244 protected $wasSignedAtConstruction =
false;
259 $this->
id = Utils::getContainer()->generateId();
263 $this->attributes = array();
264 $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
265 $this->certificates = array();
266 $this->AuthenticatingAuthority = array();
268 $this->requiredEncAttributes =
false;
274 if (!
$xml->hasAttribute(
'ID')) {
275 throw new \Exception(
'Missing ID attribute on SAML assertion.');
277 $this->
id =
$xml->getAttribute(
'ID');
279 if (
$xml->getAttribute(
'Version') !==
'2.0') {
281 throw new \Exception(
'Unsupported version: ' .
$xml->getAttribute(
'Version'));
284 $this->issueInstant = Utils::xsDateTimeToTimestamp(
$xml->getAttribute(
'IssueInstant'));
286 $issuer = Utils::xpQuery(
$xml,
'./saml_assertion:Issuer');
288 throw new \Exception(
'Missing <saml:Issuer> in assertion.');
291 if ($this->issuer->Format === Constants::NAMEID_ENTITY) {
292 $this->issuer = $this->issuer->value;
295 $this->parseSubject(
$xml);
296 $this->parseConditions(
$xml);
297 $this->parseAuthnStatement(
$xml);
298 $this->parseAttributes(
$xml);
299 $this->parseEncryptedAttributes(
$xml);
300 $this->parseSignature(
$xml);
311 $subject = Utils::xpQuery(
$xml,
'./saml_assertion:Subject');
312 if (empty($subject)) {
316 } elseif (count($subject) > 1) {
317 throw new \Exception(
'More than one <saml:Subject> in <saml:Assertion>.');
319 $subject = $subject[0];
323 './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData'
326 throw new \Exception(
'More than one <saml:NameID> or <saml:EncryptedID> in <saml:Subject>.');
329 if (
$nameId->localName ===
'EncryptedData') {
331 $this->encryptedNameId =
$nameId;
337 $subjectConfirmation = Utils::xpQuery($subject,
'./saml_assertion:SubjectConfirmation');
338 if (empty($subjectConfirmation) && empty(
$nameId)) {
339 throw new \Exception(
'Missing <saml:SubjectConfirmation> in <saml:Subject>.');
342 foreach ($subjectConfirmation as
$sc) {
355 $conditions = Utils::xpQuery(
$xml,
'./saml_assertion:Conditions');
356 if (empty($conditions)) {
360 } elseif (count($conditions) > 1) {
361 throw new \Exception(
'More than one <saml:Conditions> in <saml:Assertion>.');
363 $conditions = $conditions[0];
365 if ($conditions->hasAttribute(
'NotBefore')) {
366 $notBefore = Utils::xsDateTimeToTimestamp($conditions->getAttribute(
'NotBefore'));
367 if ($this->notBefore ===
null || $this->notBefore < $notBefore) {
368 $this->notBefore = $notBefore;
371 if ($conditions->hasAttribute(
'NotOnOrAfter')) {
372 $notOnOrAfter = Utils::xsDateTimeToTimestamp($conditions->getAttribute(
'NotOnOrAfter'));
373 if ($this->notOnOrAfter ===
null || $this->notOnOrAfter > $notOnOrAfter) {
374 $this->notOnOrAfter = $notOnOrAfter;
378 for ($node = $conditions->firstChild; $node !==
null; $node = $node->nextSibling) {
379 if ($node instanceof \DOMText) {
382 if ($node->namespaceURI !== Constants::NS_SAML) {
383 throw new \Exception(
'Unknown namespace of condition: ' . var_export($node->namespaceURI,
true));
385 switch ($node->localName) {
386 case 'AudienceRestriction':
387 $audiences = Utils::extractStrings($node, Constants::NS_SAML,
'Audience');
388 if ($this->validAudiences ===
null) {
390 $this->validAudiences = $audiences;
396 $this->validAudiences = array_intersect($this->validAudiences, $audiences);
402 case 'ProxyRestriction':
406 throw new \Exception(
'Unknown condition: ' . var_export($node->localName,
true));
419 $authnStatements = Utils::xpQuery(
$xml,
'./saml_assertion:AuthnStatement');
420 if (empty($authnStatements)) {
421 $this->authnInstant =
null;
424 } elseif (count($authnStatements) > 1) {
425 throw new \Exception(
'More than one <saml:AuthnStatement> in <saml:Assertion> not supported.');
427 $authnStatement = $authnStatements[0];
429 if (!$authnStatement->hasAttribute(
'AuthnInstant')) {
430 throw new \Exception(
'Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
432 $this->authnInstant = Utils::xsDateTimeToTimestamp($authnStatement->getAttribute(
