Microsoft.IdentityModel.Tokens.Saml

A collection of absolute URIs.

The authentication information that an authority asserted when creating a token for a subject.

Initializes a new instance of the class.

Gets or sets the address of the authority that created the token.

Gets or sets the AuthenticationMethod

Gets or sets the AuthenticationInstant

Gets or sets the DNS name of the authority that created the token.

Gets or sets the time that the session referred to in the session index MUST be considered ended.

Gets or sets the session index that describes the session between the authority and the client.

Defines the keys for properties contained in .

This exception is thrown when a security is missing an ExpirationTime.

Initializes a new instance of the class.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user. A that represents the root cause of the exception.

This exception is thrown when reading a .

Initializes a new instance of the class.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user. A that represents the root cause of the exception.

This exception is thrown when writing fails for a .

Initializes a new instance of the class.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user. A that represents the root cause of the exception.

Log messages and codes for Saml2Processing

Represents the Action element specified in [Saml2Core, 2.7.4.2]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Constructs an instance of Saml2Action class.

Value represented by this class. Namespace in which the action is interpreted. if is null or empty. if is null. if is not an absolute Uri.

Gets or sets a URI reference representing the namespace in which the name of the specified action is to be interpreted. [Saml2Core, 2.7.4.2]

if 'value' is null. if 'value' is not an absolute Uri.

Gets or sets the label for an action sought to be performed on the specified resource. [Saml2Core, 2.7.4.2]

if 'value' is null or empty.

Represents the Advice element specified in [Saml2Core, 2.6.1]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

This information MAY be ignored by applications without affecting either the semantics or the validity of the assertion. [Saml2Core, 2.6.1]

Creates an instance of Saml2Advice.

Gets a collection of representing the assertions in the .

Gets a collection of representing the assertions in the .

Gets a collection of representing the assertions in the .

Represents the Assertion element specified in [Saml2Core, 2.3.3]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Creates an instance of a Saml2Assertion.

Issuer of the assertion.

Gets or sets the on the Assertion.

Gets or sets additional information related to the assertion that assists processing in certain situations but which may be ignored by applications that do not understand the advice or do not wish to make use of it. [Saml2Core, 2.3.3]

Gets or sets conditions that must be evaluated when assessing the validity of and/or when using the assertion. [Saml2Core 2.3.3]

Gets or sets the identifier for this assertion. [Saml2Core, 2.3.3]

if 'value' if null.

Gets or sets the time instant of issue in UTC. [Saml2Core, 2.3.3]

Gets or sets the as the authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3]

if 'value' is null.

Gets or sets the a PrefixList to use when there is a need to include InclusiveNamespaces writing token.

Gets or sets the used by the issuer to protect the integrity of the assertion.

Gets or sets the of the statement(s) in the assertion. [Saml2Core, 2.3.3]

Gets the (s) regarding the subject.

Gets the version of this assertion. [Saml2Core, 2.3.3]

Represents the Attribute element specified in [Saml2Core, 2.7.3.1]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Initializes a new instance of the Saml2Attribute class.

The name of the attribute. if is Null or Empty.

Initializes a new instance of the Saml2Attribute class.

The name of the attribute. The value of the attribute. if is Null or Empty.

Initializes a new instance of the Saml2Attribute class.

The name of the attribute. The collection of values that define the attribute. if is Null or Empty.

Gets or sets a string that provides a more human-readable form of the attribute's name. [Saml2Core, 2.7.3.1]

Gets or sets the name of the attribute. [Saml2Core, 2.7.3.1]

Gets or sets a URI reference representing the classification of the attribute name for the purposes of interpreting the name. [Saml2Core, 2.7.3.1]

Gets or sets the string that represents the OriginalIssuer of the this SAML Attribute.

Gets or sets the xsi:type of the values contained in the SAML Attribute.

Gets the values of the attribute.

Comparison class supporting multi-part keys for a dictionary

Represents the AttributeStatement element specified in [Saml2Core, 2.7.3]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Creates an instance of Saml2AttributeStatement.

Creates an instance of Saml2AttributeStatement.

The contained in this statement. if is null.

Creates an instance of Saml2AttributeStatement.

The collection of elements contained in this statement. if is null.

Gets the collection of of this statement. [Saml2Core, 2.7.3]

Represents the AudienceRestriction element specified in [Saml2Core, 2.5.1.4]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Creates an instance of Saml2AudienceRestriction.

The audience element contained in this restriction. if is null or empty.

Creates an instance of Saml2AudienceRestriction.

The collection of audience elements contained in this restriction. if is null.

Gets the audiences for which the assertion is addressed.

Represents the AuthnContext element specified in [Saml2Core, 2.7.2.2]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

This base class does not directly support any by-value authentication context declarations (represented in XML by the AuthnContextDecl element). To support by-value declarations, extend this class to support the data model and extend Saml2AssertionSerializer, overriding ReadAuthnContext and WriteAuthnContext to read and write the by-value declaration.

Creates an instance of Saml2AuthenticationContext.

Creates an instance of Saml2AuthenticationContext.

The class reference of the authentication context.

Creates an instance of Saml2AuthenticationContext.

The class reference of the authentication context. The declaration reference of the authentication context.

Gets Zero or more unique identifiers of authentication authorities that were involved in the authentication of the principal (not including the assertion issuer, who is presumed to have been involved without being explicitly named here). [Saml2Core, 2.7.2.2]

Gets or sets a URI reference identifying an authentication context class that describes the authentication context declaration that follows. [Saml2Core, 2.7.2.2]

if 'value' is null. if 'value' is not an absolute Uri.

Gets or sets a URI reference that identifies an authentication context declaration. [Saml2Core, 2.7.2.2]

if 'value' is not null and is not an absolute Uri.

Represents the AuthnStatement element specified in [Saml2Core, 2.7.2]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Creates a Saml2AuthenticationStatement.

The authentication context of this statement.

Creates an instance of Saml2AuthenticationContext.

The authentication context of this statement. The time of the authentication. if is null.

Gets or sets the used by the authenticating authority up to and including the authentication event that yielded this statement. [Saml2Core, 2.7.2]

Gets or sets the time at which the authentication took place. [Saml2Core, 2.7.2]

if 'value' is null.

