PHP Class SAML2\Assertion

Inheritance: implements saml2\SignedElement

Show file Open project: simplesamlphp/saml2 Class Usage Examples

Protected Properties

Property	Type	Description
$wasSignedAtConstruction	boolean

Public Methods

Method	Description
__construct ( DOMElement $xml = null )	Constructor for SAML 2 assertions.
decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )	Decrypt the assertion attributes.
decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )	Decrypt the NameId of the subject in the assertion.
encryptNameId ( XMLSecurityKey $key )	Encrypt the NameID in the Assertion.
getAttributeNameFormat ( ) : string	Retrieve the NameFormat used on all attributes.
getAttributes ( ) : array	Retrieve all attributes.
getAuthenticatingAuthority ( ) : array	Retrieve the AuthenticatingAuthority.
getAuthnContext ( ) : string \| null	Retrieve the authentication method used to authenticate the user.
getAuthnContextClassRef ( ) : string \| null	Retrieve the authentication method used to authenticate the user.
getAuthnContextDecl ( ) : Chunk \| null	Get the authentication context declaration.
getAuthnContextDeclRef ( ) : string	Get the authentication context declaration reference.
getAuthnInstant ( ) : integer \| null	Retrieve the AuthnInstant of the assertion.
getCertificates ( ) : array	Retrieve the certificates that are included in the assertion.
getEncryptionKey ( ) : XMLSecurityKey \| null	Return the key we should use to encrypt the assertion.
getId ( ) : string	Retrieve the identifier of this assertion.
getIssueInstant ( ) : integer	Retrieve the issue timestamp of this assertion.
getIssuer ( ) : string \| Issuer	Retrieve the issuer if this assertion.
getNameId ( ) : array \| null	Retrieve the NameId of the subject in the assertion.
getNotBefore ( ) : integer \| null	Retrieve the earliest timestamp this assertion is valid.
getNotOnOrAfter ( ) : integer \| null	Retrieve the expiration timestamp of this assertion.
getSessionIndex ( ) : string \| null	Retrieve the session index of the user at the IdP.
getSessionNotOnOrAfter ( ) : integer \| null	Retrieve the session expiration timestamp.
getSignatureKey ( ) : XMLSecurityKey \| null	Retrieve the private key we should use to sign the assertion.
getSignatureMethod ( ) : null \| string
getSubjectConfirmation ( ) : array	Retrieve the SubjectConfirmation elements we have in our Subject element.
getValidAudiences ( ) : array \| null	Retrieve the audiences that are allowed to receive this assertion.
getWasSignedAtConstruction ( ) : boolean
hasEncryptedAttributes ( ) : boolean	Did this Assertion contain encrypted Attributes?
isNameIdEncrypted ( ) : true	Check whether the NameId is encrypted.
setAttributeNameFormat ( string $nameFormat )	Set the NameFormat used on all attributes.
setAttributes ( array $attributes )	Replace all attributes.
setAuthenticatingAuthority ( $authenticatingAuthority )	Set the AuthenticatingAuthority
setAuthnContext ( string \| null $authnContext )	Set the authentication method used to authenticate the user.
setAuthnContextClassRef ( string \| null $authnContextClassRef )	Set the authentication method used to authenticate the user.
setAuthnContextDecl ( Chunk $authnContextDecl )	Set the authentication context declaration.
setAuthnContextDeclRef ( string $authnContextDeclRef )	Set the authentication context declaration reference.
setAuthnInstant ( integer \| null $authnInstant )	Set the AuthnInstant of the assertion.
setCertificates ( array $certificates )	Set the certificates that should be included in the assertion.
setEncryptedAttributes ( boolean $ea )	Set $EncryptedAttributes if attributes will send encrypted
setEncryptionKey ( XMLSecurityKey $Key = null )	Set the private key we should use to encrypt the attributes.
setId ( string $id )	Set the identifier of this assertion.
setIssueInstant ( integer $issueInstant )	Set the issue timestamp of this assertion.
setIssuer ( string \| Issuer $issuer )	Set the issuer of this message.
setNameId ( array \| null $nameId )	Set the NameId of the subject in the assertion.
setNotBefore ( integer \| null $notBefore )	Set the earliest timestamp this assertion can be used.
setNotOnOrAfter ( integer \| null $notOnOrAfter )	Set the expiration timestamp of this assertion.
setSessionIndex ( string \| null $sessionIndex )	Set the session index of the user at the IdP.
setSessionNotOnOrAfter ( integer \| null $sessionNotOnOrAfter )	Set the session expiration timestamp.
setSignatureKey ( XMLsecurityKey $signatureKey = null )	Set the private key we should use to sign the assertion.
setSubjectConfirmation ( array $SubjectConfirmation )	Set the SubjectConfirmation elements that should be included in the assertion.
setValidAudiences ( array $validAudiences = null )	Set the audiences that are allowed to receive this assertion.
toXML ( DOMNode $parentElement = null ) : DOMElement	Convert this assertion to an XML element.
validate ( XMLSecurityKey $key ) : boolean	Validate this assertion against a public key.

Private Methods

Method	Description
addAttributeStatement ( DOMElement $root )	Add an AttributeStatement-node to the assertion.
addAuthnStatement ( DOMElement $root )	Add a AuthnStatement-node to the assertion.
addConditions ( DOMElement $root )	Add a Conditions-node to the assertion.
addEncryptedAttributeStatement ( DOMElement $root )	Add an EncryptedAttribute Statement-node to the assertion.
addSubject ( DOMElement $root )	Add a Subject-node to the assertion.
parseAttributeValue ( DOMNode $attribute, string $attributeName )
parseAttributes ( DOMElement $xml )	Parse attribute statements in assertion.
parseAuthnContext ( DOMElement $authnStatementEl )	Parse AuthnContext in AuthnStatement.
parseAuthnStatement ( DOMElement $xml )	Parse AuthnStatement in assertion.
parseConditions ( DOMElement $xml )	Parse conditions in assertion.
parseEncryptedAttributes ( DOMElement $xml )	Parse encrypted attribute statements in assertion.
parseSignature ( DOMElement $xml )	Parse signature on assertion.
parseSubject ( DOMElement $xml )	Parse subject in assertion.

Method Details

__construct() public method

Constructor for SAML 2 assertions.

public __construct ( DOMElement $xml = null )
$xml	DOMElement	The input assertion.

decryptAttributes() public method

Decrypt the assertion attributes.

public decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )
$key	RobRichards\XMLSecLibs\XMLSecurityKey
$blacklist	array

decryptNameId() public method

Decrypt the NameId of the subject in the assertion.

public decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The decryption key.
$blacklist	array	Blacklisted decryption algorithms.

encryptNameId() public method

Encrypt the NameID in the Assertion.

public encryptNameId ( XMLSecurityKey $key )
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The encryption key.

getAttributeNameFormat() public method

If more than one NameFormat is used in the received attributes, this returns the unspecified NameFormat.

public getAttributeNameFormat ( ) : string
return	string	The NameFormat used on all attributes.

getAttributes() public method

Retrieve all attributes.

public getAttributes ( ) : array
return	array	All attributes, as an associative array.

getAuthenticatingAuthority() public method

Retrieve the AuthenticatingAuthority.

public getAuthenticatingAuthority ( ) : array
return	array

getAuthnContext() public method

This will return null if no authentication statement was included in the assertion. Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps but is slightly different (consult the specification for more information). This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef.

Deprecation: use getAuthnContextClassRef

public getAuthnContext ( ) : string \| null
return	string \| null	The authentication method.

getAuthnContextClassRef() public method

This will return null if no authentication statement was included in the assertion.

public getAuthnContextClassRef ( ) : string \| null
return	string \| null	The authentication method.

getAuthnContextDecl() public method

See:

public getAuthnContextDecl ( ) : Chunk \| null
return	SAML2\XML\Chunk \| null

getAuthnContextDeclRef() public method

URI reference that identifies an authentication context declaration. The URI reference MAY directly resolve into an XML document containing the referenced declaration.

public getAuthnContextDeclRef ( ) : string
return	string

getAuthnInstant() public method

Retrieve the AuthnInstant of the assertion.

public getAuthnInstant ( ) : integer \| null
return	integer \| null	The timestamp the user was authenticated, or NULL if the user isn't authenticated.

getCertificates() public method

Retrieve the certificates that are included in the assertion.

public getCertificates ( ) : array
return	array	An array of certificates.

getEncryptionKey() public method

Return the key we should use to encrypt the assertion.

public getEncryptionKey ( ) : XMLSecurityKey \| null
return	RobRichards\XMLSecLibs\XMLSecurityKey \| null	The key, or NULL if no key is specified..

getId() public method

Retrieve the identifier of this assertion.

public getId ( ) : string
return	string	The identifier of this assertion.

getIssueInstant() public method

Retrieve the issue timestamp of this assertion.

public getIssueInstant ( ) : integer
return	integer	The issue timestamp of this assertion, as an UNIX timestamp.

getIssuer() public method

Retrieve the issuer if this assertion.

public getIssuer ( ) : string \| Issuer
return	string \| SAML2\XML\saml\Issuer	The issuer of this assertion.

getNameId() public method

The returned NameId is in the format used by \SAML2\Utils::addNameId().

getNotBefore() public method

This function returns null if there are no restrictions on how early the assertion can be used.

public getNotBefore ( ) : integer \| null
return	integer \| null	The earliest timestamp this assertion is valid.

getNotOnOrAfter() public method

This function returns null if there are no restrictions on how late the assertion can be used.

public getNotOnOrAfter ( ) : integer \| null
return	integer \| null	The latest timestamp this assertion is valid.

getSessionIndex() public method

Retrieve the session index of the user at the IdP.

public getSessionIndex ( ) : string \| null
return	string \| null	The session index of the user at the IdP.

getSessionNotOnOrAfter() public method

This function returns null if there are no restrictions on the session lifetime.

public getSessionNotOnOrAfter ( ) : integer \| null
return	integer \| null	The latest timestamp this session is valid.

getSignatureKey() public method

Retrieve the private key we should use to sign the assertion.

public getSignatureKey ( ) : XMLSecurityKey \| null
return	RobRichards\XMLSecLibs\XMLSecurityKey \| null	The key, or NULL if no key is specified.

getSignatureMethod() public method

public getSignatureMethod ( ) : null \| string
return	null \| string

getSubjectConfirmation() public method

Retrieve the SubjectConfirmation elements we have in our Subject element.

public getSubjectConfirmation ( ) : array
return	array	Array of \SAML2\XML\saml\SubjectConfirmation elements.

getValidAudiences() public method

This may be null, in which case all audiences are allowed.

public getValidAudiences ( ) : array \| null
return	array \| null	The allowed audiences.

getWasSignedAtConstruction() public method

public getWasSignedAtConstruction ( ) : boolean
return	boolean

hasEncryptedAttributes() public method

Did this Assertion contain encrypted Attributes?

public hasEncryptedAttributes ( ) : boolean
return	boolean

isNameIdEncrypted() public method

Check whether the NameId is encrypted.

public isNameIdEncrypted ( ) : true
return	true	if the NameId is encrypted, false if not.

setAttributeNameFormat() public method

Set the NameFormat used on all attributes.

public setAttributeNameFormat ( string $nameFormat )
$nameFormat	string	The NameFormat used on all attributes.

setAttributes() public method

Replace all attributes.

public setAttributes ( array $attributes )
$attributes	array	All new attributes, as an associative array.

setAuthenticatingAuthority() public method

Set the AuthenticatingAuthority

public setAuthenticatingAuthority ( $authenticatingAuthority )

setAuthnContext() public method

If this is set to null, no authentication statement will be included in the assertion. The default is null.

