Amazon.SecurityToken.SAML.SAMLAssertion.GetRoleCredentials C# (CSharp) Method

SAMLAssertion Class Documentation Show file Open project: aws/aws-sdk-net

GetRoleCredentials() public method

Retrieves a set of temporary credentials for the specified role, valid for the specified timespan. If the SAML authentication data yield more than one role, a valid role name must be specified.
public GetRoleCredentials ( IAmazonSecurityTokenService stsClient, string principalAndRoleArns, System.TimeSpan duration ) : SAMLImmutableCredentials
stsClient IAmazonSecurityTokenService The STS client to use when making the AssumeRoleWithSAML request.
principalAndRoleArns string /// The arns of the principal and role as returned in the SAML assertion. ///
duration System.TimeSpan The valid timespan for the credentials.
return SAMLImmutableCredentials 
        public SAMLImmutableCredentials GetRoleCredentials(IAmazonSecurityTokenService stsClient, string principalAndRoleArns, TimeSpan duration)
        {
            string roleArn = null;
            string principalArn = null;

            foreach (var s in RoleSet.Values)
            {
                if (s.Equals(principalAndRoleArns, StringComparison.OrdinalIgnoreCase))
                {
                    var roleComponents = s.Split(',');
                    principalArn = roleComponents.First();
                    roleArn = roleComponents.Last();
                    break;
                }
            }

            if (string.IsNullOrEmpty(roleArn) || string.IsNullOrEmpty(principalArn))
                throw new ArgumentException("Unknown or invalid role specified.");

            var response = stsClient.AssumeRoleWithSAML(new AssumeRoleWithSAMLRequest
            {
                SAMLAssertion = AssertionDocument,
                RoleArn = roleArn,
                PrincipalArn = principalArn,
                DurationSeconds = (int)duration.TotalSeconds
            });

            return new SAMLImmutableCredentials(response.Credentials.GetCredentials(), 
                                                response.Credentials.Expiration.ToUniversalTime(),
                                                response.Subject);
        }
SAMLAssertion
ExtractRoleData
GetRoleCredentials
SAMLAssertion