protected void verifyRequest(final AuthnRequest request, final SAML2MessageContext context) { // Verify endpoint requested in the original request final AssertionConsumerService assertionConsumerService = (AssertionConsumerService) context.getSAMLEndpointContext() .getEndpoint(); if (request.getAssertionConsumerServiceIndex() != null) { if (!request.getAssertionConsumerServiceIndex().equals(assertionConsumerService.getIndex())) { logger.warn("Response was received at a different endpoint index than was requested"); } } else { final String requestedResponseURL = request.getAssertionConsumerServiceURL(); final String requestedBinding = request.getProtocolBinding(); if (requestedResponseURL != null) { final String responseLocation; if (assertionConsumerService.getResponseLocation() != null) { responseLocation = assertionConsumerService.getResponseLocation(); } else { responseLocation = assertionConsumerService.getLocation(); } if (!requestedResponseURL.equals(responseLocation)) { logger.warn("Response was received at a different endpoint URL {} than was requested {}", responseLocation, requestedResponseURL); } } if (requestedBinding != null && !requestedBinding.equals(context.getSAMLBindingContext().getBindingUri())) { logger.warn("Response was received using a different binding {} than was requested {}", context.getSAMLBindingContext().getBindingUri(), requestedBinding); } } }
if (req.getAssertionConsumerServiceIndex() != null) { domElement.setAttributeNS(null, AuthnRequest.ASSERTION_CONSUMER_SERVICE_INDEX_ATTRIB_NAME, req .getAssertionConsumerServiceIndex().toString());
if (endpoint instanceof IndexedEndpoint) { ((IndexedEndpoint) endpoint).setIndex( ((AuthnRequest) inboundMessage).getAssertionConsumerServiceIndex());
try { val acs = new AssertionConsumerServiceBuilder().buildObject(); if (authnRequest.getAssertionConsumerServiceIndex() != null) { val issuer = getIssuerFromSamlRequest(authnRequest); val samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver); throw new IllegalArgumentException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints"); val acsIndex = authnRequest.getAssertionConsumerServiceIndex(); if (acsIndex + 1 > acsEndpoints.size()) { throw new IllegalArgumentException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid "
request.getAssertionConsumerServiceURL(), Binding.fromUrn(request.getProtocolBinding()), ofNullable(request.getAssertionConsumerServiceIndex()).orElse(-1), false