Deprecation: use setAuthnContextClassRef

public setAuthnContext ( string \| null $authnContext )
$authnContext	string \| null	The authentication method.

setAuthnContextClassRef() public method

If this is set to null, no authentication statement will be included in the assertion. The default is null.

public setAuthnContextClassRef ( string \| null $authnContextClassRef )
$authnContextClassRef	string \| null	The authentication method.

setAuthnContextDecl() public method

Set the authentication context declaration.

public setAuthnContextDecl ( Chunk $authnContextDecl )
$authnContextDecl	SAML2\XML\Chunk

setAuthnContextDeclRef() public method

Set the authentication context declaration reference.

public setAuthnContextDeclRef ( string $authnContextDeclRef )
$authnContextDeclRef	string

setAuthnInstant() public method

Set the AuthnInstant of the assertion.

public setAuthnInstant ( integer \| null $authnInstant )
$authnInstant	integer \| null	Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.

setCertificates() public method

The certificates should be strings with the PEM encoded data.

public setCertificates ( array $certificates )
$certificates	array	An array of certificates.

setEncryptedAttributes() public method

Set $EncryptedAttributes if attributes will send encrypted

public setEncryptedAttributes ( boolean $ea )
$ea	boolean	true to encrypt attributes in the assertion.

setEncryptionKey() public method

Set the private key we should use to encrypt the attributes.

public setEncryptionKey ( XMLSecurityKey $Key = null )
$Key	RobRichards\XMLSecLibs\XMLSecurityKey

setId() public method

Set the identifier of this assertion.

public setId ( string $id )
$id	string	The new identifier of this assertion.

setIssueInstant() public method

Set the issue timestamp of this assertion.

public setIssueInstant ( integer $issueInstant )
$issueInstant	integer	The new issue timestamp of this assertion, as an UNIX timestamp.

setIssuer() public method

Set the issuer of this message.

public setIssuer ( string \| Issuer $issuer )
$issuer	string \| SAML2\XML\saml\Issuer	The new issuer of this assertion.

setNameId() public method

The NameId must be in the format accepted by \SAML2\Utils::addNameId().

setNotBefore() public method

Set this to null if no limit is required.

public setNotBefore ( integer \| null $notBefore )
$notBefore	integer \| null	The earliest timestamp this assertion is valid.

setNotOnOrAfter() public method

Set this to null if no limit is required.

public setNotOnOrAfter ( integer \| null $notOnOrAfter )
$notOnOrAfter	integer \| null	The latest timestamp this assertion is valid.

setSessionIndex() public method

Note that the authentication context must be set before the session index can be inluded in the assertion.

public setSessionIndex ( string \| null $sessionIndex )
$sessionIndex	string \| null	The session index of the user at the IdP.

setSessionNotOnOrAfter() public method

Set this to null if no limit is required.

public setSessionNotOnOrAfter ( integer \| null $sessionNotOnOrAfter )
$sessionNotOnOrAfter	integer \| null	The latest timestamp this session is valid.

setSignatureKey() public method

If the key is null, the assertion will be sent unsigned.

public setSignatureKey ( XMLsecurityKey $signatureKey = null )
$signatureKey	XMLsecurityKey

setSubjectConfirmation() public method

Set the SubjectConfirmation elements that should be included in the assertion.

public setSubjectConfirmation ( array $SubjectConfirmation )
$SubjectConfirmation	array	Array of \SAML2\XML\saml\SubjectConfirmation elements.

setValidAudiences() public method

This may be null, in which case all audiences are allowed.

public setValidAudiences ( array $validAudiences = null )
$validAudiences	array	The allowed audiences.

toXML() public method

Convert this assertion to an XML element.

public toXML ( DOMNode $parentElement = null ) : DOMElement
$parentElement	DOMNode	The DOM node the assertion should be created in.
return	DOMElement	This assertion.

validate() public method

If no signature was present on the assertion, we will return false. Otherwise, true will be returned. An exception is thrown if the signature validation fails.

public validate ( XMLSecurityKey $key ) : boolean
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The key we should check against.
return	boolean	true if successful, false if it is unsigned.

Property Details

$wasSignedAtConstruction protected property

protected bool $wasSignedAtConstruction
return	boolean

public getNameId ( ) : array \| null
return	array \| null	The name identifier of the assertion.

public setNameId ( array \| null $nameId )
$nameId	array \| null	The name identifier of the assertion.