public Saml2Assertion GetValidatedAssertion(XmlElement assertionElement, AsymmetricAlgorithm key, string audience, bool omitAssertionSignatureCheck = false)
{
var keys = new List <AsymmetricAlgorithm> {
key
};
var assertion = new Saml2Assertion(assertionElement, keys, AssertionProfile.Core, new List <string> {
audience
}, false);
if (!omitAssertionSignatureCheck)
{
//TODO: This is checked automaticaly if autovalidation is on
if (!assertion.CheckSignature(keys))
{
throw new Saml2Exception("Invalid signature in assertion");
}
}
if (assertion.IsExpired())
{
throw new Saml2Exception("Assertion is expired");
}
return(assertion);
}
public Saml2Assertion GetValidatedAssertion(XmlElement element)
{
var signingCertificate = _configurationProvider.ServiceProviderSigningCertificate();
var assertionElement = _xmlProvider.GetAssertion(element, signingCertificate.PrivateKey);
var key = signingCertificate.PublicKey.Key;
var audience = ServiceProviderConfiguration.EntityId;
var keys = new List <AsymmetricAlgorithm> {
key
};
var assertion = new Saml2Assertion(assertionElement, keys, AssertionProfile.Core, new List <string> {
audience
}, false);
if (!ServiceProviderConfiguration.OmitAssertionSignatureCheck)
{
// TODO: This is checked automatically if auto-validation is on
if (!assertion.CheckSignature(keys))
{
//throw new Saml2Exception("Invalid signature in assertion");
}
}
if (assertion.IsExpired())
{
throw new Saml2Exception("Assertion is expired");
}
return(assertion);
}