Gets or sets the index of a particular session between the principal identified by the subject and the authenticating authority. [Saml2Core, 2.7.2]

Gets or sets the time instant at which the session between the principal identified by the subject and the SAML authority issuing this statement must be considered ended. [Saml2Core, 2.7.2]

Gets or sets the which contains the DNS domain name and IP address for the system from which the assertion subject was authenticated. [Saml2Core, 2.7.2]

Represents the AuthzDecisionStatement specified in [Saml2Core, 2.7.4]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

The empty URI reference, which may be used with the meaning "the start of the current document" for the Resource property.

Initializes a new instance of the class from a resource and decision.

The of the resource to be authorized. The AccessDecision in use. if is null. if is not an absolute Uri. if is null or empty.

Initializes a new instance of the class from a resource and decision.

The of the resource to be authorized. The AccessDecision in use. Collection of specifications.

Gets of set the set of authorized to be performed on the specified resource. [Saml2Core, 2.7.4]

Gets or sets the AccessDecision rendered by the SAML authority with respect to the specified resource. [Saml2Core, 2.7.4]

Gets or sets a set of that the SAML authority relied on in making the decision. [Saml2Core, 2.7.4]

Gets or sets a URI reference identifying the resource to which access authorization is sought. [Saml2Core, 2.7.4]

In addition to any absolute URI, the Resource may also be the empty URI reference, and the meaning is defined to be "the start of the current document". [Saml2Core, 2.7.4]

Represents the Conditions element specified in [Saml2Core, 2.5.1]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Initializes a new instance of . class.

Initializes a new instance of . class.

if is null.

Gets a collection of that the assertion is addressed to. [Saml2Core, 2.5.1]

Gets or sets the earliest time instant at which the assertion is valid. [Saml2Core, 2.5.1]

if 'value' is greater or equal to .

Gets or sets the time instant at which the assertion has expired. [Saml2Core, 2.5.1]

if 'value' is less than or equal to .

Gets or sets a value indicating whether the assertion SHOULD be used immediately and MUST NOT be retained for future use. [Saml2Core, 2.5.1]

Gets or sets the that specified limitations that the asserting party imposes on relying parties that wish to subsequently act as asserting parties themselves and issue assertions of their own on the basis of the information contained in the original assertion. [Saml2Core, 2.5.1]

Contains constants related to SAML2.

The subject of the assertion is the bearer of the assertion. [Saml2Prof, 3.3]

The holder of a specified key is considered to be the subject of the assertion by the asserting party. [Saml2Prof, 3.1]

Indicates that no other information is available about the context of use of the assertion. [Saml2Prof, 3.2]

These identifiers MAY be used in the Format attribute of the NameID, NameIDPolicy, or Issuer elements to refer to common formats for the content of the elements and the associated processing rules, if any. [Saml2Core, 8.3]

The interpretation of the content of the element is left to individual implementations. [Saml2Core, 8.3.1]

Indicates that the content of the element is in the form of an email address, specifically "addr-spec" as defined in [RFC 2822, 3.4.1]. [Saml2Core, 8.3.2]

Indicates that the content of the element is in the form specified for the contents of the X509SubjectName element from [XMLSig]. [Saml2Core, 8.3.3]

Indicates that the content of the element is a Windows domain qualified name. [Saml2Core, 8.3.4]

Indicates that the content of the element is in the form of a Kerberos principal name using the format name[/instance]@REALM. [Saml2Core, 8.3.5]

Indicates that the content of the element is a URI identifying an entity that provides SAML-based services (such as a SAML authority, requester, or responder) or is a participant in SAML profiles (such as a service provider supporting the browser SSO profile). [Saml2Core, 8.3.6]

Indicates that the content of the element is a persistent opaque identifier for a principal that is specific to an identity provider and a service provider or affiliation of service providers. [Saml2Core, 8.3.7] (See also for many restrictions on the data.)

Indicates that the content of the element is an identifier with transient semantics and SHOULD be treated as an opaque and temporary value by the relying party. [Saml2Core, 8.3.8]

When included in the Format attribute of the NameIDPolicy attribute, requests that the resulting identifier be encrypted. [Saml2Core, 3.4.1.1]

Represents the Evidence element specified in [Saml2Core, 2.7.4.3]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Contains one or more assertions or assertion references that the SAML authority relied on in issuing the authorization decision. [Saml2Core, 2.7.4.3]

Initializes a new instance of class.

Initializes a new instance of class from a .

containing the evidence. if is null.

Initializes a new instance of class from a .

containing the evidence. if is null.

Initializes a new instance of class from a .

containing the evidence. if is null.

Gets a collection of for use by the .

Gets a collection of for use by the .

Gets a collection of for use by the .

Represents the identifier used for SAML assertions. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

This identifier should be unique per [Saml2Core, 1.3.4] and must fit the NCName xml schema definition, which is to say that it must begin with a letter or underscore.

Creates a new ID value based on a GUID.

Creates a new ID whose value is the given string.

The Saml2 Id. if is null or empty. if is not a valid NCName.

Gets the identifier string.

Represents the NameID element as specified in [Saml2Core, 2.2.3]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Initializes an instance of from a name.

Name string to initialize with.

Initializes an instance of from a name and format.

Name string to initialize with. specifying the identifier format. if is null of empty. if is not an absolute Uri.

Gets or sets the used for encrypting.

Gets or sets a URI reference representing the classification of string-based identifier information. [Saml2Core, 2.2.2]

if 'value' is not an absolute Uri.

Gets or sets the security or administrative domain that qualifies the name. [Saml2Core, 2.2.2]

Gets or sets a name that further qualifies the name of a service provider or affiliation of providers. [Saml2Core, 2.2.2]

Gets or sets a name identifier established by a service provider or affiliation of providers for the entity, if different from the primary name identifier. [Saml2Core, 2.2.2]

Gets or sets the value of the name identifier.

if 'value' is null or empty.

Represents the ProxyRestriction element specified in [Saml2Core, 2.5.1.6]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Initializes an instance of .

Gets the set of audiences to whom the asserting party permits new assertions to be issued on the basis of this assertion.

