Container for the parameters to the AssumeRoleWithSAML operation.

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific credentials or configuration.

The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS services. The credentials are valid for the duration that you specified when calling AssumeRoleWithSAML , which can be up to 3600 seconds (1 hour) or until the time specified in the SAML authentication response's NotOnOrAfter value, whichever is shorter.

NOTE:The maximum duration for a session is 1 hour, and the minimum duration is 15 minutes, even if values outside this range are specified.

Optionally, you can pass an AWS IAM access policy to this operation. The temporary security credentials that are returned by the operation have the permissions that are associated with the access policy of the role being assumed, except for any permissions explicitly denied by the policy you pass. This gives you a way to further restrict the permissions for the federated user. These policies and any applicable resource-based policies are evaluated when calls to AWS are made using the temporary security credentials.

Before your application can call AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you must use AWS Identity and Access Management (AWS IAM) to create a SAML provider entity in your AWS account that represents your identity provider, and create an AWS IAM role that specifies this SAML provider in its trust policy.

Calling AssumeRoleWithSAML does not require the use of AWS security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.

For more information, see the following resources:

Inheritance: AmazonSecurityTokenServiceRequest
        public SessionAWSCredentials GetSamlRoleCredentails(string samlAssertion, string awsRole)
        {
            string[] role = awsRole.Split(',');

            AssumeRoleWithSAMLRequest samlRequest = new AssumeRoleWithSAMLRequest();
            samlRequest.SAMLAssertion = samlAssertion;
            samlRequest.RoleArn = role[1];
            samlRequest.PrincipalArn = role[0];
            samlRequest.DurationSeconds = 3600;

            AmazonSecurityTokenServiceClient sts;
            AssumeRoleWithSAMLResponse samlResponse;
            try {
                sts = new AmazonSecurityTokenServiceClient();
                samlResponse = sts.AssumeRoleWithSAML(samlRequest);
            }
            catch
            {
                sts = new AmazonSecurityTokenServiceClient("a", "b", "c");
                samlResponse = sts.AssumeRoleWithSAML(samlRequest);
            }

            SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(
                samlResponse.Credentials.AccessKeyId,
                samlResponse.Credentials.SecretAccessKey,
                samlResponse.Credentials.SessionToken);

            return sessionCredentials;
        }
        /// <summary>
        /// Instantiates STSAssumeRoleAWSCredentials which automatically assumes a specified SAML role.
        /// The credentials are refreshed before expiration.
        /// </summary>
        /// <param name="assumeRoleWithSamlRequest">Configuration for the SAML role to assume.</param>
        public STSAssumeRoleAWSCredentials(AssumeRoleWithSAMLRequest assumeRoleWithSamlRequest)
        {
            if (assumeRoleWithSamlRequest == null) throw new ArgumentNullException("assumeRoleWithSamlRequest");

            _stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials());
            _assumeSamlRequest = assumeRoleWithSamlRequest;
            PreemptExpiryTime = _defaultPreemptExpiryTime;
        }
        public object Execute(ExecutorContext context)
        {
            var cmdletContext = context as CmdletContext;
            // create request
            var request = new Amazon.SecurityToken.Model.AssumeRoleWithSAMLRequest();

            if (cmdletContext.DurationInSeconds != null)
            {
                request.DurationSeconds = cmdletContext.DurationInSeconds.Value;
            }
            if (cmdletContext.Policy != null)
            {
                request.Policy = cmdletContext.Policy;
            }
            if (cmdletContext.PrincipalArn != null)
            {
                request.PrincipalArn = cmdletContext.PrincipalArn;
            }
            if (cmdletContext.RoleArn != null)
            {
                request.RoleArn = cmdletContext.RoleArn;
            }
            if (cmdletContext.SAMLAssertion != null)
            {
                request.SAMLAssertion = cmdletContext.SAMLAssertion;
            }

            CmdletOutput output;

