PHP Class SAML2\Assertion

Inheritance: implements saml2\SignedElement
Afficher le fichier Open project: simplesamlphp/saml2 Class Usage Examples

Protected Properties

Свойство Type Description
$wasSignedAtConstruction boolean

Méthodes publiques

Méthode Description
__construct ( DOMElement $xml = null ) Constructor for SAML 2 assertions.
decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] ) Decrypt the assertion attributes.
decryptNameId ( XMLSecurityKey $key, array $blacklist = [] ) Decrypt the NameId of the subject in the assertion.
encryptNameId ( XMLSecurityKey $key ) Encrypt the NameID in the Assertion.
getAttributeNameFormat ( ) : string Retrieve the NameFormat used on all attributes.
getAttributes ( ) : array Retrieve all attributes.
getAuthenticatingAuthority ( ) : array Retrieve the AuthenticatingAuthority.
getAuthnContext ( ) : string | null Retrieve the authentication method used to authenticate the user.
getAuthnContextClassRef ( ) : string | null Retrieve the authentication method used to authenticate the user.
getAuthnContextDecl ( ) : Chunk | null Get the authentication context declaration.
getAuthnContextDeclRef ( ) : string Get the authentication context declaration reference.
getAuthnInstant ( ) : integer | null Retrieve the AuthnInstant of the assertion.
getCertificates ( ) : array Retrieve the certificates that are included in the assertion.
getEncryptionKey ( ) : XMLSecurityKey | null Return the key we should use to encrypt the assertion.
getId ( ) : string Retrieve the identifier of this assertion.
getIssueInstant ( ) : integer Retrieve the issue timestamp of this assertion.
getIssuer ( ) : string | Issuer Retrieve the issuer if this assertion.
getNameId ( ) : array | null Retrieve the NameId of the subject in the assertion.
getNotBefore ( ) : integer | null Retrieve the earliest timestamp this assertion is valid.
getNotOnOrAfter ( ) : integer | null Retrieve the expiration timestamp of this assertion.
getSessionIndex ( ) : string | null Retrieve the session index of the user at the IdP.
getSessionNotOnOrAfter ( ) : integer | null Retrieve the session expiration timestamp.
getSignatureKey ( ) : XMLSecurityKey | null Retrieve the private key we should use to sign the assertion.
getSignatureMethod ( ) : null | string
getSubjectConfirmation ( ) : array Retrieve the SubjectConfirmation elements we have in our Subject element.
getValidAudiences ( ) : array | null Retrieve the audiences that are allowed to receive this assertion.
getWasSignedAtConstruction ( ) : boolean
hasEncryptedAttributes ( ) : boolean Did this Assertion contain encrypted Attributes?
isNameIdEncrypted ( ) : true Check whether the NameId is encrypted.
setAttributeNameFormat ( string $nameFormat ) Set the NameFormat used on all attributes.
setAttributes ( array $attributes ) Replace all attributes.
setAuthenticatingAuthority ( $authenticatingAuthority ) Set the AuthenticatingAuthority
setAuthnContext ( string | null $authnContext ) Set the authentication method used to authenticate the user.
setAuthnContextClassRef ( string | null $authnContextClassRef ) Set the authentication method used to authenticate the user.
setAuthnContextDecl ( Chunk $authnContextDecl ) Set the authentication context declaration.
setAuthnContextDeclRef ( string $authnContextDeclRef ) Set the authentication context declaration reference.
setAuthnInstant ( integer | null $authnInstant ) Set the AuthnInstant of the assertion.
setCertificates ( array $certificates ) Set the certificates that should be included in the assertion.
setEncryptedAttributes ( boolean $ea ) Set $EncryptedAttributes if attributes will send encrypted
setEncryptionKey ( XMLSecurityKey $Key = null ) Set the private key we should use to encrypt the attributes.
setId ( string $id ) Set the identifier of this assertion.
setIssueInstant ( integer $issueInstant ) Set the issue timestamp of this assertion.
setIssuer ( string | Issuer $issuer ) Set the issuer of this message.
setNameId ( array | null $nameId ) Set the NameId of the subject in the assertion.
setNotBefore ( integer | null $notBefore ) Set the earliest timestamp this assertion can be used.
setNotOnOrAfter ( integer | null $notOnOrAfter ) Set the expiration timestamp of this assertion.
setSessionIndex ( string | null $sessionIndex ) Set the session index of the user at the IdP.
setSessionNotOnOrAfter ( integer | null $sessionNotOnOrAfter ) Set the session expiration timestamp.
setSignatureKey ( XMLsecurityKey $signatureKey = null ) Set the private key we should use to sign the assertion.
setSubjectConfirmation ( array $SubjectConfirmation ) Set the SubjectConfirmation elements that should be included in the assertion.
setValidAudiences ( array $validAudiences = null ) Set the audiences that are allowed to receive this assertion.
toXML ( DOMNode $parentElement = null ) : DOMElement Convert this assertion to an XML element.
validate ( XMLSecurityKey $key ) : boolean Validate this assertion against a public key.

Private Methods

Méthode Description
addAttributeStatement ( DOMElement $root ) Add an AttributeStatement-node to the assertion.
addAuthnStatement ( DOMElement $root ) Add a AuthnStatement-node to the assertion.
addConditions ( DOMElement $root ) Add a Conditions-node to the assertion.
addEncryptedAttributeStatement ( DOMElement $root ) Add an EncryptedAttribute Statement-node to the assertion.
addSubject ( DOMElement $root ) Add a Subject-node to the assertion.
parseAttributeValue ( DOMNode $attribute, string $attributeName )
parseAttributes ( DOMElement $xml ) Parse attribute statements in assertion.
parseAuthnContext ( DOMElement $authnStatementEl ) Parse AuthnContext in AuthnStatement.
parseAuthnStatement ( DOMElement $xml ) Parse AuthnStatement in assertion.
parseConditions ( DOMElement $xml ) Parse conditions in assertion.
parseEncryptedAttributes ( DOMElement $xml ) Parse encrypted attribute statements in assertion.
parseSignature ( DOMElement $xml ) Parse signature on assertion.
parseSubject ( DOMElement $xml ) Parse subject in assertion.

Method Details

__construct() public méthode

Constructor for SAML 2 assertions.
public __construct ( DOMElement $xml = null )
$xml DOMElement The input assertion.

decryptAttributes() public méthode

Decrypt the assertion attributes.
public decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )
$key RobRichards\XMLSecLibs\XMLSecurityKey
$blacklist array

decryptNameId() public méthode

Decrypt the NameId of the subject in the assertion.
public decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )
$key RobRichards\XMLSecLibs\XMLSecurityKey The decryption key.
$blacklist array Blacklisted decryption algorithms.

encryptNameId() public méthode

Encrypt the NameID in the Assertion.
public encryptNameId ( XMLSecurityKey $key )
$key RobRichards\XMLSecLibs\XMLSecurityKey The encryption key.

getAttributeNameFormat() public méthode

If more than one NameFormat is used in the received attributes, this returns the unspecified NameFormat.
public getAttributeNameFormat ( ) : string
Résultat string The NameFormat used on all attributes.

getAttributes() public méthode

Retrieve all attributes.
public getAttributes ( ) : array
Résultat array All attributes, as an associative array.

getAuthenticatingAuthority() public méthode

Retrieve the AuthenticatingAuthority.
public getAuthenticatingAuthority ( ) : array
Résultat array

getAuthnContext() public méthode

This will return null if no authentication statement was included in the assertion. Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps but is slightly different (consult the specification for more information). This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef.
Deprecation: use getAuthnContextClassRef
public getAuthnContext ( ) : string | null
Résultat string | null The authentication method.

getAuthnContextClassRef() public méthode

This will return null if no authentication statement was included in the assertion.
public getAuthnContextClassRef ( ) : string | null
Résultat string | null The authentication method.

getAuthnContextDecl() public méthode

See:
public getAuthnContextDecl ( ) : Chunk | null
Résultat SAML2\XML\Chunk | null

getAuthnContextDeclRef() public méthode

URI reference that identifies an authentication context declaration. The URI reference MAY directly resolve into an XML document containing the referenced declaration.
public getAuthnContextDeclRef ( ) : string
Résultat string

getAuthnInstant() public méthode

Retrieve the AuthnInstant of the assertion.
public getAuthnInstant ( ) : integer | null
Résultat integer | null The timestamp the user was authenticated, or NULL if the user isn't authenticated.

getCertificates() public méthode

Retrieve the certificates that are included in the assertion.
public getCertificates ( ) : array
Résultat array An array of certificates.

getEncryptionKey() public méthode

Return the key we should use to encrypt the assertion.
public getEncryptionKey ( ) : XMLSecurityKey | null
Résultat RobRichards\XMLSecLibs\XMLSecurityKey | null The key, or NULL if no key is specified..

