%SAML.Assertion

Class %SAML.Assertion Extends (%SOAP.WST.AbstractToken, %SOAP.Security.Element, %SAML.AssertionReference) [ Inheritance = right, System = 4 ]

SAML Assert Token for SOAP Security header.

Parameters

XMLFORMAT

Parameter XMLFORMAT = "literal";

NAMESPACE

Parameter NAMESPACE = "urn:oasis:names:tc:SAML:2.0:assertion";

ELEMENTQUALIFIED

Parameter ELEMENTQUALIFIED = 0;

XMLPREFIX

Parameter XMLPREFIX = "saml";

XMLSEQUENCE

Parameter XMLSEQUENCE = 1;

Need to distinguish the 2 different possible Signature elements.

Properties

Issuer

Property Issuer As %SAML.NameID(XMLREF = 1) [ Required ];

Signature

Property Signature As %XML.Security.Signature(REFELEMENTQUALIFIED = 1, REFNAMESPACE = "http://www.w3.org/2000/09/xmldsig#", XMLREF = 1);

Subject

Property Subject As %SAML.Subject(XMLREF = 1);

Conditions

Property Conditions As %SAML.Conditions(XMLREF = 1);

Advice

Property Advice As list Of %SAML.AssertionReference(REFELEMENTQUALIFIED = 1, XMLREF = 1, XMLTYPECONSTRAINT = "choice");

Statement

Property Statement As list Of %SAML.Statement(XMLPROJECTION = "element", XMLREF = 1, XMLTYPECONSTRAINT = "choice");

WSSecuritySignature

Property WSSecuritySignature As %XML.Security.Signature(REFELEMENTQUALIFIED = 1, REFNAMESPACE = "http://www.w3.org/2000/09/xmldsig#", XMLNAME = "Signature", XMLREF = 1) [ Internal ];

SAMLID

Property SAMLID As %String(MAXLEN = "", XMLNAME = "ID", XMLPROJECTION = "attribute") [ Required ];

IssueInstant

Property IssueInstant As %xsd.dateTime(XMLPROJECTION = "attribute") [ Required ];

Version

Property Version As %String(MAXLEN = "", XMLPROJECTION = "attribute") [ Required ];

NodeId

Property NodeId As %String(XMLPROJECTION = "none") [ Internal ];

Save the node id of this element in the tree during import.

Text

Property Text As %String(XMLPROJECTION = "none") [ Internal ];

Save the text this element in the tree during import.

X509Credentials

Property X509Credentials As %RawString(XMLPROJECTION = "none") [ Internal ];

If SubjectConfirmation is based on X509 certificate, this is the X509 certificate class. This property is read-only.

PrefixList

Property PrefixList As %String(MAXLEN = "", XMLPROJECTION = "none") [ Internal ];

The optional prefix list to be used for inclusive namespace prefix when creating WSSecuritySignature. The PrefixList that is specified for this SAML assertion as a list of NMTOKENS.

Methods

X509CredentialsGet

Method X509CredentialsGet() As %SYS.X509Credentials [ Internal ]

GetX509Credentials

Method GetX509Credentials() As %SYS.X509Credentials [ CodeMode = expression ]

Get the X.509 credentials associated with this Security header element on input.

XMLNew

ClassMethod XMLNew(document As %XML.Document, nodeId As %Integer, containerOref As %RegisteredObject = "") As %RegisteredObject

Save the node if when getting a new class instance.

Create

ClassMethod Create() As %SAML.Assertion

Create an unsigned SAML Asssertion

CreateX509

ClassMethod CreateX509(credentials As %SYS.X509Credentials, referenceOption As %Integer, prefixList As %String = "") As %SAML.Assertion

Create an SAML Asssertion with WS-Security Signature based on X.509 credentials.
prefixList that is specified as a list of NMTOKENS for signing this SAML assertion.

ValidateTokenRef

Method ValidateTokenRef(service As %SOAP.WebBase, ByRef tokenType As %String, ByRef credentials As %SYS.X509Credentials) As %String [ Internal ]

Validate and get the credentials from the Assertion's SubjectConfirmationData element with holder-of-key method. If valid, set credentials argument and return "". If not valid, return error code.

InitializeForService

Method InitializeForService(service As %SOAP.WebBase, header As %SOAP.Security.Header) As %Status [ Internal ]

Initialize the signature in the SAML assertion.

Perform

Method Perform(messageStream As %BinaryStream, header As %SOAP.Security.Header) As %Status [ Internal ]

Complete the Signature element by adding the Reference elements to the SignedInfo based on the SignatureOptions and computing the signature value.

Reset

Method Reset() [ Internal ]

Reset the SAML assertion.

ValidateElement

Method ValidateElement(document As %XML.Document, service As %SOAP.WebBase, mimeAttachments As %Net.MIMEPart = "") As %String [ Internal ]

Validate the SAML assertion. If invalid return an error code.

Parameters​

XMLFORMAT​

NAMESPACE​

ELEMENTQUALIFIED​

XMLPREFIX​

XMLSEQUENCE​

Properties​

Issuer​

Signature​

Subject​

Conditions​

Advice​

Statement​

WSSecuritySignature​

SAMLID​

IssueInstant​

Version​

NodeId​

Text​

X509Credentials​

PrefixList​

Methods​

X509CredentialsGet​

GetX509Credentials​

XMLNew​

Create​

CreateX509​

ValidateTokenRef​

InitializeForService​

Perform​

Reset​

ValidateElement​