summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs34
-rw-r--r--src/DotNetOpenAuth/Logger.cs10
2 files changed, 31 insertions, 13 deletions
diff --git a/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs b/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs
index a22949f..34b028d 100644
--- a/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs
+++ b/src/DotNetOpenAuth/InfoCard/Token/TokenUtility.cs
@@ -61,19 +61,27 @@ namespace DotNetOpenAuth.InfoCard {
////if (null != token.SecurityKeys && token.SecurityKeys.Count > 0)
//// throw new InformationCardException("Token Security Keys Exist");
- if (audience != null &&
- token.Assertion.Conditions != null &&
- token.Assertion.Conditions.Conditions != null) {
- foreach (SamlCondition condition in token.Assertion.Conditions.Conditions) {
- SamlAudienceRestrictionCondition audienceCondition = condition as SamlAudienceRestrictionCondition;
-
- if (audienceCondition != null) {
- bool match = audienceCondition.Audiences.Contains(audience);
-
- // The token is invalid if any condition is not valid.
- // An audience restriction condition is valid if any audience
- // matches the Relying Party.
- ErrorUtilities.VerifyInfoCard(match, InfoCardStrings.AudienceMismatch);
+ if (audience == null) {
+ Logger.InfoCard.WarnFormat("SAML token Audience checking will be skipped.");
+ } else {
+ if (token.Assertion.Conditions != null &&
+ token.Assertion.Conditions.Conditions != null) {
+ foreach (SamlCondition condition in token.Assertion.Conditions.Conditions) {
+ SamlAudienceRestrictionCondition audienceCondition = condition as SamlAudienceRestrictionCondition;
+
+ if (audienceCondition != null) {
+ Logger.InfoCard.DebugFormat("SAML token audience(s): {0}", audienceCondition.Audiences.ToStringDeferred());
+ bool match = audienceCondition.Audiences.Contains(audience);
+
+ if (!match && Logger.InfoCard.IsErrorEnabled) {
+ Logger.InfoCard.ErrorFormat("Expected SAML token audience of {0} but found {1}.", audience, audienceCondition.Audiences.ToStringDeferred());
+ }
+
+ // The token is invalid if any condition is not valid.
+ // An audience restriction condition is valid if any audience
+ // matches the Relying Party.
+ ErrorUtilities.VerifyInfoCard(match, InfoCardStrings.AudienceMismatch);
+ }
}
}
}
diff --git a/src/DotNetOpenAuth/Logger.cs b/src/DotNetOpenAuth/Logger.cs
index eec423b..1ab913c 100644
--- a/src/DotNetOpenAuth/Logger.cs
+++ b/src/DotNetOpenAuth/Logger.cs
@@ -69,6 +69,11 @@ namespace DotNetOpenAuth {
private static readonly ILog oauth = Create("DotNetOpenAuth.OAuth");
/// <summary>
+ /// Backing field for the <see cref="InfoCard"/> property.
+ /// </summary>
+ private static readonly ILog infocard = Create("DotNetOpenAuth.InfoCard");
+
+ /// <summary>
/// Gets the logger for service discovery and selection events.
/// </summary>
internal static ILog Yadis { get { return yadis; } }
@@ -108,6 +113,11 @@ namespace DotNetOpenAuth {
/// </summary>
internal static ILog OAuth { get { return oauth; } }
+ /// <summary>
+ /// Gets the logger for high-level InfoCard events.
+ /// </summary>
+ internal static ILog InfoCard { get { return infocard; } }
+
#endregion
/// <summary>
generated by cgit v1.1 at 2025-06-07 15:29:57 +0000