Identify scripting class reference

This document provides reference information for the classes and interfaces that you can use in your script library.

AuthnRequest

Properties

  • ForceAuthn (bool? ): Gets or sets the value indicating whether force authentication is required.
  • IsPassive (bool? ): Gets or sets the value indicating whether passive authentication is requested.
  • ProtocolBinding (Uri): Gets or sets the protocol binding for the authentication request.
  • AssertionConsumerServiceIndex (ushort?): Gets or sets the index of the assertion consumer service.
  • AssertionConsumerServiceUrl (Uri): Gets or sets the URL of the assertion consumer service.
  • AttributeConsumingServiceIndex (ushort?): Gets or sets the index of the attribute consuming service.
  • ProviderName (string): Gets or sets the name of the provider.
  • Subject (Saml2Subject): Gets or sets the subject of the authentication request.
  • Conditions (Saml2Conditions): Gets or sets the conditions of the authentication request.
  • NameIdPolicy (NameIdPolicy): Gets or sets the name ID policy of the authentication request.
  • RequestedAuthnContext (RequestedAuthnContext): Gets or sets the requested authentication context of the authentication request.
  • Scoping (Scoping): Gets or sets the scoping of the authentication request.
  • CustomNamespaces (IDictionary<string, string>): Gets or sets the custom namespaces for the authentication request.

AuthenticationContextComparison Enum

The AuthenticationContextComparison enum represents different comparison options for authentication contexts.

Enum Values

  • Exact: Represents an exact comparison. Value: 0.
  • Minimum: Represents a minimum comparison. Value: 1.
  • Maximum: Represents a maximum comparison. Value: 2.
  • Better: Represents a better comparison. Value: 3.

AuthenticationConnectionWithMethodClass

Properties

  • AuthenticationConnection (AuthenticationConnection): Represents the authentication connection.
  • EntityIdentifier (string): Represents the entity identifier.
  • MethodClass (string): Represents the method class.
  • MethodClassComparableValue (int): Represents the comparable value of the method class.
  • SecondFactorMethodClass (string): Represents the second factor method class.
  • SecondFactorMethodClassComparableValue (int): Represents the comparable value of the second factor method class.

GeneratedOtpModel

Properties

  • GeneratedDate (DateTime): The date and time when the OTP was generated.
  • OtpCode (string): The OTP code.
  • InputOtpAttempts (int): The number of attempts made to input the OTP.
  • OtpType (OtpType): The type of OTP.
  • ContactInfo (string): The contact information associated with the OTP.
  • SecondsUntilUserCanRequestANewOtp (int): The number of seconds until the user can request a new OTP.
  • OS2faktorSubscriptionKey (string): The subscription key for the OS2faktor OTP.

Methods

  • Reset(): Resets all the properties of the GeneratedOtpModel to their default values.

HttpSamlRequestMessage

The HttpSamlRequestMessage class is a subclass of the HttpSamlMessage class. It represents an HTTP SAML request message used in the Safewhere service provider.

Properties

  • Request: Gets or sets the RequestAbstract object associated with the request message.
  • Id: Gets the ID of the request message.
  • BaseUrl (inherited from HttpSamlMessage): Gets the base URL of the message.

Methods

  • GetXml(): Returns the XML representation of the message.

IEndpointContext

Properties

  • AuthenticationContext (IConnectionContext): Represents the authentication context.
  • ProtocolContext (IConnectionContext): Represents the protocol context.
  • AlternativeProtocolContext (IConnectionContext): Represents the alternative protocol context.
  • RedirectPathService (IRedirectPathService): Represents the redirect path service.
  • ServiceContainer (IServiceContainer): Represents the service container.
  • CertificateService (CertificateService): Represents the certificate service.
  • CoreConfiguration (IIdentityProviderConfigurationSection): Represents the core configuration.

Methods

  • Authenticate(ClaimsPrincipal principal, string endpointPath, RequestInformation requestInformation)
  • GetClaimDefinitions(): Retrieves a collection of claim definitions. Returns an IEnumerable.

