SAML down party checks AuthenticationMethod and AuthenticationInstant.

Claim transform do not remove all on remove.

Author: Revsgaard

src/FoxIDs.Control/FoxIDs.Control.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>1.15.6</Version>
+		<Version>1.15.7</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>1.15.6</Version>
+		<Version>1.15.7</Version>
 		<RootNamespace>FoxIDs.Client</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>1.15.6</Version>
+		<Version>1.15.7</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.Shared/FoxIDs.Shared.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>1.15.6</Version>
+		<Version>1.15.7</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>1.15.6</Version>
+		<Version>1.15.7</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs/FoxIDs.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>1.15.6</Version>
+		<Version>1.15.7</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs/Logic/Saml/SamlAuthnDownLogic.cs

@@ -275,7 +275,15 @@ private async Task<IActionResult> AuthnResponseAsync(SamlDownParty party, SamlDo
                 var tokenDescriptor = saml2AuthnResponse.CreateTokenDescriptor(samlClaimsDownLogic.GetSubjectClaims(party, claims), party.Issuer, tokenIssueTime, party.IssuedTokenLifetime);
 
                 var authnContext = claims.FindFirstOrDefaultValue(c => c.Type == ClaimTypes.AuthenticationMethod);
+                if (string.IsNullOrEmpty(authnContext))
+                {
+                    throw new InvalidOperationException($"The authentication method '{ClaimTypes.AuthenticationMethod}' claim is empty.");
+                }
                 var authenticationInstant = claims.FindFirstOrDefaultValue(c => c.Type == ClaimTypes.AuthenticationInstant);
+                if (string.IsNullOrEmpty(authenticationInstant))
+                {
+                    throw new InvalidOperationException($"The authentication instant '{ClaimTypes.AuthenticationInstant}' claim is empty.");
+                }
                 var authenticationStatement = saml2AuthnResponse.CreateAuthenticationStatement(authnContext, DateTime.Parse(authenticationInstant));
 
                 var subjectConfirmation = saml2AuthnResponse.CreateSubjectConfirmation(tokenIssueTime, party.SubjectConfirmationLifetime);

src/FoxIDs/Logic/Tracks/ClaimTransformLogic.cs

@@ -714,7 +714,7 @@ private static void AddOrReplaceClaims(List<Claim> outputClaims, ClaimTransformA
                         break;
                     case ClaimTransformActions.Replace:
                     case ClaimTransformActions.ReplaceIfNot:
-                        outputClaims.RemoveAll(c => newClaims.Any(c => c.Type.Equals(c.Type, StringComparison.Ordinal)));
+                        outputClaims.RemoveAll(c => newClaims.Any(nc => nc.Type.Equals(c.Type, StringComparison.Ordinal)));
                         outputClaims.AddRange(newClaims);
                         break;
                     default: