SAMLIdPServer Class
Properties Methods Events Config Settings Errors
The SAMLIdPServer class represents a SAML identity provider.
Syntax
secureblackbox.Samlidpserver
Remarks
The identity provider in the SAML (Security Assertion Markup Language) exchange flow represents the server that issues authentication assertions for single sign-on (SSO).
Requests received by the IdP server from known service providers (SP) are processed automatically, in accordance with known SP metadata and IdP options. If the request is correct, the client is redirected to the IdP for authentication. The authentication algorithm depends on the IdP options and may be reduced to a simple IP check, X.509 certificate authentication, or login credentials check.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
Active | Tells whether the server is active and ready to process requests. |
AllowIDPSSO | Specifies if IdP-initiated Single Sign-On (SSO) is allowed. |
ArtifactResolutionService | The location of the artifact resolution service. |
AttributeQueryService | The location of the AttributeQuery service. |
AuthFormTemplate | Defines the default authentication template (login page). |
ClientAuth | Enables or disables certificate-based client authentication. |
EncryptAssertions | Specifies whether to encrypt assertions included into the IdP response. |
EncryptionCertificate | The certificate used to encrypt the assertions. |
ErrorOrigin | Indicates the endpoint where the error originates from. |
ErrorSeverity | The severity of the error that happened. |
ExternalCrypto | Provides access to external signing and DC parameters. |
FIPSMode | Reserved. |
Host | Specifies the host address of the IdP server. |
IDPSSOPage | Specifies the relative URL of the IdP-initiated SSO page. |
IDPSSOPageContent | The content of the IdP-initiated SSO page. |
LoginAttemptsLimit | The maximum number of login attempts. |
MetadataURL | The IdP's metadata location. |
MetaSigningCertificate | Specifies the metadata signing certificate. |
OfflineMode | Enables the Offline mode. |
Port | The listening port number. |
PreferredSingleLogoutResponseBinding | Specifies the preferred single logout response binding. |
PreferredSingleSignOnResponseBinding | Specifies preferred SSO response binding. |
ServerCertificates | The server's TLS certificates. |
SigCanonicalizationMethod | The canonicalization method to use in the signature. |
SigDigestMethod | The digest method to use. |
SigMethod | The signature method to use. |
SignAssertions | Specifies whether the assertions included in IdP responses should be signed. |
SigningCertificate | The certificate to be used by the IdP's for signing. |
SigningChain | The signing certificate chain. |
SignMetadata | Specifies whether the IdP's metadata should be signed. |
SignResponse | Specifies whether the IdP responses should be signed. |
SingleLogoutService | The URL of the single logout service. |
SingleLogoutServiceBindings | Defines single logout service bindings. |
SingleSignOnService | The URL of the single logout service. |
SingleSignOnServiceBindings | Defines single sign-on service bindings. |
SocketSettings | Manages network connection settings. |
TLSSettings | Manages TLS layer settings. |
URL | Specifies the base URL of this IdP server. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
AddIdPSSOLink | Adds an SSO URL to the list. |
AddUser | Registers known user credentials. |
AddUserWithEmail | Registers known user credentials. |
ClearUsers | Clears the database of registered users. |
Config | Sets or retrieves a configuration setting. |
DoAction | Performs an additional action. |
GetProviderProperty | Returns the value of a custom provider property. |
LoadSPMetadata | Loads the metadata required for information exchange with the service provider. |
ProcessGenericRequest | Processes a generic HTTP SAML request. |
RemoveIdPSSOLink | Removes the specified SSO link. |
RemoveSP | Removes an SP from the list of trusted service providers. |
RemoveUser | Unregister user credentials. |
SaveMetadata | Saves the IdP configuration to a metadata file. |
SaveMetadataToStream | Saves the IdP configuration to a metadata file. |
SetProviderProperty | Sets the value of a custom provider property. |
Start | Starts the IdP server. |
Stop | Stops the IdP server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
Accept | Reports an incoming connection. |
AssertionCreated | Notifies the application about the creation of a new assertion. |
AssertionReceived | Notifies the application about the receipt of an assertion. |
Connect | Reports an accepted connection. |
Disconnect | Fires to report a disconnected client. |
Error | Information about errors during data delivery. |
ExternalSign | Handles remote or external signing initiated by the server protocol. |
MetadataRequest | Notifies the application about the metadata request. |
Notification | This event notifies the application about an underlying control flow event. |
SessionClosed | This event is fired when the IdP server has closed a session. |
SessionEstablished | This event is fired when a new session has been established. |
VerifyCredentials | Passes user credentials to the application for verification. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
AssertionsOneTimeUse | Adds a one-time use condition to the assertion. |
AssertionsTTL | The assertions time-to-live value. |
BoundPort | The port that was bound by the server. |
DefaultNameIDPolicyFormat | Default name ID policy format. |
DefaultPassiveAuthnContextClassRef | The default passive authentication context class. |
DualStack | Allows the use of ip4 and ip6 simultaneously. |
HandshakeTimeout | The HTTPS handshake timeout. |
MaxIssueInstantTimeDiff | The maximum issue-instant time delta. |
NotBeforeTimeout | The 'not-before' timeout to use. |
PortRangeFrom | The lower bound of allowed port scope to listen on. |
PortRangeTo | The higher bound of allowed port scope to listen on. |
ServerName | Specifies the server name for the created responses. |
SessionTimeout | The HTTP session timeout. |
SessionTTL | The SAML session time-to-live value. |
SubjectConfirmationMethod | Subject confirmation method. |
TempPath | Path for storing temporary files. |
CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
Cookies | Gets or sets local cookies for the class. |
DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
LogDestination | Specifies the debug log destination. |
LogDetails | Specifies the debug log details to dump. |
LogFile | Specifies the debug log filename. |
LogFilters | Specifies the debug log filters. |
LogFlushMode | Specifies the log flush mode. |
LogLevel | Specifies the debug log level. |
LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
LogRotationMode | Specifies the log rotation mode. |
MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
StaticDNS | Specifies whether static DNS rules should be used. |
StaticIPAddress[domain] | Gets or sets an IP address for the specified domain name. |
StaticIPAddresses | Gets or sets all the static DNS rules. |
Tag | Allows to store any custom data. |
TLSSessionGroup | Specifies the group name of TLS sessions to be used for session resumption. |
TLSSessionLifetime | Specifies lifetime in seconds of the cached TLS session. |
TLSSessionPurgeInterval | Specifies how often the session cache should remove the expired TLS sessions. |
UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
UseSystemRandom | Enables or disables the use of the OS PRNG. |
Active Property (SAMLIdPServer Class)
Tells whether the server is active and ready to process requests.
Syntax
public boolean isActive();
Default Value
False
Remarks
This property indicates whether the IdP server is in an active state.
This property is read-only and not available at design time.
AllowIDPSSO Property (SAMLIdPServer Class)
Specifies if IdP-initiated Single Sign-On (SSO) is allowed.
Syntax
public boolean isAllowIDPSSO(); public void setAllowIDPSSO(boolean allowIDPSSO);
Default Value
False
Remarks
Set this property to true to allow IdP-initiated Single Sign-Ons. Use AddIdPSSOLink method to add sign-on URLs.
ArtifactResolutionService Property (SAMLIdPServer Class)
The location of the artifact resolution service.
Syntax
public String getArtifactResolutionService(); public void setArtifactResolutionService(String artifactResolutionService);
Default Value
"/idp/ArtifactResolutionService"
Remarks
Use this property to specify the location of the artifact resolution service of this Identity Provider (IdP).
AttributeQueryService Property (SAMLIdPServer Class)
The location of the AttributeQuery service.
Syntax
public String getAttributeQueryService(); public void setAttributeQueryService(String attributeQueryService);
Default Value
"/idp/AttributeQueryService"
Remarks
Use this property to specify the relative URL of the AttributeQuery service provided by this Identity Provider (IdP).
AuthFormTemplate Property (SAMLIdPServer Class)
Defines the default authentication template (login page).
Syntax
public String getAuthFormTemplate(); public void setAuthFormTemplate(String authFormTemplate);
Default Value
""
Remarks
This property contains the HTML code of the authentication form. You can use it to control the appearance of the login page.
ClientAuth Property (SAMLIdPServer Class)
Enables or disables certificate-based client authentication.
Syntax
public int getClientAuth(); public void setClientAuth(int clientAuth); Enumerated values: public final static int ccatNoAuth = 0; public final static int ccatRequestCert = 1; public final static int ccatRequireCert = 2;
Default Value
0
Remarks
Set this property to true to tune up the client authentication type: ccatNoAuth = 0; ccatRequestCert = 1; ccatRequireCert = 2;
EncryptAssertions Property (SAMLIdPServer Class)
Specifies whether to encrypt assertions included into the IdP response.
Syntax
public boolean isEncryptAssertions(); public void setEncryptAssertions(boolean encryptAssertions);
Default Value
False
Remarks
Set this property to True to force the class to encrypt the assertions included into the server's response.
EncryptionCertificate Property (SAMLIdPServer Class)
The certificate used to encrypt the assertions.
Syntax
public Certificate getEncryptionCertificate(); public void setEncryptionCertificate(Certificate encryptionCertificate);
Remarks
Use this property to provide the certificate to be used for encrypting the assertions included into the IdP responses.
The class encrypts assertions automatically if EncryptAssertions is True.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.ErrorOrigin Property (SAMLIdPServer Class)
Indicates the endpoint where the error originates from.
Syntax
public int getErrorOrigin(); public void setErrorOrigin(int errorOrigin); Enumerated values: public final static int eoLocal = 0; public final static int eoRemote = 1;
Default Value
0
Remarks
Use this property to establish whether the reported error originates from a local or remote endpoint.
eoLocal | 0 | |
eoRemote | 1 |
This property is not available at design time.
ErrorSeverity Property (SAMLIdPServer Class)
The severity of the error that happened.