IAuthenticationConnection

Properties

  • HelpText (string): Gets the help text for the authentication connection.
  • DoNotRegisterUsers (bool): Gets a value indicating whether to register users.
  • AllowUserAutoRegistration (bool): Gets a value indicating whether to allow user auto-registration.
  • DisallowDisabledUsersFromAuthentication (bool): Gets a value indicating whether to disallow disabled users from authentication.
  • OrganizationId (Guid): Gets the organization ID associated with the authentication connection.
  • BearingClaim (IClaimDefinition): Gets the bearing claim for the authentication connection.
  • UserTemplate (ClaimValueCollection): Gets the user template for the authentication connection.
  • SecondFactorAuthenticationConnection (IAuthenticationConnection): Gets the second factor authentication connection.
  • TwoFactorIdentitiesCondition (TwoFactorIdentitiesCondition): Gets the two-factor identities condition for the authentication connection.

INameIdService

Methods

  • GetDefaultNameIdAndFormat(HttpContextBase context, ClaimsPrincipal claimsPrincipal): Retrieves the default NameId and its format based on the provided HttpContextBase and ClaimsPrincipal objects.

  • MapNameId(HttpContextBase context, ClaimsPrincipal claimsPrincipal, string nameId, string format, string spprovidername)

  • MapTransientNameId(HttpContextBase context, ClaimsPrincipal claimsPrincipal, string nameId, string spprovidername)

IClaimTransformationPipelineContext

Properties

  • IsRegisteredUser (bool?): Gets or sets a value indicating whether the user is registered.
  • ActivatorService (IExternalContainer): Gets the activator service.
  • ExecutionContextContainer (IContainer): Gets the execution context container.
  • SkippingTransformations (IList): Gets the list of skipping transformations.
  • SkippedTransformations (IList): Gets the list of skipped transformations.
  • IsPassiveContext (bool): Gets or sets a value indicating whether the context is passive.
  • IsSoapContext (bool): Gets or sets a value indicating whether the context is SOAP.
  • OverrideAuthenticationClaimsTransformation (IClaimsTransformation): Gets or sets the override authentication claims transformation.
  • RequestInformation (IRequestInformation): Gets or sets the request information.

IClaimsTransformation

Methods

  • ClaimsPrincipal Transform(ClaimsPrincipal principal, IClaimTransformationPipelineContext claimTransformationPipelineContext);

IProtocolConnection

Properties

  • UsePersistentPseudonym (bool): Indicates whether the protocol connection uses persistent pseudonyms.
  • CreatedWithCustomizedHomeRealmDiscoverySelection (bool): Indicates whether the protocol connection was created with customized home realm discovery selection.
  • ConsentScopes (IEnumerable): Represents the consent scopes associated with the protocol connection.

IRequestInformation

Properties

  • ContextId (string)

NameIdPolicy

The NameIdPolicy class is a part of the Safewhere.ServiceProvider.Xml.RequestTypes namespace. It implements the IMessageElement interface.

Properties

  • Format (Uri): Gets or sets the format of the NameID policy.
  • SPNameQualifier (string): Gets or sets the SPNameQualifier attribute of the NameID policy.
  • AllowCreate (bool?): Gets or sets the AllowCreate attribute of the NameID policy.

OtpOptions

Properties

  • Events (OtpEvents): Instance used for events
  • Issuer (string): The issuer of the OTP
  • Algorithm (string): The algorithm used for OTP generation
  • OtpLength (int): The length of the OTP
  • IsTestMode (bool): Indicates whether the OTP is in test mode
  • OtpConfigurationSection (OtpConfigurationSection): The OTP configuration section
  • DataTransformer (IDataTransformer): The data transformer used for OTP generation
  • Items (IDictionary): Stores HttpContext.Items in an effort to decouple from the web pipeline
  • CanOfferOtpMethods (bool): Indicates whether OTP methods can be offered
  • GeneratedOtpMethods (List): The list of generated OTP methods
  • OnboardingOtpMethods (List): The list of OTP methods that support onboarding

Methods

  • Validate(): Checks that the options are valid. Should throw an exception if things are not ok.
  • RemoveFromGeneratedOtpMethods(OtpType otpType): Removes the specified OTP method from the list of generated OTP methods
  • RemoveFromOnboardingOtpMethods(OtpType otpType): Removes the specified OTP method from the list of onboarding OTP methods
  • IsOneOfSupportedOnboardingMethodsDone(): Checks if at least one of the supported onboarding methods is done

OtpMethodsByRequestedAuthenticationContextClass

Properties

  • RequestedAuthenticationContextClass (string): Represents the requested authentication context class.

