Validate Saml response status code

src/Sustainsys.Saml2/Validation/SamlResponseValidator.cs

@@ -19,6 +19,19 @@ public void Validate(
         SamlResponseValidationParameters validationParameters)
     {
         ValidateIssuer(samlResponse, validationParameters);
+        ValidateStatusCode(samlResponse);
+    }
+
+    /// <summary>
+    /// Validate that the status code is <see cref="Constants.StatusCodes.Success"/>
+    /// </summary>
+    /// <param name="samlResponse">Saml Response</param>
+    public virtual void ValidateStatusCode(SamlResponse samlResponse)
+    {
+        if (samlResponse.Status?.StatusCode?.Value != Constants.StatusCodes.Success)
+        {
+            throw new SamlValidationException($"Saml status code {samlResponse.Status?.StatusCode?.Value} is not success");
+        }
     }
 
     /// <summary>

src/Tests/Sustainsys.Saml2.Tests/Validators/SamlResponseValidatorTests.cs

@@ -18,6 +18,13 @@ SamlResponse CreateSamlResponse() =>
             Issuer = new()
             {
                 Value = "https://idp.example.com/Saml2"
+            },
+            Status = new()
+            {
+                StatusCode = new()
+                {
+                    Value = Constants.StatusCodes.Success
+                }
             }
         };
 
@@ -74,4 +81,19 @@ public void Validate_Issuer_IsIncorrect()
 
         // TODO: Validate NameID format once it is supported.
     }
+
+    [Fact]
+    public void Validate_Status_IsNonSuccess()
+    {
+        var subject = new SamlResponseValidator();
+
+        var response = CreateSamlResponse();
+        response.Status.StatusCode.Value = Constants.StatusCodes.Requester;
+
+        var parameters = CreateValidationParameters();
+
+        subject.Invoking(s => s.Validate(response, parameters))
+            .Should().Throw<SamlValidationException>()
+            .WithMessage("*status*Requester*");
+    }
 }