Exemple #1
0
        /// <summary>
        /// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
        /// a resource and decision.
        /// </summary>
        /// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
        /// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
        /// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
        public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable <Saml2Action> actions)
        {
            if (null == resource)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
            }

            // This check is making sure the resource is either a well-formed absolute uri or
            // an empty relative uri before passing through to the rest of the constructor.
            if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
            }

            if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
            }

            this.resource = resource;
            this.decision = decision;

            if (null != actions)
            {
                foreach (Saml2Action action in actions)
                {
                    this.actions.Add(action);
                }
            }
        }
Exemple #2
0
        /// <summary>
        /// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
        /// a resource and decision.
        /// </summary>
        /// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
        /// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
        /// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
        public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable<Saml2Action> actions)
        {
            if (null == resource)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
            }

            // This check is making sure the resource is either a well-formed absolute uri or
            // an empty relative uri before passing through to the rest of the constructor.
            if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
            }

            if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
            }

            this.resource = resource;
            this.decision = decision;

            if (null != actions)
            {
                foreach (Saml2Action action in actions)
                {
                    this.actions.Add(action);
                }
            }
        }
Exemple #3
0
 public SamlAuthorizationDecisionStatement(
     SamlSubject samlSubject, string resource,
     SamlAccessDecision accessDecision,
     IEnumerable <SamlAction> samlActions)
     : base(samlSubject)
 {
     if (samlActions == null)
     {
         throw new ArgumentNullException("samlActions");
     }
     if (resource == null || resource.Length == 0)
     {
         throw new SecurityTokenException("non-zero length string must be set to Resource of SAML AuthorizationDecisionStatement.");
     }
     Resource       = resource;
     AccessDecision = accessDecision;
     foreach (SamlAction a in samlActions)
     {
         if (a == null)
         {
             throw new ArgumentException("samlActions contain null item.");
         }
         actions.Add(a);
     }
 }
Exemple #4
0
 public SamlAuthorizationDecisionClaimResource(
     string resource, SamlAccessDecision decision, string actionName, string actionNamespace)
 {
     this.resource = resource;
     this.decision = decision;
     this.name     = actionName;
     this.ns       = actionNamespace;
 }
Exemple #5
0
		public SamlAuthorizationDecisionClaimResource (
			string resource, SamlAccessDecision decision, string actionName, string actionNamespace)
		{
			this.resource = resource;
			this.decision = decision;
			this.name = actionName;
			this.ns = actionNamespace;
		}
Exemple #6
0
		public SamlAuthorizationDecisionStatement (
			SamlSubject samlSubject, string resource,
			SamlAccessDecision accessDecision,
			IEnumerable<SamlAction> samlActions,
			SamlEvidence samlEvidence)
			: this (samlSubject, resource, accessDecision, samlActions)
		{
			evidence = samlEvidence;
		}
Exemple #7
0
 public SamlAuthorizationDecisionStatement(
     SamlSubject samlSubject, string resource,
     SamlAccessDecision accessDecision,
     IEnumerable <SamlAction> samlActions,
     SamlEvidence samlEvidence)
     : this(samlSubject, resource, accessDecision, samlActions)
 {
     evidence = samlEvidence;
 }
Exemple #8
0
        public SamlAuthorizationDecisionClaimResource(string resource, SamlAccessDecision accessDecision, string actionNamespace, string actionName)
        {
            if (string.IsNullOrEmpty(resource))
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
            if (string.IsNullOrEmpty(actionName))
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actionName");

            this.resource = resource;
            this.accessDecision = accessDecision;
            this.actionNamespace = actionNamespace;
            this.actionName = actionName;
        }
Exemple #9
0
 public SamlAuthorizationDecisionClaimResource(string resource, SamlAccessDecision accessDecision, string actionNamespace, string actionName)
 {
     if (string.IsNullOrEmpty(resource))
     {
         throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
     }
     if (string.IsNullOrEmpty(actionName))
     {
         throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actionName");
     }
     this.resource        = resource;
     this.accessDecision  = accessDecision;
     this.actionNamespace = actionNamespace;
     this.actionName      = actionName;
 }
Exemple #10
0
		public SamlAuthorizationDecisionStatement (
			SamlSubject samlSubject, string resource,
			SamlAccessDecision accessDecision,
			IEnumerable<SamlAction> samlActions)
			: base (samlSubject)
		{
			if (samlActions == null)
				throw new ArgumentNullException ("samlActions");
			if (resource == null || resource.Length == 0)
				throw new SecurityTokenException ("non-zero length string must be set to Resource of SAML AuthorizationDecisionStatement.");
			Resource = resource;
			AccessDecision = accessDecision;
			foreach (SamlAction a in samlActions) {
				if (a == null)
					throw new ArgumentException ("samlActions contain null item.");
				actions.Add (a);
			}
		}
Exemple #11
0
 public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
 {
     this.actions = new ImmutableCollection<SamlAction>();
     if (samlActions == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
     }
     foreach (SamlAction action in samlActions)
     {
         if (action == null)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
         }
         this.actions.Add(action);
     }
     this.evidence = samlEvidence;
     this.accessDecision = accessDecision;
     this.resource = resource;
     this.CheckObjectValidity();
 }
Exemple #12
0
 public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable <SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
 {
     this.actions = new ImmutableCollection <SamlAction>();
     if (samlActions == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
     }
     foreach (SamlAction action in samlActions)
     {
         if (action == null)
         {
             throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
         }
         this.actions.Add(action);
     }
     this.evidence       = samlEvidence;
     this.accessDecision = accessDecision;
     this.resource       = resource;
     this.CheckObjectValidity();
 }
Exemple #13
0
 public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable <SamlAction> samlActions) : this(samlSubject, resource, accessDecision, samlActions, null)
 {
 }
Exemple #14
0
 public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
 {
     if (reader == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
     }
     if (samlSerializer == null)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
     }
     SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
     this.resource = reader.GetAttribute(samlDictionary.Resource, null);
     if (string.IsNullOrEmpty(this.resource))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
     }
     string attribute = reader.GetAttribute(samlDictionary.Decision, null);
     if (string.IsNullOrEmpty(attribute))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
     }
     if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
     {
         this.accessDecision = SamlAccessDecision.Deny;
     }
     else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
     {
         this.accessDecision = SamlAccessDecision.Permit;
     }
     else
     {
         this.accessDecision = SamlAccessDecision.Indeterminate;
     }
     reader.MoveToContent();
     reader.Read();
     if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
     }
     SamlSubject subject = new SamlSubject();
     subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
     base.SamlSubject = subject;
     while (reader.IsStartElement())
     {
         if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
         {
             SamlAction item = new SamlAction();
             item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
             this.actions.Add(item);
         }
         else
         {
             if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
             {
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
             }
             if (this.evidence != null)
             {
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
             }
             this.evidence = new SamlEvidence();
             this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
         }
     }
     if (this.actions.Count == 0)
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
     }
     reader.MoveToContent();
     reader.ReadEndElement();
 }
Exemple #15
0
 public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions) : this(samlSubject, resource, accessDecision, samlActions, null)
 {
 }
Exemple #16
0
 /// <summary>
 /// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
 /// a resource and decision.
 /// </summary>
 /// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
 /// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
 public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
     : this(resource, decision, null)
 {
 }
Exemple #17
0
        public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
            }

