244    protected $wasSignedAtConstruction = 
false;
 
  259        $this->
id = Utils::getContainer()->generateId();
 
  263        $this->attributes = array();
 
  264        $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
 
  265        $this->certificates = array();
 
  266        $this->AuthenticatingAuthority = array();
 
  268        $this->requiredEncAttributes = 
false;
 
  274        if (!
$xml->hasAttribute(
'ID')) {
 
  275            throw new \Exception(
'Missing ID attribute on SAML assertion.');
 
  277        $this->
id = 
$xml->getAttribute(
'ID');
 
  279        if (
$xml->getAttribute(
'Version') !== 
'2.0') {
 
  281            throw new \Exception(
'Unsupported version: ' . 
$xml->getAttribute(
'Version'));
 
  284        $this->issueInstant = Utils::xsDateTimeToTimestamp(
$xml->getAttribute(
'IssueInstant'));
 
  286        $issuer = Utils::xpQuery(
$xml, 
'./saml_assertion:Issuer');
 
  288            throw new \Exception(
'Missing <saml:Issuer> in assertion.');
 
  291        if ($this->issuer->Format === Constants::NAMEID_ENTITY) {
 
  292            $this->issuer = $this->issuer->value;
 
  295        $this->parseSubject(
$xml);
 
  296        $this->parseConditions(
$xml);
 
  297        $this->parseAuthnStatement(
$xml);
 
  298        $this->parseAttributes(
$xml);
 
  299        $this->parseEncryptedAttributes(
$xml);
 
  300        $this->parseSignature(
$xml);
 
  311        $subject = Utils::xpQuery(
$xml, 
'./saml_assertion:Subject');
 
  312        if (empty($subject)) {
 
  316        } elseif (count($subject) > 1) {
 
  317            throw new \Exception(
'More than one <saml:Subject> in <saml:Assertion>.');
 
  319        $subject = $subject[0];
 
  323            './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData' 
  326            throw new \Exception(
'More than one <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
 
  329            if (
$nameId->localName === 
'EncryptedData') {
 
  331                $this->encryptedNameId = 
$nameId;
 
  337        $subjectConfirmation = Utils::xpQuery($subject, 
'./saml_assertion:SubjectConfirmation');
 
  338        if (empty($subjectConfirmation) && empty(
$nameId)) {
 
  339            throw new \Exception(
'Missing <saml:SubjectConfirmation> in <saml:Subject>.');
 
  342        foreach ($subjectConfirmation as 
$sc) {
 
  355        $conditions = Utils::xpQuery(
$xml, 
'./saml_assertion:Conditions');
 
  356        if (empty($conditions)) {
 
  360        } elseif (count($conditions) > 1) {
 
  361            throw new \Exception(
'More than one <saml:Conditions> in <saml:Assertion>.');
 
  363        $conditions = $conditions[0];
 
  365        if ($conditions->hasAttribute(
'NotBefore')) {
 
  366            $notBefore = Utils::xsDateTimeToTimestamp($conditions->getAttribute(
'NotBefore'));
 
  367            if ($this->notBefore === 
null || $this->notBefore < $notBefore) {
 
  368                $this->notBefore = $notBefore;
 
  371        if ($conditions->hasAttribute(
'NotOnOrAfter')) {
 
  372            $notOnOrAfter = Utils::xsDateTimeToTimestamp($conditions->getAttribute(
'NotOnOrAfter'));
 
  373            if ($this->notOnOrAfter === 
null || $this->notOnOrAfter > $notOnOrAfter) {
 
  374                $this->notOnOrAfter = $notOnOrAfter;
 
  378        for ($node = $conditions->firstChild; $node !== 
null; $node = $node->nextSibling) {
 
  379            if ($node instanceof \DOMText) {
 
  382            if ($node->namespaceURI !== Constants::NS_SAML) {
 
  383                throw new \Exception(
'Unknown namespace of condition: ' . var_export($node->namespaceURI, 
true));
 
  385            switch ($node->localName) {
 
  386                case 'AudienceRestriction':
 
