diff --git a/src/Sustainsys.Saml2/Saml/SamlAssertion.cs b/src/Sustainsys.Saml2/Saml/SamlAssertion.cs
new file mode 100644
index 000000000..b7e089b58
--- /dev/null
+++ b/src/Sustainsys.Saml2/Saml/SamlAssertion.cs
@@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Sustainsys.Saml2.Saml;
+
+///
+/// A Saml assertion
+///
+public class SamlAssertion
+{
+ ///
+ /// Issuer of the assertion.
+ ///
+ public NameId Issuer { get; set; } = default!;
+}
diff --git a/src/Sustainsys.Saml2/Validation/ISamlAssertionValidator.cs b/src/Sustainsys.Saml2/Validation/ISamlAssertionValidator.cs
new file mode 100644
index 000000000..e5aec00a2
--- /dev/null
+++ b/src/Sustainsys.Saml2/Validation/ISamlAssertionValidator.cs
@@ -0,0 +1,32 @@
+using Sustainsys.Saml2.Saml;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Sustainsys.Saml2.Validation;
+
+///
+/// Validates an asseriton
+///
+public interface ISamlAssertionValidator
+{
+ ///
+ /// Validate a Saml assertion
+ ///
+ ///
+ ///
+ void Validate(SamlAssertion assertion, SamlAssertionValidationParameters parameters);
+}
+
+///
+/// DTO carrying parameters for Saml assertion validation
+///
+public class SamlAssertionValidationParameters
+{
+ ///
+ /// Valid issuer of the response and assertions
+ ///
+ public NameId? ValidIssuer { get; set; }
+}
\ No newline at end of file
diff --git a/src/Sustainsys.Saml2/Validation/ISamlResponseValidator.cs b/src/Sustainsys.Saml2/Validation/ISamlResponseValidator.cs
index c9ae173db..44aecd091 100644
--- a/src/Sustainsys.Saml2/Validation/ISamlResponseValidator.cs
+++ b/src/Sustainsys.Saml2/Validation/ISamlResponseValidator.cs
@@ -28,7 +28,13 @@ public interface ISamlResponseValidator
public class SamlResponseValidationParameters
{
///
- /// Valid issuer of the response and assertions
+ /// Validation parameters for assertions embedded in the response.
///
- public NameId? ValidIssuer { get; set; }
+ public required SamlAssertionValidationParameters AssertionValidationParameters { get; set; }
+
+ ///
+ /// Valid issuer of the response and assertions - returns the ValidIssuer
+ /// of the embedded SamlAssertionValidationParameters to ensure they are the same.
+ ///
+ public NameId? ValidIssuer { get => AssertionValidationParameters.ValidIssuer; }
}
\ No newline at end of file
diff --git a/src/Sustainsys.Saml2/Validation/SamlAssertionValidator.cs b/src/Sustainsys.Saml2/Validation/SamlAssertionValidator.cs
new file mode 100644
index 000000000..c7992dc91
--- /dev/null
+++ b/src/Sustainsys.Saml2/Validation/SamlAssertionValidator.cs
@@ -0,0 +1,22 @@
+using Sustainsys.Saml2.Saml;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Sustainsys.Saml2.Validation;
+
+///
+/// Saml Assertion validator
+///
+public class SamlAssertionValidator : ISamlAssertionValidator
+{
+ ///
+ public void Validate(
+ SamlAssertion assertion,
+ SamlAssertionValidationParameters parameters)
+ {
+ // TODO: Remember to validate issuer.
+ }
+}
diff --git a/src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs b/src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs
index 342aecc72..51e11397d 100644
--- a/src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs
+++ b/src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs
@@ -24,7 +24,10 @@ SamlResponse CreateSamlResponse() =>
SamlResponseValidationParameters CreateValidationParameters() =>
new SamlResponseValidationParameters()
{
- ValidIssuer = "https://idp.example.com/Saml2"
+ AssertionValidationParameters = new()
+ {
+ ValidIssuer = "https://idp.example.com/Saml2"
+ }
};
// The happy path that should just validate the default response