Syntax
public int getErrorSeverity(); public void setErrorSeverity(int errorSeverity); Enumerated values: public final static int esInfo = 0; public final static int esWarning = 1; public final static int esFatal = 2;
Default Value
1
Remarks
Use this property to establish whether the error is fatal.
esWarning | 1 | |
esFatal | 2 |
This property is not available at design time.
ExternalCrypto Property (SAMLIdPServer Class)
Provides access to external signing and DC parameters.
Syntax
public ExternalCrypto getExternalCrypto();
Remarks
Use this property to tune-up remote cryptography settings. SecureBlackbox supports two independent types of external cryptography: synchronous (based on the ExternalSign event) and asynchronous (based on the DC protocol and the DCAuth signing component).
This property is read-only.
Please refer to the ExternalCrypto type for a complete list of fields.FIPSMode Property (SAMLIdPServer Class)
Reserved.
Syntax
public boolean isFIPSMode(); public void setFIPSMode(boolean FIPSMode);
Default Value
False
Remarks
This property is reserved for future use.
Host Property (SAMLIdPServer Class)
Specifies the host address of the IdP server.
Syntax
public String getHost(); public void setHost(String host);
Default Value
""
Remarks
Use this property to specify the IP address on which to listen to incoming connections. To specify the listening port number, use Port.
IDPSSOPage Property (SAMLIdPServer Class)
Specifies the relative URL of the IdP-initiated SSO page.
Syntax
public String getIDPSSOPage(); public void setIDPSSOPage(String IDPSSOPage);
Default Value
"/idpsso"
Remarks
Use this property to specify the address of the Single Sign-On (SSO) page initiated by this Identity Provider (IdP).
IDPSSOPageContent Property (SAMLIdPServer Class)
The content of the IdP-initiated SSO page.
Syntax
public String getIDPSSOPageContent(); public void setIDPSSOPageContent(String IDPSSOPageContent);
Default Value
""
Remarks
Use this property to specify the content of the Single Sign-On (SSO) page initiated by this Identity Provider (IdP).
LoginAttemptsLimit Property (SAMLIdPServer Class)
The maximum number of login attempts.
Syntax
public int getLoginAttemptsLimit(); public void setLoginAttemptsLimit(int loginAttemptsLimit);
Default Value
3
Remarks
Use this property to set the maximum number of login attempts.
MetadataURL Property (SAMLIdPServer Class)
The IdP's metadata location.
Syntax
public String getMetadataURL(); public void setMetadataURL(String metadataURL);
Default Value
"/idp/metadata"
Remarks
This property specifies the metadata URL of this Identity Provider (IdP).
MetaSigningCertificate Property (SAMLIdPServer Class)
Specifies the metadata signing certificate.
Syntax
public Certificate getMetaSigningCertificate(); public void setMetaSigningCertificate(Certificate metaSigningCertificate);
Remarks
Use this property to specify the certificate to be used to sign the IdP's metadata.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.OfflineMode Property (SAMLIdPServer Class)
Enables the Offline mode.
Syntax
public boolean isOfflineMode(); public void setOfflineMode(boolean offlineMode);
Default Value
False
Remarks
In the Offline mode the server does not open the listening port. Instead, it expects all incoming requests to be provided via the ProcessGenericRequest calls.
The Offline mode is a handy mechanism for attaching the server to external web engines, such as IIS or Tomcat. It lets you leave the HTTP matters to the engine, and only be responsible for handling the actual SAML requests.
Port Property (SAMLIdPServer Class)
The listening port number.
Syntax
public int getPort(); public void setPort(int port);
Default Value
80
Remarks
Use this property to specify the port number on which the IdP server should listen for incoming connections. To specify server's IP address use Host.
PreferredSingleLogoutResponseBinding Property (SAMLIdPServer Class)
Specifies the preferred single logout response binding.
Syntax
public int getPreferredSingleLogoutResponseBinding(); public void setPreferredSingleLogoutResponseBinding(int preferredSingleLogoutResponseBinding); Enumerated values: public final static int csbtNone = 0; public final static int csbtSOAP = 1; public final static int csbtPAOS = 2; public final static int csbtRedirect = 3; public final static int csbtPOST = 4; public final static int csbtArtifact = 5;
Default Value
3
Remarks
This value is used by the Identity Provider (IdP) when the default binding is not specified in Service Provider's (SP) metadata file.
The binding is the mechanism of message exchange used by SAML requestors and responders.
csbtNone | 0 | |
csbtSOAP | 1 | |
csbtPAOS | 2 | |
csbtRedirect | 3 | |
csbtPOST | 4 | |
csbtArtifact | 5 |
PreferredSingleSignOnResponseBinding Property (SAMLIdPServer Class)
Specifies preferred SSO response binding.
Syntax
public int getPreferredSingleSignOnResponseBinding(); public void setPreferredSingleSignOnResponseBinding(int preferredSingleSignOnResponseBinding); Enumerated values: public final static int csbtNone = 0; public final static int csbtSOAP = 1; public final static int csbtPAOS = 2; public final static int csbtRedirect = 3; public final static int csbtPOST = 4; public final static int csbtArtifact = 5;
Default Value
4
Remarks
This value is used by the Identity Provider (IdP) when the default binding is not specified in Service Provider's (SP) metadata file.
The binding is the mechanism of message exchange used by SAML requestors and responders.
csbtNone | 0 | |
csbtSOAP | 1 | |
csbtPAOS | 2 | |
csbtRedirect | 3 | |
csbtPOST | 4 | |
csbtArtifact | 5 |
ServerCertificates Property (SAMLIdPServer Class)
The server's TLS certificates.
Syntax
public CertificateList getServerCertificates(); public void setServerCertificates(CertificateList serverCertificates);
Remarks
Use this property to provide a list of TLS certificates for the server endpoint.
A TLS endpoint needs a certificate to be able to accept TLS connections. At least one of the certificates in the collection - the endpoint certificate - must have a private key associated with it.
The collection may include more than one endpoint certificate, and more than one chain. A typical usage scenario is to include two chains (ECDSA and RSA), to cater for clients with different cipher suite preferences.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.SigCanonicalizationMethod Property (SAMLIdPServer Class)
The canonicalization method to use in the signature.
Syntax
public String getSigCanonicalizationMethod(); public void setSigCanonicalizationMethod(String sigCanonicalizationMethod);
Default Value
""
Remarks
The URI of the canonicalization method to use in the signature (e.g. http://www.w3.org/TR/xml-exc-c14n/)
SigDigestMethod Property (SAMLIdPServer Class)
The digest method to use.
Syntax
public String getSigDigestMethod(); public void setSigDigestMethod(String sigDigestMethod);
Default Value
""
Remarks
The URI of the digest method to use for signing, as defined in XMLDSIG or XMLENC: http://www.w3.org/2000/09/xmldsig#sha256.
SigMethod Property (SAMLIdPServer Class)
The signature method to use.
Syntax
public String getSigMethod(); public void setSigMethod(String sigMethod);
Default Value
""
Remarks
The URI specifying the signature method to use for signing, for example http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
SignAssertions Property (SAMLIdPServer Class)
Specifies whether the assertions included in IdP responses should be signed.
Syntax
public boolean isSignAssertions(); public void setSignAssertions(boolean signAssertions);
Default Value
False
Remarks
Set this property to True to automatically sign the assertions included into the Identity Provider (IdP) responses.
SigningCertificate Property (SAMLIdPServer Class)
The certificate to be used by the IdP's for signing.
Syntax
public Certificate getSigningCertificate(); public void setSigningCertificate(Certificate signingCertificate);
Remarks
Use this property to specify the certificate that shall be used for signing the assertions. Note that this certificate should have a private key associated with it. Use SigningChain to supply the rest of the certificate chain for inclusion into the signature.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.SigningChain Property (SAMLIdPServer Class)
The signing certificate chain.
Syntax
public CertificateList getSigningChain(); public void setSigningChain(CertificateList signingChain);
Remarks
Use this property to provide the chain for the signing certificate. Use the SigningCertificate property, if it is available, to provide the signing certificate itself.
This property is not available at design time.
Please refer to the Certificate type for a complete list of fields.SignMetadata Property (SAMLIdPServer Class)
Specifies whether the IdP's metadata should be signed.
Syntax
public boolean isSignMetadata(); public void setSignMetadata(boolean signMetadata);
Default Value
False
Remarks
Set this property to True to sign the Identity Provider's (IdP) metadata before saving it. Do not forget to assign the signing certificate to the MetaSigningCertificate property.
SignResponse Property (SAMLIdPServer Class)
Specifies whether the IdP responses should be signed.
Syntax
public boolean isSignResponse(); public void setSignResponse(boolean signResponse);
Default Value
False
Remarks
Set this property to True to automatically sign the responses sent by this IdP server.
SingleLogoutService Property (SAMLIdPServer Class)
The URL of the single logout service.
Syntax
public String getSingleLogoutService(); public void setSingleLogoutService(String singleLogoutService);
Default Value
"/idp/SingleLogoutService"
Remarks
This property specifies the relative URL of the single logout service.
SingleLogoutServiceBindings Property (SAMLIdPServer Class)
Defines single logout service bindings.
Syntax
public String getSingleLogoutServiceBindings(); public void setSingleLogoutServiceBindings(String singleLogoutServiceBindings);
Default Value
"+Artifact,+POST,+Redirect"
Remarks
Use this property to specify the single logout service bindings.
The binding is the mechanism of message exchange used by SAML requestors and responders.
SingleSignOnService Property (SAMLIdPServer Class)
The URL of the single logout service.
Syntax
public String getSingleSignOnService(); public void setSingleSignOnService(String singleSignOnService);
Default Value
"/idp/SingleSignOnService"
Remarks
This property specifies the relative URL of the single logout (SSO) service.
SingleSignOnServiceBindings Property (SAMLIdPServer Class)
Defines single sign-on service bindings.