'AuthnInstant'));
434 if ($authnStatement->hasAttribute(
'SessionNotOnOrAfter')) {
435 $this->sessionNotOnOrAfter = Utils::xsDateTimeToTimestamp($authnStatement->getAttribute(
'SessionNotOnOrAfter'));
438 if ($authnStatement->hasAttribute(
'SessionIndex')) {
439 $this->sessionIndex = $authnStatement->getAttribute(
'SessionIndex');
442 $this->parseAuthnContext($authnStatement);
454 $authnContexts = Utils::xpQuery($authnStatementEl,
'./saml_assertion:AuthnContext');
455 if (count($authnContexts) > 1) {
456 throw new \Exception(
'More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
457 } elseif (empty($authnContexts)) {
458 throw new \Exception(
'Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
460 $authnContextEl = $authnContexts[0];
463 $authnContextDeclRefs = Utils::xpQuery($authnContextEl,
'./saml_assertion:AuthnContextDeclRef');
464 if (count($authnContextDeclRefs) > 1) {
465 throw new \Exception(
466 'More than one <saml:AuthnContextDeclRef> found?'
468 } elseif (count($authnContextDeclRefs) === 1) {
469 $this->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent));
473 $authnContextDecls = Utils::xpQuery($authnContextEl,
'./saml_assertion:AuthnContextDecl');
474 if (count($authnContextDecls) > 1) {
475 throw new \Exception(
476 'More than one <saml:AuthnContextDecl> found?'
478 } elseif (count($authnContextDecls) === 1) {
479 $this->setAuthnContextDecl(
new Chunk($authnContextDecls[0]));
483 $authnContextClassRefs = Utils::xpQuery($authnContextEl,
'./saml_assertion:AuthnContextClassRef');
484 if (count($authnContextClassRefs) > 1) {
485 throw new \Exception(
'More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
486 } elseif (count($authnContextClassRefs) === 1) {
487 $this->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent));
491 if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) {
492 throw new \Exception(
493 'Missing either <saml:AuthnContextClassRef> or <saml:AuthnContextDeclRef> or <saml:AuthnContextDecl>'
497 $this->AuthenticatingAuthority = Utils::extractStrings(
500 'AuthenticatingAuthority'
512 $firstAttribute =
true;
513 $attributes = Utils::xpQuery(
$xml,
'./saml_assertion:AttributeStatement/saml_assertion:Attribute');
515 if (!$attribute->hasAttribute(
'Name')) {
516 throw new \Exception(
'Missing name on <saml:Attribute> element.');
518 $name = $attribute->getAttribute(
'Name');
520 if ($attribute->hasAttribute(
'NameFormat')) {
521 $nameFormat = $attribute->getAttribute(
'NameFormat');
523 $nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
526 if ($firstAttribute) {
527 $this->nameFormat = $nameFormat;
528 $firstAttribute =
false;
530 if ($this->nameFormat !== $nameFormat) {
531 $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
535 if (!array_key_exists(
$name, $this->attributes)) {
536 $this->attributes[
$name] = array();
537 $this->attributesValueTypes[
$name] = array();
540 $this->parseAttributeValue($attribute,
$name);
548 private function parseAttributeValue($attribute, $attributeName)
551 $values = Utils::xpQuery($attribute,
'./saml_assertion:AttributeValue');
553 if ($attributeName === Constants::EPTI_URN_MACE || $attributeName === Constants::EPTI_URN_OID) {
555 $eptiNameId = Utils::xpQuery($eptiAttributeValue,
'./saml_assertion:NameID');
557 if (count($eptiNameId) !== 1) {
559 'A "%s" (EPTI) attribute value must be a NameID, none found for value no. "%d"',
565 $this->attributes[$attributeName][] =
new XML\saml\NameID($eptiNameId[0]);
572 $hasNonTextChildElements =
false;
573 foreach ($value->childNodes as $childNode) {
575 if ($childNode->nodeType !== XML_TEXT_NODE) {
576 $hasNonTextChildElements =
true;
581 $type = $value->getAttribute(
'xsi:type');
585 $this->attributesValueTypes[$attributeName][] =
$type;
587 if ($hasNonTextChildElements) {
588 $this->attributes[$attributeName][] = $value->childNodes;
592 if (
$type ===
'xs:integer') {
593 $this->attributes[$attributeName][] = (int)$value->textContent;
