private void ValidateInResponseTo(SAML2AuthenticationOptions options) { if (InResponseTo == null) { if (options.AllowUnsolicitedAuthnResponse) { return; } string msg = string.Format(CultureInfo.InvariantCulture, "Unsolicited responses are not allowed for idp \"{0}\".", Issuer.Id); throw new Saml2ResponseFailedValidationException(msg); } else { StoredRequestState storedRequestState; bool knownInResponseToId = PendingAuthnRequests.TryRemove(InResponseTo, out storedRequestState); if (!knownInResponseToId) { string msg = string.Format(CultureInfo.InvariantCulture, "Replayed or unknown InResponseTo \"{0}\".", InResponseTo); throw new Saml2ResponseFailedValidationException(msg); } requestState = storedRequestState; if (requestState.Idp.Id != Issuer.Id) { var msg = string.Format(CultureInfo.InvariantCulture, "Expected response from idp \"{0}\" but received response from idp \"{1}\".", requestState.Idp.Id, issuer.Id); throw new Saml2ResponseFailedValidationException(msg); } } }
internal static void Add(Saml2Id id, StoredRequestState idp) { lock (pendingAuthnRequest) { if (pendingAuthnRequest.ContainsKey(id)) { throw new InvalidOperationException("AuthnRequest id can't be reused."); } pendingAuthnRequest.Add(id, idp); } }
internal static bool TryRemove(Saml2Id id, out StoredRequestState idp) { lock (pendingAuthnRequest) { if (id != null && pendingAuthnRequest.ContainsKey(id)) { idp = pendingAuthnRequest[id]; return(pendingAuthnRequest.Remove(id)); } idp = null; return(false); } }