52    private $IDPList = array();
 
   59    private $ProxyCount = 
null;
 
   67    private $RequesterID = array();
 
  114    private $subjectConfirmation = array();
 
  134        parent::__construct(
'AuthnRequest', 
$xml);
 
  136        $this->nameIdPolicy = array();
 
  137        $this->forceAuthn = 
false;
 
  138        $this->isPassive = 
false;
 
  144        $this->forceAuthn = Utils::parseBoolean(
$xml, 
'ForceAuthn', 
false);
 
  145        $this->isPassive = Utils::parseBoolean(
$xml, 
'IsPassive', 
false);
 
  147        if (
$xml->hasAttribute(
'AssertionConsumerServiceURL')) {
 
  148            $this->assertionConsumerServiceURL = 
$xml->getAttribute(
'AssertionConsumerServiceURL');
 
  151        if (
$xml->hasAttribute(
'ProtocolBinding')) {
 
  152            $this->protocolBinding = 
$xml->getAttribute(
'ProtocolBinding');
 
  155        if (
$xml->hasAttribute(
'AttributeConsumingServiceIndex')) {
 
  156            $this->attributeConsumingServiceIndex = (int) 
$xml->getAttribute(
'AttributeConsumingServiceIndex');
 
  159        if (
$xml->hasAttribute(
'AssertionConsumerServiceIndex')) {
 
  160            $this->assertionConsumerServiceIndex = (int) 
$xml->getAttribute(
'AssertionConsumerServiceIndex');
 
  163        if (
$xml->hasAttribute(
'ProviderName')) {
 
  164            $this->ProviderName = 
$xml->getAttribute(
'ProviderName');
 
  167        $this->parseSubject(
$xml);
 
  168        $this->parseNameIdPolicy(
$xml);
 
  169        $this->parseRequestedAuthnContext(
$xml);
 
  170        $this->parseScoping(
$xml);
 
  180        $subject = Utils::xpQuery(
$xml, 
'./saml_assertion:Subject');
 
  181        if (empty($subject)) {
 
  185        if (count($subject) > 1) {
 
  186            throw new \Exception(
'More than one <saml:Subject> in <saml:AuthnRequest>.');
 
  188        $subject = $subject[0];
 
  192            './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData' 
  195            throw new \Exception(
'Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
 
  196        } elseif (count(
$nameId) > 1) {
 
  197            throw new \Exception(
'More than one <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
 
  200        if (
$nameId->localName === 
'EncryptedData') {
 
  202            $this->encryptedNameId = 
$nameId;
 
  207        $subjectConfirmation = Utils::xpQuery($subject, 
'./saml_assertion:SubjectConfirmation');
 
  208        foreach ($subjectConfirmation as 
$sc) {
 
  220        $nameIdPolicy = Utils::xpQuery(
$xml, 
'./saml_protocol:NameIDPolicy');
 
  221        if (empty($nameIdPolicy)) {
 
  225        $nameIdPolicy = $nameIdPolicy[0];
 
  226        if ($nameIdPolicy->hasAttribute(
'Format')) {
 
  227            $this->nameIdPolicy[
'Format'] = $nameIdPolicy->getAttribute(
'Format');
 
  229        if ($nameIdPolicy->hasAttribute(
'SPNameQualifier')) {
 
  230            $this->nameIdPolicy[
'SPNameQualifier'] = $nameIdPolicy->getAttribute(
'SPNameQualifier');
 
  232        if ($nameIdPolicy->hasAttribute(
'AllowCreate')) {
 
  233            $this->nameIdPolicy[
'AllowCreate'] = Utils::parseBoolean($nameIdPolicy, 
'AllowCreate', 
false);
 
  242        $requestedAuthnContext = Utils::xpQuery(
$xml, 
'./saml_protocol:RequestedAuthnContext');
 
  243        if (empty($requestedAuthnContext)) {
 
  247        $requestedAuthnContext = $requestedAuthnContext[0];
 
  250            'AuthnContextClassRef' => array(),
 
  251            'Comparison'           => Constants::COMPARISON_EXACT,
 
  254        $accr = Utils::xpQuery($requestedAuthnContext, 
'./saml_assertion:AuthnContextClassRef');
 
  255        foreach ($accr as 
$i) {
 
  256            $rac[
'AuthnContextClassRef'][] = trim(
$i->textContent);
 
  259        if ($requestedAuthnContext->hasAttribute(
'Comparison')) {
 
  260            $rac[
'Comparison'] = $requestedAuthnContext->getAttribute(
'Comparison');
 
  263        $this->requestedAuthnContext = $rac;
 
  273        $scoping = Utils::xpQuery(
$xml, 
'./saml_protocol:Scoping');
 
  274        if (empty($scoping)) {
 
  278        $scoping = $scoping[0];
 
  280        if ($scoping->hasAttribute(
'ProxyCount')) {
 
  281            $this->ProxyCount = (int) $scoping->getAttribute(
'ProxyCount');
 
  283        $idpEntries = Utils::xpQuery($scoping, 
'./saml_protocol:IDPList/saml_protocol:IDPEntry');
 
  285        foreach ($idpEntries as $idpEntry) {
 
  286            if (!$idpEntry->hasAttribute(
'ProviderID')) {
 
  287                throw new \Exception(
"Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
 
  289            $this->IDPList[] = $idpEntry->getAttribute(
'ProviderID');
 
  292        $requesterIDs = Utils::xpQuery($scoping, 
'./saml_protocol:RequesterID');
 
  293        foreach ($requesterIDs as $requesterID) {
 
  294            $this->RequesterID[] = trim($requesterID->textContent);
 
  306        return $this->nameIdPolicy;
 
  322        if (isset($nameIdPolicy[
'Format']) && !is_string($nameIdPolicy[
'Format'])) {
 
  323            throw InvalidArgumentException::invalidType(
'string', $nameIdPolicy[
'Format']);
 
  325        if (isset($nameIdPolicy[
'SPNameQualifier']) && !is_string($nameIdPolicy[
'SPNameQualifier'])) {
 
  326            throw InvalidArgumentException::invalidType(
'string', $nameIdPolicy[
'SPNameQualifier']);
 
  328        if (isset($nameIdPolicy[
'AllowCreate']) && !is_bool($nameIdPolicy[
'AllowCreate'])) {
 
  329            throw InvalidArgumentException::invalidType(
'bool', $nameIdPolicy[
'AllowCreate']);
 
  332        $this->nameIdPolicy = $nameIdPolicy;
 
  367        return $this->ProviderName;
 
  378        assert(is_string($ProviderName));
 
  380        $this->ProviderName = $ProviderName;
 
  423        assert(is_array($IDPList));
 
  424        $this->IDPList = $IDPList;
 
  435        return $this->IDPList;
 
  443        assert(is_int($ProxyCount));
 
  444        $this->ProxyCount = $ProxyCount;
 
  452        return $this->ProxyCount;
 
  460        $this->RequesterID = $RequesterID;
 
  468        return $this->RequesterID;
 
  478        return $this->assertionConsumerServiceURL;
 
  488        assert(is_string($assertionConsumerServiceURL) || is_null($assertionConsumerServiceURL));
 
  490        $this->assertionConsumerServiceURL = $assertionConsumerServiceURL;
 
  500        return $this->protocolBinding;
 
  510        assert(is_string($protocolBinding) || is_null($protocolBinding));
 
  512        $this->protocolBinding = $protocolBinding;
 
  522        return $this->attributeConsumingServiceIndex;
 
  532        assert(is_int($attributeConsumingServiceIndex) || is_null($attributeConsumingServiceIndex));
 
  534        $this->attributeConsumingServiceIndex = $attributeConsumingServiceIndex;
 
  544        return $this->assertionConsumerServiceIndex;
 
  554        assert(is_int($assertionConsumerServiceIndex) || is_null($assertionConsumerServiceIndex));
 
  556        $this->assertionConsumerServiceIndex = $assertionConsumerServiceIndex;
 
  566        return $this->requestedAuthnContext;
 
  576        assert(is_array($requestedAuthnContext) || is_null($requestedAuthnContext));
 
  578        $this->requestedAuthnContext = $requestedAuthnContext;
 
  589        if ($this->encryptedNameId !== 
null) {
 
  590            throw new \Exception(
'Attempted to retrieve encrypted NameID without decrypting it first.');
 
  619        $doc  = new \DOMDocument();
 
  620        $root = $doc->createElement(
'root');
 
  621        $doc->appendChild($root);
 
  622        $this->nameId->toXML($root);
 
  625        Utils::getContainer()->debugMessage(
$nameId, 
'encrypt');
 
  631        $enc->type = XMLSecEnc::Element;
 
  635        $symmetricKey->generateSessionKey();
 
  636        $enc->encryptKey(
$key, $symmetricKey);
 
  638        $this->encryptedNameId = $enc->encryptNode($symmetricKey);
 
  639        $this->nameId          = 
null;
 
  650        if ($this->encryptedNameId === 
null) {
 
  655        $nameId = Utils::decryptElement($this->encryptedNameId, 
$key, $blacklist);
 
  656        Utils::getContainer()->debugMessage(
$nameId, 
'decrypt');
 
  659        $this->encryptedNameId = 
null;
 
  669        return $this->subjectConfirmation;
 
  679        $this->subjectConfirmation = $subjectConfirmation;
 
  689        $root = parent::toUnsignedXML();
 
  691        if ($this->forceAuthn) {
 
  692            $root->setAttribute(
'ForceAuthn', 
'true');
 
  695        if ($this->ProviderName !== 
null) {
 
  696            $root->setAttribute(
'ProviderName', $this->ProviderName);
 
  699        if ($this->isPassive) {
 
  700            $root->setAttribute(
'IsPassive', 
'true');
 
  703        if ($this->assertionConsumerServiceIndex !== 
null) {
 
  704            $root->setAttribute(
'AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
 
  706            if ($this->assertionConsumerServiceURL !== 
null) {
 
  707                $root->setAttribute(
'AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
 
  709            if ($this->protocolBinding !== 
null) {
 
  710                $root->setAttribute(
'ProtocolBinding', $this->protocolBinding);
 
  714        if ($this->attributeConsumingServiceIndex !== 
null) {
 
  715            $root->setAttribute(
'AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
 
  718        $this->addSubject($root);
 
  720        if (!empty($this->nameIdPolicy)) {
 
  721            $nameIdPolicy = $this->document->createElementNS(Constants::NS_SAMLP, 
'NameIDPolicy');
 
  722            if (array_key_exists(
'Format', $this->nameIdPolicy)) {
 
  723                $nameIdPolicy->setAttribute(
'Format', $this->nameIdPolicy[
'Format']);
 
  725            if (array_key_exists(
'SPNameQualifier', $this->nameIdPolicy)) {
 
  726                $nameIdPolicy->setAttribute(
'SPNameQualifier', $this->nameIdPolicy[
'SPNameQualifier']);
 
  728            if (array_key_exists(
'AllowCreate', $this->nameIdPolicy)) {
 
  729                $nameIdPolicy->setAttribute(
'AllowCreate', ($this->nameIdPolicy[
'AllowCreate']) ? 
'true' : 
'false');
 
  731            $root->appendChild($nameIdPolicy);
 
  734        $rac = $this->requestedAuthnContext;
 
  735        if (!empty($rac) && !empty($rac[
'AuthnContextClassRef'])) {
 
  736            $e = $this->document->createElementNS(Constants::NS_SAMLP, 
'RequestedAuthnContext');
 
  737            $root->appendChild($e);
 
  738            if (isset($rac[
'Comparison']) && $rac[
'Comparison'] !== Constants::COMPARISON_EXACT) {
 
  739                $e->setAttribute(
'Comparison', $rac[
'Comparison']);
 
  741            foreach ($rac[
'AuthnContextClassRef'] as $accr) {
 
  742                Utils::addString($e, Constants::NS_SAML, 
'AuthnContextClassRef', $accr);
 
  746        if ($this->ProxyCount !== 
null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
 
  747            $scoping = $this->document->createElementNS(Constants::NS_SAMLP, 
'Scoping');
 
  748            $root->appendChild($scoping);
 
  749            if ($this->ProxyCount !== 
null) {
 
  750                $scoping->setAttribute(
'ProxyCount', $this->ProxyCount);
 
  752            if (count($this->IDPList) > 0) {
 
  753                $idplist = $this->document->createElementNS(Constants::NS_SAMLP, 
'IDPList');
 
