SecureBlackbox 2020 C++ Builder Edition

Questions / Feedback?

SAMLReader Component

Properties   Methods   Events   Configuration Settings   Errors  

The SAMLReader component offers SAML message processing functionality.

Syntax

TsbxSAMLReader

Remarks

SAMLReader provides means for processing of SAML protocol messages and extraction of their elements. Together with SAMLWriter it provides fine-grained access to the contents of SAML messages. You may consider using these classes if functionality offered by SAMLIdPServer and SAMLSPServer is too high a level for your usage scenario.

SAMLReader and SAMLWriter are independent of SAML server controls, and focus on scenarios that require lower-level access to SAML messaging.

SAMLReader can process the following types of SAML messages:

  • AssertionIDRequest
  • SubjectQuery
  • AuthnQuery
  • AttributeQuery
  • AuthzDecisionQuery
  • AuthnRequest
  • ManageNameIDRequest
  • LogoutRequest
  • NameIDMappingRequest
  • ArtifactResolve
  • Response

Pass your SAML message to Open (or OpenStream) method. Upon processing, component will populate the elements of the message in the properties, such as InputType or Issuer. More complex elements, such as assertions, require pinning with PinAssertion method to be populated in the object properties.

The snippet below shows how to use SAMLReader to process a message of the AuthnRequest type created by the matching SAMLReader example (or by any compatible SAML endpoint). The input SAML message has the following look:

  <samlp:AuthnRequest 
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="53GhrzQ5f89fu214ANAR" Version="2.0" 
    IssueInstant="2021-12-15T10:39:31Z" Destination="http://destination-url.com" IsPassive="false" 
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
    AssertionConsumerServiceURL="https://assertion-consumer-url.com" AttributeConsumingServiceIndex="1" 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://issuer-url.com</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <ds:Reference URI="#53GhrzQ5f89fu214ANAR">
          <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>+xhhgXtwYN0/r9h7WAwg=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>
        jfYeIq/z8D1tJZYbVqDMoqKpdrfGMj8/zI7gbUsJbECAr00cN34md2QG0mo4cOx7pny+5
        Tht7tUzqENHqcZdmlOcZc2JcJqokVxIcLEluFiWKlNjpexkXFQKzOC1peRfTZm8SQTqtP
        Cz8IknLUc6Scfml29PHmks1PxjJDteGb/+FggsZRTGZC3a05nvH3ayvHukPeHuHssx5dX
        nj0quT8salR6fdx6lAJo/AnDHzcfBNyxAMn+ebk5VOOgVD1L3PayvXib/maj8aVI2I5UT
        o4vmfybTWKzeS8DX9We7UV+4Xowwe647t1A912xLVub/e23A18Yf1V0PXC87kttTkA==
      </ds:SignatureValue>
      <ds:KeyInfo>
        <ds:X509Data><ds:X509Certificate>
          MIIEKDCCAxCgAwIBAgIFYA3A3gIwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxC
          zAJBgNVBAgTAk5DMRQwEgYDVQQHEwtDaGFwZWwgSGlsbDEiMCAGCSqGSIb3DQEJARMTc2
          FsZXNAbnNvZnR3YXJlLmNvbTEoMCYGA1UEAxMfU2VjdXJlQmxhY2tib3ggRGVtbyBDZXJ
          0aWZpY2F0ZTAeFw0xNzA5MDEwMDAwMDBaFw0yMjA5MDEwMDAwMDBaMH4xCzAJBgNVBAYT
          AlVTMQswCQYDVQQIEwJOQzEUMBIGA1UEBxMLQ2hhcGVsIEhpbGwxIjAgBgkqhkiG9w0BC
          QETE3NhbGVzQG5zb2Z0d2FyZS5jb20xKDAmBgNVBAMTH1NlY3VyZUJsYWNrYm94IERlbW
          8gQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfAVIcq9o
          eoIbw56LsPjxWsX3YGkqasBQzgQymhfcDZeSvFKFis8iqArGLTUUWOaImO5t2UmjIa+4n
          YP39hb9Z1r0CMy53p83oYbbZZ7qMeji0pMAufJHqKCN8t2HNWf2HE8S9UOU7R/UHdrSAN
          JitBKV9lSG9f450yWoGNwt35ZCsOp0zqtCgvkEvteGsz01R5DDjOccs3QNu25K/Sf27KP
          CYabS6A1ehYNY/G32qoKNJhu3DN4bWje57gBWi9WSfQ3tZUOV5q2ozaNJA78Wl4fXC6RB
          CaBh0GOwXeyZoH13LJdn+lqlCSMz024ImG4yFQEENbWvE9Elku8RYTn73AgMBAAGjgaww
          gakwHwYDVR0jBBgwFoAUmt/L7GI1SH36Sp8EUBxTwuzSgqMwHQYDVR0OBBYEFJrfy+xiN
          Uh9+kqfBFAcU8Ls0oKjMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwDuADBFBg
          NVHSUEPjA8BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwY
          BBQUHAwgGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQBovHBbMsW/k/5iuLQQqsYS
          ng5X2iy1W+5BRb1hz0MGnHGLqJWy1ty5+bTo6g/zvT65dXIPIexLkInEenYSy75Lthr6a
          ewUcvwfl1TYXjWlMD5Nm5pM9As71+XsGSdYGXoKohbEzbT6RDByjwR+yxtatqko7e1Eg6
          InNJRTRt7al/63FSPEgSCqOX6asDVDNZ83db0dOcoeaPEiDz3liE3+tYHtKXj5/qwTtYd
          aqBZxdJfuCKZveEFe1DO3/ayDvIvG9Eme+rEjntErF+Cw9a8ukesvDuT49cRE9oTs3O7f
          6LUbhCv5zJN+dTFr75NSdWdp4yvn3nK3i2udeMnTWK0U
        </ds:X509Certificate></ds:X509Data>
      </ds:KeyInfo>
    </ds:Signature>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
    <saml:Conditions NotBefore="2021-12-15T10:39:31Z" NotOnOrAfter="2021-12-15T11:09:31Z"><saml:OneTimeUse/></saml:Conditions>
  </samlp:AuthnRequest>
You can process this message and access its properties with the following code:
  Samlreader reader = new Samlreader();

