52    private $IDPList = array();
 
   59    private $ProxyCount = 
null;
 
   67    private $RequesterID = array();
 
  114    private $subjectConfirmation = array();
 
  134        parent::__construct(
'AuthnRequest', 
$xml);
 
  136        $this->nameIdPolicy = array();
 
  137        $this->forceAuthn = 
false;
 
  138        $this->isPassive = 
false;
 
  144        $this->forceAuthn = Utils::parseBoolean(
$xml, 
'ForceAuthn', 
false);
 
  145        $this->isPassive = Utils::parseBoolean(
$xml, 
'IsPassive', 
false);
 
  147        if (
$xml->hasAttribute(
'AssertionConsumerServiceURL')) {
 
  148            $this->assertionConsumerServiceURL = 
$xml->getAttribute(
'AssertionConsumerServiceURL');
 
  151        if (
$xml->hasAttribute(
'ProtocolBinding')) {
 
  152            $this->protocolBinding = 
$xml->getAttribute(
'ProtocolBinding');
 
  155        if (
$xml->hasAttribute(
'AttributeConsumingServiceIndex')) {
 
  156            $this->attributeConsumingServiceIndex = (int) 
$xml->getAttribute(
'AttributeConsumingServiceIndex');
 
  159        if (
$xml->hasAttribute(
'AssertionConsumerServiceIndex')) {
 
  160            $this->assertionConsumerServiceIndex = (int) 
$xml->getAttribute(
'AssertionConsumerServiceIndex');
 
  163        if (
$xml->hasAttribute(
'ProviderName')) {
 
  164            $this->ProviderName = 
$xml->getAttribute(
'ProviderName');
 
  167        $this->parseSubject(
$xml);
 
  168        $this->parseNameIdPolicy(
$xml);
 
  169        $this->parseRequestedAuthnContext(
$xml);
 
  170        $this->parseScoping(
$xml);
 
  180        $subject = Utils::xpQuery(
$xml, 
'./saml_assertion:Subject');
 
  181        if (empty($subject)) {
 
  185        if (count($subject) > 1) {
 
  186            throw new \Exception(
'More than one <saml:Subject> in <saml:AuthnRequest>.');
 
  188        $subject = $subject[0];
 
  192            './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData' 
  195            throw new \Exception(
'Missing <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
 
  196        } elseif (count(
$nameId) > 1) {
 
  197            throw new \Exception(
'More than one <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
 
  200        if (
$nameId->localName === 
'EncryptedData') {
 
  202            $this->encryptedNameId = 
$nameId;
 
  207        $subjectConfirmation = Utils::xpQuery($subject, 
'./saml_assertion:SubjectConfirmation');
 
  208        foreach ($subjectConfirmation as 
$sc) {
 
  220        $nameIdPolicy = Utils::xpQuery(
$xml, 
'./saml_protocol:NameIDPolicy');
 
  221        if (empty($nameIdPolicy)) {
 
  225        $nameIdPolicy = $nameIdPolicy[0];
 
  226        if ($nameIdPolicy->hasAttribute(
'Format')) {
 
  227            $this->nameIdPolicy[
'Format'] = $nameIdPolicy->getAttribute(
'Format');
 
  229        if ($nameIdPolicy->hasAttribute(
'SPNameQualifier')) {
 
  230            $this->nameIdPolicy[
'SPNameQualifier'] = $nameIdPolicy->getAttribute(
'SPNameQualifier');
 
  232        if ($nameIdPolicy->hasAttribute(
'AllowCreate')) {
 
  233            $this->nameIdPolicy[
'AllowCreate'] = Utils::parseBoolean($nameIdPolicy, 
'AllowCreate', 
false);
 
  242        $requestedAuthnContext = Utils::xpQuery(
$xml, 
'./saml_protocol:RequestedAuthnContext');
 
  243        if (empty($requestedAuthnContext)) {
 
  247        $requestedAuthnContext = $requestedAuthnContext[0];
 
  250            'AuthnContextClassRef' => array(),
 
  251            'Comparison'           => Constants::COMPARISON_EXACT,
 
  254        $accr = Utils::xpQuery($requestedAuthnContext, 
'./saml_assertion:AuthnContextClassRef');
 
  255        foreach ($accr as 
$i) {
 
  256            $rac[
'AuthnContextClassRef'][] = trim(
$i->textContent);
 