            if (samlSerializer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
            }

#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
            SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;

            this.resource = reader.GetAttribute(dictionary.Resource, null);
            if (string.IsNullOrEmpty(this.resource))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));
            }

            string decisionString = reader.GetAttribute(dictionary.Decision, null);
            if (string.IsNullOrEmpty(decisionString))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));
            }

            if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Deny;
            }
            else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Permit;
            }
            else
            {
                accessDecision = SamlAccessDecision.Indeterminate;
            }

            reader.MoveToContent();
            reader.Read();

            if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
            {
                SamlSubject subject = new SamlSubject();
                subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                base.SamlSubject = subject;
            }
            else
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));
            }

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
                {
                    SamlAction action = new SamlAction();
                    action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                    this.actions.Add(action);
                }
                else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
                {
                    if (this.evidence != null)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));
                    }

                    this.evidence = new SamlEvidence();
                    this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                }
                else
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
                }
            }

            if (this.actions.Count == 0)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));
            }

            reader.MoveToContent();
            reader.ReadEndElement();
        }
Exemple #18
0
 /// <summary>
 /// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
 /// a resource and decision.
 /// </summary>
 /// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
 /// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
 public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
     : this(resource, decision, null)
 {
 }
Exemple #19
0
        public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
            }
            if (samlSerializer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
            }
            SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;

            this.resource = reader.GetAttribute(samlDictionary.Resource, null);
            if (string.IsNullOrEmpty(this.resource))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
            }
            string attribute = reader.GetAttribute(samlDictionary.Decision, null);

            if (string.IsNullOrEmpty(attribute))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
            }
            if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Deny;
            }
            else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
            {
                this.accessDecision = SamlAccessDecision.Permit;
            }
            else
            {
                this.accessDecision = SamlAccessDecision.Indeterminate;
            }
            reader.MoveToContent();
            reader.Read();
            if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
            }
            SamlSubject subject = new SamlSubject();

            subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
            base.SamlSubject = subject;
            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
                {
                    SamlAction item = new SamlAction();
                    item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                    this.actions.Add(item);
                }
                else
                {
                    if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
                    }
                    if (this.evidence != null)
                    {
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
                    }
                    this.evidence = new SamlEvidence();
                    this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                }
            }
            if (this.actions.Count == 0)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
            }
            reader.MoveToContent();
            reader.ReadEndElement();
        }
Exemple #20
0
        public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
        {
            if (reader == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));

            if (samlSerializer == null)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));

#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
            SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;

            this.resource = reader.GetAttribute(dictionary.Resource, null);
            if (string.IsNullOrEmpty(this.resource))
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));

            string decisionString = reader.GetAttribute(dictionary.Decision, null);
            if (string.IsNullOrEmpty(decisionString))
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));

            if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
                this.accessDecision = SamlAccessDecision.Deny;
            else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
                this.accessDecision = SamlAccessDecision.Permit;
            else
                accessDecision = SamlAccessDecision.Indeterminate;

            reader.MoveToContent();
            reader.Read();

            if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
            {
                SamlSubject subject = new SamlSubject();
                subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                base.SamlSubject = subject;
            }
            else
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));

            while (reader.IsStartElement())
            {
                if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
                {
                    SamlAction action = new SamlAction();
                    action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                    this.actions.Add(action);
                }
                else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
                {
                    if (this.evidence != null)
                        throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));

                    this.evidence = new SamlEvidence();
                    this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
                }
                else
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
            }

            if (this.actions.Count == 0)
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));

            reader.MoveToContent();
            reader.ReadEndElement();
        }