private void ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo)
{
var parsedInResponseTo = xml.Attributes["InResponseTo"].GetValueIfNotNull();
if (parsedInResponseTo != null)
{
InResponseTo = new Saml2Id(parsedInResponseTo);
if (expectedInResponseTo == null)
{
throw new UnexpectedInResponseToException(
string.Format(CultureInfo.InvariantCulture,
"Received message contains unexpected InResponseTo \"{0}\". No cookie preserving state " +
"from the request was found so the message was not expected to have an InResponseTo attribute. " +
"This error typically occurs if the cookie set when doing SP-initiated sign on have been lost.",
InResponseTo));
}
if (!expectedInResponseTo.Equals(InResponseTo))
{
throw new Saml2ResponseFailedValidationException(
string.Format(CultureInfo.InvariantCulture,
"InResponseTo Id \"{0}\" in received response does not match Id \"{1}\" of the sent request.",
InResponseTo, expectedInResponseTo));
}
}
else
{
if (expectedInResponseTo != null)
{
throw new Saml2ResponseFailedValidationException(
string.Format(CultureInfo.InvariantCulture,
"Expected message to contain InResponseTo \"{0}\", but found none.",
expectedInResponseTo));
}
}
}
private void ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo)
{
var parsedInResponseTo = xml.Attributes["InResponseTo"].GetValueIfNotNull();
if (parsedInResponseTo != null)
{
InResponseTo = new Saml2Id(parsedInResponseTo);
if (expectedInResponseTo == null)
{
throw new UnexpectedInResponseToException(
string.Format(CultureInfo.InvariantCulture,
"Received message contains unexpected InResponseTo \"{0}\". No RelayState was detected so message was not expected to have an InResponseTo attribute.",
InResponseTo));
}
if (!expectedInResponseTo.Equals(InResponseTo))
{
throw new Saml2ResponseFailedValidationException(
string.Format(CultureInfo.InvariantCulture,
"InResponseTo Id \"{0}\" in received response does not match Id \"{1}\" of the sent request.",
InResponseTo, expectedInResponseTo));
}
}
else
{
if (expectedInResponseTo != null)
{
throw new Saml2ResponseFailedValidationException(
string.Format(CultureInfo.InvariantCulture,
"Expected message to contain InResponseTo \"{0}\", but found none.",
expectedInResponseTo));
}
}
}
private void ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo, IOptions options)
{
var parsedInResponseTo = xml.Attributes["InResponseTo"].GetValueIfNotNull();
if (parsedInResponseTo != null)
{
InResponseTo = new Saml2Id(parsedInResponseTo);
if (expectedInResponseTo == null)
{
throw new UnexpectedInResponseToException(
string.Format(CultureInfo.InvariantCulture,
"Received message contains unexpected InResponseTo \"{0}\". No cookie preserving state " +
"from the request was found so the message was not expected to have an InResponseTo attribute. " +
"This error typically occurs if the cookie set when doing SP-initiated sign on have been lost.",
InResponseTo));
}
if (!expectedInResponseTo.Equals(InResponseTo))
{
throw new Saml2ResponseFailedValidationException(
string.Format(CultureInfo.InvariantCulture,
"InResponseTo Id \"{0}\" in received response does not match Id \"{1}\" of the sent request.",
InResponseTo, expectedInResponseTo));
}
}
else
{
if (options?.SPOptions.Compatibility.IgnoreMissingInResponseTo ?? false)
{
return;
}
;
if (expectedInResponseTo != null)
{
throw new Saml2ResponseFailedValidationException(
string.Format(CultureInfo.InvariantCulture,
"Expected message to contain InResponseTo \"{0}\", but found none. If this error occurs " +
"due to the Idp not setting InResponseTo according to the SAML2 specification, this check " +
"can be disabled by setting the IgnoreMissingInResponseTo compatibility flag to true.",
expectedInResponseTo));
}
}
}