Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

Sustainsys.Saml2

SAML2 protocol support. Do not use directly, use the high level package for your platform.

Author Sustainsys
Version 2.11.0
Tags SAML2 authentication AspNet SAML SSO

Public Types

Sustainsys.​Saml2

enum CertificateStatus
Is this certificate for current or future use?
enum CertificateUse
How is the certificate used?
class ClaimsExtensions
Extension methods for claims.
class ClaimsIdentityExtensions
Extension methods for Claims Identities
class DateTimeExtensions
Helper methods for DateTime formatting.
class Federation
Represents a federation known to this service provider.
class IdentityProvider
Represents a known identity provider that this service provider can communicate with.
interface ILoggerAdapter
Interface for an adapter around the logging framework used on each platform.
class ManagedRSASHA256SignatureDescription
class ManagedRSASHA384SignatureDescription
class ManagedRSASHA512SignatureDescription
class ManagedRSASignatureDescription
Crypto description for a Managed implementation of SHA256 signatures.
enum MetadataPublishOverrideType
How should we override the metadata publishing rules
class NameIdFormatExtension
Extensions for NameIdFormat enum.
class NullLoggerAdapter
Logger adapter that does nothing.
class SameSiteHelper
Simple default implementation of detection of browsers/devices not compatible with the SameSite=None cookie attribute. Based on https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
class Saml2AssertionExtensions
Extension methods for Saml2Assertion
class Saml2ClaimTypes
Claim type constants.
class Saml2ConditionsExtensions
Extension methods for Saml2Condition
class Saml2NameIdExtensions
Extension methods for Saml2NameId
class Saml2Namespaces
SAML2 namespace constants.
class Saml2StatementExtension
Extension methods for Saml2Statement
class Saml2SubjectExtensions
Extension methods for Saml2Subject
class ServiceCertificate
Service Certificate definition
class SignedXmlWithIdFix
class StoredRequestState
Stored data for pending requests.
enum TrustLevel
The level of trust that a certain piece of data comes with.
class XmlHelpers
Extension methods and helpers for XmlDocument/XmlElement etc.
struct XsdDuration

Sustainsys.​Saml2.​Configuration

class ArtifactResolutionServiceCollection
Config collection of ArtifactResolutionElements.
class ArtifactResolutionServiceElement
Configuration of an artifact resolution service endpoint on an idp.
class CertificateCollection
Collection of certificate elements.
class CertificateElement
Config element for the signing certificate.
class Compatibility
Compatibility settings. Can be used to make Saml2 accept certain non-standard behaviour.
class CompatibilityElement
Compatibility settings. Can be used to make Saml2 accept certain non-standard behaviour.
class ConfiguredAndLoadedSigningKeysCollection
Collection of items with two sources: configured and loaded dyanically. The dynamically loaded can reset while the configured are kept. metadata.
class ContactPersonElement
Contact person for a SAML2 entity.
class ContactPersonsCollection
Config collection of contacts.
class CustomTypeElement
class EntityIdConverter
Converts between string and EntityId, used by the configuration system to allow configuration properties of type EntityId.
class FederationCollection
Config collection of federations.
class FederationElement
Configuration of a federation.
class IdentityProviderCollection
Config collection of IdentityProviderElements.
class IdentityProviderDictionary
A thread safe wrapper around a dictionary for the identity providers.
class IdentityProviderElement
Config element for the identity provider element.
interface IOptions
Root interface for the options objects, handling all configuration of Saml2.
class MetadataElement
Metadata configuration.
class NameIdPolicyElement
NamedId policy configuration element.
class Options
Options implementation for handling in memory options.
class OrganizationElement
Information about the organization responsible for the entity.
class RequestedAttributeElement
Config for a requested element in the SPs metadata.
class RequestedAttributesCollection
Collection of requested attributes that an SP wants in incoming assertions.
class RequestedAuthnContextElement
Configuration of RequestedAuthnContext in generated AuthnRequests.
class Saml2Notifications
Set of callbacks that can be used as extension points for various events.
class ServiceCertificateCollection
Certificates used by the service provider for signing, decryption and TLS client certificates for artifact resolve.
class ServiceCertificateElement
Config element for the service certificate element.
class ServiceCertificateElementCollection
Config collection of ServiceCertificateElements.
enum SigningBehavior
Signing behavior for requests.
class SPOptions
Options for the service provider's behaviour; i.e. everything except the idp and federation list.
class SustainsysSaml2Section
Config section for the module.
class TokenReplayDetectionElement
class XsdDurationConverter