Syntax
public String getSingleSignOnServiceBindings(); public void setSingleSignOnServiceBindings(String singleSignOnServiceBindings);
Default Value
"+Artifact,+POST,+Redirect"
Remarks
Use this property to specify the single sign-on service bindings.
The binding is the mechanism of message exchange used by SAML requestors and responders.
SocketSettings Property (SAMLIdPServer Class)
Manages network connection settings.
Syntax
public SocketSettings getSocketSettings();
Remarks
Use this property to tune up network connection parameters.
This property is read-only.
Please refer to the SocketSettings type for a complete list of fields.TLSSettings Property (SAMLIdPServer Class)
Manages TLS layer settings.
Syntax
public TLSSettings getTLSSettings();
Remarks
Use this property to tune up the TLS layer parameters.
This property is read-only.
Please refer to the TLSSettings type for a complete list of fields.URL Property (SAMLIdPServer Class)
Specifies the base URL of this IdP server.
Syntax
public String getURL(); public void setURL(String URL);
Default Value
""
Remarks
Use this property to set the base URL for this Identity Provider (IdP) server.
AddIdPSSOLink Method (Samlidpserver Class)
Adds an SSO URL to the list.
Syntax
public int addIdPSSOLink(int SPIndex, String URL, String relayState);
Remarks
Use this method to add a new single sign-on (SSO) link. The method returns the index of the new link in the internal list of SSO links.
SPIndex specifies the index of the service provider configuration, URL contains the relative URL for the SSO, and RelayState contains the value of the corresponding SAML parameter.
According to SAML 2.0 specification, the RelayState parameter may be used by the SAML binding in order to convey and preserve state information. If this parameter is present in a SAML request message, the responding party must include the same exact parameter into the response to this request.
In many applications, when using IdP-initiated single sign-on, the IdP uses RelayState to indicate to the SP the URL to which it should redirect after the successful sign-on.
AddUser Method (Samlidpserver Class)
Registers known user credentials.
Syntax
public void addUser(String login, String password);
Remarks
Call this method to register a pair of known user's credentials with the server.
AddUserWithEmail Method (Samlidpserver Class)
Registers known user credentials.
Syntax
public void addUserWithEmail(String login, String email, String password);
Remarks
Call this method to register known user's credentials with the server. In addition to Login and Password this method also associates an Email address with this user.
ClearUsers Method (Samlidpserver Class)
Clears the database of registered users.
Syntax
public void clearUsers();
Remarks
Use this method to remove all stored user credential details.
Config Method (Samlidpserver Class)
Sets or retrieves a configuration setting.
Syntax
public String config(String configurationString);
Remarks
Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
DoAction Method (Samlidpserver Class)
Performs an additional action.
Syntax
public String doAction(String actionID, String actionParams);
Remarks
DoAction is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.
The unique identifier (case insensitive) of the action is provided in the ActionID parameter.
ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....
GetProviderProperty Method (Samlidpserver Class)
Returns the value of a custom provider property.
Syntax
public String getProviderProperty(String name);
Remarks
This method, together with SetProviderProperty, provides an extensible way of managing the Identity Provider's settings that are not available through the primary properties of the component. As SAML usage scenarios evolve and new providers appear, the list of supported properties can be extended.
The following properties are currently supported:
- ContactPerson
- OrganizationName
- OrganizationDisplayName
- OrganizationURL
- OrganizationLang
LoadSPMetadata Method (Samlidpserver Class)
Loads the metadata required for information exchange with the service provider.
Syntax
public int loadSPMetadata(String fileName);
Remarks
The Service provider (SP) may have a lot of different options and requirements for interactions with the Identity provider (IdP). Usually all these options together with X.509 certificates needed for data exchange are stored in XML metadata files. Use this method to load metadata from such file generated by the service provider.
FileName specifies the metadata file name.
ProcessGenericRequest Method (Samlidpserver Class)
Processes a generic HTTP SAML request.
Syntax
public byte[] processGenericRequest(byte[] request);
Remarks
Use this method to process a generic well-formed HTTP SAML request obtained elsewhere. This is a handy mechanism to bind the SAML processor to an external web engine.
The Request parameter is expected to contain a full HTTP request, including the HTTP method string (GET, POST) and all the headers. The returned value contains a full HTTP response that should be supplied back to the requestor. You can edit some parts of the response (for example, by adding some custom HTTP headers).
You can use this method with or without the OfflineMode.
RemoveIdPSSOLink Method (Samlidpserver Class)
Removes the specified SSO link.
Syntax
public void removeIdPSSOLink(int index);
Remarks
Multiple URLs may be used on an IdP to initiate the single sign-on (SSO) session. You can add new links using AddIdPSSOLink, and remove ones that are no longer needed with RemoveIdPSSOLink.
RemoveSP Method (Samlidpserver Class)
Removes an SP from the list of trusted service providers.
Syntax
public void removeSP(int index);
Remarks
Use this method to remove information about a service provider from the server.
RemoveUser Method (Samlidpserver Class)
Unregister user credentials.
Syntax
public void removeUser(String login);
Remarks
Use this method to 'forget' the credentials of the user specified by the Login.
SaveMetadata Method (Samlidpserver Class)
Saves the IdP configuration to a metadata file.
Syntax
public void saveMetadata(String fileName);
Remarks
Use this method to save the Identity Provider (IdP) configuration in the form of XML metadata in the file specified by FileName. This file may be transferred to service providers (SP) to adjust their interaction processes.
SaveMetadataToStream Method (Samlidpserver Class)
Saves the IdP configuration to a metadata file.
Syntax
public void saveMetadataToStream(java.io.OutputStream stream);
Remarks
Use this method to save the Identity Provider (IdP) configuration in the form of XML metadata into the Stream. This metadata may be transferred to service providers (SP) to adjust their interaction processes.
SetProviderProperty Method (Samlidpserver Class)
Sets the value of a custom provider property.
Syntax
public void setProviderProperty(String name, String value);
Remarks
This method, together with GetProviderProperty, provides an extensible way of managing the Identity Provider's settings that are not available through the primary properties of the component. As SAML usage scenarios evolve and new providers appear, the list of supported properties can be extended.
The following properties are currently supported:
- ContactPerson
- OrganizationName
- OrganizationDisplayName
- OrganizationURL
- OrganizationLang
Start Method (Samlidpserver Class)
Starts the IdP server.
Syntax
public void start();
Remarks
Use this method to start listening for incoming connections.
Stop Method (Samlidpserver Class)
Stops the IdP server.
Syntax
public void stop();
Remarks
Call this method to stop listening for incoming connections.
Accept Event (Samlidpserver Class)
Reports an incoming connection.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void accept(SamlidpserverAcceptEvent e) {} ... } public class SamlidpserverAcceptEvent { public String remoteAddress; public int remotePort; public boolean accept; }
Remarks
This event is fired when a new connection from RemoteAddress:RemotePort is ready to be accepted. Use the Accept parameter to accept or decline it.
Subscribe to Connect event to be notified of every connection that has been set up.
AssertionCreated Event (Samlidpserver Class)
Notifies the application about the creation of a new assertion.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void assertionCreated(SamlidpserverAssertionCreatedEvent e) {} ... } public class SamlidpserverAssertionCreatedEvent { public long connectionID; public int assertionOrigin; public String assertionType; public String content; }
Remarks
Use this event to track the creation of a new SAML assertion (upon request from the browser or the SP).
The ConnectionID identifies the connection that requested the assertion. AssertionOrigin and AssertionType specify the type of assertion that was prepared and its disposition, and Content contains the body of the assertion. You can alter the body if required, but please keep in mind that changes may invalidate signed assertions.
saoUnknown | 0 | Unknown origin |
saoRequest | 1 | The assertion is part of a SAML request |
saoResponse | 2 | The assertion is part of a SAML response |
AssertionReceived Event (Samlidpserver Class)
Notifies the application about the receipt of an assertion.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void assertionReceived(SamlidpserverAssertionReceivedEvent e) {} ... } public class SamlidpserverAssertionReceivedEvent { public long connectionID; public int assertionOrigin; public String content; }
Remarks
Use this event to track the receipt of a SAML assertion from the remote party.
The ConnectionID identifies the connection that requested the assertion. AssertionOrigin specifies the disposition of the assertion, and Content contains its body. You can alter the body if required, but please keep in mind that changes may invalidate signed assertions.
saoUnknown | 0 | Unknown origin |
saoRequest | 1 | The assertion is part of a SAML request |
saoResponse | 2 | The assertion is part of a SAML response |
Connect Event (Samlidpserver Class)
Reports an accepted connection.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void connect(SamlidpserverConnectEvent e) {} ... } public class SamlidpserverConnectEvent { public long connectionId; public String remoteAddress; public int remotePort; }
Remarks
The class fires this event to report that a new connection has been established. ConnectionId indicates the unique ID assigned to this connection. The same ID will be supplied to any other events related to this connection, such as SessionClosed or SessionEstablished.
Disconnect Event (Samlidpserver Class)
Fires to report a disconnected client.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void disconnect(SamlidpserverDisconnectEvent e) {} ... } public class SamlidpserverDisconnectEvent { public long connectionID; }
Remarks
The class fires this event when a connected client disconnects.
Error Event (Samlidpserver Class)
Information about errors during data delivery.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void error(SamlidpserverErrorEvent e) {} ... } public class SamlidpserverErrorEvent { public int errorCode; public String description; }
Remarks
The event is fired in case of exceptional conditions during message processing.
ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the section.
ExternalSign Event (Samlidpserver Class)
Handles remote or external signing initiated by the server protocol.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void externalSign(SamlidpserverExternalSignEvent e) {} ... } public class SamlidpserverExternalSignEvent { public long connectionID; public String operationId; public String hashAlgorithm; public String pars; public String data; public String signedData; }
Remarks
Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.
The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the class via the SignedData parameter.
OperationId provides a comment about the operation and its origin. It depends on the exact class being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.
The class uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.