  reader.ValidateSignatures = true;
  reader.Open(req);

  Log("SAML document loaded. The message is of the " + reader.InputTypeString + " type, and was issued by " + reader.Issuer + " at " + reader.IssueInstant + ".");

  if (reader.InputType == SamlreaderInputTypes.cstyAuthnRequest)
  {
      Log("AuthnRequest.ConsumerServiceURL: " + reader.AuthnRequest.AssertionConsumerServiceURL);
      Log("AuthnRequest.ProtocolBinding: " + reader.AuthnRequest.ProtocolBinding);
      Log("AuthnRequest.Conditions.NotBefore: " + reader.AuthnRequest.ConditionsNotBefore);
      Log("AuthnRequest.Conditions.NotAfter: " + reader.AuthnRequest.ConditionsNotOnOrAfter);
  }

  if (reader.Signed) 
  {
      Log("The message was signed by " + reader.SigningCertificate.SubjectRDN);
      Log("Signature validity: " + reader.SignatureValidationResult.ToString());
  }

Property List


The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

ArtifactEndpointIndexAn accessor to the EndpointIndex entry of the artifact.
ArtifactMessageHandleAn accessor to the MessageHandle property of the artifact.
ArtifactRemainingArtifactReturns the contents of the artifact.
ArtifactSourceIDAn accessor to the SourceID property of the artifact.
ArtifactTypeCodeThe TypeCode property of the artifact.
ArtifactURIAn accessor to the URI property of the artifact.
ArtifactResolveQueryReturns the content of the ArtifactResolve query.
AssertionCountReturns the number of assertions in the SAML message.
AssertionIDRequestReferencesContains the References entry of the SAML assertion ID request.
AttrQueryAttrCountThe number of records in the AttrQueryAttr arrays.
AttrQueryAttrFriendlyNameSpecifies the friendly name of the attribute Use this property to access or set the friendly name of a SAML attribute (e.
AttrQueryAttrNameSpecifies the name of the attribute.
AttrQueryAttrNameFormatIndicates the format used to reference the attribute.
AttrQueryAttrStatementIndexContains the index of the statement the attribute corresponds to.
AttrQueryAttrValuesContains a list of attribute values.
AuthnQueryComparisonSpecifies the authentication context comparison method.
AuthnQueryContextClassRefsSpecifies the context class reference.
AuthnQueryRefTypeSpecifies the context reference type.
AuthnQuerySessionIndexSpecifies the index of the session to the authentication entity.
AuthnRequestAssertionConsumerServiceIndexSpecifies the assertion consumer service index.
AuthnRequestAssertionConsumerServiceURLSpecifies the assertion consumer service URL.
AuthnRequestAttributeConsumingServiceIndexSpecifies the attribute consuming service index.
AuthnRequestConditionsNotBeforeSpecifies the NotBefore condition of the request.
AuthnRequestConditionsNotOnOrAfterProvides access to the NotOnOrAfter condition of the request.
AuthnRequestContextClassRefsProvides access to the authentication context class references.
AuthnRequestContextComparisonSpecifies the AuthnContext comparison method.
AuthnRequestContextRefTypeSpecifies the context reference type.
AuthnRequestForceAuthnCorresponds to the ForceAuthn parameter of the request.
AuthnRequestIsPassiveMaps to the IsPassive parameter of the request.
AuthnRequestNameIDPolicyAllowCreateMatches the AllowCreate attribute of NameIDPolicy element of the request.
AuthnRequestNameIDPolicyFormatMatches to the Format attribute of the NameIDPolicy element of the request.
AuthnRequestNameIDPolicySPNameQualifierMatches to the SP name qualifier attribute of the request.
AuthnRequestNameIDPolicyUseAllowCreateControls inclusion of AllowCreate attribute in the request.
AuthnRequestProtocolBindingSpecifies the protocol binding to be requested in the authentication request.
AuthnRequestProviderNameSpecifies the name of the requestor.
AuthnRequestScopingIDPListGetCompleteMatches the GetComplete element of the IDPList entry of the Scoping object.
AuthnRequestScopingProxyCountThe maximum number of proxies on the way between the requestor and the provider.
AuthnRequestScopingRequesterIDsA collection of requestor IDs on whose behalf the request is being sent.
AuthnRequestUseForceAuthnControls inclusion of ForceAuthn attribute in the request.
AuthnRequestUseIsPassiveControls inclusion of IsPassive attribute in the request.
AuthnRequestConditionCountThe number of records in the AuthnRequestCondition arrays.