  • Methods (List): Represents the list of OTP methods.

Where OtpType is the enum:

public enum OtpType
{
    None = 0,
    Sms = 1,
    Email = 2,
    Authenticator = 3,
    OS2faktor = 4,
    WebAuthn = 5,
    Device = 6
}

PassiveProtocolContext

Properties

  • Id (Guid): A unique id that we can use to link a TemporaryContext to a PassiveContext
  • Principal (ClaimsPrincipal): The claims principal associated with the context
  • AuthenticatedAssuranceLevel (int): The assurance level that a login session has
  • AuthenticatedAssuranceLevelMethodClass (Uri): The method class that a login session has
  • AuthenticatedTemporaryContextId (string): The link between a passive and an AuthenticatedTemporaryContextId
  • AuthenticatedTime (DateTime): The value set when authentication is done to find a reusable context

Methods

  • Clone(): Creates a deep copy of the PassiveProtocolContext object

PolicyRules

Properties

  • HttpContext (HttpContextBase): Represents the HTTP context associated with the current request.
  • FirstFactorPrincipal (ClaimsPrincipal): Represents the claims principal for the first factor authentication.
  • Expressions (List<Func>): Represents a list of expressions that will be evaluated during policy rule evaluation.

Methods

  • Evaluate: Evaluates all the expressions in the Expressions list and returns a boolean value indicating whether all the expressions evaluate to true.
  • ParseIPAddress: Parses the IP address range and client IP address from the provided range string. Returns a boolean value indicating whether the parsing was successful.
  • ApplyClaimTypes: Adds an expression to the Expressions list that checks if all the claim types in the provided string are present in the FirstFactorPrincipal claims.
  • NotApplyClaimTypes: Adds an expression to the Expressions list that checks if none of the claim types in the provided string are present in the FirstFactorPrincipal claims.
  • ApplyClaimValues: Adds an expression to the Expressions list that checks if any of the claim values in the provided string are present in the FirstFactorPrincipal claims.
  • NotApplyClaimValues: Adds an expression to the Expressions list that checks if none of the claim values in the provided string are present in the FirstFactorPrincipal claims.
  • ApplyIPAddressRange: Adds an expression to the Expressions list that checks if the client IP address falls within the specified IP address range.
  • NotApplyIPAddressRange: Adds an expression to the Expressions list that checks if the client IP address does not fall within the specified IP address range.
  • ApplyExpression: Adds a custom expression to the Expressions list that is evaluated using a RuleContext object.

RequestedAuthnContext

Properties

  • Comparison (AuthnContextComparison): Gets or sets the AuthnContextComparison value representing the comparison type for the requested authentication context.
  • AuthnContextRefType (AuthnContextRef): Gets or sets the AuthnContextRef value representing the type of authentication context reference.
  • AuthnContextRefs (List<Uri>): Gets the collection of Uri objects representing the authentication context references.

RequestedAuthenticationContextModel

Properties

  • IsDirty (bool): Gets a value indicating whether the object has been modified.
  • RequestedAuthenticationContextClass (IEnumerable): Gets the requested authentication context classes.
  • ScopedIdpList (IEnumerable): Gets the scoped identity provider list.
  • RequesterId (IEnumerable): Gets the requester IDs.
  • AuthenticationContextClassRefType (int): Gets or sets the authentication context class reference type.
  • ProxyCount (int): Gets or sets the proxy count.
  • AuthenticatedAuthenticationContextClass (Uri): Gets or sets the authenticated authentication context class.
  • Comparison (AuthenticationContextComparison): Gets or sets the authentication context comparison.
  • EvaluateRequestedAuthenticationContext (bool): Gets or sets a value indicating whether to evaluate the requested authentication context.
  • IdentityType (string): Gets or sets the identity type.
  • AuthnRequestHasRequestedAuthnContext (bool): Gets or sets a value indicating whether the authentication request has requested authentication context.
  • MinimumNeededAuthnContext (string): Gets or sets the minimum needed authentication context.
  • StepUpAuthnContext (string): Gets or sets the step-up authentication context.