            // issue call
            var client = Client ?? CreateClient();

            try
            {
                var    response       = CallAWSServiceOperation(client, request);
                object pipelineOutput = cmdletContext.Select(response, this);
                output = new CmdletOutput
                {
                    PipelineOutput  = pipelineOutput,
                    ServiceResponse = response
                };
            }
            catch (Exception e)
            {
                output = new CmdletOutput {
                    ErrorResponse = e
                };
            }

            return(output);
        }
        /// <summary>
        /// Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithSAML operation on AmazonSecurityTokenServiceClient.</param>
        /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
        /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
        ///          procedure using the AsyncState property.</param>
        /// 
        /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndAssumeRoleWithSAML
        ///         operation.</returns>
        public IAsyncResult BeginAssumeRoleWithSAML(AssumeRoleWithSAMLRequest request, AsyncCallback callback, object state)
        {
            var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
            var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.Instance;

            return BeginInvoke<AssumeRoleWithSAMLRequest>(request, marshaller, unmarshaller,
                callback, state);
        }
        /// <summary>
        /// Returns a set of temporary security credentials for users who have been authenticated
        /// via a SAML authentication response. This operation provides a mechanism for tying
        /// an enterprise identity store or directory to role-based AWS access without user-specific
        /// credentials or configuration. 
        /// 
        ///  
        /// <para>
        /// The temporary security credentials returned by this operation consist of an access
        /// key ID, a secret access key, and a security token. Applications can use these temporary
        /// security credentials to sign calls to AWS services. The credentials are valid for
        /// the duration that you specified when calling <code>AssumeRoleWithSAML</code>, which
        /// can be up to 3600 seconds (1 hour) or until the time specified in the SAML authentication
        /// response's <code>SessionNotOnOrAfter</code> value, whichever is shorter.
        /// </para>
        ///  <note>The maximum duration for a session is 1 hour, and the minimum duration is 15
        /// minutes, even if values outside this range are specified. </note> 
        /// <para>
        /// Optionally, you can pass an IAM access policy to this operation. If you choose not
        /// to pass a policy, the temporary security credentials that are returned by the operation
        /// have the permissions that are defined in the access policy of the role that is being
        /// assumed. If you pass a policy to this operation, the temporary security credentials
        /// that are returned by the operation have the permissions that are allowed by both the
        /// access policy of the role that is being assumed, <i><b>and</b></i> the policy that
        /// you pass. This gives you a way to further restrict the permissions for the resulting
        /// temporary security credentials. You cannot use the passed policy to grant permissions
        /// that are in excess of those allowed by the access policy of the role that is being
        /// assumed. For more information, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html">Permissions
        /// for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity</a> in the <i>Using
        /// IAM</i>.
        /// </para>
        ///  
        /// <para>
        /// Before your application can call <code>AssumeRoleWithSAML</code>, you must configure
        /// your SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
        /// you must use AWS Identity and Access Management (IAM) to create a SAML provider entity
        /// in your AWS account that represents your identity provider, and create an IAM role
        /// that specifies this SAML provider in its trust policy. 
        /// </para>
        ///  
        /// <para>
        /// Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security credentials.
        /// The identity of the caller is validated by using keys in the metadata document that
        /// is uploaded for the SAML provider entity for your identity provider. 
        /// </para>
        ///  
        /// <para>
        /// For more information, see the following resources:
        /// </para>
        ///  <ul> <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html">About
        /// SAML 2.0-based Federation</a> in the <i>Using IAM</i>. </li> <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html">Creating
        /// SAML Identity Providers</a> in the <i>Using IAM</i>. </li> <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html">Configuring
        /// a Relying Party and Claims</a> in the <i>Using IAM</i>. </li> <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html">Creating
        /// a Role for SAML 2.0 Federation</a> in the <i>Using IAM</i>. </li> </ul> <member name="RoleArn"
        /// target="arnType"></member> <member name="SAMLAssertion" target="SAMLAssertionType"></member>
        /// <member name="Policy" target="sessionPolicyDocumentType"></member> <member name="DurationSeconds"
        /// target="roleDurationSecondsType"></member>
        /// </summary>
        /// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithSAML service method.</param>
        /// 
        /// <returns>The response from the AssumeRoleWithSAML service method, as returned by SecurityTokenService.</returns>
        /// <exception cref="Amazon.SecurityToken.Model.ExpiredTokenException">
        /// The web identity token that was passed is expired or is not valid. Get a new identity
        /// token from the identity provider and then retry the request.
        /// </exception>
        /// <exception cref="Amazon.SecurityToken.Model.IDPRejectedClaimException">
        /// The identity provider (IdP) reported that authentication failed. This might be because
        /// the claim is invalid.
        /// 
        ///  
        /// <para>
        /// If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation,
        /// it can also mean that the claim has expired or has been explicitly revoked. 
        /// </para>
        /// </exception>
        /// <exception cref="Amazon.SecurityToken.Model.InvalidIdentityTokenException">
        /// The web identity token that was passed could not be validated by AWS. Get a new identity
        /// token from the identity provider and then retry the request.
        /// </exception>
        /// <exception cref="Amazon.SecurityToken.Model.MalformedPolicyDocumentException">
        /// The request was rejected because the policy document was malformed. The error message
        /// describes the specific error.
        /// </exception>
        /// <exception cref="Amazon.SecurityToken.Model.PackedPolicyTooLargeException">
        /// The request was rejected because the policy document was too large. The error message
        /// describes how big the policy document is, in packed form, as a percentage of what
        /// the API allows.
        /// </exception>
        public AssumeRoleWithSAMLResponse AssumeRoleWithSAML(AssumeRoleWithSAMLRequest request)
        {
            var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
            var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.Instance;

