PHP Class SAML2\Assertion

Inheritance: implements saml2\SignedElement
Mostrar archivo Open project: simplesamlphp/saml2 Class Usage Examples

Protected Properties

Property Type Description
$wasSignedAtConstruction boolean

Public Methods

Method Description
__construct ( DOMElement $xml = null ) Constructor for SAML 2 assertions.
decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] ) Decrypt the assertion attributes.
decryptNameId ( XMLSecurityKey $key, array $blacklist = [] ) Decrypt the NameId of the subject in the assertion.
encryptNameId ( XMLSecurityKey $key ) Encrypt the NameID in the Assertion.
getAttributeNameFormat ( ) : string Retrieve the NameFormat used on all attributes.
getAttributes ( ) : array Retrieve all attributes.
getAuthenticatingAuthority ( ) : array Retrieve the AuthenticatingAuthority.
getAuthnContext ( ) : string | null Retrieve the authentication method used to authenticate the user.
getAuthnContextClassRef ( ) : string | null Retrieve the authentication method used to authenticate the user.
getAuthnContextDecl ( ) : Chunk | null Get the authentication context declaration.
getAuthnContextDeclRef ( ) : string Get the authentication context declaration reference.
getAuthnInstant ( ) : integer | null Retrieve the AuthnInstant of the assertion.
getCertificates ( ) : array Retrieve the certificates that are included in the assertion.
getEncryptionKey ( ) : XMLSecurityKey | null Return the key we should use to encrypt the assertion.
getId ( ) : string Retrieve the identifier of this assertion.
getIssueInstant ( ) : integer Retrieve the issue timestamp of this assertion.
getIssuer ( ) : string | Issuer Retrieve the issuer if this assertion.
getNameId ( ) : array | null Retrieve the NameId of the subject in the assertion.
getNotBefore ( ) : integer | null Retrieve the earliest timestamp this assertion is valid.
getNotOnOrAfter ( ) : integer | null Retrieve the expiration timestamp of this assertion.
getSessionIndex ( ) : string | null Retrieve the session index of the user at the IdP.
getSessionNotOnOrAfter ( ) : integer | null Retrieve the session expiration timestamp.
getSignatureKey ( ) : XMLSecurityKey | null Retrieve the private key we should use to sign the assertion.
getSignatureMethod ( ) : null | string
getSubjectConfirmation ( ) : array Retrieve the SubjectConfirmation elements we have in our Subject element.
getValidAudiences ( ) : array | null Retrieve the audiences that are allowed to receive this assertion.
getWasSignedAtConstruction ( ) : boolean
hasEncryptedAttributes ( ) : boolean Did this Assertion contain encrypted Attributes?
isNameIdEncrypted ( ) : true Check whether the NameId is encrypted.
setAttributeNameFormat ( string $nameFormat ) Set the NameFormat used on all attributes.
setAttributes ( array $attributes ) Replace all attributes.
setAuthenticatingAuthority ( $authenticatingAuthority ) Set the AuthenticatingAuthority
setAuthnContext ( string | null $authnContext ) Set the authentication method used to authenticate the user.
setAuthnContextClassRef ( string | null $authnContextClassRef ) Set the authentication method used to authenticate the user.
setAuthnContextDecl ( Chunk $authnContextDecl ) Set the authentication context declaration.
setAuthnContextDeclRef ( string $authnContextDeclRef ) Set the authentication context declaration reference.
setAuthnInstant ( integer | null $authnInstant ) Set the AuthnInstant of the assertion.
setCertificates ( array $certificates ) Set the certificates that should be included in the assertion.
setEncryptedAttributes ( boolean $ea ) Set $EncryptedAttributes if attributes will send encrypted
setEncryptionKey ( XMLSecurityKey $Key = null ) Set the private key we should use to encrypt the attributes.
setId ( string $id ) Set the identifier of this assertion.
setIssueInstant ( integer $issueInstant ) Set the issue timestamp of this assertion.
setIssuer ( string | Issuer $issuer ) Set the issuer of this message.
setNameId ( array | null $nameId ) Set the NameId of the subject in the assertion.
setNotBefore ( integer | null $notBefore ) Set the earliest timestamp this assertion can be used.
setNotOnOrAfter ( integer | null $notOnOrAfter ) Set the expiration timestamp of this assertion.
setSessionIndex ( string | null $sessionIndex ) Set the session index of the user at the IdP.
setSessionNotOnOrAfter ( integer | null $sessionNotOnOrAfter ) Set the session expiration timestamp.
setSignatureKey ( XMLsecurityKey $signatureKey = null ) Set the private key we should use to sign the assertion.
setSubjectConfirmation ( array $SubjectConfirmation ) Set the SubjectConfirmation elements that should be included in the assertion.
setValidAudiences ( array $validAudiences = null ) Set the audiences that are allowed to receive this assertion.
toXML ( DOMNode $parentElement = null ) : DOMElement Convert this assertion to an XML element.
validate ( XMLSecurityKey $key ) : boolean Validate this assertion against a public key.

