The RockSolid Knowledge SAML component uses the ISamlMessageXmlSerializer interface to serialize SAML messages into XML. The default ISamlMessageXmlSerializer, SamlMessageXmlSerializer is SAML 2.0 compliant and shouldn't require modification for most integrations, however, some SAML IdentityProviders can be opinionated and the standard XML serialization may not be sufficient. To allow for this, it is possible to either extend or replace the default serialization implementation.
ISamlMessageXmlSerializer
public interface ISamlMessageXmlSerializer
{
/// <summary>
/// Serialize a <see cref="SamlMessage"/>. into XML.
/// </summary>
/// <param name="message">The <see cref="SamlMessage"/> to be serialized.</param>
/// <returns>An <see cref="XmlElement"/> representingthe serialized request.</returns>
///<exception cref="ArgumentNullException">Thrown when the <paramref name="message"/> is <c>null</c>.</exception>
XmlElement Serialize(SamlMessage message);
}
The ISamlMessageXmlSerializer Serialize method receives a SamlMessage object which represents the SAML message to serialize into XML. The SamlMessage class is abstract with each type of SAML message inheriting from it.
The SAML message classes are:
- SamlRequest
- SamlResponse
- SamlArtifactResolutionRequest
- SamlArtifactRequestWrapper
- SamlArtifactResponse
- SamlArtifactResponseWrapper
The SamlMessage is serialized into an XmlElement.
Extending the Xml serialization
To replace SAML message XML serialization completely you can provide your own ISamlMessageXmlSerializer implementation. However you only want to modify the SamlMessage data before serialization or the XmlElement after serialization you can extend our SamlMessageXmlSerializer via a decorator or override the virtual Serialize method.
public class MySamlMessageXmlSerializer : SamlMessageXmlSerializer
{
public override XmlElement Serialize(SamlMessage message)
{
// Edit the SamlMessage as required after casting to the correct SamlMessage type here.
// Call the base implementation
var serializedMessage = base.Serialized(message);
// Edit the xml element as required here.
return serializedMessage;
}
}
Registering your new implementation with dependency injection
Once you have either extended or replaced the way SamlMessages are serialized, you will need to register your implementation with dependency injection.
services.AddTransient<ISamlMessageXmlMessageSerializer, MyXmlMessageSerializer>();