            return Invoke<AssumeRoleWithSAMLRequest,AssumeRoleWithSAMLResponse>(request, marshaller, unmarshaller);
        }
        /// <summary>
        /// Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithSAML operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
        public Task<AssumeRoleWithSAMLResponse> AssumeRoleWithSAMLAsync(AssumeRoleWithSAMLRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
            var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.Instance;

            return InvokeAsync<AssumeRoleWithSAMLRequest,AssumeRoleWithSAMLResponse>(request, marshaller, 
                unmarshaller, cancellationToken);
        }
 /// <summary>
 /// Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
 /// </summary>
 /// 
 /// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithSAML operation on AmazonSecurityTokenServiceClient.</param>
 /// <param name="callback">An Action delegate that is invoked when the operation completes.</param>
 /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
 ///          procedure using the AsyncState property.</param>
 public void AssumeRoleWithSAMLAsync(AssumeRoleWithSAMLRequest request, AmazonServiceCallback<AssumeRoleWithSAMLRequest, AssumeRoleWithSAMLResponse> callback, AsyncOptions options = null)
 {
     options = options == null?new AsyncOptions():options;
     var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
     var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.Instance;
     Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null;
     if(callback !=null )
         callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { 
             AmazonServiceResult<AssumeRoleWithSAMLRequest,AssumeRoleWithSAMLResponse> responseObject 
                     = new AmazonServiceResult<AssumeRoleWithSAMLRequest,AssumeRoleWithSAMLResponse>((AssumeRoleWithSAMLRequest)req, (AssumeRoleWithSAMLResponse)res, ex , ao.State);    
                 callback(responseObject); 
         };
     BeginInvoke<AssumeRoleWithSAMLRequest>(request, marshaller, unmarshaller, options, callbackHelper);
 }
 IAsyncResult invokeAssumeRoleWithSAML(AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest, AsyncCallback callback, object state, bool synchronized)
 {
     IRequest irequest = new AssumeRoleWithSAMLRequestMarshaller().Marshall(assumeRoleWithSAMLRequest);
     var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.GetInstance();
     AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller);
     Invoke(result);
     return result;
 }
 /// <summary>
 /// Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
 /// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService.AssumeRoleWithSAML"/>
 /// </summary>
 /// 
 /// <param name="assumeRoleWithSAMLRequest">Container for the necessary parameters to execute the AssumeRoleWithSAML operation on
 ///          AmazonSecurityTokenService.</param>
 /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
 /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
 ///          procedure using the AsyncState property.</param>
 /// 
 /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking
 ///         EndAssumeRoleWithSAML operation.</returns>
 public IAsyncResult BeginAssumeRoleWithSAML(AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest, AsyncCallback callback, object state)
 {
     return invokeAssumeRoleWithSAML(assumeRoleWithSAMLRequest, callback, state, false);
 }
 /// <summary>
 /// <para> Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This
 /// operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific
 /// credentials or configuration. </para> <para> The temporary security credentials returned by this operation consist of an access key ID, a