A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16
A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following:
signer.OnExternalSign += (s, e) =>
{
var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable);
var key = (RSACryptoServiceProvider)cert.PrivateKey;
var dataToSign = e.Data.FromBase16String();
var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1");
e.SignedData = signedData.ToBase16String();
};
MetadataRequest Event (Samlidpserver Class)
Notifies the application about the metadata request.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void metadataRequest(SamlidpserverMetadataRequestEvent e) {} ... } public class SamlidpserverMetadataRequestEvent { public long connectionID; public String metadata; }
Remarks
The class uses this event to notify the application about an incoming metadata request. The suggested metadata text is provided through the Metadata parameter. The application can adjust it as required if it needs to.
Notification Event (Samlidpserver Class)
This event notifies the application about an underlying control flow event.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void notification(SamlidpserverNotificationEvent e) {} ... } public class SamlidpserverNotificationEvent { public String eventID; public String eventParam; }
Remarks
The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.
The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.
SessionClosed Event (Samlidpserver Class)
This event is fired when the IdP server has closed a session.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void sessionClosed(SamlidpserverSessionClosedEvent e) {} ... } public class SamlidpserverSessionClosedEvent { public long connectionID; }
Remarks
ConnectionID contains the identifier of the closed session.
SessionEstablished Event (Samlidpserver Class)
This event is fired when a new session has been established.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void sessionEstablished(SamlidpserverSessionEstablishedEvent e) {} ... } public class SamlidpserverSessionEstablishedEvent { public long connectionID; public String username; }
Remarks
ConnectionID contains the identifier of the new session, Username specifies the client's address and Username.
VerifyCredentials Event (Samlidpserver Class)
Passes user credentials to the application for verification.
Syntax
public class DefaultSamlidpserverEventListener implements SamlidpserverEventListener { ... public void verifyCredentials(SamlidpserverVerifyCredentialsEvent e) {} ... } public class SamlidpserverVerifyCredentialsEvent { public long connectionID; public String username; public String password; public String body; public boolean accept; }
Remarks
Subscribe to this event to be notified about authentication attempts and adjust the acceptance result as required. This event fires after the user credentials have been validated against the configured database, and the value of the Accept parameter reflects the outcome of the validation.
The Username and Password parameters contain the provided credentials, and the Body parameter contains the unparsed form data.
Certificate Type
Provides details of an individual X.509 certificate.
Remarks
This type provides access to X.509 certificate details.
Fields
Bytes
byte[] (read-only)
Default Value: ""
Returns the raw certificate data in DER format.
CA
boolean
Default Value: False
Indicates whether the certificate has a CA capability (a setting in the BasicConstraints extension).
CAKeyID
byte[] (read-only)
Default Value: ""
A unique identifier (fingerprint) of the CA certificate's private key.
Authority Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates produced by the same issuer, but with different public keys.
CRLDistributionPoints
String
Default Value: ""
Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity.
Curve
String
Default Value: ""
Specifies the elliptic curve of the EC public key.
SB_EC_SECP112R1 | SECP112R1 | |
SB_EC_SECP112R2 | SECP112R2 | |
SB_EC_SECP128R1 | SECP128R1 | |
SB_EC_SECP128R2 | SECP128R2 | |
SB_EC_SECP160K1 | SECP160K1 | |
SB_EC_SECP160R1 | SECP160R1 | |
SB_EC_SECP160R2 | SECP160R2 | |
SB_EC_SECP192K1 | SECP192K1 | |
SB_EC_SECP192R1 | SECP192R1 | |
SB_EC_SECP224K1 | SECP224K1 | |
SB_EC_SECP224R1 | SECP224R1 | |
SB_EC_SECP256K1 | SECP256K1 | |
SB_EC_SECP256R1 | SECP256R1 | |
SB_EC_SECP384R1 | SECP384R1 | |
SB_EC_SECP521R1 | SECP521R1 | |
SB_EC_SECT113R1 | SECT113R1 | |
SB_EC_SECT113R2 | SECT113R2 | |
SB_EC_SECT131R1 | SECT131R1 | |
SB_EC_SECT131R2 | SECT131R2 | |
SB_EC_SECT163K1 | SECT163K1 | |
SB_EC_SECT163R1 | SECT163R1 | |
SB_EC_SECT163R2 | SECT163R2 | |
SB_EC_SECT193R1 | SECT193R1 | |
SB_EC_SECT193R2 | SECT193R2 | |
SB_EC_SECT233K1 | SECT233K1 | |
SB_EC_SECT233R1 | SECT233R1 | |
SB_EC_SECT239K1 | SECT239K1 | |
SB_EC_SECT283K1 | SECT283K1 | |
SB_EC_SECT283R1 | SECT283R1 | |
SB_EC_SECT409K1 | SECT409K1 | |
SB_EC_SECT409R1 | SECT409R1 | |
SB_EC_SECT571K1 | SECT571K1 | |
SB_EC_SECT571R1 | SECT571R1 | |
SB_EC_PRIME192V1 | PRIME192V1 | |
SB_EC_PRIME192V2 | PRIME192V2 | |
SB_EC_PRIME192V3 | PRIME192V3 | |
SB_EC_PRIME239V1 | PRIME239V1 | |
SB_EC_PRIME239V2 | PRIME239V2 | |
SB_EC_PRIME239V3 | PRIME239V3 | |
SB_EC_PRIME256V1 | PRIME256V1 | |
SB_EC_C2PNB163V1 | C2PNB163V1 | |
SB_EC_C2PNB163V2 | C2PNB163V2 | |
SB_EC_C2PNB163V3 | C2PNB163V3 | |
SB_EC_C2PNB176W1 | C2PNB176W1 | |
SB_EC_C2TNB191V1 | C2TNB191V1 | |
SB_EC_C2TNB191V2 | C2TNB191V2 | |
SB_EC_C2TNB191V3 | C2TNB191V3 | |
SB_EC_C2ONB191V4 | C2ONB191V4 | |
SB_EC_C2ONB191V5 | C2ONB191V5 | |
SB_EC_C2PNB208W1 | C2PNB208W1 | |
SB_EC_C2TNB239V1 | C2TNB239V1 | |
SB_EC_C2TNB239V2 | C2TNB239V2 | |
SB_EC_C2TNB239V3 | C2TNB239V3 | |
SB_EC_C2ONB239V4 | C2ONB239V4 | |
SB_EC_C2ONB239V5 | C2ONB239V5 | |
SB_EC_C2PNB272W1 | C2PNB272W1 | |
SB_EC_C2PNB304W1 | C2PNB304W1 | |
SB_EC_C2TNB359V1 | C2TNB359V1 | |
SB_EC_C2PNB368W1 | C2PNB368W1 | |
SB_EC_C2TNB431R1 | C2TNB431R1 | |
SB_EC_NISTP192 | NISTP192 | |
SB_EC_NISTP224 | NISTP224 | |
SB_EC_NISTP256 | NISTP256 | |
SB_EC_NISTP384 | NISTP384 | |
SB_EC_NISTP521 | NISTP521 | |
SB_EC_NISTB163 | NISTB163 | |
SB_EC_NISTB233 | NISTB233 | |
SB_EC_NISTB283 | NISTB283 | |
SB_EC_NISTB409 | NISTB409 | |
SB_EC_NISTB571 | NISTB571 | |
SB_EC_NISTK163 | NISTK163 | |
SB_EC_NISTK233 | NISTK233 | |
SB_EC_NISTK283 | NISTK283 | |
SB_EC_NISTK409 | NISTK409 | |
SB_EC_NISTK571 | NISTK571 | |
SB_EC_GOSTCPTEST | GOSTCPTEST | |
SB_EC_GOSTCPA | GOSTCPA | |
SB_EC_GOSTCPB | GOSTCPB | |
SB_EC_GOSTCPC | GOSTCPC | |
SB_EC_GOSTCPXCHA | GOSTCPXCHA | |
SB_EC_GOSTCPXCHB | GOSTCPXCHB | |
SB_EC_BRAINPOOLP160R1 | BRAINPOOLP160R1 | |
SB_EC_BRAINPOOLP160T1 | BRAINPOOLP160T1 | |
SB_EC_BRAINPOOLP192R1 | BRAINPOOLP192R1 | |
SB_EC_BRAINPOOLP192T1 | BRAINPOOLP192T1 | |
SB_EC_BRAINPOOLP224R1 | BRAINPOOLP224R1 | |
SB_EC_BRAINPOOLP224T1 | BRAINPOOLP224T1 | |
SB_EC_BRAINPOOLP256R1 | BRAINPOOLP256R1 | |
SB_EC_BRAINPOOLP256T1 | BRAINPOOLP256T1 | |
SB_EC_BRAINPOOLP320R1 | BRAINPOOLP320R1 | |
SB_EC_BRAINPOOLP320T1 | BRAINPOOLP320T1 | |
SB_EC_BRAINPOOLP384R1 | BRAINPOOLP384R1 | |
SB_EC_BRAINPOOLP384T1 | BRAINPOOLP384T1 | |
SB_EC_BRAINPOOLP512R1 | BRAINPOOLP512R1 | |
SB_EC_BRAINPOOLP512T1 | BRAINPOOLP512T1 | |
SB_EC_CURVE25519 | CURVE25519 | |
SB_EC_CURVE448 | CURVE448 |
Fingerprint
byte[] (read-only)
Default Value: ""
Contains the fingerprint (a hash imprint) of this certificate.
FriendlyName
String (read-only)
Default Value: ""
Contains an associated alias (friendly name) of the certificate.
HashAlgorithm
String
Default Value: ""
Specifies the hash algorithm to be used in the operations on the certificate (such as key signing)
SB_HASH_ALGORITHM_SHA1 | SHA1 | |
SB_HASH_ALGORITHM_SHA224 | SHA224 | |
SB_HASH_ALGORITHM_SHA256 | SHA256 | |
SB_HASH_ALGORITHM_SHA384 | SHA384 | |
SB_HASH_ALGORITHM_SHA512 | SHA512 | |
SB_HASH_ALGORITHM_MD2 | MD2 | |
SB_HASH_ALGORITHM_MD4 | MD4 | |
SB_HASH_ALGORITHM_MD5 | MD5 | |
SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
SB_HASH_ALGORITHM_CRC32 | CRC32 | |
SB_HASH_ALGORITHM_SSL3 | SSL3 | |
SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
Issuer
String (read-only)
Default Value: ""
The common name of the certificate issuer (CA), typically a company name.