Sustainsys.​Saml2.​Exceptions

class BadFormatSamlResponseException
A SAML response was found, but could not be parsed due to formatting issues.
class InvalidSignatureException
Exception thrown when an signature is not valid according to the SAML standard.
class NoSamlResponseFoundException
No saml response was found in the http request.
class Saml2Exception
Base class for authentication services specific exceptions, that might require special handling for error reporting to the user.
class Saml2ResponseFailedValidationException
A SAML2 Response failed validation.
class UnexpectedInResponseToException
A SAML2 Response failed InResponseTo validation because RelayState is lost, or an unsolicited response contains an InResponseTo
class UnsuccessfulSamlOperationException
Extended exception containing information about the status and status message SAML response.

Sustainsys.​Saml2.​Internal

class AesGcmAlgorithm
SymmetricAlgorithm decrypting implementation for http://www.w3.org/2009/xmlenc11#aes128-gcm. This is class is not a general implementation and can only do decryption.
class AesGcmAlgorithm128
class AesGcmAlgorithm256
class TokenValidationParametersExtensions

Sustainsys.​Saml2.​Metadata

class AdditionalMetadataLocation
class AffiliationDescriptor
class ApplicationServiceDescriptor
class ApplicationServiceEndpoint
class ArtifactResolutionService
class AssertionConsumerService
class AssertionIdRequestService
class AttributeAuthorityDescriptor
class AttributeConsumingService
Metadata for an attribute consuming service.
class AttributeProfile
class AttributeService
class AuthnAuthorityDescriptor
class AuthnQueryService
class AuthzService
class CipherData
class CipherReference
class ClaimValue
class ConstrainedValue
class ContactPerson
enum ContactType
class ContactTypeHelpers
class DiscoveryResponse
class DisplayClaim
class DsaKeyValue
class DSigKeyInfo
class EcKeyValue
class EncryptedData
class EncryptedValue
class EncryptionMethod
class EncryptionProperties
class EncryptionProperty
class Endpoint
class EndpointReference
class EntitiesDescriptor
class EntityDescriptor
class EntityId
class IdpSsoDescriptor
interface IIndexedEntryWithDefault
An indexed entry with an optional default
class IndexedCollectionWithDefault<​T>
A collection of indexed entries with support for getting the configured default entry
class IndexedEndpoint
class KeyData
class KeyDescriptor
enum KeyType
class KeyValue
class LocalizedEntry
class LocalizedEntryCollection<​T>
class LocalizedName
class LocalizedUri
class ManageNameIDService
class MetadataBase
class MetadataBaseExtensions
Extensions for Metadatabase.
class MetadataLoader
Helper for loading SAML2 metadata
class MetadataSerializationException
class MetadataSerializer
class NameIDFormat
class NameIDMappingService
class Organization
class PassiveRequestorEndpoint
class PDPDescriptor
class RequestedAttribute
Specifies an attribute requested by the service provider.
class RetrievalMethod
class RoleDescriptor
class RsaKeyValue
class SecurityTokenSerializer
class SecurityTokenServiceDescriptor
class ServiceName
class SingleLogoutService
class SingleSignOnService
class SingleSignOutNotificationEndpoint
class SpSsoDescriptor
class SsoDescriptor
class WebServiceDescriptor
class X509Data
class X509Digest
class X509IssuerSerial
class XEncEncryptionMethod

