Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest
Assembly: Duende.IdentityServer
Inheritance: object → ValidatedAuthnRequest
Implemented Interfaces
Validated AuthnRequest
Properties
public required
Configuration.IdentityServerOptions
IdentityServerOptions
The current IdentityServerOptions
public
Samlp.AuthnRequest
AuthnRequest
The AuthnRequest. Null for IdP-initiated SSO flows.
public required
string
Binding
Identifier of binding used to read the AuthnRequest
Saml2Message
The original inbound SAML message from the binding layer. Present on the SSO
endpoint path where the raw request is available; null on the callback path
where we are working from stored state. Binding-level signatures cannot be
replayed after the redirect to login, so re-validation from the raw message
is not possible for SAML (unlike OIDC, which re-validates from stored parameters).
public
string
RelayState
The RelayState parameter from the original SAML request. Stored separately
so it is available on both the SSO endpoint path (from the binding) and the
callback path (from persisted state) without requiring the full Saml2Message.
public
Models.SamlServiceProvider
Saml2Sp
The Saml2 SP
Application
Subject
The current user
public
string
SessionId
The current SessionId
public required
string
Saml2IdpEntityId
The Saml2 identifier for IdentityServer
public
Models.IndexedEndpoint
AssertionConsumerService
AssertionConsumerService to respond to, set once we have enough validation to be able
to trust it and return error responses to it.
ValidatedResources
Resource "validation" results. Used to get list of claims to include in response.
public
System.Collections.Generic.IReadOnlyList<string>
RequestedClaimTypes
The claim types to request from the profile service for this assertion.
Set during resource validation based on the SP's configuration.
public
bool
IsIdpInitiated
Indicates whether this request originates from an IdP-initiated SSO flow.
When true, the SAML response MUST NOT include an InResponseTo attribute
per SAML 2.0 Profiles §4.1.4.5.
public
string
SessionIndex
The session index to include in the AuthnStatement. This value is used by
the SP to correlate the assertion with a specific session for single logout.
public
string
RequestId
The AuthnRequest ID, used for InResponseTo in the SAML response.
On the SSO endpoint path, populated from the parsed <see cref="P:Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest.AuthnRequest" /> .
On the callback path, rehydrated from persisted state.
public
string
NameIdPolicyFormat
The NameIdPolicy Format requested by the SP.
On the SSO endpoint path, populated from the parsed <see cref="P:Duende.IdentityServer.Saml.Validation.ValidatedAuthnRequest.AuthnRequest" /> .
On the callback path, rehydrated from persisted state.
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object