the appropriate value. The class will automatically populate several properties to known values. Set the User, Password, ApplicationURN properties and call GetSecurityToken. For instance:
component.AuthMode = SAMLAuthModes.amDynamicsCRM; //dynamic crm component.User = "user@mycrm.onmicrosoft.com"; component.Password = "password"; component.ApplicationURN = "urn:crmapac:dynamics.com"; component.GetSecurityToken();After calling GetSecurityToken the SecurityTokenXML property will be populated.
ADFS and Others
When working with ADFS or another Security Token Service (STS) the GetAssertion method may be used to obtain an assertion. To begin set AuthMode to either amADFS or amCustom. Then set LocalSTS, User, Password, and ApplicationURN. For instance:
component.AuthMode = SAMLAuthModes.amADFS; component.User = "administrator"; component.Password = "admin"; component.LocalSTS = "https://adfs.contoso.com"; component.ApplicationURN = "https://fsweb.contoso.com/ClaimsAwareWebAppWithManagedSTS/"; component.GetAssertion();If the assertion is signed the class will use the certificate specified in SignerCert to verify the signature. If SignerCert is not set the class will attempt to parse the certificate present in the assertion to perform verification.
After the assertion is parsed and the signature is verified (if present) the following properties will be populated:
- AssertionId
- AssertionIssueInstant
- AssertionIssuer
- AssertionNotBefore
- AssertionNotOnOrAfter
- AssertionSubject
- AssertionVersion
- AssertionXML
- Claims
Parsing an Assertion
The class may also be used to parse an existing assertion without contacting a STS. To parse an existing assertion call ParseAssertion with the assertion XML. If the assertion is signed the class will use the certificate specified in SignerCert to verify the signature. If SignerCert is not set the class will attempt to parse the certificate present in the assertion to perform verification.
After the assertion is parsed and the signature is verified (if present) the following properties will be populated:
- AssertionId
- AssertionIssueInstant
- AssertionIssuer
- AssertionNotBefore
- AssertionNotOnOrAfter
- AssertionSubject
- AssertionVersion
- AssertionXML
- Claims
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| ApplicationURN | The application's Uniform Resource Name (URN). |
| AssertionId | The assertion id. |
| AssertionIssueInstant | The time in UTC that the assertion was issued. |
| AssertionIssuer | The assertion issuer. |
| AssertionNotBefore | The date on which the assertion becomes valid. |
| AssertionNotOnOrAfter | The time at which the assertion expires. |
| AssertionSubject | The subject of the assertion. |
| AssertionVersion | The version of the assertion. |
| AssertionXML | The assertion XML. |
| AuthMode | The authentication mode. |
| Certificate | The certificate used for decryption. |
| Claims | A collection of claims. |
| FederationSTS | The URL of the federation Security Token Service (STS). |
| FederationURN | The federation Uniform Resource Name (URN). |
| LocalSTS | The local Security Token Service (STS). |
| Password | The user's password. |
| Proxy | A set of properties related to proxy access. |
| SecurityTokenXML | The security token XML. |
| SignerCert | The certificate used for signature verification. |
| SSLAcceptServerCert | Instructs the class to unconditionally accept the server certificate that matches the supplied certificate. |
| SSLCert | The certificate to be used during SSL negotiation. |
| SSLServerCert | The server certificate for the last established connection. |
| User | The username. |
| XAttributes | A collection of attributes of the current element. |
| XChildren | Collection of child elements of the current element. |
| XElement | The name of the current element. |
| XNamespace | The namespace of the current element. |
| XParent | The parent of the current element. |
| XPath | Provides a way to point to a specific element in the document. |
| XPrefix | The prefix of the current element. |
| XSubTree | A snapshot of the current element in the document. |
| XText | The text of the current element. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| Config | Sets or retrieves a configuration setting. |
| GetAssertion | Gets the assertion. |
| GetSecurityToken | Gets the security token. |
| ParseAssertion | Parses the specified assertion. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| Characters | Fired for plain text segments of the input stream. |
| Comment | Fired when a comment section is encountered. |
| EndElement | Fired when an end-element tag is encountered. |
| Error | Information about errors during data delivery. |
| PI | Fired when a processing instruction section is encountered. |
| SSLServerAuthentication | Fired after the server presents its certificate to the client. |
| SSLStatus | Shows the progress of the secure connection. |
| StartElement | Fired when a begin-element tag is encountered in the document. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| AssertionXPath | The XPath to the assertion. |
| DecryptAssertion | Whether to decrypt the assertion. |
| EncryptedAssertionXPath | The XPath to the encrypted assertion. |
| RawRequest | Returns the raw HTTP request. |
| RawResponse | Returns the raw HTTP response. |
| UserRealm | The URL of a web service to determine the LocalSTS (if any). |
| BuildInfo | Information about the product's build. |
| GUIAvailable | Tells the class whether or not a message loop is available for processing events. |
| LicenseInfo | Information about the current license. |
| UseDaemonThreads | Whether threads created by the class are daemon threads. |
| UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |