public void IdentityProvider_CreateAuthenticateRequest_Destination()
        {
            string idpUri = "http://idp.example.com/";
            
            var ip = new IdentityProvider(new Uri(idpUri));

            var r = ip.CreateAuthenticateRequest(null);

            r.ToXElement().Attribute("Destination").Should().NotBeNull()
                .And.Subject.Value.Should().Be(idpUri);
        }

        public void IdentityProviderDictionary_Add()
        {
            var subject = new IdentityProviderDictionary();

            var entityId = new EntityId("http://idp.example.com");
            var idp = new IdentityProvider(entityId, StubFactory.CreateSPOptions());

            subject.Add(idp);

            subject[entityId].Should().BeSameAs(idp);
        }

        /// <summary>
        /// Add an identity provider to the collection..
        /// </summary>
        /// <param name="idp">Identity provider to add.</param>
        public void Add(IdentityProvider idp)
        {
            if(idp == null)
            {
                throw new ArgumentNullException("idp");
            }

            lock(dictionary)
            {
                dictionary.Add(idp.EntityId, idp);
            }
        }

        public void IdentityProvider_CreateAuthenticateRequest_DestinationInXml()
        {
            string idpUri = "http://idp.example.com/";

            var subject = new IdentityProvider(
                new EntityId(idpUri),
                Options.FromConfiguration.SPOptions)
                {
                    SingleSignOnServiceUrl = new Uri(idpUri)
                };

            var r = subject.CreateAuthenticateRequest(null, StubFactory.CreateAuthServicesUrls());

            r.ToXElement().Attribute("Destination").Should().NotBeNull()
                .And.Subject.Value.Should().Be(idpUri);
        }

        public void IdentityProvider_Ctor_HandlesConfiguredCertificateWhenReadingMetadata()
        {
            var config = CreateConfig();
            config.LoadMetadata = true;
            config.EntityId = "http://localhost:13428/idpMetadataNoCertificate";

            var subject = new IdentityProvider(config, Options.FromConfiguration.SPOptions);

            // Check that metadata was read and overrides configured values.
            subject.Binding.Should().Be(Saml2BindingType.HttpRedirect);
            subject.SigningKeys.Single().ShouldBeEquivalentTo(
                new X509RawDataKeyIdentifierClause(SignedXmlHelper.TestCert));
        }

        public void IdentityProvider_Ctor_DisableOutboundLogoutRequest()
        {
            var config = CreateConfig();
            config.DisableOutboundLogoutRequests = true;

            var subject = new IdentityProvider(config, StubFactory.CreateSPOptions());

            subject.DisableOutboundLogoutRequests.Should().BeTrue();
        }

        public void IdentityProvider_ReadMetadata_Nullcheck()
        {
            var subject = new IdentityProvider(
                new EntityId("http://idp.example.com"),
                StubFactory.CreateSPOptions());

            Action a = () => subject.ReadMetadata(null);

            a.ShouldThrow<ArgumentNullException>().And.ParamName.Should().Be("metadata");
        }

        public void IdentityProvider_MetadataValidUntil_CalculatedFromCacheDuration()
        {
            var config = CreateConfig();
            config.LoadMetadata = true;
            config.EntityId = "http://localhost:13428/idpMetadataNoCertificate";

            var subject = new IdentityProvider(config, Options.FromConfiguration.SPOptions);

            var expectedValidUntil = DateTime.UtcNow.AddMinutes(15);
            // Comparison on the second is more than enough if we're adding 15 minutes.
            subject.MetadataValidUntil.Should().BeCloseTo(expectedValidUntil, 1000);
        }

        public void IdentityProvider_MetadataValidUntil_NullOnConfigured()
        {
            string idpUri = "http://idp.example.com/";

            var subject = new IdentityProvider(
                new EntityId(idpUri),
                Options.FromConfiguration.SPOptions);

            subject.MetadataValidUntil.Should().NotHaveValue();
        }

        public void IdentityProvider_Ctor_UseMetadataLocationUrl()
        {
            var config = CreateConfig();
            config.LoadMetadata = true;
            config.MetadataLocation = "http://localhost:13428/idpMetadataDifferentEntityId";
            config.EntityId = "some-idp";