Gets or sets the maximum number of indirections that the asserting party permits to exist between this assertion and an assertion which has ultimately been issued on the basis of it.

if 'value' is less than 0.

A security token backed by a SAML2 assertion.

Initializes an instance of from a .

A to initialize from. if is null.

Gets the for this token.

Gets the SecurityToken id.

Gets the issuer of this token

Gets the for this instance.

Gets or sets the that was used to Sign this assertion.

Gets the time the token is valid from.

Gets the time the token is valid to.

A designed for creating and validating Saml2 Tokens. See: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Default lifetime of tokens created. When creating tokens, if 'expires' and 'notbefore' are both null, then a default will be set to: expires = DateTime.UtcNow, notbefore = DateTime.UtcNow + TimeSpan.FromMinutes(TokenLifetimeInMinutes).

Initializes a new instance of .

Gets or set the that will be used to read and write a .

'value' is null.

Gets or sets a bool that controls if token creation will set default 'NotBefore', 'NotOnOrAfter' and 'IssueInstant' if not specified.

See: , for defaults and configuration.

Gets or sets the token lifetime in minutes.

Used by to set the default expiration ('exp'). for the default. 'value' less than 1.

Returns a value that indicates if this handler can validate a .

'true', indicating this instance can validate a .

Gets the token type supported by this handler.

Gets the value that indicates if this instance can write a .

'true', indicating this instance can write a .

Determines if the string is a valid Saml2 token by examining the xml for the correct start element.

A Saml2 token as a string. 'true' if the string has a start element equal .

Indicates whether the current XML element can be read as a token of the type handled by this instance.

An reader positioned at a start element. The reader should not be advanced. 'true' if can read the element.

Creates a .

The that has creation information. A instance. If is null.

Creates a .

The that has creation information. additional information for creating a . A instance. If is null.

Reads and validates a .

The Saml2 token. Contains validation parameters for the . The that was validated. is null or empty. is null. .Length is greater than . if the is not well-formed. A representing the identity contained in the token.

Validates the first SubjectConfirmationData

the Saml2 token that is being validated. validation parameters. If is null. If .Assertion is null. If is null. If .Subject is null.

Validates the is an expected value.

The that signed the . The to validate. The current . If the is a then the X509Certificate2 will be validated using the CertificateValidator.

Validates token for replay.

expiration time. the Saml2 token that is being validated. validation parameters. By default no action is takes, this requires users to set TokenCache or a Delegate.

Validates object for lifetime.

the being validated. the that will be used during validation. The to validate. If is null. If is null. calls

Validates that the signature.

A Saml2 token. that will be used during validation. If is null or whitespace. If is null. If returns null OR an object other than a . If a signature is not found and is true. If the has a key identifier and none of the (s) provided result in a validated signature. This can indicate that a key refresh is required. If after trying all the (s), none result in a validated signature AND the 'token' does not have a key identifier. A that has had the signature validated if token was signed. If the 'token' is signed, the signature is validated even if is false. If the 'token' signature is validated, then the will be set to the key that signed the 'token'. It is the responsibility of to set the

Returns a to use for validating the signature of a token.

The representation of the token that is being validated. The that is being validated. that will be used during validation. Returns a to use for signature validation. If is null. If is null. If .Assertion' is null. If key fails to resolve, then null is returned.

Converts a string into an instance of .

a Saml2 token as a string. If is null or empty. If .Length $gt; . A

Converts a string into an instance of .

a Saml2 token as a string. If is null or empty. If .Length $gt; . A

Reads and validates a SAML 2.0 token using the XmlReader.

A reader positioned at a element. validation parameters for the . An instance of . Currently not supported.

Indicates if the current XML element is pointing to a Saml2Assertion.

A reader that may contain a . 'true' if reader contains a . 'false' otherwise.

Creates the conditions for the assertion.

Generally, conditions should be included in assertions to limit the impact of misuse of the assertion. Specifying the NotBefore and NotOnOrAfter conditions can limit the period of vulnerability in the case of a compromised assertion. The AudienceRestrictionCondition can be used to explicitly state the intended relying party or parties of the assertion, which coupled with appropriate audience restriction enforcement at relying parties can help to mitigate spoofing attacks between relying parties. The default implementation creates NotBefore and NotOnOrAfter conditions based on the tokenDescriptor.Lifetime. It will also generate an AudienceRestrictionCondition limiting consumption of the assertion to tokenDescriptor.Scope.Address. contains the details of the conditions. A Saml2Conditions object. If is null.

Creates the advice for the assertion.

By default, this method returns null. The token descriptor. A object, default is null.

Creates a name identifier that identifies the assertion issuer.

The token descriptor. A using .Issuer. If is null. If .Issuer is null or empty. Uses tokenDescriptor.Issuer.

Creates a Saml2Attribute from a claim.

The from which to generate a . A created from the . if is null. if the has a property "ClaimsProperties.SamlAttributeNameFormat" and the value is not a valid absolute URI.

Creates from a and a

This method may return null if the token descriptor does not contain any subject or the subject does not have any claims. The that contains information on building the . A Saml2AttributeStatement. if is null.

Consolidates attributes into a single attribute with multiple values.

A of . A of with common attributes consolidated into unique attributes with multiple values. If is null.

Transforms a ClaimsIdentity into a string.

A to be transformed. if is null. A well-formed XML string. Normally this is called when creating a from a . When is not null, this method is called to create an string representation to add as an attribute. The string is formed: "<Actor><Attribute name, namespace><AttributeValue>...</AttributeValue>, ...</Attribute>...</Actor>

Builds an XML formatted string from a collection of SAML attributes that represent the Actor.

An enumeration of Saml2Attributes. A well-formed XML string. The string is of the form "<Actor><Attribute name, namespace><AttributeValue>...</AttributeValue>, ...</Attribute>...</Actor>"

Creates an of to be included in the assertion.

Statements are not required in a SAML2 assertion. This method may return an empty collection. The that contains information on creating the . An enumeration of Saml2Statements. if is null.

Creates an of to be included in the assertion.

Statements are not required in a SAML2 assertion. This method may return an empty collection. The that contains information on creating the . additional information used when creating a . An enumeration of Saml2Statements. if is null.

