Validate the authentication request with the certificate is always true

Subject: Validate the authentication request with the certificate is always true
Date: 2018-05-07 06:12:07
From: jag@jsimple.com
Source: validate-authentication-request-certificate-always-true
----------------------------------------------------------------------

Hi Team,

We are using ComponentPro for SSO. We have noticed, While we are using "ProcessAuthnRequest" method and not passing any certificate following code always returning the true in response.

if (authnRequest.IsSigned())
  {
      // Get the loaded certificate.
       X509Certificate2 x509Certificate = provider.Cert;

     // And validate the authentication request with the certificate.
       if (!authnRequest.Validate(x509Certificate))
          {
             throw new ApplicationException("The authentication request signature failed to verify.");
          }
  }

In the above code we are passing the provider.Cert = null and still getting the true response. Is this a bug?

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index