Private Methods

Method Description
addAttributeStatement ( DOMElement $root ) Add an AttributeStatement-node to the assertion.
addAuthnStatement ( DOMElement $root ) Add a AuthnStatement-node to the assertion.
addConditions ( DOMElement $root ) Add a Conditions-node to the assertion.
addEncryptedAttributeStatement ( DOMElement $root ) Add an EncryptedAttribute Statement-node to the assertion.
addSubject ( DOMElement $root ) Add a Subject-node to the assertion.
parseAttributeValue ( DOMNode $attribute, string $attributeName )
parseAttributes ( DOMElement $xml ) Parse attribute statements in assertion.
parseAuthnContext ( DOMElement $authnStatementEl ) Parse AuthnContext in AuthnStatement.
parseAuthnStatement ( DOMElement $xml ) Parse AuthnStatement in assertion.
parseConditions ( DOMElement $xml ) Parse conditions in assertion.
parseEncryptedAttributes ( DOMElement $xml ) Parse encrypted attribute statements in assertion.
parseSignature ( DOMElement $xml ) Parse signature on assertion.
parseSubject ( DOMElement $xml ) Parse subject in assertion.

Method Details

__construct() public method

Constructor for SAML 2 assertions.
public __construct ( DOMElement $xml = null )
$xml DOMElement The input assertion.

decryptAttributes() public method

Decrypt the assertion attributes.
public decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )
$key RobRichards\XMLSecLibs\XMLSecurityKey
$blacklist array

decryptNameId() public method

Decrypt the NameId of the subject in the assertion.
public decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )
$key RobRichards\XMLSecLibs\XMLSecurityKey The decryption key.
$blacklist array Blacklisted decryption algorithms.

encryptNameId() public method

Encrypt the NameID in the Assertion.
public encryptNameId ( XMLSecurityKey $key )
$key RobRichards\XMLSecLibs\XMLSecurityKey The encryption key.

getAttributeNameFormat() public method

If more than one NameFormat is used in the received attributes, this returns the unspecified NameFormat.
public getAttributeNameFormat ( ) : string
return string The NameFormat used on all attributes.

getAttributes() public method

Retrieve all attributes.
public getAttributes ( ) : array
return array All attributes, as an associative array.

getAuthenticatingAuthority() public method

Retrieve the AuthenticatingAuthority.
public getAuthenticatingAuthority ( ) : array
return array

getAuthnContext() public method

This will return null if no authentication statement was included in the assertion. Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps but is slightly different (consult the specification for more information). This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef.
Deprecation: use getAuthnContextClassRef
public getAuthnContext ( ) : string | null
return string | null The authentication method.

getAuthnContextClassRef() public method

This will return null if no authentication statement was included in the assertion.
public getAuthnContextClassRef ( ) : string | null
return string | null The authentication method.