595 $this->attributes[$attributeName][] = trim($value->textContent);
607 $this->encryptedAttributes = Utils::xpQuery(
609 './saml_assertion:AttributeStatement/saml_assertion:EncryptedAttribute'
618 private function parseSignature(\DOMElement
$xml)
621 $signatureMethod = Utils::xpQuery(
$xml,
'./ds:Signature/ds:SignedInfo/ds:SignatureMethod/@Algorithm');
624 $sig = Utils::validateElement(
$xml);
625 if ($sig !==
false) {
626 $this->wasSignedAtConstruction =
true;
627 $this->certificates = $sig[
'Certificates'];
628 $this->signatureData = $sig;
629 $this->signatureMethod = $signatureMethod[0]->value;
645 assert(
$key->type === \RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256);
647 if ($this->signatureData ===
null) {
651 Utils::validateSignature($this->signatureData,
$key);
673 assert(is_string(
$id));
685 return $this->issueInstant;
695 assert(is_int($issueInstant));
697 $this->issueInstant = $issueInstant;
730 if ($this->encryptedNameId !==
null) {
731 throw new \Exception(
'Attempted to retrieve encrypted NameID without decrypting it first.');
763 return $this->encryptedNameId !==
null;
774 $doc = DOMDocumentFactory::create();
775 $root = $doc->createElement(
'root');
776 $doc->appendChild(
$root);
777 $this->nameId->toXML(
$root);
780 Utils::getContainer()->debugMessage(
$nameId,
'encrypt');
786 $enc->type = XMLSecEnc::Element;
790 $symmetricKey->generateSessionKey();
791 $enc->encryptKey(
$key, $symmetricKey);
793 $this->encryptedNameId = $enc->encryptNode($symmetricKey);
794 $this->nameId =
null;
805 if ($this->encryptedNameId ===
null) {
811 $nameId = Utils::decryptElement($this->encryptedNameId,
$key, $blacklist);
812 Utils::getContainer()->debugMessage(
$nameId,
'decrypt');
815 $this->encryptedNameId =
null;
825 return $this->encryptedAttributes !== [];
837 if (!$this->hasEncryptedAttributes()) {
840 $firstAttribute =
true;
844 $attribute = Utils::decryptElement(
845 $attributeEnc->getElementsByTagName(
'EncryptedData')->item(0),
850 if (!$attribute->hasAttribute(
'Name')) {
851 throw new \Exception(
'Missing name on <saml:Attribute> element.');
853 $name = $attribute->getAttribute(
'Name');
855 if ($attribute->hasAttribute(
'NameFormat')) {
856 $nameFormat = $attribute->getAttribute(
'NameFormat');
858 $nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
861 if ($firstAttribute) {
862 $this->nameFormat = $nameFormat;
863 $firstAttribute =
false;
865 if ($this->nameFormat !== $nameFormat) {
866 $this->nameFormat = Constants::NAMEFORMAT_UNSPECIFIED;
870 if (!array_key_exists(
$name, $this->attributes)) {
871 $this->attributes[
$name] = array();
874 $this->parseAttributeValue($attribute,
$name);
888 return $this->notBefore;
900 assert(is_int($notBefore) || is_null($notBefore));
902 $this->notBefore = $notBefore;
915 return $this->notOnOrAfter;
927 assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
929 $this->notOnOrAfter = $notOnOrAfter;
939 $this->requiredEncAttributes = $ea;
951 return $this->validAudiences;
963 $this->validAudiences = $validAudiences;
973 return $this->authnInstant;
984 assert(is_int($authnInstant) || is_null($authnInstant));
986 $this->authnInstant = $authnInstant;
999 return $this->sessionNotOnOrAfter;
1011 assert(is_int($sessionNotOnOrAfter) || is_null($sessionNotOnOrAfter));
1013 $this->sessionNotOnOrAfter = $sessionNotOnOrAfter;
1057 if (!empty($this->authnContextClassRef)) {
1058 return $this->authnContextClassRef;
1060 if (!empty($this->authnContextDeclRef)) {
1061 return $this->authnContextDeclRef;
1077 $this->setAuthnContextClassRef($authnContext);
1090 return $this->authnContextClassRef;
1103 assert(is_string($authnContextClassRef) || is_null($authnContextClassRef));
1105 $this->authnContextClassRef = $authnContextClassRef;
1116 if (!empty($this->authnContextDeclRef)) {
1117 throw new \Exception(
1118 'AuthnContextDeclRef is already registered! May only have either a Decl or a DeclRef, not both!'