  259        if ($requestedAuthnContext->hasAttribute(
'Comparison')) {
 
  260            $rac[
'Comparison'] = $requestedAuthnContext->getAttribute(
'Comparison');
 
  263        $this->requestedAuthnContext = $rac;
 
  273        $scoping = Utils::xpQuery(
$xml, 
'./saml_protocol:Scoping');
 
  274        if (empty($scoping)) {
 
  278        $scoping = $scoping[0];
 
  280        if ($scoping->hasAttribute(
'ProxyCount')) {
 
  281            $this->ProxyCount = (int) $scoping->getAttribute(
'ProxyCount');
 
  283        $idpEntries = Utils::xpQuery($scoping, 
'./saml_protocol:IDPList/saml_protocol:IDPEntry');
 
  285        foreach ($idpEntries as $idpEntry) {
 
  286            if (!$idpEntry->hasAttribute(
'ProviderID')) {
 
  287                throw new \Exception(
"Could not get ProviderID from Scoping/IDPEntry element in AuthnRequest object");
 
  289            $this->IDPList[] = $idpEntry->getAttribute(
'ProviderID');
 
  292        $requesterIDs = Utils::xpQuery($scoping, 
'./saml_protocol:RequesterID');
 
  293        foreach ($requesterIDs as $requesterID) {
 
  294            $this->RequesterID[] = trim($requesterID->textContent);
 
  306        return $this->nameIdPolicy;
 
  322        if (isset($nameIdPolicy[
'Format']) && !is_string($nameIdPolicy[
'Format'])) {
 
  323            throw InvalidArgumentException::invalidType(
'string', $nameIdPolicy[
'Format']);
 
  325        if (isset($nameIdPolicy[
'SPNameQualifier']) && !is_string($nameIdPolicy[
'SPNameQualifier'])) {
 
  326            throw InvalidArgumentException::invalidType(
'string', $nameIdPolicy[
'SPNameQualifier']);
 
  328        if (isset($nameIdPolicy[
'AllowCreate']) && !is_bool($nameIdPolicy[
'AllowCreate'])) {
 
  329            throw InvalidArgumentException::invalidType(
'bool', $nameIdPolicy[
'AllowCreate']);
 
  332        $this->nameIdPolicy = $nameIdPolicy;
 
  343        return $this->forceAuthn;
 
  354        assert(is_bool($forceAuthn));
 
  356        $this->forceAuthn = $forceAuthn;
 
  367        return $this->ProviderName;
 
  378        assert(is_string($ProviderName));
 
  380        $this->ProviderName = $ProviderName;
 
  391        return $this->isPassive;
 
  402        assert(is_bool($isPassive));
 
  404        $this->isPassive = $isPassive;
 
  425        $this->IDPList = $IDPList;
 
  436        return $this->IDPList;
 
  444        assert(is_int($ProxyCount));
 
  445        $this->ProxyCount = $ProxyCount;
 
  453        return $this->ProxyCount;
 
  461        $this->RequesterID = $RequesterID;
 
  469        return $this->RequesterID;
 
  479        return $this->assertionConsumerServiceURL;
 
  489        assert(is_string($assertionConsumerServiceURL) || is_null($assertionConsumerServiceURL));
 
  491        $this->assertionConsumerServiceURL = $assertionConsumerServiceURL;
 
  501        return $this->protocolBinding;
 
  511        assert(is_string($protocolBinding) || is_null($protocolBinding));
 
  513        $this->protocolBinding = $protocolBinding;
 
  523        return $this->attributeConsumingServiceIndex;
 
  533        assert(is_int($attributeConsumingServiceIndex) || is_null($attributeConsumingServiceIndex));
 
  535        $this->attributeConsumingServiceIndex = $attributeConsumingServiceIndex;
 
  545        return $this->assertionConsumerServiceIndex;
 
  555        assert(is_int($assertionConsumerServiceIndex) || is_null($assertionConsumerServiceIndex));
 
  557        $this->assertionConsumerServiceIndex = $assertionConsumerServiceIndex;
 
  567        return $this->requestedAuthnContext;
 
  577        assert(is_array($requestedAuthnContext) || is_null($requestedAuthnContext));
 
  579        $this->requestedAuthnContext = $requestedAuthnContext;
 