Creates a Saml2AuthenticationStatement

authenticationInformation object containing the state to be wrapped as a Saml2AuthenticationStatement object. A if is null, then null is returned.

Creates a from a .

The token descriptor. A . By default a null statement is returned. Override to return a to be added to a .

Creates a SAML2 subject of the assertion.

The security token descriptor to create the subject. Thrown when 'tokenDescriptor' is null. A .

Validates the Lifetime and Audience conditions.

a that contains the . required for validation. If is null. If is null. If .Assertion' is null. if the Condition 'OneTimeUse' is specified. Requires overriding. if the Condition 'ProxyRestriction' is specified. Requires overriding.

This method gets called when a special type of Saml2Attribute is detected. The Saml2Attribute passed in wraps a Saml2Attribute that contains a collection of AttributeValues, each of which will get mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.

The to use. The that is the subject of this token. The issuer of the claim. Will be thrown if the Saml2Attribute does not contain any valid Saml2AttributeValues.

Processes all statements and adds claims to the identity.

A collection of Saml2Statement. The . The issuer.

Adds claims from the into the .

The . The . The issuer. If is null. If is null.

Creates claims from a .

The . The identity that will contain a for each . The issuer for each . If is null. If is null. if multiple 'Actor' claims are found.

Creates claims from a .

The . The identity that will contain the Authentication s. The issuer for each . If is null. If is null. If .DeclarationReference is not null. Override if this is required.

Creates claims from a .

The . The identity that will contain the AuthorizationDecision s. The issuer for each . Provided for extensibility. By default no claims are added.

Creates claims from a Saml2 token.

The . The value to set creates the using . A with claims from the saml statements. If is null. If .Assertion is null.

Determines if the audience found in a is valid.

The audiences found in the The that is being validated. required for validation. for additional details.

Determines if the issuer found in a is valid.

The issuer to validate The that is being validated. required for validation. The issuer to use when creating the (s) in the . for additional details.

Serializes a to a string.

A . If the is null. If is not a .

Writes a using the XmlWriter.

A to serialize the . The to serialize. If is null. If is null. If is not a . If is null.

Reads and writes a or

Instantiates a new instance of .

Gets or sets the to use for reading / writing the

if value is null. Passed to and .

Gets or sets the prefix to use when writing xml.

if value is null or empty.

Determines whether a URI is valid and can be created using the specified UriKind. Uri.TryCreate is used here, which is more lax than Uri.IsWellFormedUriString. The reason we use this function is because IsWellFormedUriString will reject valid URIs if they are IPv6 or require escaping.

The string to check. The type of URI (usually UriKind.Absolute) True if the URI is valid, false otherwise.

Reads the <saml:Action> element.

A positioned at a element. A instance. If is null. If is not positioned at a Saml2Action. If is positioned at an empty element. If Saml2Action is missing @namespace. If Saml2Action is not an Absolute Uri.

Reads the <saml:Advice> element.

The Advice element has an extensibility point to allow XML elements from non-SAML2 namespaces to be included. By default, because the Advice may be ignored without affecting the semantics of the assertion, any such elements are ignored. To handle the processing of those elements, override this method. A positioned at a element. A instance. If is null. If is not positioned at a Saml2Advice.

Reads a <saml:Assertion> element.

A positioned at a element. if is null. if assertion is encrypted. If is not positioned at a Saml2Assertion. If Version is not '2.0'. If 'Id' is missing.> If 'IssueInstant' is missing.> If no statements are found.> A instance.

Reads a .

The default implementation requires that the content of the Attribute element be a simple string. To handle complex content or content of declared simple types other than xs:string, override this method. An positioned at a element. If is null. A instance.

Reads the <saml:AttributeStatement> element, or a <saml:Statement element that specifies an xsi:type of saml:AttributeStatementType.

A positioned at a element. A instance.

Reads an attribute value.

A positioned at a . The . The attribute value as a string. The input parameter 'reader' is null.

Reads the <saml:AudienceRestriction> element or a <saml:Condition> element that specifies an xsi:type of saml:AudienceRestrictionType.

A positioned at a element. A instance.

Reads the <saml:AuthnContext> element.

The default implementation does not handle the optional <saml:AuthnContextDecl> element. To handle by-value authentication context declarations, override this method. A positioned at a element. A instance.

Reads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.

A positioned at a element. A instance.

Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement element that specifies an xsi:type of saml:AuthzDecisionStatementType.

A positioned at a element. A instance.

Reads the <saml:Conditions> element.

To handle custom <saml:Condition> elements, override this method. A positioned at a element. A instance.

Reads the <saml:EncryptedId> element.

pointing at the XML EncryptedId element An instance of representing the EncryptedId that was read Not implemented right now.

Reads the <saml:Evidence> element.

A positioned at a element. A instance.

Reads the <saml:Issuer> element.

A positioned at a element. A instance.

Reads the <saml:NameID> element.

A positioned at a element. An instance of The input parameter 'reader' is null.

Both <Issuer> and <NameID> are of NameIDType. This method reads the content of either one of those elements.

A positioned at a element. An instance of

Reads the <saml:ProxyRestriction> element, or a <saml:Condition> element that specifies an xsi:type of saml:ProxyRestrictionType.

In the default implementation, the maximum value of the Count attribute is limited to Int32.MaxValue. A positioned at a element. An instance of

Reads the <saml:Statement> element.

A positioned at a element. An instance of derived type. The default implementation only handles Statement elements which specify an xsi:type of saml:AttributeStatementType, saml:AuthnStatementType, and saml:AuthzDecisionStatementType. To handle custom statements, override this method.

Reads the <saml:Subject> element.

A positioned at a element. An instance of . The default implementation does not handle the optional <EncryptedID> element. To handle encryped IDs in the Subject, override this method.

Reads the <SubjectConfirmation> element.

A positioned at a element. An instance of .

Reads the <saml:SubjectConfirmationData> element.

A positioned at a element. An instance of . The default implementation handles the unextended element as well as the extended type saml:KeyInfoConfirmationDataType.

Deserializes the SAML SubjectId.

XmlReader positioned at "NameID, EncryptedID, BaseID". the element name of the parent element. Used in exception string. if Element is 'BaseID' with no xsi type. if reader is pointing at an unknown Element. A instance.