1122 $this->authnContextDecl = $authnContextDecl;
1135 return $this->authnContextDecl;
1146 if (!empty($this->authnContextDecl)) {
1147 throw new \Exception(
1148 'AuthnContextDecl is already registered! May only have either a Decl or a DeclRef, not both!'
1152 $this->authnContextDeclRef = $authnContextDeclRef;
1165 return $this->authnContextDeclRef;
1176 return $this->AuthenticatingAuthority;
1217 return $this->attributesValueTypes;
1227 $this->attributesValueTypes = $attributesValueTypes;
1240 return $this->nameFormat;
1250 assert(is_string($nameFormat));
1252 $this->nameFormat = $nameFormat;
1262 return $this->SubjectConfirmation;
1282 return $this->signatureKey;
1294 $this->signatureKey = $signatureKey;
1305 return $this->encryptionKey;
1315 $this->encryptionKey = $Key;
1345 return $this->wasSignedAtConstruction;
1353 return $this->signatureMethod;
1362 public function toXML(\DOMNode $parentElement =
null)
1364 if ($parentElement ===
null) {
1365 $document = DOMDocumentFactory::create();
1366 $parentElement = $document;
1368 $document = $parentElement->ownerDocument;
1371 $root = $document->createElementNS(Constants::NS_SAML,
'saml:' .
'Assertion');
1372 $parentElement->appendChild(
$root);
1375 $root->setAttributeNS(Constants::NS_SAMLP,
'samlp:tmp',
'tmp');
1376 $root->removeAttributeNS(Constants::NS_SAMLP,
'tmp');
1377 $root->setAttributeNS(Constants::NS_XSI,
'xsi:tmp',
'tmp');
1378 $root->removeAttributeNS(Constants::NS_XSI,
'tmp');
1379 $root->setAttributeNS(Constants::NS_XS,
'xs:tmp',
'tmp');
1380 $root->removeAttributeNS(Constants::NS_XS,
'tmp');
1382 $root->setAttribute(
'ID', $this->
id);
1383 $root->setAttribute(
'Version',
'2.0');
1384 $root->setAttribute(
'IssueInstant', gmdate(
'Y-m-d\TH:i:s\Z', $this->issueInstant));
1386 if (is_string($this->issuer)) {
1387 $issuer = Utils::addString(
$root, Constants::NS_SAML,
'saml:Issuer', $this->issuer);
1388 } elseif ($this->issuer instanceof XML\saml\Issuer) {
1392 $this->addSubject(
$root);
1393 $this->addConditions(
$root);
1394 $this->addAuthnStatement(
$root);
1395 if ($this->requiredEncAttributes ===
false) {
1396 $this->addAttributeStatement(
$root);
1398 $this->addEncryptedAttributeStatement(
$root);
1401 if ($this->signatureKey !==
null) {
1402 Utils::insertSignature($this->signatureKey, $this->certificates,
$root,
$issuer->nextSibling);
1415 if ($this->nameId ===
null && $this->encryptedNameId ===
null) {
1421 $subject =
$root->ownerDocument->createElementNS(Constants::NS_SAML,
'saml:Subject');
1422 $root->appendChild($subject);
1424 if ($this->encryptedNameId ===
null) {
1425 $this->nameId->toXML($subject);
1427 $eid = $subject->ownerDocument->createElementNS(Constants::NS_SAML,
'saml:' .
