public SAMLImmutableCredentials GetRoleCredentials(IAmazonSecurityTokenService stsClient, string principalAndRoleArns, TimeSpan duration)
{
string roleArn = null;
string principalArn = null;
foreach (var s in RoleSet.Values)
{
if (s.Equals(principalAndRoleArns, StringComparison.OrdinalIgnoreCase))
{
var roleComponents = s.Split(',');
principalArn = roleComponents.First();
roleArn = roleComponents.Last();
break;
}
}
if (string.IsNullOrEmpty(roleArn) || string.IsNullOrEmpty(principalArn))
throw new ArgumentException("Unknown or invalid role specified.");
var response = stsClient.AssumeRoleWithSAML(new AssumeRoleWithSAMLRequest
{
SAMLAssertion = AssertionDocument,
RoleArn = roleArn,
PrincipalArn = principalArn,
DurationSeconds = (int)duration.TotalSeconds
});
return new SAMLImmutableCredentials(response.Credentials.GetCredentials(),
response.Credentials.Expiration.ToUniversalTime(),
response.Subject);
}