Reads the <saml:SubjectLocality> element.

A positioned at a element. An instance of .

Writes the <saml:Action> element.

A to serialize the . The to serialize.

Writes the <saml:Advice> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <Assertion> element.

A to serialize the . The to serialize. if is null. if is null. if .EncryptingCredentials != null. The must have a if no are present. The SAML2 authentication, attribute, and authorization decision require a .

Writes the <saml:Attribute> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:AttributeStatement> element.

A to serialize the . The to serialize. if is null. if is null. if .Count == 0.

Writes the <saml:AudienceRestriction> element.

A to serialize the . The to serialize. if is null. if is null. if is empty.

Writes the <saml:AuthnContext> element.

A to serialize the . The to serialize.

Writes the <saml:AuthnStatement> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:AuthzDecisionStatement> element.

A to serialize the . The to serialize. if is null. if is null. if is empty. if is null or empty. if is null or empty.

Writes the <saml:Conditions> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:Evidence> element.

A to serialize the . The to serialize. if is null. if is null. if does not contain any assertions or assertions references.

Writes the <saml:Issuer> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:NameID> element.

A to serialize the . The to serialize. if is null. if null.

Both <Issuer> and <NameID> are of NameIDType. Writes the content of either one of those elements.

A to serialize the . The to serialize. If 'writer' is null. If 'nameIdentifier' is null. If 'nameIdentifier.Value' is null or empty.

Writes the <saml:ProxyRestriction> element.

A to serialize the . The to serialize.

Writes a Saml2Statement.

This method may write a <saml:AttributeStatement>, <saml:AuthnStatement> or <saml:AuthzDecisionStatement> element. To handle custom Saml2Statement classes for writing a <saml:Statement> element, override this method. A to serialize the . The to serialize.

Writes the <saml:Subject> element.

A to serialize the . The to serialize.

Writes the <saml:SubjectConfirmation> element.

A to serialize the . The to serialize.

Writes the <saml:SubjectConfirmationData> element.

When the data.KeyIdentifiers collection is not empty, an xsi:type attribute will be written specifying saml:KeyInfoConfirmationDataType. A to serialize the . The to serialize.

Writes the <saml:SubjectLocality> element.

A to serialize the . The to serialize.

Represents the StatementAbstractType specified in [Saml2Core, 2.7.1]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

This abstract class provides no operations; however, this type is used to declare collections of statements, for example Saml2Assertion.Statements.

Represents the Subject element specified in [Saml2Core, 2.4.1]. see: http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

If the NameId is null and the SubjectConfirmations collection is empty, an InvalidOperationException will be thrown during serialization.

Initialize an instance of .

Initializes an instance of from a .

The to use for initialization.

Initializes an instance of from a .

The to use for initialization.

Gets or sets the . [Saml2Core, 2.4.1]

Gets a collection of which can be used to validate and confirm the . [Saml2Core, 2.4.1]

If more than one subject confirmation is provied, then satisfying any one of them is sufficient to confirm the subject for the purpose of applying the assertion.

Represents the SubjectConfirmation element specified in [Saml2Core, 2.4.1.1].

Initializes an instance of from a indicating the method of confirmation.

The to use for initialization.

Initializes an instance of from a indicating the method of confirmation and .

The to use for initialization. The to use for initialization.

Gets or sets a URI reference that identifies a protocol or mechanism to be used to confirm the subject. [Saml2Core, 2.4.1.1]

Gets or sets the expected to satisfy the enclosing subject confirmation requirements. [Saml2Core, 2.4.1.1]

Gets or sets additional to be used by a specific confirmation method. [Saml2Core, 2.4.1.1]

Represents the SubjectConfirmationData element and the associated KeyInfoConfirmationDataType defined in [Saml2Core, 2.4.1.2-2.4.1.3].

Initializes an instance of .

Gets or sets the network address/location from which an attesting entity can present the assertion. [Saml2Core, 2.4.1.2]

Gets or sets the of a SAML protocol message in response to which an attesting entity can present the assertion. [Saml2Core, 2.4.1.2]

Gets a collection of which can be used to authenticate an attesting entity. [Saml2Core, 2.4.1.3]

Gets or sets a time instant before which the subject cannot be confirmed. [Saml2Core, 2.4.1.2]

Gets or sets a time instant at which the subject can no longer be confirmed. [Saml2Core, 2.4.1.2]

Gets or sets a URI specifying the entity or location to which an attesting entity can present the assertion. [Saml2Core, 2.4.1.2]

Represents the SubjectLocality element specified in [Saml2Core, 2.7.2.1].

This element is entirely advisory, since both of these fields are quite easily "spoofed". [Saml2Core, 2.7.2.1]

Initializes an instance of .

Initializes an instance of from an address and DNS name.

A indicating the address. A indicating the DNS name.

Gets or sets the network address of the system from which the principal identified by the subject was authenticated. [Saml2Core, 2.7.2.1]

Gets or sets the DNS name of the system from which the principal identified by the subject was authenticated. [Saml2Core, 2.7.2.1]

The authentication information that an authority asserted when creating a token for a subject.

Initializes a new instance of the class.

Gets or sets the address of the authority that created the token.

Gets or sets the AuthenticationMethod

Gets or sets the AuthenticationInstant

Gets the collection of authority bindings.

Gets or sets the DNS name of the authority that created the token.

Gets or sets the time that the session referred to in the session index MUST be considered ended.

Gets or sets the session index that describes the session between the authority and the client.

Defines the keys for properties contained in .

This exception is thrown when a security is missing an ExpirationTime.

Initializes a new instance of the class.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user. A that represents the root cause of the exception.

This exception is thrown when reading a .

Initializes a new instance of the class.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user. A that represents the root cause of the exception.

This exception is thrown when reading a .

Initializes a new instance of the class.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user.

Initializes a new instance of the class.

Addtional information to be included in the exception and displayed to user. A that represents the root cause of the exception.

Log messages and codes

Represents the Action element specified in [Saml, 2.4.5.1]. see: https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf

Constructs an instance of class.

Action value represented by this class. if is null or empty.

Constructs an instance of class.