 /// secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS services. The
 /// credentials are valid for the duration that you specified when calling <c>AssumeRoleWithSAML</c> , which can be up to 3600 seconds (1 hour)
 /// or until the time specified in the SAML authentication response's <c>NotOnOrAfter</c> value, whichever is shorter.</para>
 /// <para><b>NOTE:</b>The maximum duration for a session is 1 hour, and the minimum duration is 15 minutes, even if values outside this range
 /// are specified. </para> <para>Optionally, you can pass an AWS IAM access policy to this operation. The temporary security credentials that
 /// are returned by the operation have the permissions that are associated with the access policy of the role being assumed, except for any
 /// permissions explicitly denied by the policy you pass. This gives you a way to further restrict the permissions for the resulting temporary
 /// security credentials. These policies and any applicable resource-based policies are evaluated when calls to AWS are made using the temporary
 /// security credentials. </para> <para> Before your application can call <c>AssumeRoleWithSAML</c> , you must configure your SAML identity
 /// provider (IdP) to issue the claims required by AWS. Additionally, you must use AWS Identity and Access Management (AWS IAM) to create a SAML
 /// provider entity in your AWS account that represents your identity provider, and create an AWS IAM role that specifies this SAML provider in
 /// its trust policy. </para> <para> Calling <c>AssumeRoleWithSAML</c> does not require the use of AWS security credentials. The identity of the
 /// caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider. </para>
 /// <para>For more information, see the following resources:</para>
 /// <ul>
 /// <li> <a href="http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html" >Creating Temporary Security Credentials for SAML
 /// Federation</a> in the <i>Using Temporary Security Credentials</i> guide. </li>
 /// <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/idp-managing-identityproviders.html" >SAML Providers</a> in the <i>Using
 /// IAM</i> guide. </li>
 /// <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html" >Configuring a Relying Party and Claims in
 /// the Using IAM guide. </a> </li>
 /// <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml.html" >Creating a Role for SAML-Based Federation</a> in the
 /// <i>Using IAM</i> guide. </li>
 /// 
 /// </ul>
 /// 
 /// </summary>
 /// 
 /// <param name="assumeRoleWithSAMLRequest">Container for the necessary parameters to execute the AssumeRoleWithSAML service method on
 ///          AmazonSecurityTokenService.</param>
 /// 
 /// <returns>The response from the AssumeRoleWithSAML service method, as returned by AmazonSecurityTokenService.</returns>
 /// 
 /// <exception cref="PackedPolicyTooLargeException"/>
 /// <exception cref="IDPRejectedClaimException"/>
 /// <exception cref="MalformedPolicyDocumentException"/>
 /// <exception cref="InvalidIdentityTokenException"/>
 /// <exception cref="ExpiredTokenException"/>
 public AssumeRoleWithSAMLResponse AssumeRoleWithSAML(AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest)
 {
     IAsyncResult asyncResult = invokeAssumeRoleWithSAML(assumeRoleWithSAMLRequest, null, null, true);
     return EndAssumeRoleWithSAML(asyncResult);
 }
        IAsyncResult invokeAssumeRoleWithSAML(AssumeRoleWithSAMLRequest request, AsyncCallback callback, object state, bool synchronized)
        {
            var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
            var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.Instance;