Methods

  • ResetAuthenticationContextClass(): Resets the authentication context class.
  • SetAuthenticationContextClass(IEnumerable<Uri> contextClass): Sets the authentication context class.
  • SetScopedIdpList(IEnumerable<string> idpList): Sets the scoped identity provider list.
  • SetRequesterId(IEnumerable<Uri> requesters): Sets the requester IDs.
  • SetIdentityType(IEnumerable<Uri> contextClass): Sets the identity type.
  • Serialize(): Serializes the object to a string.
  • MarkAsNotDirty(): Marks the object as not modified.

RequestInformation

Properties

  • RequestState (RequestState): RequestState object of the* current* request
  • ProtocolConnection (IProtocolConnection): The protocol connection
  • AuthenticationConnection (IAuthenticationConnection): The authentication connection
  • HttpContext (HttpContextBase): The HttpContext
  • RuntimeOptions (RuntimeOptions): The runtime options
  • LoginContext (SessionLoginContext): The login context
  • PassiveProtocolContext (PassiveProtocolContext): The passive protocol context
  • Endpoint (Endpoint): The endpoint
  • PlugIn (PlugIn): The plug-in
  • EndpointContext (IEndpointContext): The endpoint context
  • IsSignOffRequestFromRelyingParty (bool): Indicates if it is a sign-off request from the relying party
  • IsSignOffRequestFromIdentityProvider (bool): Indicates if it is a sign-off request from the identity provider
  • IsSignOffRequest (bool): Indicates if it is a sign-off request
  • IsSignOnRequest (bool): Indicates if it is a sign-on request
  • IsSignOnResponseFromIdentityProvider (bool): Indicates if it is a sign-on response from the identity provider
  • IsSignOffResponse (bool): Indicates if it is a sign-off response
  • IsSignOffResponseSendingToSignOnEndpoint (bool): Indicates if the sign-off response is sending to the sign-on endpoint
  • IsNonFederationRequest (bool): Indicates if it is a non-federation request
  • ContextId (string): The context ID
  • PathRestored (bool): Indicates if the path is restored
  • IsRequestingNewTokenForExistingSession (bool): Indicates if a new token is requested for an existing session
  • UsingDummyProtocolConnection (bool): Indicates if a dummy protocol connection is used
  • ReferencedEntityId (string): The referenced entity ID
  • MessageObject (object): The message object
  • InterceptorContext (InterceptorContext): The interceptor context
  • IdentifyLoginContext (ISessionLoginContext): The identified login context
  • CustomStateSentToIdentityProvider (string): Can be a SAML2 relay state, OAuth2 state, or WSFed context

RequestState

Properties

  • RequestParameters (NameValueCollection): Gets the collection of request parameters.
  • OriginalUri (Uri): Gets the original URI.
  • RequestType (string): Gets the request type.
  • Path (string): Gets the path.
  • AllParameters (NameValueCollection): Gets all the parameters.
  • ReloadedFromCookies (bool): Gets or sets a value indicating whether the state was reloaded from cookies.
  • WrittenToCookies (bool): Gets or sets a value indicating whether the state was written to cookies.

Response

Properties

  • Assertions (ICollection): Collection of Saml2Assertion objects.
  • Signature (string): The signature data.

RuleContext

Properties

  • HttpContext (HttpContextBase): Represents the HttpContext object.
  • FirstFactorPrincipal (ClaimsPrincipal): Represents the ClaimsPrincipal object.
  • EndpointContext (IEndpointContext): Returns a full EndpointContext object. You can use VS' debugger window to examine its content. Notice that the EndpointContext object only exists after a login flow reaches to a certain point. Usually when you use this helper class in a claim transformation, a generic provider or an interceptor, the EndpointContext object should be available.
  • TemporaryProtocolContext (SessionLoginContext): Returns a context object that potentially contains a lot of information.
  • ProtocolConnectionId (Guid): Simple API to return id of a protocol connection.
  • ProtocolConnectionEntityId (string): Simple API to return entity id of a protocol connection. For OAuth 2.0/OpenId Connect connection, the clientid is returned.
  • AuthenticationConnectionId (Guid): Simple API to return id of an authentication connection. Notice that the authentication connection is only available after an Identity Provider has been chosen to do a login.
  • AuthenticationConnectionEntityId (string): Simple API to return entity id of an authentication connection. For OAuth 2.0/OpenId Connect connection, the clientid is returned. Notice that the authentication connection is only available after an Identity Provider has been chosen to do a login. When an authentication connection is not available in the context.

RuntimeOptions

Properties

  • Events (RuntimeEvents): Instance used for events
  • DomainEventAggregator (IDomainEventAggregator): Eventually we need to unify RuntimeEvents and DomainEvents
  • Container (IContainer):
  • RedirectPathService (IRedirectPathService):
  • CoreConfig (IIdentityProviderConfigurationSection):
  • HttpCookieService (IHttpCookieService):

Methods

  • Validate(): Check that the options are valid. Should throw an exception if things are not ok.

SamlAuthnRequestInformation

Properties

  • AuthnRequest: Gets or sets the AuthnRequest object. This property allows you to access and modify the authentication request associated with the SAML 2.0 authentication process.

  • HttpSamlRequestMessage: Gets or sets the HttpSamlRequestMessage object. This property represents the HTTP request message associated with the SAML 2.0 authentication process.

  • Issuer: Gets or sets the issuer of the SAML request. This property is inherited from the SamlRequestInformation class.

  • Destination: Gets or sets the destination URL of the SAML request. This property is inherited from the SamlRequestInformation class.

  • ProtocolBinding: Gets or sets the protocol binding used for the SAML request. This property is inherited from the SamlRequestInformation class.

  • RelayState: Gets or sets the relay state value associated with the SAML request. This property is inherited from the SamlRequestInformation class.

SamlSPMetadataConfigurationSection

Properties

  • AssertionConsumerService (AssertionConsumerService): Gets or sets the assertion consumer service.

  • AssertionConsumerServices (CustomConfigCollection): Gets the collection of assertion consumer services.

  • SubjectConfirmationDataRecipient (string): Gets or sets the subject confirmation data recipient.

  • SetResponseIssuer (bool): Gets or sets a value indicating whether to set the response issuer.

  • TokenLifetime (int): Gets or sets the token lifetime.

  • ValidateAuthenticationRequestAssertionConsumerServiceUrl (bool): Gets or sets a value indicating whether to validate the authentication request assertion consumer service URL.

  • AlwaysUseDefaultRequestedAuthenticationContextClass (bool): Gets or sets a value indicating whether to always use the default requested authentication context class.

  • DefaultRequestedAuthenticationContextClass (Uri): Gets or sets the default requested authentication context class.

  • EvaluateRequestedAuthenticationContext (bool): Gets or sets a value indicating whether to evaluate the requested authentication context.

  • ShowTailoredListFromCdc (bool): Gets or sets a value indicating whether to show a tailored list from the CDC (Common Domain Cookie).

  • SamlResponseSigning (SamlResponseSigningSettings): Gets or sets the SAML response signing settings.

  • DisableAssertionEncryption (bool): Gets or sets a value indicating whether to disable assertion encryption.

  • SetSessionNotOnOrAfter (bool): Gets or sets a value indicating whether to set the session not on or after.

  • HandleHomeRealmDiscovery (HandleHomeRealmDiscoveryErrorType): Gets or sets the handle home realm discovery error type.

  • DisableAutomaticAuthSelectionIfNotSupportedByAllLoginModules (bool): Gets or sets a value indicating whether to disable automatic authentication selection if not supported by all login modules.

  • AutoHrdTimeout (int): Gets or sets the auto HRD (Home Realm Discovery) timeout.

  • AllowUserOverrideAutoHrd (bool): Gets or sets a value indicating whether to allow the user to override auto HRD.

  • RunCustomHomeRealmDiscoveryRulesBeforeStaticRules (bool): Gets or sets a value indicating whether to run custom home realm discovery rules before static rules.

  • AuthenticationListViewName (string): Gets or sets the authentication list view name.

  • IsPresentLoginSelector (bool): Gets or sets a value indicating whether the login selector is present.

  • CommonDomainCookieReader (string): Gets or sets the common domain cookie reader.

  • CommonDomainCookieWriter (string): Gets or sets the common domain cookie writer.

  • ValidateAllowCreateWhenPersistentPseudonymIsUsed (bool): Gets or sets a value indicating whether to validate allow create when persistent pseudonym is used.

  • EnableProxying (bool): Gets or sets a value indicating whether to enable proxying.

  • DoNotIncludeAuthenticatingAuthorityFromIdentityProvider (bool): Gets or sets a value indicating whether to not include the authenticating authority from the identity provider.

  • RequesterId (string): Gets or sets the requester ID.

  • UseRequesterIdInProxiedAuthnRequest (bool): Gets or sets a value indicating whether to use the requester ID in proxied authentication requests.

  • SubjectClaimTypeAttribute (string): Gets or sets the subject claim type attribute.

  • DefaultSubjectClaimType (string): Gets or sets the default subject claim type.

  • AudienceRestriction (string): Gets or sets the audience restriction.

  • FixedRelayStateWhenReturningUnsolicitedResponse (string): Gets or sets the fixed relay state when returning an unsolicited response.

  • EncryptionMethod (string): Gets or sets the encryption method.

  • KeyTransportAlgorithm (string): Gets or sets the key transport algorithm.

  • ExtraEntityIds (Saml2ProtocolEntityIdReferenceCollection): Gets or sets the collection of extra entity IDs.

  • UseMultiValuedAttribute (bool): Gets or sets a value indicating whether to use multi-valued attribute.

  • AttributeConsumingServices (CustomConfigCollection): Gets or sets the collection of attribute consuming services.

  • UseSubjectInAuthnRequestForHomeRealmDiscoveryAndPopulateToLogOnScreen (bool): Gets or sets a value indicating whether to use the subject in the authentication request for home realm discovery and populate it to the logon screen.

  • AuthenticationRequestPolicyScript (string): Gets or sets the authentication request policy script.

  • TokenIssuancePolicyScript (string): Gets or sets the token issuance policy script.

  • RequestedAuthenticationContextValidationScript (string): Gets or sets the requested authentication context validation script.

  • StepUpAuthnRequestScript (string): Gets or sets the step-up authentication request script.

  • DependencyConnectionPolicyScript (string): Gets or sets the dependency connection policy script.

  • OfferRememberUserChoiceOfIdentityProvider (bool): Gets or sets a value indicating whether to offer to remember the user's choice of identity provider.

  • HomeRealmDiscoveryScript (string): Gets or sets the home realm discovery script.

Methods

  • RetrieveEntityIdReference(string identifier): Retrieves the entity ID reference for the specified identifier.

  • RetrieveEntityId(string identifier): Retrieves the entity ID for the specified identifier.

  • RetrieveAllEntityIds(): Retrieves all the entity IDs.

  • RetrieveMetadataLocation(): Retrieves the metadata location.

  • ExistMethodClass(AuthenticationContextMethodClass methodClass): Checks if the specified authentication context method class exists.

  • GetDefaultAssertionConsumerService(): Gets the default assertion consumer service.

SamlResponseRequestInformation

Properties

  • AuthnRequest (AuthnRequest): Represents the authentication request associated with the SAML response request information.
  • Response (Response): Represents the SAML response associated with the SAML response request information.