IssuerRDN
String
Default Value: ""
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer.
KeyAlgorithm
String
Default Value: "0"
Specifies the public key algorithm of this certificate.
SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
KeyBits
int (read-only)
Default Value: 0
Returns the length of the public key.
KeyFingerprint
byte[] (read-only)
Default Value: ""
Returns a fingerprint of the public key contained in the certificate.
KeyUsage
int
Default Value: 0
Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.
This value is a bit mask of the following values:
ckuUnknown | 0x00000 | Unknown key usage |
ckuDigitalSignature | 0x00001 | Digital signature |
ckuNonRepudiation | 0x00002 | Non-repudiation |
ckuKeyEncipherment | 0x00004 | Key encipherment |
ckuDataEncipherment | 0x00008 | Data encipherment |
ckuKeyAgreement | 0x00010 | Key agreement |
ckuKeyCertSign | 0x00020 | Certificate signing |
ckuCRLSign | 0x00040 | Revocation signing |
ckuEncipherOnly | 0x00080 | Encipher only |
ckuDecipherOnly | 0x00100 | Decipher only |
ckuServerAuthentication | 0x00200 | Server authentication |
ckuClientAuthentication | 0x00400 | Client authentication |
ckuCodeSigning | 0x00800 | Code signing |
ckuEmailProtection | 0x01000 | Email protection |
ckuTimeStamping | 0x02000 | Timestamping |
ckuOCSPSigning | 0x04000 | OCSP signing |
ckuSmartCardLogon | 0x08000 | Smartcard logon |
ckuKeyPurposeClientAuth | 0x10000 | Kerberos - client authentication |
ckuKeyPurposeKDC | 0x20000 | Kerberos - KDC |
KeyValid
boolean (read-only)
Default Value: False
Returns True if the certificate's key is cryptographically valid, and False otherwise.
OCSPLocations
String
Default Value: ""
Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA.
OCSPNoCheck
boolean
Default Value: False
Accessor to the value of the certificate's ocsp-no-check extension.
Origin
int (read-only)
Default Value: 0
Returns the origin of this certificate.
PolicyIDs
String
Default Value: ""
Contains identifiers (OIDs) of the applicable certificate policies.
The Certificate Policies extension identifies a sequence of policies under which the certificate has been issued, and which regulate its usage.
PrivateKeyBytes
byte[] (read-only)
Default Value: ""
Contains the certificate's private key. It is normal for this property to be empty if the private key is non-exportable.
PrivateKeyExists
boolean (read-only)
Default Value: False
Indicates whether the certificate has an associated private key.
PrivateKeyExtractable
boolean (read-only)
Default Value: False
Indicates whether the private key is extractable.
PublicKeyBytes
byte[] (read-only)
Default Value: ""
Contains the certificate's public key in DER format.
QualifiedStatements
int
Default Value: 0
Returns the qualified status of the certificate.
SelfSigned
boolean (read-only)
Default Value: False
Indicates whether the certificate is self-signed (root) or signed by an external CA.
SerialNumber
byte[]
Default Value: ""
Returns the certificate's serial number.
SigAlgorithm
String (read-only)
Default Value: ""
Indicates the algorithm that was used by the CA to sign this certificate.
Subject
String (read-only)
Default Value: ""
The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
SubjectAlternativeName
String
Default Value: ""
Returns or sets the value of the Subject Alternative Name extension of the certificate.
SubjectKeyID
byte[]
Default Value: ""
Contains a unique identifier (fingerprint) of the certificate's private key.
Subject Key Identifier is a (non-critical) X.509 certificate extension which allows the identification of certificates containing a particular public key. In SecureBlackbox, the unique identifier is represented with a SHA1 hash of the bit string of the subject public key.
SubjectRDN
String
Default Value: ""
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
ValidFrom
String
Default Value: ""
The time point at which the certificate becomes valid, in UTC.
ValidTo
String
Default Value: ""
The time point at which the certificate expires, in UTC.
Constructors
public Certificate( bytes, startIndex, count, password);
Loads the X.509 certificate from a memory buffer. Bytes is a buffer containing the raw certificate data. StartIndex and Count specify the starting position and number of bytes to be read from the buffer, respectively. Password is a password encrypting the certificate.
public Certificate( certBytes, certStartIndex, certCount, keyBytes, keyStartIndex, keyCount, password);
Loads the X.509 certificate from a memory buffer. CertBytes is a buffer containing the raw certificate data. CertStartIndex and CertCount specify the number of bytes to be read from the buffer, respectively. KeyBytes is a buffer containing the private key data. KeyStartIndex and KeyCount specify the starting position and number of bytes to be read from the buffer, respectively. Password is a password encrypting the certificate.
public Certificate( bytes, startIndex, count);
Loads the X.509 certificate from a memory buffer. Bytes is a buffer containing the raw certificate data. StartIndex and Count specify the starting position and number of bytes to be read from the buffer, respectively.
public Certificate( path, password);
Loads the X.509 certificate from a file. Path specifies the full path to the file containing the certificate data. Password is a password encrypting the certificate.
public Certificate( certPath, keyPath, password);
Loads the X.509 certificate from a file. CertPath specifies the full path to the file containing the certificate data. KeyPath specifies the full path to the file containing the private key. Password is a password encrypting the certificate.
public Certificate( path);
Loads the X.509 certificate from a file. Path specifies the full path to the file containing the certificate data.
public Certificate( stream);
Loads the X.509 certificate from a stream. Stream is a stream containing the certificate data.
public Certificate( stream, password);
Loads the X.509 certificate from a stream. Stream is a stream containing the certificate data. Password is a password encrypting the certificate.
public Certificate( certStream, keyStream, password);
Loads the X.509 certificate from a stream. CertStream is a stream containing the certificate data. KeyStream is a stream containing the private key. Password is a password encrypting the certificate.
public Certificate();
Creates a new object with default field values.
ExternalCrypto Type
Specifies the parameters of external cryptographic calls.
Remarks
External cryptocalls are used in a Distributed Cryptography (DC) subsystem, which allows the delegation of security operations to the remote agent. For instance, it can be used to compute the signature value on the server, while retaining the client's private key locally.
Fields
AsyncDocumentID
String
Default Value: ""
Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.
Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.
If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.
CustomParams
String
Default Value: ""
Custom parameters to be passed to the signing service (uninterpreted).
Data
String
Default Value: ""
Additional data to be included in the async state and mirrored back by the requestor.
ExternalHashCalculation
boolean
Default Value: False
Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth class.
If set to true, the class will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.
HashAlgorithm
String
Default Value: "SHA256"
Specifies the request's signature hash algorithm.
SB_HASH_ALGORITHM_SHA1 | SHA1 | |
SB_HASH_ALGORITHM_SHA224 | SHA224 | |
SB_HASH_ALGORITHM_SHA256 | SHA256 | |
SB_HASH_ALGORITHM_SHA384 | SHA384 | |
SB_HASH_ALGORITHM_SHA512 | SHA512 | |
SB_HASH_ALGORITHM_MD2 | MD2 | |
SB_HASH_ALGORITHM_MD4 | MD4 | |
SB_HASH_ALGORITHM_MD5 | MD5 | |
SB_HASH_ALGORITHM_RIPEMD160 | RIPEMD160 | |
SB_HASH_ALGORITHM_CRC32 | CRC32 | |
SB_HASH_ALGORITHM_SSL3 | SSL3 | |
SB_HASH_ALGORITHM_GOST_R3411_1994 | GOST1994 | |
SB_HASH_ALGORITHM_WHIRLPOOL | WHIRLPOOL | |
SB_HASH_ALGORITHM_POLY1305 | POLY1305 | |
SB_HASH_ALGORITHM_SHA3_224 | SHA3_224 | |
SB_HASH_ALGORITHM_SHA3_256 | SHA3_256 | |
SB_HASH_ALGORITHM_SHA3_384 | SHA3_384 | |
SB_HASH_ALGORITHM_SHA3_512 | SHA3_512 | |
SB_HASH_ALGORITHM_BLAKE2S_128 | BLAKE2S_128 | |
SB_HASH_ALGORITHM_BLAKE2S_160 | BLAKE2S_160 | |
SB_HASH_ALGORITHM_BLAKE2S_224 | BLAKE2S_224 | |
SB_HASH_ALGORITHM_BLAKE2S_256 | BLAKE2S_256 | |
SB_HASH_ALGORITHM_BLAKE2B_160 | BLAKE2B_160 | |
SB_HASH_ALGORITHM_BLAKE2B_256 | BLAKE2B_256 | |
SB_HASH_ALGORITHM_BLAKE2B_384 | BLAKE2B_384 | |
SB_HASH_ALGORITHM_BLAKE2B_512 | BLAKE2B_512 | |
SB_HASH_ALGORITHM_SHAKE_128 | SHAKE_128 | |
SB_HASH_ALGORITHM_SHAKE_256 | SHAKE_256 | |
SB_HASH_ALGORITHM_SHAKE_128_LEN | SHAKE_128_LEN | |
SB_HASH_ALGORITHM_SHAKE_256_LEN | SHAKE_256_LEN |
KeyID
String
Default Value: ""
The ID of the pre-shared key used for DC request authentication.
Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use KeySecret to pass the key itself.
The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.
Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.
Example:
signer.ExternalCrypto.KeyID = "MainSigningKey";
signer.ExternalCrypto.KeySecret = "abcdef0123456789";
KeySecret
String
Default Value: ""
The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.
Read more about configuring authentication in the KeyID topic.
Method
int
Default Value: 0
Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.