  387                    $audiences = Utils::extractStrings($node, Constants::NS_SAML, 
'Audience');
 
  388                    if ($this->validAudiences === 
null) {
 
  390                        $this->validAudiences = $audiences;
 
  396                        $this->validAudiences = array_intersect($this->validAudiences, $audiences);
 
  402                case 'ProxyRestriction':
 
  406                    throw new \Exception(
'Unknown condition: ' . var_export($node->localName, 
true));
 
  419        $authnStatements = Utils::xpQuery(
$xml, 
'./saml_assertion:AuthnStatement');
 
  420        if (empty($authnStatements)) {
 
  421            $this->authnInstant = 
null;
 
  424        } elseif (count($authnStatements) > 1) {
 
  425            throw new \Exception(
'More than one <saml:AuthnStatement> in <saml:Assertion> not supported.');
 
  427        $authnStatement = $authnStatements[0];
 
  429        if (!$authnStatement->hasAttribute(
'AuthnInstant')) {
 
  430            throw new \Exception(
'Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
 
  432        $this->authnInstant = Utils::xsDateTimeToTimestamp($authnStatement->getAttribute(
'AuthnInstant'));
 
  434        if ($authnStatement->hasAttribute(
'SessionNotOnOrAfter')) {
 
  435            $this->sessionNotOnOrAfter = Utils::xsDateTimeToTimestamp($authnStatement->getAttribute(
'SessionNotOnOrAfter'));
 
  438        if ($authnStatement->hasAttribute(
'SessionIndex')) {
 
  439            $this->sessionIndex = $authnStatement->getAttribute(
'SessionIndex');
 
  442        $this->parseAuthnContext($authnStatement);
 
  454        $authnContexts = Utils::xpQuery($authnStatementEl, 
'./saml_assertion:AuthnContext');
 
  455        if (count($authnContexts) > 1) {
 
  456            throw new \Exception(
'More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
 
  457        } elseif (empty($authnContexts)) {
 
  458            throw new \Exception(
'Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
 
  460        $authnContextEl = $authnContexts[0];
 
  463        $authnContextDeclRefs = Utils::xpQuery($authnContextEl, 
'./saml_assertion:AuthnContextDeclRef');
 
  464        if (count($authnContextDeclRefs) > 1) {
 
  465            throw new \Exception(
 
  466                'More than one <saml:AuthnContextDeclRef> found?' 
  468        } elseif (count($authnContextDeclRefs) === 1) {
 
  469            $this->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent));
 
  473        $authnContextDecls = Utils::xpQuery($authnContextEl, 
'./saml_assertion:AuthnContextDecl');
 
  474        if (count($authnContextDecls) > 1) {
 
  475            throw new \Exception(
 
  476                'More than one <saml:AuthnContextDecl> found?' 
  478        } elseif (count($authnContextDecls) === 1) {
 
  479            $this->setAuthnContextDecl(
new Chunk($authnContextDecls[0]));
 
  483        $authnContextClassRefs = Utils::xpQuery($authnContextEl, 
'./saml_assertion:AuthnContextClassRef');
 
  484        if (count($authnContextClassRefs) > 1) {
 
  485            throw new \Exception(
'More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
 
  486        } elseif (count($authnContextClassRefs) === 1) {
 
  487            $this->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent));
 
  491        if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) {
 
  492            throw new \Exception(
 
  493                'Missing either <saml:AuthnContextClassRef> or <saml:AuthnContextDeclRef> or <saml:AuthnContextDecl>' 
  497        $this->AuthenticatingAuthority = Utils::extractStrings(
 
  500            'AuthenticatingAuthority' 
  512        $firstAttribute = 
true;
 
  513        $attributes = Utils::xpQuery(
$xml, 
'./saml_assertion:AttributeStatement/saml_assertion:Attribute');
 
  515            if (!$attribute->hasAttribute(
'Name')) {
 
  516                throw new \Exception(
'Missing name on <saml:Attribute> element.');
 
  518            $name = $attribute->getAttribute(
'Name');
 
  520            if ($attribute->hasAttribute(
'NameFormat')) {
 
  521                $nameFormat = $attribute->getAttribute(
'NameFormat');
 
