Helper class to perform SAML authentication negotiation for an identity provider and relying party combination. Yields a SAMLAssertion instance that can be used to retrieve temporary, auto-refreshing AWS credentials.
        SAMLImmutableCredentials ICoreAmazonSTS.CredentialsFromSAMLAuthentication(string endpoint,
                                                                                  string authenticationType,
                                                                                  string roleARN,
                                                                                  TimeSpan credentialDuration,
                                                                                  ICredentials userCredential)
        {
            SAMLAssertion assertion;

            try
            {
                var authController = new SAMLAuthenticationController(Config.GetWebProxy());
                assertion = authController.GetSAMLAssertion(endpoint, userCredential, authenticationType);
            }
            catch (Exception e)
            {
                throw new FederatedAuthenticationFailureException("Authentication failure, unable to obtain SAML assertion.", e);
            }

            try
            {
                return assertion.GetRoleCredentials(this, roleARN, credentialDuration);
            }
            catch (Exception e)
            {
                throw new AmazonClientException("Credential generation failed following successful authentication.", e);
            }
        }
        private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
        {
            CredentialsRefreshState state;
            SAMLAssertion           assertion;

            var configuredRegion = AWSConfigs.AWSRegion;
            var region           = string.IsNullOrEmpty(configuredRegion)
                                ? DefaultSTSClientRegion
                                : RegionEndpoint.GetBySystemName(configuredRegion);

            try
            {
                assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(),
                                                                                userCredential,
                                                                                ProfileData.EndpointSettings.AuthenticationType);
            }
            catch (Exception e)
            {
                throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e);
            }

            try
            {
                using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region))
                {
                    var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration);
                    state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration);
                }
            }
            catch (Exception e)
            {
                var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e);

                var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials));
                logger.Error(wrappedException, wrappedException.Message);

                throw wrappedException;
            }

            return(state);
        }
        private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
        {
            CredentialsRefreshState state;
            SAMLAssertion assertion;

            var configuredRegion = AWSConfigs.AWSRegion;
            var region = string.IsNullOrEmpty(configuredRegion)
                                ? DefaultSTSClientRegion
                                : RegionEndpoint.GetBySystemName(configuredRegion);

            try
            {
                assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(),
                                                                                userCredential,
                                                                                ProfileData.EndpointSettings.AuthenticationType);
            }
            catch (Exception e)
            {
                throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e);
            }

            try
            {
                using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region))
                {
                    var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration);
                    state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration);
                }
            }
            catch (Exception e)
            {
                var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e);

                var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials));
                logger.Error(wrappedException, wrappedException.Message);

                throw wrappedException;
            }

            return state;
        }