Value represented by this class. Namespace in which the action is interpreted. if is null or empty. if is not an absolute Uri.

Gets or sets a URI reference representing the namespace in which the name of the specified action is to be interpreted. [Saml, 2.4.5.1]

if is not an absolute Uri.

Gets or sets the label for an action sought to be performed on the specified resource. [Saml, 2.4.5.1]

if is null or empty.

Represents the Advice element specified in [Saml, 2.3.2.2].

This information MAY be ignored by applications without affecting either the semantics or the validity of the assertion.

Creates an instance of .

Creates an instance of .

.

Creates an instance of .

Creates an instance of .

. .

Gets a collection of representing the assertions in the .

Gets a collection of representating the assertions in the .

Represents the Assertion element specified in [Saml, 2.3.2].

Creates an instance of .

AssertionID of the assertion. Issuer of the assertion. IssueInstant of the assertion. SamlConditions of the assertion. SamlAdvice of the assertion. .

Gets or sets additional information related to the assertion that assists processing in certain situations but which may be ignored by applications that do not understand the advice or do not wish to make use of it.

Gets or sets the identifier for this assertion.

Gets or sets conditions that must be evaluated when assessing the validity of and/or when using the assertion.

Gets or sets the a PrefixList to use when there is a need to include InclusiveNamespaces writing token.

Gets or sets the issuer in the assertion.

Gets or sets the time instant of issue in UTC.

Gets the major version of this assertion. [Saml, 2.3.2] The identifier for the version of SAML defined in this specification is 1.

Gets the minor version of this assertion. [Saml, 2.3.2] The identifier for the version of SAML defined in this specification is 1.

Gets or sets the on the Assertion.

Gets or sets the used by the issuer to protect the integrity of the assertion.

Gets the (s) regarding the subject.

Represents the Attribute element.

Initializes a new instance of .

Initializes a new instance of s.

The namespace of the attribute. The name of the attribute. The value of the attribute.

Initializes a new instance of .

The namespace of the attribute. The name of the attribute. . if is null.

Gets or sets the xsi:type of the values contained in the SAML Attribute.

Gets or sets the ClaimType of the attribute.

Gets or sets the name of the attribute.

if 'value' is null or empty.

Gets or sets the namespace of the attribute.

Gets or sets the string that represents the OriginalIssuer of the SAML Attribute.

Gets a collection of representing attributes.

Comparison class supporting multi-part keys for a dicitionary

A class contains Saml attribute key.

Represents the Saml Attribute Key.

Override GetHashCode function.

Compare AttributeKeys.

Get the AttributeKey's hash code.

Represents the AttributeStatement element.

Creates an instance of .

The subject of the attribute statement. The contained in this statement.

Creates an instance of .

The subject of the attribute statement. .

Gets a collection of .

Represents the AudienceRestrictionCondition.

Creates an instance of .

The audience element contained in this restriction.

Creates an instance of .

An containing the audiences for a .

Gets the of audiences for a .

Represents the AttributeStatement element.

Creates an instance of .

The Subject of the Statement. The URI reference that specifies the type of authentication that took place. The time at which the authentication took place. The DNS domain name for the system entity from which the subject was apparently authenticated. The IP address for the system entity from which the subject was apparently authenticated. .

Gets or sets the instant of authentication.

Gets or sets the method of authentication.

if 'value' is null or empty.

Gets the collection of .

Gets or sets Domain Name Service address.

Gets or sets Internet Protocol address.

Represents the SamlAuthorityBinding specified in [Saml, 2.4.3.2].

Create an instance of .

The type of SAML protocol queries to which the authority described by this element will respond. The URI identifying the SAML protocol binding to use in communicating with the authority. The URI describing how to locate and communicate with the authority.

Gets or sets the AuthorityKind of the binding.

Gets or sets the binding.

Gets or sets the location of the binding.

Represents the AuthorizationDecisionStatement specified in [Saml, 2.4.5].

Initializes a new instance of class from a resource and decision.

The of the statement. The resource to be authorized. The AccessDecision in use. .

Initializes a new instance of class from a resource and decision.

The of the statement. The resource to be authorized. The AccessDecision in use. . Collection of specifications.

Gets or sets the AccessDecision rendered by the SAML authority with respect to the specified resource.

Gets a collection of representing the action values contained in the AuthorizationDecisionStatement.

Gets the ClaimType.

Gets or sets the evidence contained in the AuthorizationDecisionStatement.

Gets or sets the resource contained in the AuthorizationDecisionStatement.

Saml Condition element.

Represents the Conditions element specified in [Saml, 2.3.2.1].

Initializes a new instance of .

The earliest time instant at which the assertion is valid The time instant at which the assertion has expired.

Initializes a new instance of .

The earliest time instant at which the assertion is valid The time instant at which the assertion has expired. .

Gets a collection of that the assertion is addressed to.

Gets or sets the earliest time instant at which the assertion is valid.

Gets or sets the time instant at which the assertion has expired.

Contains constants related to SAML.

Known values for

Represents the SamlDoNotCacheCondition element.

Represents the SamlDoNotCacheCondition element.

Represents the Evidence element specified in [Saml, 2.4.5.2].

Contains one or more assertions or assertion references that the SAML authority relied on in issuing the authorization decision.

Initializes a new instance of class from a .

.

Initializes a new instance of class from a .

.

Initializes a new instance of class from a .

. .

Gets a collection of .

Gets a collection of for use by the .

A security token backed by a SAML assertion.

Initializes an instance of .

Initializes an instance of .

A to initialize from.

Gets the for this token.

Gets the SecurityToken id.

Gets the issuer of this token

Gets the for this instance.

Gets or sets the that was used to Sign this assertion.

Gets the time the token is valid from.

Gets the time the token is valid to.

A designed for creating and validating Saml Tokens, which supports validating tokens passed as strings using .

Default lifetime of tokens created. When creating tokens, if 'expires' and 'notbefore' are both null, then a default will be set to: expires = DateTime.UtcNow, notbefore = DateTime.UtcNow + TimeSpan.FromMinutes(TokenLifetimeInMinutes).

Initializes an instance of .