'EncryptedID');
1428 $subject->appendChild($eid);
1429 $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId,
true));
1433 $sc->toXML($subject);
1445 $document =
$root->ownerDocument;
1447 $conditions = $document->createElementNS(Constants::NS_SAML,
'saml:Conditions');
1448 $root->appendChild($conditions);
1450 if ($this->notBefore !==
null) {
1451 $conditions->setAttribute(
'NotBefore', gmdate(
'Y-m-d\TH:i:s\Z', $this->notBefore));
1453 if ($this->notOnOrAfter !==
null) {
1454 $conditions->setAttribute(
'NotOnOrAfter', gmdate(
'Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
1457 if ($this->validAudiences !==
null) {
1458 $ar = $document->createElementNS(Constants::NS_SAML,
'saml:AudienceRestriction');
1459 $conditions->appendChild($ar);
1461 Utils::addStrings($ar, Constants::NS_SAML,
'saml:Audience',
false, $this->validAudiences);
1473 if ($this->authnInstant ===
null ||
1475 $this->authnContextClassRef ===
null &&
1476 $this->authnContextDecl ===
null &&
1477 $this->authnContextDeclRef ===
null
1485 $document =
$root->ownerDocument;
1487 $authnStatementEl = $document->createElementNS(Constants::NS_SAML,
'saml:AuthnStatement');
1488 $root->appendChild($authnStatementEl);
1490 $authnStatementEl->setAttribute(
'AuthnInstant', gmdate(
'Y-m-d\TH:i:s\Z', $this->authnInstant));
1492 if ($this->sessionNotOnOrAfter !==
null) {
1493 $authnStatementEl->setAttribute(
'SessionNotOnOrAfter', gmdate(
'Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter));
1495 if ($this->sessionIndex !==
null) {
1496 $authnStatementEl->setAttribute(
'SessionIndex', $this->sessionIndex);
1499 $authnContextEl = $document->createElementNS(Constants::NS_SAML,
'saml:AuthnContext');
1500 $authnStatementEl->appendChild($authnContextEl);
1502 if (!empty($this->authnContextClassRef)) {
1506 'saml:AuthnContextClassRef',
1507 $this->authnContextClassRef
1510 if (!empty($this->authnContextDecl)) {
1511 $this->authnContextDecl->toXML($authnContextEl);
1513 if (!empty($this->authnContextDeclRef)) {
1517 'saml:AuthnContextDeclRef',
1518 $this->authnContextDeclRef
1525 'saml:AuthenticatingAuthority',
1527 $this->AuthenticatingAuthority
1539 if (empty($this->attributes)) {
1543 $document =
$root->ownerDocument;
1545 $attributeStatement = $document->createElementNS(Constants::NS_SAML,
'saml:AttributeStatement');
1546 $root->appendChild($attributeStatement);
1549 $attribute = $document->createElementNS(Constants::NS_SAML,
'saml:Attribute');
1550 $attributeStatement->appendChild($attribute);
1551 $attribute->setAttribute(
'Name',
$name);
1553 if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
1554 $attribute->setAttribute(
'NameFormat', $this->nameFormat);
1558 if (
$name === Constants::EPTI_URN_MACE ||
$name === Constants::EPTI_URN_OID) {
1559 foreach (
$values as $eptiValue) {
1560 $attributeValue = $document->createElementNS(Constants::NS_SAML,
'saml:AttributeValue');
1561 $attribute->appendChild($attributeValue);
1562 if ($eptiValue instanceof XML\saml\NameID) {
1563 $eptiValue->toXML($attributeValue);
1564 } elseif ($eptiValue instanceof \DOMNodeList) {
1565 $node =
$root->ownerDocument->importNode($eptiValue->item(0),
true);
1566 $attributeValue->appendChild($node);
1568 $attributeValue->textContent = $eptiValue;
1576 if (is_array($this->attributesValueTypes) && array_key_exists(
$name, $this->attributesValueTypes)) {
1577 $valueTypes = $this->attributesValueTypes[
$name];
1578 if (is_array($valueTypes) && count($valueTypes) != count(
$values)) {
1579 throw new \Exception(
'Array of value types and array of values have different size for attribute '. var_export(
$name,
true));
1592 if (!is_null($valueTypes)) {
1593 if (is_array($valueTypes)) {