            return Invoke(request, callback, state, synchronized, marshaller, unmarshaller, signer);
        }
        /// <summary>
        /// <para> Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This
        /// operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific
        /// credentials or configuration. </para> <para> The temporary security credentials returned by this operation consist of an access key ID, a
        /// secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS services. The
        /// credentials are valid for the duration that you specified when calling <c>AssumeRoleWithSAML</c> , which can be up to 3600 seconds (1 hour)
        /// or until the time specified in the SAML authentication response's <c>NotOnOrAfter</c> value, whichever is shorter.</para>
        /// <para><b>NOTE:</b>The maximum duration for a session is 1 hour, and the minimum duration is 15 minutes, even if values outside this range
        /// are specified. </para> <para>Optionally, you can pass an AWS IAM access policy to this operation. The temporary security credentials that
        /// are returned by the operation have the permissions that are associated with the access policy of the role being assumed, except for any
        /// permissions explicitly denied by the policy you pass. This gives you a way to further restrict the permissions for the federated user. These
        /// policies and any applicable resource-based policies are evaluated when calls to AWS are made using the temporary security credentials.
        /// </para> <para> Before your application can call <c>AssumeRoleWithSAML</c> , you must configure your SAML identity provider (IdP) to issue
        /// the claims required by AWS. Additionally, you must use AWS Identity and Access Management (AWS IAM) to create a SAML provider entity in your
        /// AWS account that represents your identity provider, and create an AWS IAM role that specifies this SAML provider in its trust policy.
        /// </para> <para> Calling <c>AssumeRoleWithSAML</c> does not require the use of AWS security credentials. The identity of the caller is
        /// validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider. </para> <para>For
        /// more information, see the following resources:</para>
        /// <ul>
        /// <li> <a href="http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html">Creating Temporary Security Credentials for SAML
        /// Federation</a> in the <i>Using Temporary Security Credentials</i> guide. </li>
        /// <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/idp-managing-identityproviders.html">SAML Providers</a> in the <i>Using
        /// IAM</i> guide. </li>
        /// <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html">Configuring a Relying Party and Claims in
        /// the Using IAM guide. </a> </li>
        /// <li> <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml.html">Creating a Role for SAML-Based Federation</a> in the
        /// <i>Using IAM</i> guide. </li>
        /// 
        /// </ul>
        /// 
        /// </summary>
        /// 
        /// <param name="assumeRoleWithSAMLRequest">Container for the necessary parameters to execute the AssumeRoleWithSAML service method on
        /// AmazonSecurityTokenService.</param>
        /// 
        /// <returns>The response from the AssumeRoleWithSAML service method, as returned by AmazonSecurityTokenService.</returns>
        /// 
        /// <exception cref="T:Amazon.SecurityToken.Model.PackedPolicyTooLargeException" />
        /// <exception cref="T:Amazon.SecurityToken.Model.IDPRejectedClaimException" />
        /// <exception cref="T:Amazon.SecurityToken.Model.MalformedPolicyDocumentException" />
        /// <exception cref="T:Amazon.SecurityToken.Model.InvalidIdentityTokenException" />
        /// <exception cref="T:Amazon.SecurityToken.Model.ExpiredTokenException" />
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
		public Task<AssumeRoleWithSAMLResponse> AssumeRoleWithSAMLAsync(AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest, CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
            var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.GetInstance();
            return Invoke<IRequest, AssumeRoleWithSAMLRequest, AssumeRoleWithSAMLResponse>(assumeRoleWithSAMLRequest, marshaller, unmarshaller, signer, cancellationToken);
        }
		internal AssumeRoleWithSAMLResponse AssumeRoleWithSAML(AssumeRoleWithSAMLRequest request)
        {
            var task = AssumeRoleWithSAMLAsync(request);
            try
            {
                return task.Result;
            }
            catch(AggregateException e)
            {
                throw e.InnerException;
            }
        }
		internal AssumeRoleWithSAMLResponse AssumeRoleWithSAML(AssumeRoleWithSAMLRequest request)
        {
            var task = AssumeRoleWithSAMLAsync(request);
            try
            {
                return task.Result;
            }
            catch(AggregateException e)
            {
                ExceptionDispatchInfo.Capture(e.InnerException).Throw();
                return null;
            }
        }
        /// <summary>
        /// Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
        /// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService.AssumeRoleWithSAML"/>
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AssumeRoleWithSAML operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
		public async Task<AssumeRoleWithSAMLResponse> AssumeRoleWithSAMLAsync(AssumeRoleWithSAMLRequest request, CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new AssumeRoleWithSAMLRequestMarshaller();
            var unmarshaller = AssumeRoleWithSAMLResponseUnmarshaller.GetInstance();
            var response = await Invoke<IRequest, AssumeRoleWithSAMLRequest, AssumeRoleWithSAMLResponse>(request, marshaller, unmarshaller, signer, cancellationToken)
                .ConfigureAwait(continueOnCapturedContext: false);
            return response;
        }
        private Amazon.SecurityToken.Model.AssumeRoleWithSAMLResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.AssumeRoleWithSAMLRequest request)
        {
            Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service", "AssumeRoleWithSAML");

            try
            {
#if DESKTOP
                return(client.AssumeRoleWithSAML(request));
#elif CORECLR
                return(client.AssumeRoleWithSAMLAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
            }
            catch (AmazonServiceException exc)
            {
                var webException = exc.InnerException as System.Net.WebException;
                if (webException != null)
                {
                    throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
                }

                throw;
            }
        }