  523                $nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
 
  526            if ($firstAttribute) {
 
  527                $this->nameFormat = $nameFormat;
 
  528                $firstAttribute = 
false;
 
  530                if ($this->nameFormat !== $nameFormat) {
 
  531                    $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
 
  535            if (!array_key_exists(
$name, $this->attributes)) {
 
  536                $this->attributes[
$name] = array();
 
  537                $this->attributesValueTypes[
$name] = array();
 
  540            $this->parseAttributeValue($attribute, 
$name);
 
  548    private function parseAttributeValue($attribute, $attributeName)
 
  551        $values = Utils::xpQuery($attribute, 
'./saml_assertion:AttributeValue');
 
  553        if ($attributeName === Constants::EPTI_URN_MACE || $attributeName === Constants::EPTI_URN_OID) {
 
  555                $eptiNameId = Utils::xpQuery($eptiAttributeValue, 
'./saml_assertion:NameID');
 
  557                if (count($eptiNameId) !== 1) {
 
  559                        'A "%s" (EPTI) attribute value must be a NameID, none found for value no. "%d"',
 
  565                $this->attributes[$attributeName][] = 
new XML\saml\NameID($eptiNameId[0]);
 
  572            $hasNonTextChildElements = 
false;
 
  573            foreach ($value->childNodes as $childNode) {
 
  575                if ($childNode->nodeType !== XML_TEXT_NODE) {
 
  576                    $hasNonTextChildElements = 
true;
 
  581            $type = $value->getAttribute(
'xsi:type');
 
  585            $this->attributesValueTypes[$attributeName][] = 
$type;
 
  587            if ($hasNonTextChildElements) {
 
  588                $this->attributes[$attributeName][] = $value->childNodes;
 
  592            if (
$type === 
'xs:integer') {
 
  593                $this->attributes[$attributeName][] = (int)$value->textContent;
 
  595                $this->attributes[$attributeName][] = trim($value->textContent);
 
  607        $this->encryptedAttributes = Utils::xpQuery(
 
  609            './saml_assertion:AttributeStatement/saml_assertion:EncryptedAttribute' 
  618    private function parseSignature(\DOMElement 
$xml)
 
  621        $signatureMethod = Utils::xpQuery(
$xml, 
'./ds:Signature/ds:SignedInfo/ds:SignatureMethod/@Algorithm');
 
  624        $sig = Utils::validateElement(
$xml);
 
  625        if ($sig !== 
false) {
 
  626            $this->wasSignedAtConstruction = 
true;
 
  627            $this->certificates = $sig[
'Certificates'];
 
  628            $this->signatureData = $sig;
 
  629            $this->signatureMethod = $signatureMethod[0]->value;
 
  645        assert(
$key->type === \RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256);
 
  647        if ($this->signatureData === 
null) {
 
  651        Utils::validateSignature($this->signatureData, 
$key);
 
  673        assert(is_string(
$id));
 
  685        return $this->issueInstant;
 
  695        assert(is_int($issueInstant));
 
  697        $this->issueInstant = $issueInstant;
 
  730        if ($this->encryptedNameId !== 
null) {
 
  731            throw new \Exception(
'Attempted to retrieve encrypted NameID without decrypting it first.');
 
  763        return $this->encryptedNameId !== 
null;
 
  774        $doc = DOMDocumentFactory::create();
 
  775        $root = $doc->createElement(
'root');
 
  776        $doc->appendChild(
$root);
 
  777        $this->nameId->toXML(
$root);
 
  780        Utils::getContainer()->debugMessage(
$nameId, 
'encrypt');
 
  786        $enc->type = XMLSecEnc::Element;
 
  790        $symmetricKey->generateSessionKey();
 
  791        $enc->encryptKey(
$key, $symmetricKey);
 
  793        $this->encryptedNameId = $enc->encryptNode($symmetricKey);
 
  794        $this->nameId = 
null;
 
  805        if ($this->encryptedNameId === 
null) {
 
  811        $nameId = Utils::decryptElement($this->encryptedNameId, 
$key, $blacklist);
 
