/// <summary>
/// Validates the subject of an Asssertion
/// </summary>
/// <param name="assertion"></param>
private void ValidateSubject(Assertion assertion)
{
if (assertion.Subject == null)
{
//If there is no statements there must be a subject
// as specified in [SAML2.0std] section 2.3.3
if (assertion.Items == null || assertion.Items.Length == 0)
{
throw new Saml20FormatException("Assertion with no Statements must have a subject.");
}
foreach (StatementAbstract o in assertion.Items)
{
//If any of the below types are present there must be a subject.
if (o is AuthnStatement || o is AuthzDecisionStatement || o is AttributeStatement)
{
throw new Saml20FormatException("AuthnStatement, AuthzDecisionStatement and AttributeStatement require a subject.");
}
}
}
else
{
//If a subject is present, validate it
SubjectValidator.ValidateSubject(assertion.Subject);
}
}
/// <summary>
/// Ensures that a "subject" is present in the saml20Assertion, and validates the subject.
/// </summary>
private void ValidateSubject(Assertion assertion)
{
if (assertion.Subject == null)
{
throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that a \"Subject\" element is present in the saml20Assertion.");
}
SubjectValidator.ValidateSubject(assertion.Subject);
}