            var subject = new IdentityProvider(config, Options.FromConfiguration.SPOptions);

            subject.Binding.Should().Be(Saml2BindingType.HttpRedirect);
            subject.SingleSignOnServiceUrl.Should().Be("http://idp.example.com/SsoService");
        }

        public void IdentityProvider_MetadataLocation_ThrowsWhenEntitiesDescriptorFoundAndNotAllowedByConfig()
        {
            var spOptions = StubFactory.CreateSPOptions();
            spOptions.Compatibility.UnpackEntitiesDescriptorInIdentityProviderMetadata.Should().BeFalse();

            var subject = new IdentityProvider(
                new EntityId("http://idp.example.com"),
                spOptions);

            Action a = () => subject.MetadataLocation = "~/Metadata/SingleIdpInEntitiesDescriptor.xml";

            a.ShouldThrow<InvalidOperationException>();
        }

 /// <summary>
 /// Try to get the value of an idp with a given entity id.
 /// </summary>
 /// <param name="idpEntityId">Entity id to search for.</param>
 /// <param name="idp">The idp, if found.</param>
 /// <returns>True if an idp with the given entity id was found.</returns>
 public bool TryGetValue(EntityId idpEntityId, out IdentityProvider idp)
 {
     lock (dictionary)
     {
         return dictionary.TryGetValue(idpEntityId, out idp);
     }
 }

        public void IdentityProvider_Ctor_LogoutBindingDefaultsToBinding()
        {
            var config = CreateConfig();
            var subject = new IdentityProvider(config, StubFactory.CreateSPOptions());

            subject.Binding.Should().Be(Saml2BindingType.HttpPost);
            subject.SingleLogoutServiceBinding.Should().Be(Saml2BindingType.HttpPost);
        }

        public void Saml2Response_GetClaims_CorrectSignedResponseMessageSecondaryKey()
        {
            var response =
            @"<?xml version=""1.0"" encoding=""UTF-8""?>
            <saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
            xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
            ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
                <saml2:Issuer>https://twokeys.example.com</saml2:Issuer>
                <saml2p:Status>
                    <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
                </saml2p:Status>
                <saml2:Assertion xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
                Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
                IssueInstant=""2013-09-25T00:00:00Z"">
                    <saml2:Issuer>https://twokeys.example.com</saml2:Issuer>
                    <saml2:Subject>
                        <saml2:NameID>SomeUser</saml2:NameID>
                        <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
                    </saml2:Subject>
                    <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
                </saml2:Assertion>
            </saml2p:Response>";

            var signedResponse = SignedXmlHelper.SignXml(response);

            var options = StubFactory.CreateOptions();

            var idp = new IdentityProvider(
                new EntityId("https://twokeys.example.com"), options.SPOptions)
            {
                AllowUnsolicitedAuthnResponse = true
            };

            idp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestKey2);
            idp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestKey);

            options.IdentityProviders.Add(idp);

            Action a = () => Saml2Response.Read(signedResponse).GetClaims(options);
            a.ShouldNotThrow();
        }

 public void send_requestAccountPasswordReset(IdentityProvider provider, string identifier, string locale)
 #endif
 {
   oprot_.WriteMessageBegin(new TMessage("requestAccountPasswordReset", TMessageType.Call, seqid_));
   requestAccountPasswordReset_args args = new requestAccountPasswordReset_args();
   args.Provider = provider;
   args.Identifier = identifier;
   args.Locale = locale;
   args.Write(oprot_);
   oprot_.WriteMessageEnd();
   #if SILVERLIGHT
   return oprot_.Transport.BeginFlush(callback, state);
   #else
   oprot_.Transport.Flush();
   #endif
 }

      public void requestAccountPasswordReset(IdentityProvider provider, string identifier, string locale)
      {
        #if !SILVERLIGHT
        send_requestAccountPasswordReset(provider, identifier, locale);
        recv_requestAccountPasswordReset();

        #else
        var asyncResult = Begin_requestAccountPasswordReset(null, null, provider, identifier, locale);
        End_requestAccountPasswordReset(asyncResult);

        #endif
      }

 public IAsyncResult Begin_requestAccountPasswordReset(AsyncCallback callback, object state, IdentityProvider provider, string identifier, string locale)
 {
   return send_requestAccountPasswordReset(callback, state, provider, identifier, locale);
 }

        public void IdentityProvider_Ctor_PrefersRedirectBindingFromMetadata()
        {
            var config = CreateConfig();
            config.LoadMetadata = true;
            config.EntityId = "http://localhost:13428/idpMetadataWithMultipleBindings";

            var subject = new IdentityProvider(config, Options.FromConfiguration.SPOptions);

            subject.Binding.Should().Be(Saml2BindingType.HttpRedirect);
            subject.SingleSignOnServiceUrl.Should().Be("http://idp2Bindings.example.com/Redirect");
        }

        public void IdentityProvider_ConfigFromMetadata()
        {
            var entityId = new EntityId("http://localhost:13428/idpMetadata");
            var subject = new IdentityProvider(entityId, StubFactory.CreateSPOptions());

            // Add one that will be removed by loading.
            subject.ArtifactResolutionServiceUrls.Add(234, new Uri("http://example.com"));

            subject.LoadMetadata = true;

            subject.EntityId.Id.Should().Be(entityId.Id);
            subject.Binding.Should().Be(Saml2BindingType.HttpPost);
            subject.SingleSignOnServiceUrl.Should().Be(new Uri("http://localhost:13428/acs"));
            subject.SigningKeys.Single().ShouldBeEquivalentTo(new X509RawDataKeyIdentifierClause(SignedXmlHelper.TestCert));
            subject.ArtifactResolutionServiceUrls.Count.Should().Be(2);
            subject.ArtifactResolutionServiceUrls[0x1234].OriginalString
                .Should().Be("http://localhost:13428/ars");
            subject.ArtifactResolutionServiceUrls[117].OriginalString
                .Should().Be("http://localhost:13428/ars2");
            subject.SingleLogoutServiceUrl.OriginalString.Should().Be("http://localhost:13428/logout");
            subject.SingleLogoutServiceResponseUrl.OriginalString.Should().Be("http://localhost:13428/logoutResponse");
            subject.SingleLogoutServiceBinding.Should().Be(Saml2BindingType.HttpRedirect);
        }

        public void IdentityProvider_MetadataLoadedConfiguredFromCode()
        {
            var spOptions = StubFactory.CreateSPOptions();

            spOptions.ServiceCertificates.Add(new ServiceCertificate()
            {
                Certificate = SignedXmlHelper.TestCert
            });

            var subject = new IdentityProvider(
                new EntityId("http://other.entityid.example.com"), spOptions)
            {
                MetadataLocation = "http://localhost:13428/idpMetadataOtherEntityId",
                AllowUnsolicitedAuthnResponse = true
            };

            subject.AllowUnsolicitedAuthnResponse.Should().BeTrue();
            subject.Binding.Should().Be(Saml2BindingType.HttpRedirect);
            subject.EntityId.Id.Should().Be("http://other.entityid.example.com");
            // If a metadatalocation is set, metadata loading is automatically enabled.
            subject.LoadMetadata.Should().BeTrue();
            subject.MetadataLocation.Should().Be("http://localhost:13428/idpMetadataOtherEntityId");
            subject.MetadataValidUntil.Should().BeCloseTo(
                DateTime.UtcNow.Add(MetadataRefreshScheduler.DefaultMetadataCacheDuration), precision: 100);
            subject.SingleSignOnServiceUrl.Should().Be("http://wrong.entityid.example.com/acs");
            subject.WantAuthnRequestsSigned.Should().Be(true, "WantAuthnRequestsSigned should have been loaded from metadata");

            Action a = () => subject.CreateAuthenticateRequest(StubFactory.CreateAuthServicesUrls());
            a.ShouldNotThrow();
        }