  812        Utils::getContainer()->debugMessage(
$nameId, 
'decrypt');
 
  815        $this->encryptedNameId = 
null;
 
  825        return $this->encryptedAttributes !== [];
 
  837        if (!$this->hasEncryptedAttributes()) {
 
  840        $firstAttribute = 
true;
 
  844            $attribute = Utils::decryptElement(
 
  845                $attributeEnc->getElementsByTagName(
'EncryptedData')->item(0),
 
  850            if (!$attribute->hasAttribute(
'Name')) {
 
  851                throw new \Exception(
'Missing name on <saml:Attribute> element.');
 
  853            $name = $attribute->getAttribute(
'Name');
 
  855            if ($attribute->hasAttribute(
'NameFormat')) {
 
  856                $nameFormat = $attribute->getAttribute(
'NameFormat');
 
  858                $nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
 
  861            if ($firstAttribute) {
 
  862                $this->nameFormat = $nameFormat;
 
  863                $firstAttribute = 
false;
 
  865                if ($this->nameFormat !== $nameFormat) {
 
  866                    $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
 
  870            if (!array_key_exists(
$name, $this->attributes)) {
 
  871                $this->attributes[
$name] = array();
 
  874            $this->parseAttributeValue($attribute, 
$name);
 
  888        return $this->notBefore;
 
  900        assert(is_int($notBefore) || is_null($notBefore));
 
  902        $this->notBefore = $notBefore;
 
  915        return $this->notOnOrAfter;
 
  927        assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
 
  929        $this->notOnOrAfter = $notOnOrAfter;
 
  939        $this->requiredEncAttributes = $ea;
 
  951        return $this->validAudiences;
 
  963        $this->validAudiences = $validAudiences;
 
  973        return $this->authnInstant;
 
  984        assert(is_int($authnInstant) || is_null($authnInstant));
 
  986        $this->authnInstant = $authnInstant;
 
  999        return $this->sessionNotOnOrAfter;
 
 1011        assert(is_int($sessionNotOnOrAfter) || is_null($sessionNotOnOrAfter));
 
 1013        $this->sessionNotOnOrAfter = $sessionNotOnOrAfter;
 
 1057        if (!empty($this->authnContextClassRef)) {
 
 1058            return $this->authnContextClassRef;
 
 1060        if (!empty($this->authnContextDeclRef)) {
 
 1061            return $this->authnContextDeclRef;
 
 1077        $this->setAuthnContextClassRef($authnContext);
 
 1090        return $this->authnContextClassRef;
 
 1103        assert(is_string($authnContextClassRef) || is_null($authnContextClassRef));
 
 1105        $this->authnContextClassRef = $authnContextClassRef;
 
 1116        if (!empty($this->authnContextDeclRef)) {
 
 1117            throw new \Exception(
 
 1118                'AuthnContextDeclRef is already registered! May only have either a Decl or a DeclRef, not both!' 
 1122        $this->authnContextDecl = $authnContextDecl;
 
 1135        return $this->authnContextDecl;
 
 1146        if (!empty($this->authnContextDecl)) {
 
 1147            throw new \Exception(
 
 1148                'AuthnContextDecl is already registered! May only have either a Decl or a DeclRef, not both!' 
 1152        $this->authnContextDeclRef = $authnContextDeclRef;
 
 1165        return $this->authnContextDeclRef;
 
 1176        return $this->AuthenticatingAuthority;
 
 1217        return $this->attributesValueTypes;
 
 1227        $this->attributesValueTypes = $attributesValueTypes;
 
 1240        return $this->nameFormat;
 
 1250        assert(is_string($nameFormat));
 
 1252        $this->nameFormat = $nameFormat;
 
 1262        return $this->SubjectConfirmation;
 
 1282        return $this->signatureKey;
 
 1294        $this->signatureKey = $signatureKey;
 
 1305        return $this->encryptionKey;
 
 1315        $this->encryptionKey = $Key;
 
 1345        return $this->wasSignedAtConstruction;
 
 1353        return $this->signatureMethod;
 
