Closed
Description
Current Behavior
Right now the only cross check validation between the returning SAML response and the outgoing SAML request is that
inReponseTo and authnRequest id need to match. The authentication request id is retrieved by parsing the raw xml request.
See OpenSaml4AuthenticationProvider#validateInResponseTo and OpenSaml4AuthenticationProvider#getAuthnRequestId
Expected Behavior
The id of the request is readily available in the AbstractSaml2AuthenticationRequest.
This would improve performance, allow for better abstraction and allow for repository implementations which do not store the whole xml request since it might be too big.