getAuthnContextDecl() public method

See:
public getAuthnContextDecl ( ) : Chunk | null
return SAML2\XML\Chunk | null

getAuthnContextDeclRef() public method

URI reference that identifies an authentication context declaration. The URI reference MAY directly resolve into an XML document containing the referenced declaration.
public getAuthnContextDeclRef ( ) : string
return string

getAuthnInstant() public method

Retrieve the AuthnInstant of the assertion.
public getAuthnInstant ( ) : integer | null
return integer | null The timestamp the user was authenticated, or NULL if the user isn't authenticated.

getCertificates() public method

Retrieve the certificates that are included in the assertion.
public getCertificates ( ) : array
return array An array of certificates.

getEncryptionKey() public method

Return the key we should use to encrypt the assertion.
public getEncryptionKey ( ) : XMLSecurityKey | null
return RobRichards\XMLSecLibs\XMLSecurityKey | null The key, or NULL if no key is specified..

getId() public method

Retrieve the identifier of this assertion.
public getId ( ) : string
return string The identifier of this assertion.

getIssueInstant() public method

Retrieve the issue timestamp of this assertion.
public getIssueInstant ( ) : integer
return integer The issue timestamp of this assertion, as an UNIX timestamp.

getIssuer() public method

Retrieve the issuer if this assertion.
public getIssuer ( ) : string | Issuer
return string | SAML2\XML\saml\Issuer The issuer of this assertion.

getNameId() public method

The returned NameId is in the format used by \SAML2\Utils::addNameId().
See also: SAML2\Utils::addNameId()
public getNameId ( ) : array | null
return array | null The name identifier of the assertion.

getNotBefore() public method

This function returns null if there are no restrictions on how early the assertion can be used.
public getNotBefore ( ) : integer | null
return integer | null The earliest timestamp this assertion is valid.

getNotOnOrAfter() public method

This function returns null if there are no restrictions on how late the assertion can be used.
public getNotOnOrAfter ( ) : integer | null
return integer | null The latest timestamp this assertion is valid.

getSessionIndex() public method

Retrieve the session index of the user at the IdP.
public getSessionIndex ( ) : string | null
return string | null The session index of the user at the IdP.

getSessionNotOnOrAfter() public method

This function returns null if there are no restrictions on the session lifetime.
public getSessionNotOnOrAfter ( ) : integer | null
return integer | null The latest timestamp this session is valid.

getSignatureKey() public method

Retrieve the private key we should use to sign the assertion.
public getSignatureKey ( ) : XMLSecurityKey | null
return RobRichards\XMLSecLibs\XMLSecurityKey | null The key, or NULL if no key is specified.

getSignatureMethod() public method

public getSignatureMethod ( ) : null | string
return null | string

getSubjectConfirmation() public method

Retrieve the SubjectConfirmation elements we have in our Subject element.
public getSubjectConfirmation ( ) : array
return array Array of \SAML2\XML\saml\SubjectConfirmation elements.

getValidAudiences() public method

This may be null, in which case all audiences are allowed.
public getValidAudiences ( ) : array | null
return array | null The allowed audiences.

getWasSignedAtConstruction() public method

hasEncryptedAttributes() public method

Did this Assertion contain encrypted Attributes?
public hasEncryptedAttributes ( ) : boolean
return boolean

isNameIdEncrypted() public method

Check whether the NameId is encrypted.
public isNameIdEncrypted ( ) : true
return true if the NameId is encrypted, false if not.

setAttributeNameFormat() public method

Set the NameFormat used on all attributes.
public setAttributeNameFormat ( string $nameFormat )
$nameFormat string The NameFormat used on all attributes.

setAttributes() public method

Replace all attributes.
public setAttributes ( array $attributes )
$attributes array All new attributes, as an associative array.

setAuthenticatingAuthority() public method

Set the AuthenticatingAuthority
public setAuthenticatingAuthority ( $authenticatingAuthority )

setAuthnContext() public method

If this is set to null, no authentication statement will be included in the assertion. The default is null.
Deprecation: use setAuthnContextClassRef
public setAuthnContext ( string | null $authnContext )
$authnContext string | null The authentication method.