AuthnRequestConditionAudienceListAn accessor to the Audience list parameter of an audience restriction condition.
AuthnRequestConditionConditionTypeSpecifies a type of the condition object.
AuthnRequestConditionProxyRestrictionCountAn accessor to the proxy restriction count element of the condition.
AuthnRequestScopingIDPCountThe number of records in the AuthnRequestScopingIDP arrays.
AuthnRequestScopingIDPLocContains the value of the Loc attribute.
AuthnRequestScopingIDPNameContains the name of the IdP provider.
AuthnRequestScopingIDPProviderIDContains the provider ID.
AuthzDecisionQueryActionsSpecifies the list of actions included in the query.
AuthzDecisionQueryResourceMatches the Resource element of the query.
BindingReturns the SAML message binding type.
BlockedCertCountThe number of records in the BlockedCert arrays.
BlockedCertBytesReturns raw certificate data in DER format.
BlockedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ChainValidationDetailsThe details of a certificate chain validation outcome.
ChainValidationResultThe general outcome of a certificate chain validation routine. Use ChainValidationDetails to get information about the reasons that contributed to the validation result.
ConsentReturns the Consent parameter of the SAML message.
DecryptionCertificateBytesReturns raw certificate data in DER format.
DecryptionCertificateHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
DestinationReturns the Destination parameter of the SAML message.
IDReturns the ID of the processed message.
IgnoreChainValidationErrorsMakes the component tolerant to chain validation errors.
InputTypeReturns the type of the processed message.
InputTypeStringReturns the type of the processed message, as an original string.
InResponseToReturns the in-response-to parameter of the message.
IssueInstantReturns the issue time of the message.
IssuerReturns the issuer of the message.
KnownCertCountThe number of records in the KnownCert arrays.
KnownCertBytesReturns raw certificate data in DER format.
KnownCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownCRLCountThe number of records in the KnownCRL arrays.
KnownCRLBytesReturns raw CRL data in DER format.
KnownCRLHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
KnownOCSPCountThe number of records in the KnownOCSP arrays.
KnownOCSPBytesBuffer containing raw OCSP response data.
KnownOCSPHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
LogoutRequestNameIDContains the value of the NameID parameter.
LogoutRequestNotOnOrAfterContains the value of the NotOnOrAfter parameter.
LogoutRequestReasonContains the value of the Reason parameter.
LogoutRequestSessionIndexesContains the list of session indices.
ManageNameIDRequestNameIDContains the value of the NameID parameter of the request.
ManageNameIDRequestNewEncryptedIDContains the value of the NewEncryptedID parameter of the request.
ManageNameIDRequestNewIDContains the value of the NewID parameter.
ManageNameIDRequestTerminateContains the value of the Terminate parameter of the request.
NameIDMappingRequestNameIDAn accessor to the NameID parameter of the request.
NameIDMappingRequestNameIDPolicyAllowCreateContains the value of AllowCreate parameter of the NameIDPolicy object.
NameIDMappingRequestNameIDPolicyFormatSpecifies the format of the NameIDPolicy element.
NameIDMappingRequestNameIDPolicySPNameQualifierContains the SPNameQualifier parameter of the NameIDPolicy element.
NameIDMappingRequestNameIDPolicyUseAllowCreateControls inclusion of UseAllow modifier in the NameIDPolicy object.
OfflineModeSwitches the component to the offline mode.
PinnedAssertionAttrCountThe number of records in the PinnedAssertionAttr arrays.
PinnedAssertionAttrFriendlyNameSpecifies the friendly name of the attribute Use this property to access or set the friendly name of a SAML attribute (e.
PinnedAssertionAttrNameSpecifies the name of the attribute.
PinnedAssertionAttrNameFormatIndicates the format used to reference the attribute.
PinnedAssertionAttrStatementIndexContains the index of the statement the attribute corresponds to.
PinnedAssertionAttrValuesContains a list of attribute values.
PinnedAssertionConditionCountThe number of records in the PinnedAssertionCondition arrays.
