Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

class Duende.​IdentityServer.​Saml.​Validation.​AuthnRequestValidator

Assembly: Duende.IdentityServer

Inheritance: object → AuthnRequestValidator

Implemented Interfaces

AuthnRequest validator

Methods

ValidateAsync​(ValidatedAuthnRequest request, System.​Threading.​CancellationToken ct)
ValidateSpAsync​(ValidatedAuthnRequest request, System.​Threading.​CancellationToken ct)
Validate the SP/Client.
Returns Validation result
request AuthnRequest validation context
ct The cancellation token
ValidateSignatureTrust​(ValidatedAuthnRequest request)
Validates that the AuthnRequest meets the SP's signature trust requirements.
Returns Validation result
request AuthnRequest validation context
ValidateVersion​(ValidatedAuthnRequest request)
Validates that the AuthnRequest uses SAML version 2.0.
Returns Validation result
request AuthnRequest validation context
ValidateIssueInstant​(ValidatedAuthnRequest request)
Validates that the AuthnRequest IssueInstant is not in the future (beyond clock skew) and not expired (beyond max age).
Returns Validation result
request AuthnRequest validation context
ValidateDestination​(ValidatedAuthnRequest request)
Validates that the AuthnRequest Destination matches the expected SSO endpoint URL. Signed requests must include a Destination per SAML Bindings 2.0 §3.4.5.2/§3.5.5.2. Unsigned requests may omit the Destination.
Returns Validation result
request AuthnRequest validation context
ValidateAcsUrl​(ValidatedAuthnRequest request)
Validates and resolves the Assertion Consumer Service endpoint for the SAML response. When the request specifies an ACS URL, all registered endpoints at that location are considered. If a ProtocolBinding is also specified, it is used to disambiguate; otherwise the default or first matching endpoint is selected. If an ACS index is specified, it must match a registered endpoint. If neither is specified, the default ACS endpoint is used.
Returns Validation result
request AuthnRequest validation context
ValidateNameIdFormat​(ValidatedAuthnRequest request)
Validates that the requested NameID format is supported by this IdP.
Returns Validation result
request AuthnRequest validation context
ValidateScoping​(ValidatedAuthnRequest request)
Validates that the AuthnRequest does not contain a Scoping element. Scoping is not currently supported. Override this method to allow or implement custom scoping behavior.
Returns Validation result
request AuthnRequest validation context
ValidateResourcesAsync​(ValidatedAuthnRequest request, System.​Threading.​CancellationToken ct)
Validates that the service provider's AllowedScopes resolve to valid identity resources, that RequestedClaimTypes are within the allowed claim types, and populates <see cref="P:Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest.ValidatedResources" /> with the result.
Returns Validation result
request AuthnRequest validation context
ct The cancellation token
Remarks SAML service providers must configure AllowedScopes to declare which identity resources (and their associated claim types) the SP is allowed to receive. This is the authorization ceiling — analogous to AllowedScopes on an OIDC Client. RequestedClaimTypes narrows which claim types are included in assertions. Each entry must resolve to a claim type defined by one of the identity resources in AllowedScopes. This method sets <see cref="P:Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest.ValidatedResources" /> and <see cref="P:Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest.RequestedClaimTypes" /> on the <paramref name="request" /> . Overriders must ensure both properties are populated on success.
public bool
Equals​(object obj)
Inherited from object
protected void
Finalize​()
Inherited from object
public int
GetHashCode​()
Inherited from object
GetType​()
Inherited from object
protected object
MemberwiseClone​()
Inherited from object
public string
ToString​()
Inherited from object