private void ValidateInResponseTo(SAML2AuthenticationOptions options)
{
if (InResponseTo == null)
{
if (options.AllowUnsolicitedAuthnResponse)
{
return;
}
string msg = string.Format(CultureInfo.InvariantCulture,
"Unsolicited responses are not allowed for idp \"{0}\".", Issuer.Id);
throw new Saml2ResponseFailedValidationException(msg);
}
else
{
StoredRequestState storedRequestState;
bool knownInResponseToId = PendingAuthnRequests.TryRemove(InResponseTo, out storedRequestState);
if (!knownInResponseToId)
{
string msg = string.Format(CultureInfo.InvariantCulture,
"Replayed or unknown InResponseTo \"{0}\".", InResponseTo);
throw new Saml2ResponseFailedValidationException(msg);
}
requestState = storedRequestState;
if (requestState.Idp.Id != Issuer.Id)
{
var msg = string.Format(CultureInfo.InvariantCulture,
"Expected response from idp \"{0}\" but received response from idp \"{1}\".",
requestState.Idp.Id, issuer.Id);
throw new Saml2ResponseFailedValidationException(msg);
}
}
}
internal static void Add(Saml2Id id, StoredRequestState idp)
{
lock (pendingAuthnRequest)
{
if (pendingAuthnRequest.ContainsKey(id))
{
throw new InvalidOperationException("AuthnRequest id can't be reused.");
}
pendingAuthnRequest.Add(id, idp);
}
}
internal static bool TryRemove(Saml2Id id, out StoredRequestState idp)
{
lock (pendingAuthnRequest)
{
if (id != null && pendingAuthnRequest.ContainsKey(id))
{
idp = pendingAuthnRequest[id];
return(pendingAuthnRequest.Remove(id));
}
idp = null;
return(false);
}
}