I have a requirement to pass an object array (id, name per object) to a vendor for SAML. They want the data to come over in CDATA in this format:
saml:AttributeValue<![CDATA[
321
Text 321
123
Text 123
]]>
</saml:AttributeValue>
I tried to manually make this string by making a string including the CDATA:
var vendorNetworkListString = “<![CDATA[";
foreach (var vendorNetworkDto in vendorNetworkDtoList)
{
vendorNetworkListString += "" + vendorNetworkDto.VendorNetworkId + ""
+ vendorNetworkDto.VendorNetworkName + "";
}
vendorNetworkListString += "]]>”;
However, when I make a new SAMLAttribute object:
samlAttribute = new SAMLAttribute(“ppc_plans”, SAMLIdentifiers.AttributeNameFormats.Basic, “ppc_plans”, vendorNetworkListString);
it escapes the “<” and “>” and renders this in the SAML:
saml:AttributeValue<![CDATA[ ... ppcList>]]></saml:AttributeValue>
I am trying to figure out the right way to do this. Can someone point me in the right direction?
Thank you.
Alright, I finally found some code in the sample code and was able to get this to work:
ComponentSpace.SAML2.Assertions.AttributeType.RegisterAttributeValueSerializer(“ppc_plans”, SAMLIdentifiers.AttributeNameFormats.Basic, new XmlAttributeValueSerializer());
var xmlDocument = new XmlDocument();
xmldocument.LoadXml(vendorNetworkListXmlString);
samlAttribute = new SAMLAttribute(“ppc_plans”, SAMLIdentifiers.AttributeNameFormats.Basic, “ppc_plans”);
samlAttribute.Values.Add(new AttributeValue(xmldocument.DocumentElement));
attributeStatement.Attributes.Add(samlAttribute);
Hi Brian
Just to confirm, the sample code you found is the correct approach.
The call to SAMLAttribute.RegisterAttributeValueSerializer identifies the attribute as being XML rather than a string.
This is only required when using the SAML low-level API.
The SAML high-level API handles this automatically.