Sustainsys.​Saml2.​Saml2P

enum AuthnContextComparisonType
Comparison setting for RequestedAuthnContext, see SAML2 Core spec 3.3.2.2.1.
class BootstrapContext
class EnvelopedSignatureWriterWithReferenceIdFix
Wraps a <see cref="T:System.Xml.XmlWriter" /> and generates a signature automatically when the envelope is written completely. By default the generated signature is inserted as the last element in the envelope. This can be modified by explicitly calling WriteSignature to indicate the location inside the envelope where the signature should be inserted.
interface ISaml2Message
Common properties of all Saml2 message implementations (both requests and responses). There is no corresponding definition in the SAML2 standard, so this is made up of the common fields of 3.2.2 Complex Type StatusResponseType (the base type for all responses) and of 3.2.1 Complex Type RequestAbstractType.
enum NameIdFormat
The NameId Format.
class Saml2ArtifactResolve
Artifact resolution request, corresponds to section 3.5.1 in SAML core specification.
class Saml2ArtifactResponse
A Saml2 ArtifactResponse message as specified in SAML2 Core 3.5.2.
class Saml2AuthenticationRequest
An authentication request corresponding to section 3.4.1 in SAML Core specification.
class Saml2EncryptedAssertion
class Saml2IdpEntry
The Saml2IdPEntry specifies a single identity provider trusted by the requester to authenticate the presenter
class Saml2LogoutRequest
A Saml2 LogoutRequest message (SAML core spec 3.7.1)
class Saml2LogoutResponse
A Saml2 Logout Response.
class Saml2NameIdPolicy
The NameId policy.
class Saml2PSecurityTokenHandler
Somewhat ugly subclassing to be able to access some methods that are protected on Saml2SecurityTokenHandler. The public interface of Saml2SecurityTokenHandler expects the actual assertion to be signed, which is not always the case when using Saml2-P. The assertion can be embedded in a signed response. Or the signing could be handled at transport level.
class Saml2RequestBase
Base class for saml requests, corresponds to section 3.2.1 in SAML Core specification.
class Saml2RequestedAuthnContext
Configuration of RequestedAuthnContext
class Saml2Response
Represents a SAML2 response according to 3.3.3. The class is immutable (to an external observer. Internal state is lazy initiated).
class Saml2Scoping
Saml2Scoping specifies a set of identity providers trusted by the requester to authenticate the presenter, as well as limitations and context related to proxying of the authentication request message to subsequent identity providers by the responder.
class Saml2SoapBinding
Saml2 Soap binding implementation.
enum Saml2StatusCode
Status codes, mapped against states in section 3.2.2.2 in the SAML2 spec.
class Saml2StatusResponseType
Abstract Saml2 StatusResponseType class.

Sustainsys.​Saml2.​Selectors

class NullSecurityTokenResolver
class SecurityTokenResolver

Sustainsys.​Saml2.​Tokens

class AsymmetricSecurityKey
class AudienceRestriction
enum AudienceUriMode
class BinaryKeyIdentifierClause
class DsaKeyIdentifierClause
class DsaSecurityKey
class EcKeyIdentifierClause
class EcSecurityKey
class EcSignatureDeformatter
class EcSignatureFormatter
class KeyNameIdentifierClause
class RsaKeyIdentifierClause
class RsaSecurityKey
class SecurityAlgorithms
class SecurityKey
class SecurityKeyIdentifier
class SecurityKeyIdentifierClause
class SecurityToken
class X509AsymmetricSecurityKey
class X509IssuerSerialKeyIdentifierClause
class X509RawDataKeyIdentifierClause
class X509SecurityToken

Sustainsys.​Saml2.​WebSso

class AcsCommand
Represents the assertion consumer service command behaviour. Instances of this class can be created directly or by using the factory method CommandFactory.GetCommand(CommandFactory.AcsCommandName).
enum Cacheability
Reimplementation of System.Web.HttpCacheability.
class CommandFactory
Factory to create the command objects thand handles the incoming http requests.
class CommandResult
The results of a command.
class HttpRequestData
The data of a http request that Saml2 needs to handle. A separate DTO is used to make the core library totally independent of the hosting environment.
interface ICommand
A command - corresponds to an action in Mvc.
class LogoutCommand
Represents the logout command behaviour. Instances of this class can be created directly or by using the factory method CommandFactory.GetCommand(CommandFactory.LogoutCommandName).
class MetadataCommand
Represents the service provider metadata command behaviour. Instances of this class can be created directly or by using the factory method CommandFactory.GetCommand(CommandFactory.MetadataCommandName).
class NotFoundCommand
Represents a missing command. Instances of this class are returned by CommandFactory.GetCommand(...) when the specified command name is not recognised.
class Saml2ArtifactBinding
Saml2 Artifact binding.
class Saml2Binding
Abstract base for all Saml2Bindings that binds a message to a specific kind of transport.
enum Saml2BindingType
Saml2 binding types.
class Saml2Urls
The urls of Saml2 that are used in various messages.
class SignInCommand
Represents the sign in command behaviour. Instances of this class can be created directly or by using the factory method CommandFactory.GetCommand(CommandFactory.SignInCommandName).
class UnbindResult
The result of a Saml2Binding.UnBind.

Dependencies