1594 $type = $valueTypes[$vidx];
1596 $type = $valueTypes;
1601 if (is_null(
$type)) {
1602 if (is_string($value)) {
1603 $type =
'xs:string';
1604 } elseif (is_int($value)) {
1605 $type =
'xs:integer';
1611 $attributeValue = $document->createElementNS(Constants::NS_SAML,
'saml:AttributeValue');
1612 $attribute->appendChild($attributeValue);
1613 if (
$type !==
null) {
1614 $attributeValue->setAttributeNS(Constants::NS_XSI,
'xsi:type',
$type);
1616 if (is_null($value)) {
1617 $attributeValue->setAttributeNS(Constants::NS_XSI,
'xsi:nil',
'true');
1620 if ($value instanceof \DOMNodeList) {
1621 for (
$i = 0;
$i < $value->length;
$i++) {
1622 $node = $document->importNode($value->item(
$i),
true);
1623 $attributeValue->appendChild($node);
1626 $attributeValue->appendChild($document->createTextNode($value));
1640 if ($this->requiredEncAttributes ===
false) {
1644 $document =
$root->ownerDocument;
1646 $attributeStatement = $document->createElementNS(Constants::NS_SAML,
'saml:AttributeStatement');
1647 $root->appendChild($attributeStatement);
1650 $document2 = DOMDocumentFactory::create();
1651 $attribute = $document2->createElementNS(Constants::NS_SAML,
'saml:Attribute');
1652 $attribute->setAttribute(
'Name',
$name);
1653 $document2->appendChild($attribute);
1655 if ($this->nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
1656 $attribute->setAttribute(
'NameFormat', $this->nameFormat);
1660 if (is_string($value)) {
1661 $type =
'xs:string';
1662 } elseif (is_int($value)) {
1663 $type =
'xs:integer';
1668 $attributeValue = $document2->createElementNS(Constants::NS_SAML,
'saml:AttributeValue');
1669 $attribute->appendChild($attributeValue);
1670 if (
$type !==
null) {
1671 $attributeValue->setAttributeNS(Constants::NS_XSI,
'xsi:type',
$type);
1674 if ($value instanceof \DOMNodeList) {
1675 for (
$i = 0;
$i < $value->length;
$i++) {
1676 $node = $document2->importNode($value->item(
$i),
true);
1677 $attributeValue->appendChild($node);
1680 $attributeValue->appendChild($document2->createTextNode($value));
1685 $EncAssert->setNode($document2->documentElement);
1686 $EncAssert->type =
'http://www.w3.org/2001/04/xmlenc#Element';
1692 $symmetricKey->generateSessionKey();
1693 $EncAssert->encryptKey($this->encryptionKey, $symmetricKey);
1694 $EncrNode = $EncAssert->encryptNode($symmetricKey);
1696 $EncAttribute = $document->createElementNS(Constants::NS_SAML,
'saml:EncryptedAttribute');
1697 $attributeStatement->appendChild($EncAttribute);
1698 $n = $document->importNode($EncrNode,
true);
1699 $EncAttribute->appendChild(
$n);
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
An exception for terminatinating execution or to throw for unit testing.
getNotBefore()
Retrieve the earliest timestamp this assertion is valid.
setNotOnOrAfter($notOnOrAfter)
Set the expiration timestamp of this assertion.
setAttributesValueTypes(array $attributesValueTypes)
Replace all attributes value types.
getAuthenticatingAuthority()
Retrieve the AuthenticatingAuthority.
setAuthnInstant($authnInstant)
Set the AuthnInstant of the assertion.
setIssueInstant($issueInstant)
Set the issue timestamp of this assertion.
setId($id)
Set the identifier of this assertion.
addAuthnStatement(\DOMElement $root)
Add a AuthnStatement-node to the assertion.
parseEncryptedAttributes(\DOMElement $xml)
Parse encrypted attribute statements in assertion.
addConditions(\DOMElement $root)
Add a Conditions-node to the assertion.
getNameId()
Retrieve the NameId of the subject in the assertion.
getAuthnContextDecl()
Get the authentication context declaration.
addAttributeStatement(\DOMElement $root)
Add an AttributeStatement-node to the assertion.
