Scripting Transformation

Scripting claims transformation

The Scripting claims transformation uses C# as the scripting language to issue claims.

scripting-transformation

You can use all types that are defined in System.dll, System.Linq.dll, System.Web.dll, System.Core.dll, System.IdentityModel.dll, and System.Xml.dll.
In addition, we provide a set of helper methods to help you issue claims more easily.

  • GetClaim(string claimType): Returns the value of the first claim whose claim type equals to the input claim type. Note: The claim type is case sensitive.

  • GetNameIdFromIdentityProvider(): Returns the value of a NameID that is returned from an upstream Identity Provider.

  • GetNameIdFormatFromIdentityProvider(): Returns the format of a NameID that is returned from an upstream Identity Provider.

  • GetIdentityType(): Returns the IdentityType attribute that your Service Provider sends to Identify via the AuthnContextRefClass element.
    The accepted IdentityType values are https://data.gov.dk/eid/Person or https://data.gov.dk/eid/Professional.

  • GetLevelOfAssurance(): Returns the Level of Assurance value that a login session has after a user finishes logging in.

  • Exist(string claimType): Checks if there exists a claim whose claim type equals to the input claim type. Note: The claim type is case sensitive.

  • Match(string claimType, string valuePattern): Checks if there exists a claim whose claim type equals to the input claim type and value matches the input value pattern. Note: The claim type is case sensitive. The pattern must be a valid regular expression.

  • Issue(string claimType, string claimValue): Issues a new claim {claim type, claim value}.

  • Issue(string claimType, string claimValue, string nameFormat, string friendlyName): Issues a new claim {claim type, claim value} with a specific name format and friendly name.

  • IssueEmptyIfNotExist(string claimType): If the issuing token doesn’t contain any claim whose claim type equals to the input value, issues such a claim with empty value.

  • IssueBootstrapToken(string claimType): Encodes the bootstrap token from an upstream Identity Provider and issues it as a claim.

  • Add(string claimType, string claimValue): Adds a new {claim type, claim value} to the token. The newly added claim will be available for other claim rules to use but will eventually be removed before the token is issued.

  • AddEmptyIfNotExist(string claimType): If the issuing token doesn’t contain any claim whose claim type equals to the input value, adds such a claim with empty value to the token. The newly added claim will be available for other claim rules to use but will eventually be removed before the token is issued.

  • Remove(string claimType): Removes all claims of the input claim type.

  • Remove(string claimType, string claimValue): Removes all claims that matches the input {claim type, claim value} pair. Note: The claim type is case sensitive while the claim value is not.

  • GuidToBase64(string guid): Converts a GUID to a Base64 string.

  • ToBase64(string s): Converts a string to a Base64 string.

  • Concat(params string[] values): Concatenates many strings to a single string.

  • IssueNameId(string claimvalue, string format, string spprovidername): Issues a NameID.

    • claimvalue: The claim value of a NameID.
    • format: The format of a NameID. Use "None/none" to issue a NameID without a format.
    • When the input format is "urn:oasis:names:tc:SAML:2.0:nameid-format:entity", the claim value must be in URI format.
    • When the input format is "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", the claim value will be auto-generated with a random GUID value.
    • spprovidername: This property is there for future usage. You can pass an empty string to it for now.
  • IssueTransientNameId(string claimvalue, string spprovidername): Issues a transient NameID (urn:oasis:names:tc:SAML:2.0:nameid-format:transient). The claim value is the value of the issuing NameID.

    • claimvalue: The claim value of a NameID.
    • spprovidername: This property is there for future development. You can pass an empty string to it for now.
  • Tip: Linq methods are supported. You can use Linq syntax to simplify your scripts. For example: