HI!
I am trying to generate ‘IDPSSODescriptor’ based on your example but
it doesn’t include ‘Extensions’.
attr:EntityAttributesxmlns:attr=“urn:oasis:names:tc:SAML:metadata:attribute”
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"Name="urn:oasis:names:tc:SAML:attribute:assurance-certification"NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:uri”>
saml:AttributeValue
urn:gc-ca:cyber-auth:assurance:loa2
</saml:AttributeValue>
</saml:Attribute>
</attr:EntityAttributes>
I made xml string with above and loaded from XmlDocument
And I found your class ‘Extensions(XmlElement xmlElement)’ and tried to create object with this constructor.
But I got error ‘The XML is not an extensions’
Would you mind to give an example to create ‘Extensions’?
Thanks!
The following code demonstrates adding Extensions to an IdP SSO descriptor.
The extensions XML is loaded from a string but you could construct it however you wish.
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.LoadXml(“<attr:EntityAttributes xmlns:attr="urn:oasis:names:tc:SAML:metadata:attribute"><saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">saml:AttributeValueurn:gc-ca:cyber-auth:assurance:loa2</saml:AttributeValue></saml:Attribute></attr:EntityAttributes>”);
idpSSODescriptor.Extensions = new Extensions();
idpSSODescriptor.Extensions.AnyElements.Add(xmlDocument.DocumentElement);
The extensions XML is loaded from a string but you could construct it however you wish.
XmlDocument xmlDocument = new XmlDocument();
xmldocument.PreserveWhitespace = true;
xmldocument.LoadXml("urn:gc-ca:cyber-auth:assurance:loa2");
idpSSODescriptor.Extensions = new Extensions();
idpSSODescriptor.Extensions.AnyElements.Add(xmldocument.DocumentElement);
Thanks for your quick answer.
I will try this one actually I did some workaround that after creating completed EntityDescriptor then getting xmlelement from its object
Then I manually added Extension element.
But I will let you know after this way as it looks simpler.
Anyway, I am always impressed with you guys quick and clear answer.
I think I am gonna enjoy this forum for a while.
Sorry, but one more thing.
Like this ‘Extension’ stuffs which are added manually in metadata , after the metadata is generated and passed to partner service provider,
How my side make sure to follow this configuration accordinly to communicate each other?
For example, I specified our SAML would use ‘loa2’ in extension, and gave its metadata to partner service provider.
But when I look at my saml.config, it doesn’t have any information about what ttributes were added.
Maybe I missed something or mis-understood again.
But would you mind to explain a little why saml.config is so simple but metadata has more information for SAML protocol?
I really appreciate for your answer.
Thanks!
Information such as the expected attributes that you included in the metadata extensions is not included in saml.config as it isn’t required at the API level to support SAML SSO.
You’re using the metadata extensions to communicate to the partner identity what SAML attributes you are expecting to be returned.
We don’t check that these attributes are actually returned.
We simply return all the attributes from the SAML assertion.
If a required attribute is missing, you would have to handle this within your application.