PinnedAssertionConditionAudienceListAn accessor to the Audience list parameter of an audience restriction condition.
PinnedAssertionConditionConditionTypeSpecifies a type of the condition object.
PinnedAssertionConditionProxyRestrictionCountAn accessor to the proxy restriction count element of the condition.
PinnedAssertionInfoAdviceAssertionCountContains the number of advice assertions.
PinnedAssertionInfoAssertionTypeSpecifies the type of the assertion.
PinnedAssertionInfoChainValidationDetailsThe details of a certificate chain validation outcome.
PinnedAssertionInfoChainValidationResultThe outcome of a certificate chain validation routine.
PinnedAssertionInfoConditionsNotBeforeRepresents the Conditions.
PinnedAssertionInfoConditionsNotOnOrAfterRepresents the Conditions.
PinnedAssertionInfoEncryptedContentRepresents the encrypted assertion content.
PinnedAssertionInfoIDRepresents the ID of the assertion.
PinnedAssertionInfoIDRefRepresents an ID reference value.
PinnedAssertionInfoIssueInstantContains the assertion issuance time stamp.
PinnedAssertionInfoSignatureValidationResultThe outcome of the cryptographic signature validation.
PinnedAssertionInfoSignedSpecifies whether the assertion is signed.
PinnedAssertionInfoURIRefRepresents an URI reference value.
PinnedAssertionInfoValidationLogContains the signing certificate's chain validation log.
PinnedAssertionInfoVersionSpecifies the SAML protocol version used.
PinnedAssertionIssuerReturns the pinned assertion issuer.
PinnedAssertionStatementCountThe number of records in the PinnedAssertionStatement arrays.
PinnedAssertionStatementAttributesContains a list of statement attribute names.
PinnedAssertionStatementAuthnContextAuthenticatingAuthoritiesContains the list of authenticating authorities.
PinnedAssertionStatementAuthnContextChoiceSpecifies the authentication context choice variant.
PinnedAssertionStatementAuthnContextClassRefIndicates the authentication contexts class reference.
PinnedAssertionStatementAuthnContextDeclSpecifies the authentication contexts declaration.
PinnedAssertionStatementAuthnContextDeclRefSpecifies the authentication contexts declaration reference.
PinnedAssertionStatementAuthnInstantSpecifies the authentication event timestamp.
PinnedAssertionStatementAuthnSessionIndexContains the authentication session index.
PinnedAssertionStatementAuthnSessionNotOnOrAfterMaps to the SessionNotOnOrAfter parameter of the authentication statement.
PinnedAssertionStatementAuthnSubjectLocalityAddressSpecifies the authentication subjects address.
PinnedAssertionStatementAuthnSubjectLocalityDNSNameMaps to the authentication subjects DNS name parameter.
PinnedAssertionStatementAuthzActionsProvides access to the list of actions of the authorization statement.
PinnedAssertionStatementAuthzDecisionSpecifies the authorization decision.
PinnedAssertionStatementAuthzDecisionEvidenceManages the authorization decision statement evidence parameter.
PinnedAssertionStatementAuthzDecisionResourceSpecifies the authorization decision statement resource parameter.
PinnedAssertionStatementStatementTypeSpecifies the assertion statement type.
PinnedAssertionSubjectConfirmationCountThe number of records in the PinnedAssertionSubjectConfirmation arrays.
PinnedAssertionSubjectConfirmationDataAddressContains the address enabled for presenting assertions.
PinnedAssertionSubjectConfirmationDataInResponseToThe ID of the SAML message in response to which the assertion is issued.
PinnedAssertionSubjectConfirmationDataNotBeforeTime moment before which the subject cannot be confirmed.
PinnedAssertionSubjectConfirmationDataNotOnOrAfterLimits the time until which the subject can be confirmed.
PinnedAssertionSubjectConfirmationDataRecipientThe URI of the entity or the location of the resource to which the assertion should be presented.
PinnedAssertionSubjectConfirmationDataTypeThe type of data contained in the confirmation.
PinnedAssertionSubjectConfirmationIDThe identifier of the entity which can satisfy the subject confirmation requirements.
PinnedAssertionSubjectConfirmationMethodSpecifies the mechanism to be used to confirm the subject.
PinnedAssertionSubjectIDReturns the pinned assertion subject.
POSTBindingBodyContains the form body.
POSTBindingFormTemplateContains the XHTML form template returned by the service provider.