Gets a value indicating whether this handler supports validation of tokens handled by this instance.

v 'true' if the instance is capable of SecurityToken validation.

Gets a value indicating whether the class provides serialization functionality to serialize securityToken handled by this instance.

true if the WriteToken method can serialize this securityToken.

Gets or sets the SamlSubject comparer.

Gets or set the that will be used to read and write a .

'value' is null.

Gets or sets a bool that controls if token creation will set default 'NotBefore', 'NotOnOrAfter' and 'IssueInstant' if not specified.

See: , for defaults and configuration.

Gets or sets the token lifetime in minutes.

Used by to set the default expiration ('exp'). for the default. 'value' less than 1.

Gets the securityToken type supported by this handler.

Adds all Actors.

. Attribute collection to which the Actor added. if is null.

Determines if the string is a valid Saml token by examining the xml for the correct start element.

A Saml token as a string. 'true' if the string has a start element equal .

Indicates whether the current XML element can be read as a token of the type handled by this instance.

An reader positioned at a start element. The reader should not be advanced. 'true' if can read the element.

Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.

to consolidate. common attributes collected into value lists.

Override this method to provide a SamlAdvice to place in the Samltoken.

Contains information about the token. SamlAdvice, default is null.

Generates a SamlAttribute from a claim.

Claim from which to generate a SamlAttribute. if the is null. if the type of doesn't have "/" or only has "/" at the beginning or doesn't have any character(s) after the last "/".

Creates SamlAttributeStatements and adds them to a collection. Override this method to provide a custom implementation. Default behavior is to create a new SamlAttributeStatement for each Subject in the tokenDescriptor.Subjects collection.

The SamlSubject to use in the SamlAttributeStatement that are created. Contains all the other information that is used in token issuance. SamlAttributeStatement if is null. if is null.

Creates a SamlAuthenticationStatement for each AuthenticationInformation found in AuthenticationInformation. Override this method to provide a custom implementation.

The SamlSubject of the Statement. Contains all the other information that is used in token issuance. SamlAuthenticationStatement if is null. if Assertion has one or more AuthenticationStatement, and one of AuthenticationMethod and authenticationInstant is null.

Creates a from a .

The token descriptor. A . By default a null statement is returned. Override to return a to be added to a .

Creates claims from a Saml securityToken.

A that will be used to create the claims. The value to set Contains parameters for validating the securityToken. A containing the claims from the . if is null. if is null.

Generates all the conditions for saml

information that is used in token issuance. SamlConditions if is null.

Generates an enumeration of SamlStatements from a SecurityTokenDescriptor. Only SamlAttributeStatements and SamlAuthenticationStatements are generated. Overwrite this method to customize the creation of statements. Calls in order (all are virtual): 1. CreateSamlSubject 2. CreateAttributeStatements 3. CreateAuthenticationStatements 4. CreateAuthorizationDecisionStatement

The SecurityTokenDescriptor to use to build the statements. additional information for creating a . An enumeration of SamlStatement. if is null.

Returns the SamlSubject to use for all the statements that will be created. Overwrite this method to customize the creation of the SamlSubject.

Contains all the information that is used in token issuance. A SamlSubject created from the first subject found in the tokenDescriptor as follows: 1. Claim of Type NameIdentifier is searched. If found, SamlSubject.Name is set to claim.Value. 2. If a non-null tokenDescriptor.proof is found then SamlSubject.KeyIdentifier = tokenDescriptor.Proof.KeyIdentifier AND SamlSubject.ConfirmationMethod is set to 'HolderOfKey'. 3. If a null tokenDescriptor.proof is found then SamlSubject.ConfirmationMethod is set to 'BearerKey'. if is null. if the tokenDescriptor has more than one name identifier claim.

Creates a based on a information contained in the .

The that has creation information. A instance. If is null.

Creates a based on a information contained in the .

The that has creation information. additional information for creating the . A instance. If is null.

Builds an XML formated string from a collection of saml attributes that represent an Actor.

. A well formed XML string. The string is of the form "<Actor><SamlAttribute name, ns><SamlAttributeValue>...</SamlAttributeValue>, ...</SamlAttribute>...</Actor>"

Creates claims from a .

The . A . The issuer. if is null. if is null. if Actor existing in both identity and attributes of statement.

Creates claims from a .

The . A . The issuer. if is null. if is null.

Creates claims from a .

The . A . The issuer. Provided for extensibility. By default no claims are created.

Creates claims from a unknow statements.

The . A The issuer.

Processes all statements to generate claims.

A that will be used to create the claims. The issuer. Contains parameters for validating the securityToken. A containing the claims from the . if the statement is not a .

Creates subject claims from the .

The . The subject. The issuer. if is null. if is null. if the doesn't have the name or confirmation methonds.

Converts a string into an instance of .

a Saml token as a string. A if is null or empty. If 'token.Length' $gt; .

Converts a string into an instance of .

a Saml token as a string. A If is null or empty. If 'token.Length' $gt; .

Deserializes from XML a token of the type handled by this instance.

An XML reader positioned at the token's start element. validation parameters for the . An instance of .

Returns a to use for validating the signature of a token.

The representation of the token that is being validated. The that is being validated. that will be used during validation. Returns a to use for signature validation. If is null. If is null. If is null. If key fails to resolve, then null is returned

This method gets called when a special type of SamlAttribute is detected. The SamlAttribute passed in wraps a SamlAttribute that contains a collection of AttributeValues, each of which are mapped to a claim. All of the claims will be returned in an ClaimsIdentity with the specified issuer.

The SamlAttribute to be processed. The identity that should be modified to reflect the SamlAttribute. Issuer Identity. if we have two delegates acting as an identity, we do not allow this.

Determines if the audiences found in a are valid.

. The being validated. required for validation. see for additional details.

Validates the Lifetime and Audience conditions.

a that contains the . required for validation. If is null or empty. If is null. If is null. if the Condition 'OneTimeUse' is specified. Requires overriding. if the Condition 'ProxyRestriction' is specified. Requires overriding.

Determines if an issuer found in a is valid.

The issuer to validate The that is being validated. required for validation. The issuer to use when creating the (s) in the . for additional details.

Validates the was signed by a valid .

The that signed the . The being validated. The current .

Validates the lifetime of a .