setAuthnContext($authnContext)
Set the authentication method used to authenticate the user.
isNameIdEncrypted()
Check whether the NameId is encrypted.
getValidAudiences()
Retrieve the audiences that are allowed to receive this assertion.
setNotBefore($notBefore)
Set the earliest timestamp this assertion can be used.
setNameId($nameId)
Set the NameId of the subject in the assertion.
validate(XMLSecurityKey $key)
Validate this assertion against a public key.
getIssuer()
Retrieve the issuer if this assertion.
getSessionNotOnOrAfter()
Retrieve the session expiration timestamp.
getAuthnContext()
Retrieve the authentication method used to authenticate the user.
parseConditions(\DOMElement $xml)
Parse conditions in assertion.
getAttributeNameFormat()
Retrieve the NameFormat used on all attributes.
setEncryptionKey(XMLSecurityKey $Key=null)
Set the private key we should use to encrypt the attributes.
setSignatureKey(XMLSecurityKey $signatureKey=null)
Set the private key we should use to sign the assertion.
getSignatureKey()
Retrieve the private key we should use to sign the assertion.
setAuthnContextDeclRef($authnContextDeclRef)
Set the authentication context declaration reference.
getAuthnContextClassRef()
Retrieve the authentication method used to authenticate the user.
setSubjectConfirmation(array $SubjectConfirmation)
Set the SubjectConfirmation elements that should be included in the assertion.
decryptAttributes(XMLSecurityKey $key, array $blacklist=array())
Decrypt the assertion attributes.
setAuthnContextClassRef($authnContextClassRef)
Set the authentication method used to authenticate the user.
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameId of the subject in the assertion.
parseAttributes(\DOMElement $xml)
Parse attribute statements in assertion.
parseAuthnStatement(\DOMElement $xml)
Parse AuthnStatement in assertion.
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
setSessionNotOnOrAfter($sessionNotOnOrAfter)
Set the session expiration timestamp.
addSubject(\DOMElement $root)
Add a Subject-node to the assertion.
parseAuthnContext(\DOMElement $authnStatementEl)
Parse AuthnContext in AuthnStatement.
setAuthnContextDecl(Chunk $authnContextDecl)
Set the authentication context declaration.
setAttributes(array $attributes)
Replace all attributes.
getIssueInstant()
Retrieve the issue timestamp of this assertion.
getNotOnOrAfter()
Retrieve the expiration timestamp of this assertion.
setAuthenticatingAuthority($authenticatingAuthority)
Set the AuthenticatingAuthority.
setCertificates(array $certificates)
Set the certificates that should be included in the assertion.
setAttributeNameFormat($nameFormat)
Set the NameFormat used on all attributes.
toXML(\DOMNode $parentElement=null)
Convert this assertion to an XML element.
setIssuer($issuer)
Set the issuer of this message.
getSessionIndex()
Retrieve the session index of the user at the IdP.
getCertificates()
Retrieve the certificates that are included in the assertion.
getAuthnContextDeclRef()
Get the authentication context declaration reference.
getAuthnInstant()
Retrieve the AuthnInstant of the assertion.
addEncryptedAttributeStatement(\DOMElement $root)
Add an EncryptedAttribute Statement-node to the assertion.
parseSubject(\DOMElement $xml)
Parse subject in assertion.
setValidAudiences(array $validAudiences=null)
Set the audiences that are allowed to receive this assertion.
getAttributes()
Retrieve all attributes.
getId()
Retrieve the identifier of this assertion.
__construct(\DOMElement $xml=null)
Constructor for SAML 2 assertions.
getAttributesValueTypes()
Retrieve all attributes value types.
setEncryptedAttributes($ea)
Set $EncryptedAttributes if attributes will send encrypted.
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the Assertion.
getEncryptionKey()
Return the key we should use to encrypt the assertion.
getWasSignedAtConstruction()
setSessionIndex($sessionIndex)
Set the session index of the user at the IdP.
hasEncryptedAttributes()
Did this Assertion contain encrypted Attributes?
if(!array_key_exists('StateId', $_REQUEST)) $id
if(array_key_exists('yes', $_REQUEST)) $attributes
catch(sspmod_saml_Error $e) $authenticatingAuthority