POSTBindingModeSpecifies whether binding is applied on a server, or on a client side.
POSTBindingRelayStateContains the value of the RelayState parameter of POST binding mechanism.
POSTBindingURLContains the URL of POST binding mechanism.
ProfileSpecifies a pre-defined profile to apply when creating the signature.
ProxyAddressThe IP address of the proxy server.
ProxyAuthenticationThe authentication type used by the proxy server.
ProxyPasswordThe password to authenticate to the proxy server.
ProxyPortThe port on the proxy server to connect to.
ProxyProxyTypeThe type of the proxy server.
ProxyRequestHeadersContains HTTP request headers for WebTunnel and HTTP proxy.
ProxyResponseBodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
ProxyResponseHeadersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
ProxyUseIPv6Specifies whether IPv6 should be used when connecting through the proxy.
ProxyUseProxyEnables or disables proxy-driven connection.
ProxyUsernameSpecifies the username credential for proxy authentication.
RedirectBindingEncodingSpecifies the message encoding.
RedirectBindingForceSignEnforces a signature over all outgoing messages.
RedirectBindingRelayStateContains the RelayState parameter of the binding.
RedirectBindingSignSpecifies whether to sign generated messages.
RedirectBindingSignatureAlgorithmContains the signature algorithm.
RedirectBindingURLContains the URL of the request query.
RedirectBindingVerifySignaturesInstructs the component whether to verify incoming signatures.
RedirectBindingCertBytesReturns raw certificate data in DER format.
RedirectBindingCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
ResponseNameIDContains the NameID parameter of a NameIDMapping response.
ResponseOptionalElementAn optional message element to be returned with the response.
ResponseResponseTypeContains the type of the response.
ResponseStatusCodeSubValueThe value of the nested StatusCode.
ResponseStatusCodeValueContains the status code value.
ResponseStatusDetailContains additional information on the status of the request.
ResponseStatusMessageContains a status message (optional).
SignatureValidationResultContains the signature validation result.
SignedReturns true it the message is signed.
SigningCertBytesReturns raw certificate data in DER format.
SigningCertCAIndicates whether the certificate has a CA capability (a setting in BasicConstraints extension).
SigningCertCAKeyIDA unique identifier (fingerprint) of the CA certificate's private key.
SigningCertCRLDistributionPointsLocations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
SigningCertCurveSpecifies the elliptic curve of the EC public key.
SigningCertFingerprintContains the fingerprint (a hash imprint) of this certificate.
SigningCertFriendlyNameContains an associated alias (friendly name) of the certificate.
SigningCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
SigningCertHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN .
SigningCertIssuerThe common name of the certificate issuer (CA), typically a company name.
SigningCertIssuerRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
SigningCertKeyAlgorithmSpecifies the public key algorithm of this certificate.
SigningCertKeyBitsReturns the length of the public key.
SigningCertKeyFingerprintReturns a fingerprint of the public key contained in the certificate.
SigningCertKeyUsageIndicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
SigningCertKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
SigningCertOCSPLocationsLocations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
SigningCertPolicyIDsContains identifiers (OIDs) of the applicable certificate policies.
SigningCertPublicKeyBytesContains the certificate's public key in DER format.
SigningCertSelfSignedIndicates whether the certificate is self-signed (root) or signed by an external CA.
SigningCertSerialNumberReturns the certificate's serial number.
SigningCertSigAlgorithmIndicates the algorithm that was used by the CA to sign this certificate.
SigningCertSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
SigningCertSubjectKeyIDContains a unique identifier (fingerprint) of the certificate's private key.
SigningCertSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