The value found in the . The value found in the . The being validated. required for validation. for additional details.

Validates that the signature, if found is valid.

A Saml token. that will be used during validation. If is null or whitespace. If is null. If returns null OR an object other than a . If a signature is not found and is true. If the 'token' has a key identifier and none of the (s) provided result in a validated signature. This can indicate that a key refresh is required. If after trying all the (s), none result in a validated signture AND the 'token' does not have a key identifier. A that has had the signature validated if token was signed. If the 'token' is signed, the signature is validated even if is false. If the 'token' signature is validated, then the will be set to the key that signed the 'token'. It is the responsibility of to set the

Validates the is an expected value.

The that signed the . The to validate. The current . If the is a then the X509Certificate2 will be validated using the CertificateValidator.

Validates the token replay.

expiration time of the to validate that will be used during validation

Reads and validates a well formed .

A string containing a well formed securityToken. Contains data and information needed for validation. The that was validated. A generated from the claims in the Saml securityToken. if is null or whitespace. if is null. if 'securityToken.Length' $gt; .

Serializes a to a string.

A . if the is null. if the token is not a .

Serializes to XML a securityToken of the type handled by this instance.

The XML writer. A securityToken of type . if the is null. if the is null. if the token is not a . if is null.

Reads and writes SamlAssertions

Instantiates a new instance of .

Gets or sets the to use for reading / writing the

if value is null. Passed to and .

Gets or sets the prefix to use when writing xml.

if value is null.

Determines whether a URI is valid and can be created using the specified UriKind. Uri.TryCreate is used here, which is more lax than Uri.IsWellFormedUriString. The reason we use this function is because IsWellFormedUriString will reject valid URIs if they are IPv6 or require escaping.

The string to check. The type of URI (usually UriKind.Absolute) True if the URI is valid, false otherwise.

Read the <saml:Action> element.

A positioned at a element. A instance.

Reads the <saml:Advice> element.

The Advice element has an extensibility point to allow XML elements from non-SAML namespaces to be included. By default, because the Advice may be ignored without affecting the semantics of the assertion, any such elements are ignored. To handle the processing of those elements, override this method. A positioned at a element. A instance.

Reads a <saml:Assertion> element.

A positioned at a element. A instance.

Reads the <saml:Attribute> element.

The default implementation requires that the content of the Attribute element be a simple string. To handle complex content or content of declared simple types other than xs:string, override this method. An positioned at a element. A instance.

Reads the <saml:AttributeStatement> element, or a <saml:Statement element that specifies an xsi:type of saml:AttributeStatementType.

A positioned at a element. A instance.

Reads the <saml:AudienceRestriction> element or a <saml:Condition> element that specifies an xsi:type of saml:AudienceRestrictionType.

A positioned at a element.

Read the saml:AuthenticationStatement.

XmlReader positioned at a saml:AuthenticationStatement. SamlAuthenticationStatement The input parameter 'reader' is null. or the statement contains a unknown child element.

Reads a <saml:Binding> element.

A positioned at a element. A instance.

Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement element that specifies an xsi:type of saml:AuthzDecisionStatementType.

A positioned at a element. A instance.

Reads the <saml:Condition> element.

A positioned at a element. A instance.

Reads the <saml:Conditions> element.

To handle custom <saml:Conditions> elements, override this method. A positioned at a element. A instance.

Reads the <saml:DoNotCacheCondition> element.

A positioned at a element. A instance.

Reads the <saml:Evidence> element.

A positioned at a element. A instance.

Reads the <saml:Statement> element.

A positioned at a element. An instance of derived type. The default implementation only handles Statement elements which specify an xsi:type of saml:AttributeStatementType, saml:AuthnStatementType, and saml:AuthzDecisionStatementType. To handle custom statements, override this method.

Read the SamlSubject from the XmlReader.

A positioned at a element. An instance of .

Writes the <saml:Action> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:Advice> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <Assertion> element.

A to serialize the . The to serialize. if is null. if is null. if is null or empty. if is not well formed. See . if is null or empty. if .Count == 0.

Writes the <saml:Attribute> element.

A to serialize the . The to serialize. if is null. if is null. if any attribute values are null or empty.

Writes the <saml:AttributeStatement> element.

A to serialize the . The to serialize. if is null. if is null. if .Count == 0.

Writes the <saml:AudienceRestriction> element.

A to serialize the . The to serialize. if is null. if is null. if is empty.

Writes the <AuthenticationStatement> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <AuthorityBinding> element.

A to serialize the . The to serialize. if is null. if is null. if is null. if is null or empty. if is null or empty.

Writes the <saml:AuthzDecisionStatement> element.

A to serialize the . The to serialize. if is null. if is null. if is empty. if is null or empty. if is null.

Writes the <saml:Condition> element.

A to serialize the . The to serialize. if is null. if is null. Writes a or a all others are skipped.

Writes the <saml:Conditions> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:DoNotCacheCondition> element.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:Evidence> element.

A to serialize the . The to serialize. if is null. if is null. if does not contain any assertions or assertions references.

Writes one of the suppported Statements.

A to serialize the . The to serialize. if is null. if is null.

Writes the <saml:Subject> element.

A to serialize the . The to serialize. if is null. if is null. if does not contain any assertions or assertions references.

Represents the StatementAbstractType specified in [Saml, 2.4].

This abstract class provides no operations; however, this type is used to declare collections of statements, for example SamlAssertion.Statements.

Represents the Subject element specified in [Saml2Core, 2.4.2.1].

If the NameId is null and the SubjectConfirmations collection is empty, an InvalidOperationException will be thrown during serialization.

Initialize an instance of .

Initialize an instance of .

The format of the subject. The NameIdentifier of the subject. The name of the subject.

Initialize an instance of .

The format of the subject. The NameIdentifier of the subject. The name of the subject. . The confirmation data contained in the subject.

Gets or sets confirmation data.

Gets confirmation methods.

Gets or sets the .

Gets or sets the.

Gets or sets the name of the Subject.

Gets the ClaimType.

Gets or sets the format of the Subject.

Gets or sets the name qualifier of the Subject.

Represents the SubjectStatement element.

Gets or sets the subject of the statement.