public static void SetNotOnOrAfter(this Saml2SecurityToken token, DateTime?notOnOrAfter)
{
var data = token.GetBearerSubjectConfirmationData();
if (data == null)
{
return;
}
data.NotOnOrAfter = notOnOrAfter;
}
public static void SetRecipient(this Saml2SecurityToken token, Uri recipient, Saml2Id inResponseTo)
{
var data = token.GetBearerSubjectConfirmationData();
if (data == null)
{
return;
}
data.Recipient = recipient;
data.InResponseTo = inResponseTo;
}
public static void ValidateResponseToken(this Saml2SecurityToken token, string authnRequestId, DateTime now)
{
var data = token.GetBearerSubjectConfirmationData();
if (data == null)
{
throw new SecurityException("Missing bearer subject confirmation data.");
}
if (data.InResponseTo?.Value != authnRequestId)
{
throw new SecurityException($"Invalid InResponseTo. Expected '{authnRequestId}' but got '{data.InResponseTo?.Value}'.");
}
if (data.NotBefore != null && now < data.NotBefore)
{
throw new SecurityException($"NotBefore validation failed.");
}
if (data.NotOnOrAfter != null && data.NotOnOrAfter <= now)
{
throw new SecurityException($"NotOnOrAfter validation failed.");
}
}
public static Saml2Id GetInResponseTo(this Saml2SecurityToken token)
{
var data = token.GetBearerSubjectConfirmationData();
return(data?.InResponseTo);
}