setAuthnContextClassRef() public method

If this is set to null, no authentication statement will be included in the assertion. The default is null.
public setAuthnContextClassRef ( string | null $authnContextClassRef )
$authnContextClassRef string | null The authentication method.

setAuthnContextDecl() public method

Set the authentication context declaration.
public setAuthnContextDecl ( Chunk $authnContextDecl )
$authnContextDecl SAML2\XML\Chunk

setAuthnContextDeclRef() public method

Set the authentication context declaration reference.
public setAuthnContextDeclRef ( string $authnContextDeclRef )
$authnContextDeclRef string

setAuthnInstant() public method

Set the AuthnInstant of the assertion.
public setAuthnInstant ( integer | null $authnInstant )
$authnInstant integer | null Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.

setCertificates() public method

The certificates should be strings with the PEM encoded data.
public setCertificates ( array $certificates )
$certificates array An array of certificates.

setEncryptedAttributes() public method

Set $EncryptedAttributes if attributes will send encrypted
public setEncryptedAttributes ( boolean $ea )
$ea boolean true to encrypt attributes in the assertion.

setEncryptionKey() public method

Set the private key we should use to encrypt the attributes.
public setEncryptionKey ( XMLSecurityKey $Key = null )
$Key RobRichards\XMLSecLibs\XMLSecurityKey

setId() public method

Set the identifier of this assertion.
public setId ( string $id )
$id string The new identifier of this assertion.

setIssueInstant() public method

Set the issue timestamp of this assertion.
public setIssueInstant ( integer $issueInstant )
$issueInstant integer The new issue timestamp of this assertion, as an UNIX timestamp.

setIssuer() public method

Set the issuer of this message.
public setIssuer ( string | Issuer $issuer )
$issuer string | SAML2\XML\saml\Issuer The new issuer of this assertion.

setNameId() public method

The NameId must be in the format accepted by \SAML2\Utils::addNameId().
See also: SAML2\Utils::addNameId()
public setNameId ( array | null $nameId )
$nameId array | null The name identifier of the assertion.

setNotBefore() public method

Set this to null if no limit is required.
public setNotBefore ( integer | null $notBefore )
$notBefore integer | null The earliest timestamp this assertion is valid.

setNotOnOrAfter() public method

Set this to null if no limit is required.
public setNotOnOrAfter ( integer | null $notOnOrAfter )
$notOnOrAfter integer | null The latest timestamp this assertion is valid.

setSessionIndex() public method

Note that the authentication context must be set before the session index can be inluded in the assertion.
public setSessionIndex ( string | null $sessionIndex )
$sessionIndex string | null The session index of the user at the IdP.

setSessionNotOnOrAfter() public method

Set this to null if no limit is required.
public setSessionNotOnOrAfter ( integer | null $sessionNotOnOrAfter )
$sessionNotOnOrAfter integer | null The latest timestamp this session is valid.

setSignatureKey() public method

If the key is null, the assertion will be sent unsigned.
public setSignatureKey ( XMLsecurityKey $signatureKey = null )
$signatureKey XMLsecurityKey

setSubjectConfirmation() public method

Set the SubjectConfirmation elements that should be included in the assertion.
public setSubjectConfirmation ( array $SubjectConfirmation )
$SubjectConfirmation array Array of \SAML2\XML\saml\SubjectConfirmation elements.

setValidAudiences() public method

This may be null, in which case all audiences are allowed.
public setValidAudiences ( array $validAudiences = null )
$validAudiences array The allowed audiences.

toXML() public method

Convert this assertion to an XML element.
public toXML ( DOMNode $parentElement = null ) : DOMElement
$parentElement DOMNode The DOM node the assertion should be created in.
return DOMElement This assertion.

validate() public method

If no signature was present on the assertion, we will return false. Otherwise, true will be returned. An exception is thrown if the signature validation fails.
public validate ( XMLSecurityKey $key ) : boolean
$key RobRichards\XMLSecLibs\XMLSecurityKey The key we should check against.
return boolean true if successful, false if it is unsigned.

Property Details

$wasSignedAtConstruction protected_oe property

protected bool $wasSignedAtConstruction
return boolean