Available options:
asmdPKCS1 | 0 |
asmdPKCS7 | 1 |
Mode
int
Default Value: 0
Specifies the external cryptography mode.
Available options:
ecmDefault | The default value (0) |
ecmDisabled | Do not use DC or external signing (1) |
ecmGeneric | Generic external signing with the OnExternalSign event (2) |
ecmDCAuth | DCAuth signing (3) |
ecmDCAuthJSON | DCAuth signing in JSON format (4) |
PublicKeyAlgorithm
String
Default Value: ""
Provide the public key algorithm here if the certificate is not available on the pre-signing stage.
SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION | rsaEncryption | |
SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION | md2withRSAEncryption | |
SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION | md5withRSAEncryption | |
SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION | sha1withRSAEncryption | |
SB_CERT_ALGORITHM_ID_DSA | id-dsa | |
SB_CERT_ALGORITHM_ID_DSA_SHA1 | id-dsa-with-sha1 | |
SB_CERT_ALGORITHM_DH_PUBLIC | dhpublicnumber | |
SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION | sha224WithRSAEncryption | |
SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION | sha256WithRSAEncryption | |
SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION | sha384WithRSAEncryption | |
SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION | sha512WithRSAEncryption | |
SB_CERT_ALGORITHM_ID_RSAPSS | id-RSASSA-PSS | |
SB_CERT_ALGORITHM_ID_RSAOAEP | id-RSAES-OAEP | |
SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 | ripemd160withRSA | |
SB_CERT_ALGORITHM_ID_ELGAMAL | elGamal | |
SB_CERT_ALGORITHM_SHA1_ECDSA | ecdsa-with-SHA1 | |
SB_CERT_ALGORITHM_RECOMMENDED_ECDSA | ecdsa-recommended | |
SB_CERT_ALGORITHM_SHA224_ECDSA | ecdsa-with-SHA224 | |
SB_CERT_ALGORITHM_SHA256_ECDSA | ecdsa-with-SHA256 | |
SB_CERT_ALGORITHM_SHA384_ECDSA | ecdsa-with-SHA384 | |
SB_CERT_ALGORITHM_SHA512_ECDSA | ecdsa-with-SHA512 | |
SB_CERT_ALGORITHM_EC | id-ecPublicKey | |
SB_CERT_ALGORITHM_SPECIFIED_ECDSA | ecdsa-specified | |
SB_CERT_ALGORITHM_GOST_R3410_1994 | id-GostR3410-94 | |
SB_CERT_ALGORITHM_GOST_R3410_2001 | id-GostR3410-2001 | |
SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_1994 | id-GostR3411-94-with-GostR3410-94 | |
SB_CERT_ALGORITHM_GOST_R3411_WITH_R3410_2001 | id-GostR3411-94-with-GostR3410-2001 | |
SB_CERT_ALGORITHM_SHA1_ECDSA_PLAIN | ecdsa-plain-SHA1 | |
SB_CERT_ALGORITHM_SHA224_ECDSA_PLAIN | ecdsa-plain-SHA224 | |
SB_CERT_ALGORITHM_SHA256_ECDSA_PLAIN | ecdsa-plain-SHA256 | |
SB_CERT_ALGORITHM_SHA384_ECDSA_PLAIN | ecdsa-plain-SHA384 | |
SB_CERT_ALGORITHM_SHA512_ECDSA_PLAIN | ecdsa-plain-SHA512 | |
SB_CERT_ALGORITHM_RIPEMD160_ECDSA_PLAIN | ecdsa-plain-RIPEMD160 | |
SB_CERT_ALGORITHM_WHIRLPOOL_RSA_ENCRYPTION | whirlpoolWithRSAEncryption | |
SB_CERT_ALGORITHM_ID_DSA_SHA224 | id-dsa-with-sha224 | |
SB_CERT_ALGORITHM_ID_DSA_SHA256 | id-dsa-with-sha256 | |
SB_CERT_ALGORITHM_SHA3_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-224 | |
SB_CERT_ALGORITHM_SHA3_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-256 | |
SB_CERT_ALGORITHM_SHA3_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-384 | |
SB_CERT_ALGORITHM_SHA3_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-sha3-512 | |
SB_CERT_ALGORITHM_SHA3_224_ECDSA | id-ecdsa-with-sha3-224 | |
SB_CERT_ALGORITHM_SHA3_256_ECDSA | id-ecdsa-with-sha3-256 | |
SB_CERT_ALGORITHM_SHA3_384_ECDSA | id-ecdsa-with-sha3-384 | |
SB_CERT_ALGORITHM_SHA3_512_ECDSA | id-ecdsa-with-sha3-512 | |
SB_CERT_ALGORITHM_SHA3_224_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-224 | |
SB_CERT_ALGORITHM_SHA3_256_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-256 | |
SB_CERT_ALGORITHM_SHA3_384_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-384 | |
SB_CERT_ALGORITHM_SHA3_512_ECDSA_PLAIN | id-ecdsa-plain-with-sha3-512 | |
SB_CERT_ALGORITHM_ID_DSA_SHA3_224 | id-dsa-with-sha3-224 | |
SB_CERT_ALGORITHM_ID_DSA_SHA3_256 | id-dsa-with-sha3-256 | |
SB_CERT_ALGORITHM_BLAKE2S_128_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s128 | |
SB_CERT_ALGORITHM_BLAKE2S_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s160 | |
SB_CERT_ALGORITHM_BLAKE2S_224_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s224 | |
SB_CERT_ALGORITHM_BLAKE2S_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2s256 | |
SB_CERT_ALGORITHM_BLAKE2B_160_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b160 | |
SB_CERT_ALGORITHM_BLAKE2B_256_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b256 | |
SB_CERT_ALGORITHM_BLAKE2B_384_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b384 | |
SB_CERT_ALGORITHM_BLAKE2B_512_RSA_ENCRYPTION | id-rsassa-pkcs1-v1_5-with-blake2b512 | |
SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA | id-ecdsa-with-blake2s128 | |
SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA | id-ecdsa-with-blake2s160 | |
SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA | id-ecdsa-with-blake2s224 | |
SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA | id-ecdsa-with-blake2s256 | |
SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA | id-ecdsa-with-blake2b160 | |
SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA | id-ecdsa-with-blake2b256 | |
SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA | id-ecdsa-with-blake2b384 | |
SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA | id-ecdsa-with-blake2b512 | |
SB_CERT_ALGORITHM_BLAKE2S_128_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s128 | |
SB_CERT_ALGORITHM_BLAKE2S_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s160 | |
SB_CERT_ALGORITHM_BLAKE2S_224_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s224 | |
SB_CERT_ALGORITHM_BLAKE2S_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2s256 | |
SB_CERT_ALGORITHM_BLAKE2B_160_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b160 | |
SB_CERT_ALGORITHM_BLAKE2B_256_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b256 | |
SB_CERT_ALGORITHM_BLAKE2B_384_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b384 | |
SB_CERT_ALGORITHM_BLAKE2B_512_ECDSA_PLAIN | id-ecdsa-plain-with-blake2b512 | |
SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_224 | id-dsa-with-blake2s224 | |
SB_CERT_ALGORITHM_ID_DSA_BLAKE2S_256 | id-dsa-with-blake2s256 | |
SB_CERT_ALGORITHM_EDDSA_ED25519 | id-Ed25519 | |
SB_CERT_ALGORITHM_EDDSA_ED448 | id-Ed448 | |
SB_CERT_ALGORITHM_EDDSA_ED25519_PH | id-Ed25519ph | |
SB_CERT_ALGORITHM_EDDSA_ED448_PH | id-Ed448ph | |
SB_CERT_ALGORITHM_EDDSA | id-EdDSA | |
SB_CERT_ALGORITHM_EDDSA_SIGNATURE | id-EdDSA-sig |
Constructors
public ExternalCrypto();
Creates a new ExternalCrypto object with default field values.
SocketSettings Type
A container for the socket settings.
Remarks
This type is a container for socket-layer parameters.
Fields
DNSMode
int
Default Value: 0
Selects the DNS resolver to use: the component's (secure) built-in one, or the one provided by the system.
dmAuto | 0 |
dmPlatform | 1 |
dmOwn | 2 |
dmOwnSecure | 3 |
DNSPort
int
Default Value: 0
Specifies the port number to be used for sending queries to the DNS server.
DNSQueryTimeout
int
Default Value: 0
The timeout (in milliseconds) for each DNS query. The value of 0 indicates an infinite timeout.
DNSServers
String
Default Value: ""
The addresses of DNS servers to use for address resolution, separated by commas or semicolons.
DNSTotalTimeout
int
Default Value: 0
The timeout (in milliseconds) for the whole resolution process. The value of 0 indicates an infinite timeout.
IncomingSpeedLimit
int
Default Value: 0
The maximum number of bytes to read from the socket, per second.
LocalAddress
String
Default Value: ""
The local network interface to bind the socket to.
LocalPort
int
Default Value: 0
The local port number to bind the socket to.
OutgoingSpeedLimit
int
Default Value: 0
The maximum number of bytes to write to the socket, per second.
Timeout
int
Default Value: 60000
The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
If Timeout is set to 0, a socket operation will expire after the system-default timeout (2 hrs 8 min for TCP stack).
UseIPv6
boolean
Default Value: False
Enables or disables IP protocol version 6.
Constructors
public SocketSettings();
Creates a new SocketSettings object.
TLSSettings Type
A container for TLS connection settings.
Remarks
The TLS (Transport Layer Security) protocol provides security for information exchanged over insecure connections such as TCP/IP.
Fields
AutoValidateCertificates
boolean
Default Value: True
Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.