SamlSignOnConfigurationSection

Properties

  • SingleSignOnService (SamlMetadataEndpoint): The single sign-on service endpoint.
  • SetAuthenticationRequestAssertionConsumerServiceUrl (bool): Specifies whether to set the authentication request assertion consumer service URL.
  • UsingNameIdAsIdentityBearingClaim (bool): Specifies whether to use the NameID as the identity-bearing claim.
  • ValidateSubjectConfirmationDataRecipient (bool): Specifies whether to validate the subject confirmation data recipient.
  • RejectedAuthenticationContextMethodClasses (string): The rejected authentication context method classes.
  • AlwaysOverrideSessionNotOnOrAfterWithFederatedSessionLifetime (bool): Specifies whether to always override the session notOnOrAfter with the federated session lifetime.
  • SetNameIdPolicyToThatOfAuthnRequest (bool): Specifies whether to set the NameID policy to that of the authentication request.
  • AuthLoginStatusCheckerPath (string): The path to the authentication login status checker.
  • SetRequestedAuthnContextToAuthnRequest (bool): Specifies whether to set the requested authentication context to the authentication request.
  • AuthenticationContextMethodClassMapping (KeyValueConfigurationCollection): The authentication context method class mapping.
  • AlwaysOverrideWithDefaultNameIdFormat (bool): Specifies whether to always override with the default NameID format.
  • UseIfNoNameIdFormatIsSpecified (bool): Specifies whether to use if no NameID format is specified.
  • AuthnRequestCustomizationScript (string): The authentication request customization script.
  • TransferDomainToUpstreamIdentityProvider (bool): Specifies whether to transfer the domain to the upstream identity provider.
  • SupportsScope (bool): Specifies whether the identity provider supports the scope.
  • ProductType (string): The product type.
  • MapAuthnContextMethodClassToSendToUpstreamIdentityProviderScript (string): The script to map the authentication context method class to send to the upstream identity provider.
  • RequestedAuthenticationContextResponseValidationScript (string): The script to validate the requested authentication context response.

Methods

  • RetrieveAllEntityIds(): Retrieves all entity IDs.
  • RetrieveEntityId(): Retrieves the entity ID.
  • ExistMethodClass(AuthenticationContextMethodClass methodClass): Checks if a method class exists.

SamlSignOnValidationException

Properties

  • ResponseErrorCode (string): Represents the response error code.
  • ResponseSubErrorCode (string): Represents the response sub-error code.
  • BreakAndShowErrorPage (bool): Indicates whether to break and show an error page.

SessionLoginContext

Properties

  • IsDirty (bool): Gets a value indicating whether the SessionLoginContext is dirty.
  • WrittenToCookies (bool): Gets or sets a value indicating whether the SessionLoginContext has been written to cookies.
  • ContextIdKey (CompositeContextIdKey): Gets the composite context ID key.
  • ProtocolContextId (Guid): Gets or sets the protocol context ID.
  • OriginalRequestState (RequestState): Gets or sets the original request state object.
  • RequestedAuthenticationContextModel (RequestedAuthenticationContextModel): Gets the requested authentication context model.
  • TwoFactorContextModel (TwoFactorContextModel): Gets the two-factor context model.
  • SignOnSucceeded (bool): Gets or sets a value indicating whether the sign-on operation succeeded.
  • IsPresentLoginSelector (bool): Gets or sets a value indicating whether the login selector is present.
  • ForceAuthentication (bool): Gets or sets a value indicating whether force authentication is enabled.
  • IsForcingAuthnDueToStepUp (bool): Gets or sets a value indicating whether force authentication is due to step-up.
  • SkipClaimsTransformation (bool): Gets or sets a value indicating whether claims transformation should be skipped.
  • IsDeterminedSingleCredential (bool): Gets or sets a value indicating whether a single credential has been determined.
  • ReuseAuthenticationConnectionId (Guid): Gets or sets the ID of the authentication connection to be reused.
  • RedirectPathAfterAuthenticated (string): Gets or sets the redirect path after authentication.
  • AuthenticationConnectionEntityIdentifier (string): Gets or sets the entity identifier of the authentication connection.
  • UserName (string): Gets or sets the special user name.
  • RedirectLoopCounter (int): Gets or sets the redirect loop counter.
  • ContextHasPrincipal (bool): Gets or sets a value indicating whether the context has a principal.
  • SamlContext (IContextObject): Gets or sets the SAML context.
  • SamlContextString (string): Gets the SAML context string.
  • ExecutedCommands (IReadOnlyCollection): Gets the executed commands.