 1362    public function toXML(\DOMNode $parentElement = 
null)
 
 1364        if ($parentElement === 
null) {
 
 1365            $document = DOMDocumentFactory::create();
 
 1366            $parentElement = $document;
 
 1368            $document = $parentElement->ownerDocument;
 
 1371        $root = $document->createElementNS(Constants::NS_SAML, 
'saml:' . 
'Assertion');
 
 1372        $parentElement->appendChild(
$root);
 
 1375        $root->setAttributeNS(Constants::NS_SAMLP, 
'samlp:tmp', 
'tmp');
 
 1376        $root->removeAttributeNS(Constants::NS_SAMLP, 
'tmp');
 
 1377        $root->setAttributeNS(Constants::NS_XSI, 
'xsi:tmp', 
'tmp');
 
 1378        $root->removeAttributeNS(Constants::NS_XSI, 
'tmp');
 
 1379        $root->setAttributeNS(Constants::NS_XS, 
'xs:tmp', 
'tmp');
 
 1380        $root->removeAttributeNS(Constants::NS_XS, 
'tmp');
 
 1382        $root->setAttribute(
'ID', $this->
id);
 
 1383        $root->setAttribute(
'Version', 
'2.0');
 
 1384        $root->setAttribute(
'IssueInstant', gmdate(
'Y-m-d\TH:i:s\Z', $this->issueInstant));
 
 1386        if (is_string($this->issuer)) {
 
 1387            $issuer = Utils::addString(
$root, Constants::NS_SAML, 
'saml:Issuer', $this->issuer);
 
 1388        } elseif ($this->issuer instanceof XML\saml\Issuer) {
 
 1392        $this->addSubject(
$root);
 
 1393        $this->addConditions(
$root);
 
 1394        $this->addAuthnStatement(
$root);
 
 1395        if ($this->requiredEncAttributes === 
false) {
 
 1396            $this->addAttributeStatement(
$root);
 
 1398            $this->addEncryptedAttributeStatement(
$root);
 
 1401        if ($this->signatureKey !== 
null) {
 
 1402            Utils::insertSignature($this->signatureKey, $this->certificates, 
$root, 
$issuer->nextSibling);
 
 1415        if ($this->nameId === 
null && $this->encryptedNameId === 
null) {
 
 1421        $subject = 
$root->ownerDocument->createElementNS(Constants::NS_SAML, 
'saml:Subject');
 
 1422        $root->appendChild($subject);
 
 1424        if ($this->encryptedNameId === 
null) {
 
 1425            $this->nameId->toXML($subject);
 
 1427            $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML, 
'saml:' . 
'EncryptedID');
 
 1428            $subject->appendChild($eid);
 
 1429            $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, 
true));
 
 1433            $sc->toXML($subject);
 
 1445        $document = 
$root->ownerDocument;
 
 1447        $conditions = $document->createElementNS(Constants::NS_SAML, 
'saml:Conditions');
 
 1448        $root->appendChild($conditions);
 
 1450        if ($this->notBefore !== 
null) {
 
 1451            $conditions->setAttribute(
'NotBefore', gmdate(
'Y-m-d\TH:i:s\Z', $this->notBefore));
 
 1453        if ($this->notOnOrAfter !== 
null) {
 
 1454            $conditions->setAttribute(
'NotOnOrAfter', gmdate(
'Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
 
 1457        if ($this->validAudiences !== 
null) {
 
 1458            $ar = $document->createElementNS(Constants::NS_SAML, 
'saml:AudienceRestriction');
 
 1459            $conditions->appendChild($ar);
 
 1461            Utils::addStrings($ar, Constants::NS_SAML, 
'saml:Audience', 
false, $this->validAudiences);
 
 1473        if ($this->authnInstant === 
null ||
 
 1475                $this->authnContextClassRef === 
null &&
 
 1476                $this->authnContextDecl === 
null &&
 
 1477                $this->authnContextDeclRef === 
null 
 1485        $document = 
$root->ownerDocument;
 
 1487        $authnStatementEl = $document->createElementNS(Constants::NS_SAML, 
'saml:AuthnStatement');
 
