public Saml2Assertion GetValidatedAssertion(XmlElement assertionElement, AsymmetricAlgorithm key, string audience, bool omitAssertionSignatureCheck = false) { var keys = new List <AsymmetricAlgorithm> { key }; var assertion = new Saml2Assertion(assertionElement, keys, AssertionProfile.Core, new List <string> { audience }, false); if (!omitAssertionSignatureCheck) { //TODO: This is checked automaticaly if autovalidation is on if (!assertion.CheckSignature(keys)) { throw new Saml2Exception("Invalid signature in assertion"); } } if (assertion.IsExpired()) { throw new Saml2Exception("Assertion is expired"); } return(assertion); }
public Saml2Assertion GetValidatedAssertion(XmlElement element) { var signingCertificate = _configurationProvider.ServiceProviderSigningCertificate(); var assertionElement = _xmlProvider.GetAssertion(element, signingCertificate.PrivateKey); var key = signingCertificate.PublicKey.Key; var audience = ServiceProviderConfiguration.EntityId; var keys = new List <AsymmetricAlgorithm> { key }; var assertion = new Saml2Assertion(assertionElement, keys, AssertionProfile.Core, new List <string> { audience }, false); if (!ServiceProviderConfiguration.OmitAssertionSignatureCheck) { // TODO: This is checked automatically if auto-validation is on if (!assertion.CheckSignature(keys)) { //throw new Saml2Exception("Invalid signature in assertion"); } } if (assertion.IsExpired()) { throw new Saml2Exception("Assertion is expired"); } return(assertion); }