BaseConfiguration
int
Default Value: 0
Selects the base configuration for the TLS settings. Several profiles are offered and tuned up for different purposes, such as high security or higher compatibility.
stpcDefault | 0 | |
stpcCompatible | 1 | |
stpcComprehensiveInsecure | 2 | |
stpcHighlySecure | 3 |
Ciphersuites
String
Default Value: ""
A list of ciphersuites separated with commas or semicolons. Each ciphersuite in the list may be prefixed with a minus sign (-) to indicate that the ciphersuite should be disabled rather than enabled. Besides the specific ciphersuite modifiers, this property supports the all (and -all) aliases, allowing all ciphersuites to be blanketly enabled or disabled at once.
Note: the list of ciphersuites provided to this property alters the baseline list of ciphersuites as defined by BaseConfiguration. Remember to start your ciphersuite string with -all; if you need to only enable a specific fixed set of ciphersuites. The list of supported ciphersuites is provided below:
- NULL_NULL_NULL
- RSA_NULL_MD5
- RSA_NULL_SHA
- RSA_RC4_MD5
- RSA_RC4_SHA
- RSA_RC2_MD5
- RSA_IDEA_MD5
- RSA_IDEA_SHA
- RSA_DES_MD5
- RSA_DES_SHA
- RSA_3DES_MD5
- RSA_3DES_SHA
- RSA_AES128_SHA
- RSA_AES256_SHA
- DH_DSS_DES_SHA
- DH_DSS_3DES_SHA
- DH_DSS_AES128_SHA
- DH_DSS_AES256_SHA
- DH_RSA_DES_SHA
- DH_RSA_3DES_SHA
- DH_RSA_AES128_SHA
- DH_RSA_AES256_SHA
- DHE_DSS_DES_SHA
- DHE_DSS_3DES_SHA
- DHE_DSS_AES128_SHA
- DHE_DSS_AES256_SHA
- DHE_RSA_DES_SHA
- DHE_RSA_3DES_SHA
- DHE_RSA_AES128_SHA
- DHE_RSA_AES256_SHA
- DH_ANON_RC4_MD5
- DH_ANON_DES_SHA
- DH_ANON_3DES_SHA
- DH_ANON_AES128_SHA
- DH_ANON_AES256_SHA
- RSA_RC2_MD5_EXPORT
- RSA_RC4_MD5_EXPORT
- RSA_DES_SHA_EXPORT
- DH_DSS_DES_SHA_EXPORT
- DH_RSA_DES_SHA_EXPORT
- DHE_DSS_DES_SHA_EXPORT
- DHE_RSA_DES_SHA_EXPORT
- DH_ANON_RC4_MD5_EXPORT
- DH_ANON_DES_SHA_EXPORT
- RSA_CAMELLIA128_SHA
- DH_DSS_CAMELLIA128_SHA
- DH_RSA_CAMELLIA128_SHA
- DHE_DSS_CAMELLIA128_SHA
- DHE_RSA_CAMELLIA128_SHA
- DH_ANON_CAMELLIA128_SHA
- RSA_CAMELLIA256_SHA
- DH_DSS_CAMELLIA256_SHA
- DH_RSA_CAMELLIA256_SHA
- DHE_DSS_CAMELLIA256_SHA
- DHE_RSA_CAMELLIA256_SHA
- DH_ANON_CAMELLIA256_SHA
- PSK_RC4_SHA
- PSK_3DES_SHA
- PSK_AES128_SHA
- PSK_AES256_SHA
- DHE_PSK_RC4_SHA
- DHE_PSK_3DES_SHA
- DHE_PSK_AES128_SHA
- DHE_PSK_AES256_SHA
- RSA_PSK_RC4_SHA
- RSA_PSK_3DES_SHA
- RSA_PSK_AES128_SHA
- RSA_PSK_AES256_SHA
- RSA_SEED_SHA
- DH_DSS_SEED_SHA
- DH_RSA_SEED_SHA
- DHE_DSS_SEED_SHA
- DHE_RSA_SEED_SHA
- DH_ANON_SEED_SHA
- SRP_SHA_3DES_SHA
- SRP_SHA_RSA_3DES_SHA
- SRP_SHA_DSS_3DES_SHA
- SRP_SHA_AES128_SHA
- SRP_SHA_RSA_AES128_SHA
- SRP_SHA_DSS_AES128_SHA
- SRP_SHA_AES256_SHA
- SRP_SHA_RSA_AES256_SHA
- SRP_SHA_DSS_AES256_SHA
- ECDH_ECDSA_NULL_SHA
- ECDH_ECDSA_RC4_SHA
- ECDH_ECDSA_3DES_SHA
- ECDH_ECDSA_AES128_SHA
- ECDH_ECDSA_AES256_SHA
- ECDHE_ECDSA_NULL_SHA
- ECDHE_ECDSA_RC4_SHA
- ECDHE_ECDSA_3DES_SHA
- ECDHE_ECDSA_AES128_SHA
- ECDHE_ECDSA_AES256_SHA
- ECDH_RSA_NULL_SHA
- ECDH_RSA_RC4_SHA
- ECDH_RSA_3DES_SHA
- ECDH_RSA_AES128_SHA
- ECDH_RSA_AES256_SHA
- ECDHE_RSA_NULL_SHA
- ECDHE_RSA_RC4_SHA
- ECDHE_RSA_3DES_SHA
- ECDHE_RSA_AES128_SHA
- ECDHE_RSA_AES256_SHA
- ECDH_ANON_NULL_SHA
- ECDH_ANON_RC4_SHA
- ECDH_ANON_3DES_SHA
- ECDH_ANON_AES128_SHA
- ECDH_ANON_AES256_SHA
- RSA_NULL_SHA256
- RSA_AES128_SHA256
- RSA_AES256_SHA256
- DH_DSS_AES128_SHA256
- DH_RSA_AES128_SHA256
- DHE_DSS_AES128_SHA256
- DHE_RSA_AES128_SHA256
- DH_DSS_AES256_SHA256
- DH_RSA_AES256_SHA256
- DHE_DSS_AES256_SHA256
- DHE_RSA_AES256_SHA256
- DH_ANON_AES128_SHA256
- DH_ANON_AES256_SHA256
- RSA_AES128_GCM_SHA256
- RSA_AES256_GCM_SHA384
- DHE_RSA_AES128_GCM_SHA256
- DHE_RSA_AES256_GCM_SHA384
- DH_RSA_AES128_GCM_SHA256
- DH_RSA_AES256_GCM_SHA384
- DHE_DSS_AES128_GCM_SHA256
- DHE_DSS_AES256_GCM_SHA384
- DH_DSS_AES128_GCM_SHA256
- DH_DSS_AES256_GCM_SHA384
- DH_ANON_AES128_GCM_SHA256
- DH_ANON_AES256_GCM_SHA384
- ECDHE_ECDSA_AES128_SHA256
- ECDHE_ECDSA_AES256_SHA384
- ECDH_ECDSA_AES128_SHA256
- ECDH_ECDSA_AES256_SHA384
- ECDHE_RSA_AES128_SHA256
- ECDHE_RSA_AES256_SHA384
- ECDH_RSA_AES128_SHA256
- ECDH_RSA_AES256_SHA384
- ECDHE_ECDSA_AES128_GCM_SHA256
- ECDHE_ECDSA_AES256_GCM_SHA384
- ECDH_ECDSA_AES128_GCM_SHA256
- ECDH_ECDSA_AES256_GCM_SHA384
- ECDHE_RSA_AES128_GCM_SHA256
- ECDHE_RSA_AES256_GCM_SHA384
- ECDH_RSA_AES128_GCM_SHA256
- ECDH_RSA_AES256_GCM_SHA384
- PSK_AES128_GCM_SHA256
- PSK_AES256_GCM_SHA384
- DHE_PSK_AES128_GCM_SHA256
- DHE_PSK_AES256_GCM_SHA384
- RSA_PSK_AES128_GCM_SHA256
- RSA_PSK_AES256_GCM_SHA384
- PSK_AES128_SHA256
- PSK_AES256_SHA384
- PSK_NULL_SHA256
- PSK_NULL_SHA384
- DHE_PSK_AES128_SHA256
- DHE_PSK_AES256_SHA384
- DHE_PSK_NULL_SHA256
- DHE_PSK_NULL_SHA384
- RSA_PSK_AES128_SHA256
- RSA_PSK_AES256_SHA384
- RSA_PSK_NULL_SHA256
- RSA_PSK_NULL_SHA384
- RSA_CAMELLIA128_SHA256
- DH_DSS_CAMELLIA128_SHA256
- DH_RSA_CAMELLIA128_SHA256
- DHE_DSS_CAMELLIA128_SHA256
- DHE_RSA_CAMELLIA128_SHA256
- DH_ANON_CAMELLIA128_SHA256
- RSA_CAMELLIA256_SHA256
- DH_DSS_CAMELLIA256_SHA256
- DH_RSA_CAMELLIA256_SHA256
- DHE_DSS_CAMELLIA256_SHA256
- DHE_RSA_CAMELLIA256_SHA256
- DH_ANON_CAMELLIA256_SHA256
- ECDHE_ECDSA_CAMELLIA128_SHA256
- ECDHE_ECDSA_CAMELLIA256_SHA384
- ECDH_ECDSA_CAMELLIA128_SHA256
- ECDH_ECDSA_CAMELLIA256_SHA384
- ECDHE_RSA_CAMELLIA128_SHA256
- ECDHE_RSA_CAMELLIA256_SHA384
- ECDH_RSA_CAMELLIA128_SHA256
- ECDH_RSA_CAMELLIA256_SHA384
- RSA_CAMELLIA128_GCM_SHA256
- RSA_CAMELLIA256_GCM_SHA384
- DHE_RSA_CAMELLIA128_GCM_SHA256
- DHE_RSA_CAMELLIA256_GCM_SHA384
- DH_RSA_CAMELLIA128_GCM_SHA256
- DH_RSA_CAMELLIA256_GCM_SHA384
- DHE_DSS_CAMELLIA128_GCM_SHA256
- DHE_DSS_CAMELLIA256_GCM_SHA384
- DH_DSS_CAMELLIA128_GCM_SHA256
- DH_DSS_CAMELLIA256_GCM_SHA384
- DH_anon_CAMELLIA128_GCM_SHA256
- DH_anon_CAMELLIA256_GCM_SHA384
- ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
- ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
- ECDH_ECDSA_CAMELLIA128_GCM_SHA256
- ECDH_ECDSA_CAMELLIA256_GCM_SHA384
- ECDHE_RSA_CAMELLIA128_GCM_SHA256
- ECDHE_RSA_CAMELLIA256_GCM_SHA384
- ECDH_RSA_CAMELLIA128_GCM_SHA256
- ECDH_RSA_CAMELLIA256_GCM_SHA384
- PSK_CAMELLIA128_GCM_SHA256
- PSK_CAMELLIA256_GCM_SHA384
- DHE_PSK_CAMELLIA128_GCM_SHA256
- DHE_PSK_CAMELLIA256_GCM_SHA384
- RSA_PSK_CAMELLIA128_GCM_SHA256
- RSA_PSK_CAMELLIA256_GCM_SHA384
- PSK_CAMELLIA128_SHA256
- PSK_CAMELLIA256_SHA384
- DHE_PSK_CAMELLIA128_SHA256
- DHE_PSK_CAMELLIA256_SHA384
- RSA_PSK_CAMELLIA128_SHA256
- RSA_PSK_CAMELLIA256_SHA384
- ECDHE_PSK_CAMELLIA128_SHA256
- ECDHE_PSK_CAMELLIA256_SHA384
- ECDHE_PSK_RC4_SHA
- ECDHE_PSK_3DES_SHA
- ECDHE_PSK_AES128_SHA
- ECDHE_PSK_AES256_SHA
- ECDHE_PSK_AES128_SHA256
- ECDHE_PSK_AES256_SHA384
- ECDHE_PSK_NULL_SHA
- ECDHE_PSK_NULL_SHA256
- ECDHE_PSK_NULL_SHA384
- ECDHE_RSA_CHACHA20_POLY1305_SHA256
- ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
- DHE_RSA_CHACHA20_POLY1305_SHA256
- PSK_CHACHA20_POLY1305_SHA256
- ECDHE_PSK_CHACHA20_POLY1305_SHA256
- DHE_PSK_CHACHA20_POLY1305_SHA256
- RSA_PSK_CHACHA20_POLY1305_SHA256
- AES128_GCM_SHA256
- AES256_GCM_SHA384
- CHACHA20_POLY1305_SHA256
- AES128_CCM_SHA256
- AES128_CCM8_SHA256
ECCurves
String
Default Value: ""
Defines the elliptic curves to enable.