  755                    $idpEntry = $this->document->createElementNS(Constants::NS_SAMLP, 
'IDPEntry');
 
  757                        $idpEntry->setAttribute(
'ProviderID', 
$provider);
 
  759                        foreach (
$provider as $attribute => $value) {
 
  760                            if (in_array($attribute, array(
 
  765                                $idpEntry->setAttribute($attribute, $value);
 
  769                    $idplist->appendChild($idpEntry);
 
  771                $scoping->appendChild($idplist);
 
  773            if (count($this->RequesterID) > 0) {
 
  774                Utils::addStrings($scoping, Constants::NS_SAMLP, 
'RequesterID', 
false, $this->RequesterID);
 
  789        if ($this->nameId === 
null && $this->encryptedNameId === 
null) {
 
  793        $subject = $root->ownerDocument->createElementNS(Constants::NS_SAML, 
'saml:Subject');
 
  794        $root->appendChild($subject);
 
  796        if ($this->encryptedNameId === 
null) {
 
  797            $this->nameId->toXML($subject);
 
  799            $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 
'saml:EncryptedID');
 
  800            $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, 
true));
 
  801            $subject->appendChild($eid);
 
  804        foreach ($this->subjectConfirmation as 
$sc) {
 
  805            $sc->toXML($subject);
 
An exception for terminatinating execution or to throw for unit testing.
setForceAuthn($forceAuthn)
Set the value of the ForceAuthn attribute.
getProviderName()
Retrieve the value of the ProviderName attribute.
getIDPList()
This function retrieves the list of providerIDs from this authentication request.
getIsPassive()
Retrieve the value of the IsPassive attribute.
setSubjectConfirmation(array $subjectConfirmation)
Set the SubjectConfirmation elements that should be included in the assertion.
setAssertionConsumerServiceURL($assertionConsumerServiceURL)
Set the value of the AssertionConsumerServiceURL attribute.
getNameIdPolicy()
Retrieve the NameIdPolicy.
parseScoping(\DOMElement $xml)
getForceAuthn()
Retrieve the value of the ForceAuthn attribute.
parseRequestedAuthnContext(\DOMElement $xml)
setRequestedAuthnContext($requestedAuthnContext)
Set the RequestedAuthnContext.
getAssertionConsumerServiceURL()
Retrieve the value of the AssertionConsumerServiceURL attribute.
getProtocolBinding()
Retrieve the value of the ProtocolBinding attribute.
$assertionConsumerServiceURL
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
parseSubject(\DOMElement $xml)
getNameId()
Retrieve the NameId of the subject in the assertion.
setIsPassive($isPassive)
Set the value of the IsPassive attribute.
setRequesterID(array $RequesterID)
setIDPList($IDPList)
This function sets the scoping for the request.
setNameIdPolicy(array $nameIdPolicy)
Set the NameIDPolicy.
setProxyCount($ProxyCount)
$attributeConsumingServiceIndex
toUnsignedXML()
Convert this authentication request to an XML element.
parseNameIdPolicy(\DOMElement $xml)
addSubject(\DOMElement $root)
Add a Subject-node to the assertion.
setAssertionConsumerServiceIndex($assertionConsumerServiceIndex)
Set the value of the AssertionConsumerServiceIndex attribute.
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the AuthnRequest.
getRequestedAuthnContext()
Retrieve the RequestedAuthnContext.
$assertionConsumerServiceIndex
setNameId($nameId)
Set the NameId of the subject in the assertion.
setProviderName($ProviderName)
Set the value of the ProviderName attribute.
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameId of the subject in the assertion.
setProtocolBinding($protocolBinding)
Set the value of the ProtocolBinding attribute.
getAssertionConsumerServiceIndex()
Retrieve the value of the AssertionConsumerServiceIndex attribute.
__construct(\DOMElement $xml=null)
Constructor for SAML 2 authentication request messages.
setAttributeConsumingServiceIndex($attributeConsumingServiceIndex)
Set the value of the AttributeConsumingServiceIndex attribute.
getAttributeConsumingServiceIndex()
Retrieve the value of the AttributeConsumingServiceIndex attribute.