 1488        $root->appendChild($authnStatementEl);
 
 1490        $authnStatementEl->setAttribute(
'AuthnInstant', gmdate(
'Y-m-d\TH:i:s\Z', $this->authnInstant));
 
 1492        if ($this->sessionNotOnOrAfter !== 
null) {
 
 1493            $authnStatementEl->setAttribute(
'SessionNotOnOrAfter', gmdate(
'Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter));
 
 1495        if ($this->sessionIndex !== 
null) {
 
 1496            $authnStatementEl->setAttribute(
'SessionIndex', $this->sessionIndex);
 
 1499        $authnContextEl = $document->createElementNS(Constants::NS_SAML, 
'saml:AuthnContext');
 
 1500        $authnStatementEl->appendChild($authnContextEl);
 
 1502        if (!empty($this->authnContextClassRef)) {
 
 1506                'saml:AuthnContextClassRef',
 
 1507                $this->authnContextClassRef
 
 1510        if (!empty($this->authnContextDecl)) {
 
 1511            $this->authnContextDecl->toXML($authnContextEl);
 
 1513        if (!empty($this->authnContextDeclRef)) {
 
 1517                'saml:AuthnContextDeclRef',
 
 1518                $this->authnContextDeclRef
 
 1525            'saml:AuthenticatingAuthority',
 
 1527            $this->AuthenticatingAuthority
 
 1539        if (empty($this->attributes)) {
 
 1543        $document = 
$root->ownerDocument;
 
 1545        $attributeStatement = $document->createElementNS(Constants::NS_SAML, 
'saml:AttributeStatement');
 
 1546        $root->appendChild($attributeStatement);
 
 1549            $attribute = $document->createElementNS(Constants::NS_SAML, 
'saml:Attribute');
 
 1550            $attributeStatement->appendChild($attribute);
 
 1551            $attribute->setAttribute(
'Name', 
$name);
 
 1553            if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
 
 1554                $attribute->setAttribute(
'NameFormat', $this->nameFormat);
 
 1558            if (
$name === Constants::EPTI_URN_MACE || 
$name === Constants::EPTI_URN_OID) {
 
 1559                foreach (
$values as $eptiValue) {
 
 1560                    $attributeValue = $document->createElementNS(Constants::NS_SAML, 
'saml:AttributeValue');
 
 1561                    $attribute->appendChild($attributeValue);
 
 1562                    if ($eptiValue instanceof XML\saml\NameID) {
 
 1563                        $eptiValue->toXML($attributeValue);
 
 1564                    } elseif ($eptiValue instanceof \DOMNodeList) {
 
 1565                        $node = 
$root->ownerDocument->importNode($eptiValue->item(0), 
true);
 
 1566                        $attributeValue->appendChild($node);
 
 1568                        $attributeValue->textContent = $eptiValue;
 
 1576            if (is_array($this->attributesValueTypes) && array_key_exists(
$name, $this->attributesValueTypes)) {
 
 1577                $valueTypes = $this->attributesValueTypes[
$name];
 
 1578                if (is_array($valueTypes) && count($valueTypes) != count(
$values)) {
 
 1579                    throw new \Exception(
'Array of value types and array of values have different size for attribute '. var_export(
$name, 
true));
 
 1592                if (!is_null($valueTypes)) {
 
 1593                    if (is_array($valueTypes)) {
 
 1594                        $type = $valueTypes[$vidx];
 
 1596                        $type = $valueTypes;
 
 1601                if (is_null(
$type)) {
 
 1602                    if (is_string($value)) {
 
 1603                        $type = 
'xs:string';
 
 1604                    } elseif (is_int($value)) {
 
 1605                        $type = 
'xs:integer';
 
 1611                $attributeValue = $document->createElementNS(Constants::NS_SAML, 
'saml:AttributeValue');
 
 1612                $attribute->appendChild($attributeValue);
 
 1613                if (
$type !== 
null) {
 
 1614                    $attributeValue->setAttributeNS(Constants::NS_XSI, 
'xsi:type', 
$type);
 