  590        if ($this->encryptedNameId !== 
null) {
 
  591            throw new \Exception(
'Attempted to retrieve encrypted NameID without decrypting it first.');
 
  620        $doc  = new \DOMDocument();
 
  621        $root = $doc->createElement(
'root');
 
  622        $doc->appendChild(
$root);
 
  623        $this->nameId->toXML(
$root);
 
  626        Utils::getContainer()->debugMessage(
$nameId, 
'encrypt');
 
  632        $enc->type = XMLSecEnc::Element;
 
  636        $symmetricKey->generateSessionKey();
 
  637        $enc->encryptKey(
$key, $symmetricKey);
 
  639        $this->encryptedNameId = $enc->encryptNode($symmetricKey);
 
  640        $this->nameId          = 
null;
 
  651        if ($this->encryptedNameId === 
null) {
 
  656        $nameId = Utils::decryptElement($this->encryptedNameId, 
$key, $blacklist);
 
  657        Utils::getContainer()->debugMessage(
$nameId, 
'decrypt');
 
  660        $this->encryptedNameId = 
null;
 
  670        return $this->subjectConfirmation;
 
  680        $this->subjectConfirmation = $subjectConfirmation;
 
  690        $root = parent::toUnsignedXML();
 
  692        if ($this->forceAuthn) {
 
  693            $root->setAttribute(
'ForceAuthn', 
'true');
 
  696        if ($this->ProviderName !== 
null) {
 
  697            $root->setAttribute(
'ProviderName', $this->ProviderName);
 
  700        if ($this->isPassive) {
 
  701            $root->setAttribute(
'IsPassive', 
'true');
 
  704        if ($this->assertionConsumerServiceIndex !== 
null) {
 
  705            $root->setAttribute(
'AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
 
  707            if ($this->assertionConsumerServiceURL !== 
null) {
 
  708                $root->setAttribute(
'AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
 
  710            if ($this->protocolBinding !== 
null) {
 
  711                $root->setAttribute(
'ProtocolBinding', $this->protocolBinding);
 
  715        if ($this->attributeConsumingServiceIndex !== 
null) {
 
  716            $root->setAttribute(
'AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
 
  719        $this->addSubject(
$root);
 
  721        if (!empty($this->nameIdPolicy)) {
 
  722            $nameIdPolicy = $this->document->createElementNS(Constants::NS_SAMLP, 
'NameIDPolicy');
 
  723            if (array_key_exists(
'Format', $this->nameIdPolicy)) {
 
  724                $nameIdPolicy->setAttribute(
'Format', $this->nameIdPolicy[
'Format']);
 
  726            if (array_key_exists(
'SPNameQualifier', $this->nameIdPolicy)) {
 
  727                $nameIdPolicy->setAttribute(
'SPNameQualifier', $this->nameIdPolicy[
'SPNameQualifier']);
 
  729            if (array_key_exists(
'AllowCreate', $this->nameIdPolicy)) {
 
  730                $nameIdPolicy->setAttribute(
'AllowCreate', ($this->nameIdPolicy[
'AllowCreate']) ? 
'true' : 
'false');
 
  732            $root->appendChild($nameIdPolicy);
 
  735        $rac = $this->requestedAuthnContext;
 
  736        if (!empty($rac) && !empty($rac[
'AuthnContextClassRef'])) {
 
  737            $e = $this->document->createElementNS(Constants::NS_SAMLP, 
'RequestedAuthnContext');
 
  738            $root->appendChild($e);
 
  739            if (isset($rac[
'Comparison']) && $rac[
'Comparison'] !== Constants::COMPARISON_EXACT) {
 
  740                $e->setAttribute(
'Comparison', $rac[
'Comparison']);
 
  742            foreach ($rac[
'AuthnContextClassRef'] as $accr) {
 
  743                Utils::addString($e, Constants::NS_SAML, 
'AuthnContextClassRef', $accr);
 
  747        if ($this->ProxyCount !== 
null || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
 
  748            $scoping = $this->document->createElementNS(Constants::NS_SAMLP, 
'Scoping');
 
  749            $root->appendChild($scoping);
 
  750            if ($this->ProxyCount !== 
null) {
 
  751                $scoping->setAttribute(
'ProxyCount', $this->ProxyCount);
 