Extensions
String
Default Value: ""
Provides access to TLS extensions.
ForceResumeIfDestinationChanges
boolean
Default Value: False
Whether to force TLS session resumption when the destination address changes.
PreSharedIdentity
String
Default Value: ""
Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
PreSharedKey
String
Default Value: ""
Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
PreSharedKeyCiphersuite
String
Default Value: ""
Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
RenegotiationAttackPreventionMode
int
Default Value: 0
Selects the renegotiation attack prevention mechanism.
The following options are available:
crapmCompatible | 0 | TLS 1.0 and 1.1 compatibility mode (renegotiation indication extension is disabled). |
crapmStrict | 1 | Renegotiation attack prevention is enabled and enforced. |
crapmAuto | 2 | Automatically choose whether to enable or disable renegotiation attack prevention. |
RevocationCheck
int
Default Value: 1
Specifies the kind(s) of revocation check to perform.
Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.
crcNone | 0 | No revocation checking. |
crcAuto | 1 | Automatic mode selection. Currently this maps to crcAnyOCSPOrCRL, but it may change in the future. |
crcAllCRL | 2 | All provided CRL endpoints will be checked, and all checks must succeed. |
crcAllOCSP | 3 | All provided OCSP endpoints will be checked, and all checks must succeed. |
crcAllCRLAndOCSP | 4 | All provided CRL and OCSP endpoints will be checked, and all checks must succeed. |
crcAnyCRL | 5 | All provided CRL endpoints will be checked, and at least one check must succeed. |
crcAnyOCSP | 6 | All provided OCSP endpoints will be checked, and at least one check must succeed. |
crcAnyCRLOrOCSP | 7 | All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. CRL endpoints are checked first. |
crcAnyOCSPOrCRL | 8 | All provided CRL and OCSP endpoints will be checked, and at least one check must succeed. OCSP endpoints are checked first. |
This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.
There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).
This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.
Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.
Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.
SSLOptions
int
Default Value: 16
Various SSL (TLS) protocol options, set of
cssloExpectShutdownMessage | 0x001 | Wait for the close-notify message when shutting down the connection |
cssloOpenSSLDTLSWorkaround | 0x002 | (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions |
cssloDisableKexLengthAlignment | 0x004 | Do not align the client-side PMS by the RSA modulus size. It is unlikely that you will ever need to adjust it. |
cssloForceUseOfClientCertHashAlg | 0x008 | Enforce the use of the client certificate hash algorithm. It is unlikely that you will ever need to adjust it. |
cssloAutoAddServerNameExtension | 0x010 | Automatically add the server name extension when known |
cssloAcceptTrustedSRPPrimesOnly | 0x020 | Accept trusted SRP primes only |
cssloDisableSignatureAlgorithmsExtension | 0x040 | Disable (do not send) the signature algorithms extension. It is unlikely that you will ever need to adjust it. |
cssloIntolerateHigherProtocolVersions | 0x080 | (server option) Do not allow fallback from TLS versions higher than currently enabled |
cssloStickToPrefCertHashAlg | 0x100 | Stick to preferred certificate hash algorithms |
cssloNoImplicitTLS12Fallback | 0x200 | Disable implicit TLS 1.3 to 1.2 fallbacks |
cssloUseHandshakeBatches | 0x400 | Send the handshake message as large batches rather than individually |
TLSMode
int
Default Value: 0
Specifies the TLS mode to use.
smDefault | 0 | |
smNoTLS | 1 | Do not use TLS |
smExplicitTLS | 2 | Connect to the server without any encryption and then request an SSL session. |
smImplicitTLS | 3 | Connect to the specified port, and establish the SSL session at once. |
smMixedTLS | 4 | Connect to the specified port, and establish the SSL session at once, but allow plain data. |
UseExtendedMasterSecret
boolean
Default Value: False
Enables the Extended Master Secret Extension, as defined in RFC 7627.
UseSessionResumption
boolean
Default Value: False
Enables or disables the TLS session resumption capability.
Versions
int
Default Value: 16
The SSL/TLS versions to enable by default.
csbSSL2 | 0x01 | SSL 2 |
csbSSL3 | 0x02 | SSL 3 |
csbTLS1 | 0x04 | TLS 1.0 |
csbTLS11 | 0x08 | TLS 1.1 |
csbTLS12 | 0x10 | TLS 1.2 |
csbTLS13 | 0x20 | TLS 1.3 |
Constructors
public TLSSettings();
Creates a new TLSSettings object.
Config Settings (Samlidpserver Class)
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.SAMLIdPServer Config Settings
Base Config Settings
You can switch this property off to improve performance if your project only uses known, good private keys.
Supported values are:
off | No caching (default) | |
local | Local caching | |
global | Global caching |
This setting only applies to sessions negotiated with TLS version 1.3.
Supported values are:
file | File | |
console | Console | |
systemlog | System Log (supported for Android only) | |
debugger | Debugger (supported for VCL for Windows and .Net) |
Supported values are:
time | Current time | |
level | Level | |
package | Package name | |
module | Module name | |
class | Class name | |
method | Method name | |
threadid | Thread Id | |
contenttype | Content type | |
content | Content | |
all | All details |
Supported filter names are:
exclude-package | Exclude a package specified in the value | |
exclude-module | Exclude a module specified in the value | |
exclude-class | Exclude a class specified in the value | |
exclude-method | Exclude a method specified in the value | |
include-package | Include a package specified in the value | |
include-module | Include a module specified in the value | |
include-class | Include a class specified in the value | |
include-method | Include a method specified in the value |
none | No flush (caching only) | |
immediate | Immediate flush (real-time logging) | |
maxcount | Flush cached entries upon reaching LogMaxEventCount entries in the cache. |
Supported values are:
none | None (by default) | |
fatal | Severe errors that cause premature termination. | |
error | Other runtime errors or unexpected conditions. | |
warning | Use of deprecated APIs, poor use of API, 'almost' errors, other runtime situations that are undesirable or unexpected, but not necessarily "wrong". | |
info | Interesting runtime events (startup/shutdown). | |
debug | Detailed information on flow of through the system. | |
trace | More detailed information. |
The default value of this setting is 100.
none | No rotation | |
deleteolder | Delete older entries from the cache upon reaching LogMaxEventCount | |
keepolder | Keep older entries in the cache upon reaching LogMaxEventCount (newer entries are discarded) |
Supported values are:
none | No static DNS rules (default) | |
local | Local static DNS rules | |
global | Global static DNS rules |
This setting only applies to certificates originating from a Windows system store.
Trappable Errors (Samlidpserver Class)
SAMLIdPServer Errors
1048577 Invalid parameter value (SB_ERROR_INVALID_PARAMETER) | |
1048578 Class is configured incorrectly (SB_ERROR_INVALID_SETUP) | |
1048579 Operation cannot be executed in the current state (SB_ERROR_INVALID_STATE) | |
1048580 Attempt to set an invalid value to a property (SB_ERROR_INVALID_VALUE) | |
1048581 Certificate does not have its private key loaded (SB_ERROR_NO_PRIVATE_KEY) | |
1048581 Cancelled by the user (SB_ERROR_CANCELLED_BY_USER) | |
30408705 Invalid binging name (SB_ERROR_SAML_INVALID_BINDING_NAME) | |
30408706 Invalid binding type (SB_ERROR_SAML_INVALID_BINDING_TYPE) | |
30408707 Base directory not set (SB_ERROR_SAML_SP_BASE_DIRECTORY_NOT_SET) |