 1616                if (is_null($value)) {
 
 1617                    $attributeValue->setAttributeNS(Constants::NS_XSI, 
'xsi:nil', 
'true');
 
 1620                if ($value instanceof \DOMNodeList) {
 
 1621                    for (
$i = 0; 
$i < $value->length; 
$i++) {
 
 1622                        $node = $document->importNode($value->item(
$i), 
true);
 
 1623                        $attributeValue->appendChild($node);
 
 1626                    $attributeValue->appendChild($document->createTextNode($value));
 
 1640        if ($this->requiredEncAttributes === 
false) {
 
 1644        $document = 
$root->ownerDocument;
 
 1646        $attributeStatement = $document->createElementNS(Constants::NS_SAML, 
'saml:AttributeStatement');
 
 1647        $root->appendChild($attributeStatement);
 
 1650            $document2 = DOMDocumentFactory::create();
 
 1651            $attribute = $document2->createElementNS(Constants::NS_SAML, 
'saml:Attribute');
 
 1652            $attribute->setAttribute(
'Name', 
$name);
 
 1653            $document2->appendChild($attribute);
 
 1655            if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
 
 1656                $attribute->setAttribute(
'NameFormat', $this->nameFormat);
 
 1660                if (is_string($value)) {
 
 1661                    $type = 
'xs:string';
 
 1662                } elseif (is_int($value)) {
 
 1663                    $type = 
'xs:integer';
 
 1668                $attributeValue = $document2->createElementNS(Constants::NS_SAML, 
'saml:AttributeValue');
 
 1669                $attribute->appendChild($attributeValue);
 
 1670                if (
$type !== 
null) {
 
 1671                    $attributeValue->setAttributeNS(Constants::NS_XSI, 
'xsi:type', 
$type);
 
 1674                if ($value instanceof \DOMNodeList) {
 
 1675                    for (
$i = 0; 
$i < $value->length; 
$i++) {
 
 1676                        $node = $document2->importNode($value->item(
$i), 
true);
 
 1677                        $attributeValue->appendChild($node);
 
 1680                    $attributeValue->appendChild($document2->createTextNode($value));
 
 1685            $EncAssert->setNode($document2->documentElement);
 
 1686            $EncAssert->type = 
'http://www.w3.org/2001/04/xmlenc#Element';
 
 1692            $symmetricKey->generateSessionKey();
 
 1693            $EncAssert->encryptKey($this->encryptionKey, $symmetricKey);
 
 1694            $EncrNode = $EncAssert->encryptNode($symmetricKey);
 
 1696            $EncAttribute = $document->createElementNS(Constants::NS_SAML, 
'saml:EncryptedAttribute');
 
 1697            $attributeStatement->appendChild($EncAttribute);
 
 1698            $n = $document->importNode($EncrNode, 
true);
 
 1699            $EncAttribute->appendChild(
$n);
 