  753            if (count($this->IDPList) > 0) {
 
  754                $idplist = $this->document->createElementNS(Constants::NS_SAMLP, 
'IDPList');
 
  756                    $idpEntry = $this->document->createElementNS(Constants::NS_SAMLP, 
'IDPEntry');
 
  758                        $idpEntry->setAttribute(
'ProviderID', 
$provider);
 
  760                        foreach (
$provider as $attribute => $value) {
 
  761                            if (in_array($attribute, array(
 
  766                                $idpEntry->setAttribute($attribute, $value);
 
  770                    $idplist->appendChild($idpEntry);
 
  772                $scoping->appendChild($idplist);
 
  774            if (count($this->RequesterID) > 0) {
 
  775                Utils::addStrings($scoping, Constants::NS_SAMLP, 
'RequesterID', 
false, $this->RequesterID);
 
  790        if ($this->nameId === 
null && $this->encryptedNameId === 
null) {
 
  794        $subject = 
$root->ownerDocument->createElementNS(Constants::NS_SAML, 
'saml:Subject');
 
  795        $root->appendChild($subject);
 
  797        if ($this->encryptedNameId === 
null) {
 
  798            $this->nameId->toXML($subject);
 
  800            $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 
'saml:EncryptedID');
 
  801            $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, 
true));
 
  802            $subject->appendChild($eid);
 
  805        foreach ($this->subjectConfirmation as 
$sc) {
 
  806            $sc->toXML($subject);
 
An exception for terminatinating execution or to throw for unit testing.
setForceAuthn($forceAuthn)
Set the value of the ForceAuthn attribute.
getProviderName()
Retrieve the value of the ProviderName attribute.
getIDPList()
This function retrieves the list of providerIDs from this authentication request.
getIsPassive()
Retrieve the value of the IsPassive attribute.
setSubjectConfirmation(array $subjectConfirmation)
Set the SubjectConfirmation elements that should be included in the assertion.
setAssertionConsumerServiceURL($assertionConsumerServiceURL)
Set the value of the AssertionConsumerServiceURL attribute.
getNameIdPolicy()
Retrieve the NameIdPolicy.
parseScoping(\DOMElement $xml)
getForceAuthn()
Retrieve the value of the ForceAuthn attribute.
parseRequestedAuthnContext(\DOMElement $xml)
setRequestedAuthnContext($requestedAuthnContext)
Set the RequestedAuthnContext.
getAssertionConsumerServiceURL()
Retrieve the value of the AssertionConsumerServiceURL attribute.
getProtocolBinding()
Retrieve the value of the ProtocolBinding attribute.
$assertionConsumerServiceURL
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
parseSubject(\DOMElement $xml)
getNameId()
Retrieve the NameId of the subject in the assertion.
setIsPassive($isPassive)
Set the value of the IsPassive attribute.
setRequesterID(array $RequesterID)
setNameIdPolicy(array $nameIdPolicy)
Set the NameIDPolicy.
setProxyCount($ProxyCount)
$attributeConsumingServiceIndex
toUnsignedXML()
Convert this authentication request to an XML element.
parseNameIdPolicy(\DOMElement $xml)
setIDPList(array $IDPList)
This function sets the scoping for the request.
addSubject(\DOMElement $root)
Add a Subject-node to the assertion.
setAssertionConsumerServiceIndex($assertionConsumerServiceIndex)
Set the value of the AssertionConsumerServiceIndex attribute.
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the AuthnRequest.
getRequestedAuthnContext()
Retrieve the RequestedAuthnContext.
$assertionConsumerServiceIndex
setNameId($nameId)
Set the NameId of the subject in the assertion.
setProviderName($ProviderName)
Set the value of the ProviderName attribute.
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameId of the subject in the assertion.
setProtocolBinding($protocolBinding)
Set the value of the ProtocolBinding attribute.
getAssertionConsumerServiceIndex()
Retrieve the value of the AssertionConsumerServiceIndex attribute.
__construct(\DOMElement $xml=null)
Constructor for SAML 2 authentication request messages.
setAttributeConsumingServiceIndex($attributeConsumingServiceIndex)
Set the value of the AttributeConsumingServiceIndex attribute.
getAttributeConsumingServiceIndex()
Retrieve the value of the AttributeConsumingServiceIndex attribute.