SigningCertValidFromThe time point at which the certificate becomes valid, in UTC.
SigningCertValidToThe time point at which the certificate expires, in UTC.
SocketDNSModeSelects the DNS resolver to use: the component's (secure) built-in one, or the one provided by the system.
SocketDNSPortSpecifies the port number to be used for sending queries to the DNS server.
SocketDNSQueryTimeoutThe timeout (in milliseconds) for each DNS query.
SocketDNSServersThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
SocketDNSTotalTimeoutThe timeout (in milliseconds) for the whole resolution process.
SocketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
SocketLocalAddressThe local network interface to bind the socket to.
SocketLocalPortThe local port number to bind the socket to.
SocketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
SocketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
SocketUseIPv6Enables or disables IP protocol version 6.
SubjectConfirmationCountThe number of records in the SubjectConfirmation arrays.
SubjectConfirmationDataAddressContains the address enabled for presenting assertions.
SubjectConfirmationDataInResponseToThe ID of the SAML message in response to which the assertion is issued.
SubjectConfirmationDataNotBeforeTime moment before which the subject cannot be confirmed.
SubjectConfirmationDataNotOnOrAfterLimits the time until which the subject can be confirmed.
SubjectConfirmationDataRecipientThe URI of the entity or the location of the resource to which the assertion should be presented.
SubjectConfirmationDataTypeThe type of data contained in the confirmation.
SubjectConfirmationIDThe identifier of the entity which can satisfy the subject confirmation requirements.
SubjectConfirmationMethodSpecifies the mechanism to be used to confirm the subject.
SubjectIDReturns the subject of the message.
TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
TLSBaseConfigurationSelects the base configuration for the TLS settings.
TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
TLSECCurvesDefines the elliptic curves to enable.
TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
TLSTLSModeSpecifies the TLS mode to use.
TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
TLSUseSessionResumptionEnables or disables TLS session resumption capability.
TLSVersionsTh SSL/TLS versions to enable by default.
TrustedCertCountThe number of records in the TrustedCert arrays.
TrustedCertBytesReturns raw certificate data in DER format.
TrustedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
UseBindingEnables or disables automated binding processing.
ValidateSignaturesEnables or disables automated signature validation.
ValidationLogContains the complete log of the certificate validation routine.
ValidationMomentThe time point at which chain validity is to be established.
VersionReturns SAML content version string.

Method List


The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

CompareIDsCompares two SAML IDs.
ConfigSets or retrieves a configuration setting.
GetIDPropExtracts a specific property from a SAML ID.
OpenOpens a SAML entity.
OpenBytesOpens a SAML entity.
OpenFileOpens a SAML entity.
PinAdviceAssertionPins advice assertion by propagating it in PinnedAssertionXXX properties.
PinAssertionPins assertion by propagating it in PinnedAssertionXXX properties.

Event List


The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

ErrorFires to report an error condition.
NotificationThis event notifies the application about an underlying control flow event.
SignatureFoundSignifies the start of signature validation.
SignatureValidatedReports the signature validation result.

Configuration Settings


The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.

IgnoreSystemTrustWhether trusted Windows Certificate Stores should be treated as trusted.
TolerateMinorChainIssuesWhether to tolerate minor chain issues.
UseMicrosoftCTLEnables or disables automatic use of Microsoft online certificate trust list.
UseSystemCertificatesEnables or disables the use of the system certificates.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the component (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client components should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 C++ Builder Edition - Version 20.0 [Build 8154]