Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Saml.ResponseHandling.Saml2SSoResponseGenerator
Assembly: Duende.IdentityServer
Inheritance: object → Saml2SSoResponseGenerator
Implemented Interfaces
Response Generator for Saml2 Single Sign On.
Methods
CreateResponse(Validation.ValidatedAuthnRequest validatedAuthnRequest,
System.Threading.CancellationToken ct)
CreateErrorResponse(Validation.ValidatedAuthnRequest validatedAuthnRequest,
Saml2InteractionResponse interactionResponse,
System.Threading.CancellationToken ct)
protected
bool
IsSafeError(Validation.ValidatedAuthnRequest validatedAuthnRequest,
Saml2InteractionResponse interactionResponse)
Determines whether an interaction error is safe to send back to the SP as a SAML error response.
When <see langword="true" /> , a SAML error <c><Response></c> is sent to the SP's ACS URL.
When <see langword="false" /> , the user is redirected to the error page instead.
Returns <see langword="true" /> if the error should be sent to the SP; <see langword="false" /> to show the error page
validatedAuthnRequest
The validated AuthnRequest
interactionResponse
The interaction error response
Remarks
The default implementation returns <see langword="true" /> for all interaction errors, since
they occur after full AuthnRequest validation — the SP and ACS URL are always verified at this point.
Override to suppress specific errors from being sent back to the SP.
protected
System.Threading.Tasks.Task<Samlp.Response>
CreateSaml2ResponseAsync(Validation.ValidatedAuthnRequest validatedAuthnRequest,
NameId nameId,
System.Threading.CancellationToken ct)
Create the Saml2 response.
Returns The Saml2 Response object
validatedAuthnRequest
AuthnRequest validation context
nameId
The generated NameID for the subject
ct
The cancellation token
protected
System.Threading.Tasks.Task<Assertion>
CreateAssertionAsync(Validation.ValidatedAuthnRequest validatedAuthnRequest,
NameId nameId,
string issuer,
string destination,
System.DateTime now,
System.Threading.CancellationToken ct)
Create the Assertion
Returns Assertion
validatedAuthnRequest
AuthnRequest validation context
nameId
The generated NameID for the subject
issuer
The issuer to use
destination
Destination URL
now
Current UTC timestamp
ct
The cancellation token
protected
AuthnStatement
CreateAuthnStatement(System.Security.Claims.ClaimsPrincipal subject,
System.DateTime now,
Models.SamlServiceProvider saml2Sp,
string sessionIndex)
Create the AuthnStatement. Resolves the <c>AuthnContextClassRef</c> by looking up the
user's <c>acr</c> claim, then <c>amr</c> claim(s), against the configured mappings.
Falls back to <see cref="F:Duende.IdentityServer.Saml.SamlConstants.AuthnContextClasses.Unspecified" /> if no match is found.
Returns AuthnStatement
subject
The authenticated user
now
Current UTC timestamp
saml2Sp
The service provider configuration
sessionIndex
The session index to include in the statement
protected
Conditions
CreateConditions(Validation.ValidatedAuthnRequest validatedAuthnRequest,
System.DateTime now,
System.TimeSpan lifetime)
Create the Conditions
Returns Conditions
validatedAuthnRequest
AuthnRequest validation context
now
Current UTC timestamp
lifetime
Assertion lifetime
CreateSubjectNameIdAsync(Validation.ValidatedAuthnRequest validatedAuthnRequest,
System.Threading.CancellationToken ct)
Generate the NameID for the subject using the configured <see cref="T:Duende.IdentityServer.Saml.Services.ISamlNameIdGenerator" /> .
Returns The NameID generation result
validatedAuthnRequest
AuthnRequest validation context
ct
The cancellation token
protected
Subject
CreateSubject(Validation.ValidatedAuthnRequest validatedAuthnRequest,
NameId nameId,
string destination,
System.DateTime now,
System.TimeSpan lifetime)
Create the Subject
Returns Subject
validatedAuthnRequest
AuthnRequest validation context
nameId
The generated NameID
destination
Destination URL
now
Current UTC timestamp
lifetime
Assertion lifetime
CreateAttributesAsync(Validation.ValidatedAuthnRequest validatedAuthnRequest,
System.Threading.CancellationToken ct)
Create Attributes
Returns Attributes
validatedAuthnRequest
AuthnRequest validation context
ct
The cancellation token
protected
System.Collections.Generic.IList<SamlAttribute>
MapClaimsToAttributes(System.Collections.Generic.IEnumerable<System.Security.Claims.Claim> claims,
Models.SamlServiceProvider saml2Sp)
Maps OIDC claims to SAML attribute. If a service provider specific mapping exists, that
will be used. If one does not exist, the global mapping on <see cref="T:Duende.IdentityServer.Configuration.SamlOptions" /> will
be used. If a claim does not have a mapping, it will be passed through as-is.
Returns The issued OIDC claims as mapped SamlAttributes
claims
Claims issued from the call to <see cref="T:Duende.IdentityServer.Services.IProfileService" />
saml2Sp
The SAML service provider
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object