Methods

  • SetExecutedCommand(string command): Sets the executed command.
  • Clone(): Creates a clone of the SessionLoginContext.
  • MarkAsNotDirty(): Marks the SessionLoginContext as not dirty.
  • Serialize(): Serializes the SessionLoginContext.
  • RestoreTwoFactorContextModel(TwoFactorContextModel twoFactorContextModel): Restores the two-factor context model.
  • SetPassiveProtocolContext(PassiveProtocolContext passiveProtocolContext): Sets the passive protocol context.

TwoFactorContextModel

Properties

  • RedirectEndpointAfterSecondFactorIsAuthenticated (string): The redirect endpoint after the second factor is authenticated.
  • UseTwoFactor (bool): Indicates whether two-factor authentication is enabled.
  • TwoFactorIdentitiesCondition (TwoFactorIdentitiesCondition): The condition for two-factor identities.
  • FirstFactorPrincipal (ClaimsPrincipal): The first factor principal.
  • FirstFactorUserId (Guid): The ID of the first factor user.
  • FirstFactorAuthenticationConnectionId (Guid): The ID of the first factor authentication connection.
  • FirstFactorRequestLink (string): The request link for the first factor.
  • SecondFactorAuthenticationConnectionId (Guid): The ID of the second factor authentication connection.
  • SecondFactorValidated (bool): Indicates whether the second factor has been validated.
  • SecondFactorEvaluated (bool): Indicates whether the second factor has been evaluated.
  • IsOboardingWithWizard (bool): Indicates whether onboarding is done with a wizard.
  • CurrentUILanguageCode (string): The code for the current UI language.

Methods

  • ResetTwoFactorData(): Resets the two-factor data.

TwoFactorIdentitiesCondition

Enum values

  • None (int): Represents the value for "None" condition.
  • MustBeTheSame (int): Represents the value for "MustBeTheSame" condition.
  • UseTheFirstIdentity (int): Represents the value for "UseTheFirstIdentity" condition.
  • UseTheSecondIdentity (int): Represents the value for "UseTheSecondIdentity" condition.
  • UseBothIdentities (int): Represents the value for "UseBothIdentities" condition.

IAuthenticationInterceptorService

Properties

  • MustHaveInputKeys (IEnumerable<string>): Defines the list of required static settings that the system administrator must configure for this interceptor in the authentication connection UI.

Methods

  • Intercept(ControllerContext cc, ClaimsPrincipal principal, IIdentifyRequestInformation requestInformation, IDictionary<string, string> input, string contextId, string viewName): Intercepts a login flow on the authentication (the upstream Identity Provider) side.

  • OnPostBack(ControllerContext cc, ClaimsPrincipal principal, IIdentifyRequestInformation requestInformation, IDictionary\<string, string> input, string contextId, string viewName): In the event that the login flow is intercepted and a UI is shown to the user, this method is called to handle the data that the user submits.

IProtocolInterceptorService

Properties

  • MustHaveInputKeys (IEnumerable<string>): Defines the list of required static settings that the system administrator must configure for this interceptor in the protocol connection (application) UI.

Methods

  • Intercept(ControllerContext cc, ClaimsPrincipal principal, IIdentifyRequestInformation requestInformation, IDictionary<string, string> input, string contextId, string viewName): Intercepts a login flow on the protocol connection (application) side.

  • OnPostBack(ControllerContext cc, ClaimsPrincipal principal, IIdentifyRequestInformation requestInformation, IDictionary\<string, string> input, string contextId, string viewName): In the event that the login flow is intercepted and a UI is shown to the user, this method is called to handle the data that the user submits.