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
An exception for terminatinating execution or to throw for unit testing.
getNotBefore()
Retrieve the earliest timestamp this assertion is valid.
setNotOnOrAfter($notOnOrAfter)
Set the expiration timestamp of this assertion.
setAttributesValueTypes(array $attributesValueTypes)
Replace all attributes value types.
getAuthenticatingAuthority()
Retrieve the AuthenticatingAuthority.
setAuthnInstant($authnInstant)
Set the AuthnInstant of the assertion.
setIssueInstant($issueInstant)
Set the issue timestamp of this assertion.
setId($id)
Set the identifier of this assertion.
addAuthnStatement(\DOMElement $root)
Add a AuthnStatement-node to the assertion.
parseEncryptedAttributes(\DOMElement $xml)
Parse encrypted attribute statements in assertion.
addConditions(\DOMElement $root)
Add a Conditions-node to the assertion.
getNameId()
Retrieve the NameId of the subject in the assertion.
getAuthnContextDecl()
Get the authentication context declaration.
addAttributeStatement(\DOMElement $root)
Add an AttributeStatement-node to the assertion.
setAuthnContext($authnContext)
Set the authentication method used to authenticate the user.
isNameIdEncrypted()
Check whether the NameId is encrypted.
getValidAudiences()
Retrieve the audiences that are allowed to receive this assertion.
setNotBefore($notBefore)
Set the earliest timestamp this assertion can be used.
setNameId($nameId)
Set the NameId of the subject in the assertion.
validate(XMLSecurityKey $key)
Validate this assertion against a public key.
getIssuer()
Retrieve the issuer if this assertion.
getSessionNotOnOrAfter()
Retrieve the session expiration timestamp.
getAuthnContext()
Retrieve the authentication method used to authenticate the user.
parseConditions(\DOMElement $xml)
Parse conditions in assertion.
getAttributeNameFormat()
Retrieve the NameFormat used on all attributes.
setEncryptionKey(XMLSecurityKey $Key=null)
Set the private key we should use to encrypt the attributes.
setSignatureKey(XMLSecurityKey $signatureKey=null)
Set the private key we should use to sign the assertion.
getSignatureKey()
Retrieve the private key we should use to sign the assertion.
setAuthnContextDeclRef($authnContextDeclRef)
Set the authentication context declaration reference.
getAuthnContextClassRef()
Retrieve the authentication method used to authenticate the user.
setSubjectConfirmation(array $SubjectConfirmation)
Set the SubjectConfirmation elements that should be included in the assertion.
decryptAttributes(XMLSecurityKey $key, array $blacklist=array())
Decrypt the assertion attributes.
setAuthnContextClassRef($authnContextClassRef)
Set the authentication method used to authenticate the user.
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameId of the subject in the assertion.
parseAttributes(\DOMElement $xml)
Parse attribute statements in assertion.
parseAuthnStatement(\DOMElement $xml)
Parse AuthnStatement in assertion.
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
setSessionNotOnOrAfter($sessionNotOnOrAfter)
Set the session expiration timestamp.
addSubject(\DOMElement $root)
Add a Subject-node to the assertion.
parseAuthnContext(\DOMElement $authnStatementEl)
Parse AuthnContext in AuthnStatement.
setAuthnContextDecl(Chunk $authnContextDecl)
Set the authentication context declaration.
setAttributes(array $attributes)
Replace all attributes.
getIssueInstant()
Retrieve the issue timestamp of this assertion.
getNotOnOrAfter()
Retrieve the expiration timestamp of this assertion.
setAuthenticatingAuthority($authenticatingAuthority)
Set the AuthenticatingAuthority.
setCertificates(array $certificates)
Set the certificates that should be included in the assertion.
setAttributeNameFormat($nameFormat)
Set the NameFormat used on all attributes.
toXML(\DOMNode $parentElement=null)
Convert this assertion to an XML element.
setIssuer($issuer)
Set the issuer of this message.
getSessionIndex()
Retrieve the session index of the user at the IdP.
getCertificates()
Retrieve the certificates that are included in the assertion.
getAuthnContextDeclRef()
Get the authentication context declaration reference.
getAuthnInstant()
Retrieve the AuthnInstant of the assertion.
addEncryptedAttributeStatement(\DOMElement $root)
Add an EncryptedAttribute Statement-node to the assertion.
parseSubject(\DOMElement $xml)
Parse subject in assertion.
setValidAudiences(array $validAudiences=null)
Set the audiences that are allowed to receive this assertion.
getAttributes()
Retrieve all attributes.
getId()
Retrieve the identifier of this assertion.
__construct(\DOMElement $xml=null)
Constructor for SAML 2 assertions.
getAttributesValueTypes()
Retrieve all attributes value types.
setEncryptedAttributes($ea)
Set $EncryptedAttributes if attributes will send encrypted.
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the Assertion.
getEncryptionKey()
Return the key we should use to encrypt the assertion.
getWasSignedAtConstruction()
setSessionIndex($sessionIndex)
Set the session index of the user at the IdP.
hasEncryptedAttributes()
Did this Assertion contain encrypted Attributes?
if(!array_key_exists('StateId', $_REQUEST)) $id
if(array_key_exists('yes', $_REQUEST)) $attributes
catch(sspmod_saml_Error $e) $authenticatingAuthority