getId() public méthode

Retrieve the identifier of this assertion.
public getId ( ) : string
Résultat string The identifier of this assertion.

getIssueInstant() public méthode

Retrieve the issue timestamp of this assertion.
public getIssueInstant ( ) : integer
Résultat integer The issue timestamp of this assertion, as an UNIX timestamp.

getIssuer() public méthode

Retrieve the issuer if this assertion.
public getIssuer ( ) : string | Issuer
Résultat string | SAML2\XML\saml\Issuer The issuer of this assertion.

getNameId() public méthode

The returned NameId is in the format used by \SAML2\Utils::addNameId().
See also: SAML2\Utils::addNameId()
public getNameId ( ) : array | null
Résultat array | null The name identifier of the assertion.

getNotBefore() public méthode

This function returns null if there are no restrictions on how early the assertion can be used.
public getNotBefore ( ) : integer | null
Résultat integer | null The earliest timestamp this assertion is valid.

getNotOnOrAfter() public méthode

This function returns null if there are no restrictions on how late the assertion can be used.
public getNotOnOrAfter ( ) : integer | null
Résultat integer | null The latest timestamp this assertion is valid.

getSessionIndex() public méthode

Retrieve the session index of the user at the IdP.
public getSessionIndex ( ) : string | null
Résultat string | null The session index of the user at the IdP.

getSessionNotOnOrAfter() public méthode

This function returns null if there are no restrictions on the session lifetime.
public getSessionNotOnOrAfter ( ) : integer | null
Résultat integer | null The latest timestamp this session is valid.

getSignatureKey() public méthode

Retrieve the private key we should use to sign the assertion.
public getSignatureKey ( ) : XMLSecurityKey | null
Résultat RobRichards\XMLSecLibs\XMLSecurityKey | null The key, or NULL if no key is specified.

getSignatureMethod() public méthode

public getSignatureMethod ( ) : null | string
Résultat null | string

getSubjectConfirmation() public méthode

Retrieve the SubjectConfirmation elements we have in our Subject element.
public getSubjectConfirmation ( ) : array
Résultat array Array of \SAML2\XML\saml\SubjectConfirmation elements.

getValidAudiences() public méthode

This may be null, in which case all audiences are allowed.
public getValidAudiences ( ) : array | null
Résultat array | null The allowed audiences.

getWasSignedAtConstruction() public méthode

public getWasSignedAtConstruction ( ) : boolean
Résultat boolean

hasEncryptedAttributes() public méthode

Did this Assertion contain encrypted Attributes?
public hasEncryptedAttributes ( ) : boolean
Résultat boolean

isNameIdEncrypted() public méthode

Check whether the NameId is encrypted.
public isNameIdEncrypted ( ) : true
Résultat true if the NameId is encrypted, false if not.

setAttributeNameFormat() public méthode

Set the NameFormat used on all attributes.
public setAttributeNameFormat ( string $nameFormat )
$nameFormat string The NameFormat used on all attributes.

setAttributes() public méthode

Replace all attributes.
public setAttributes ( array $attributes )
$attributes array All new attributes, as an associative array.

setAuthenticatingAuthority() public méthode

Set the AuthenticatingAuthority
public setAuthenticatingAuthority ( $authenticatingAuthority )

setAuthnContext() public méthode

If this is set to null, no authentication statement will be included in the assertion. The default is null.
Deprecation: use setAuthnContextClassRef
public setAuthnContext ( string | null $authnContext )
$authnContext string | null The authentication method.

setAuthnContextClassRef() public méthode

If this is set to null, no authentication statement will be included in the assertion. The default is null.
public setAuthnContextClassRef ( string | null $authnContextClassRef )
$authnContextClassRef string | null The authentication method.

setAuthnContextDecl() public méthode

Set the authentication context declaration.
public setAuthnContextDecl ( Chunk $authnContextDecl )
$authnContextDecl SAML2\XML\Chunk

setAuthnContextDeclRef() public méthode

Set the authentication context declaration reference.
public setAuthnContextDeclRef ( string $authnContextDeclRef )
$authnContextDeclRef string

setAuthnInstant() public méthode

Set the AuthnInstant of the assertion.
public setAuthnInstant ( integer | null $authnInstant )
$authnInstant integer | null Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.

setCertificates() public méthode

The certificates should be strings with the PEM encoded data.
public setCertificates ( array $certificates )
$certificates array An array of certificates.

setEncryptedAttributes() public méthode

Set $EncryptedAttributes if attributes will send encrypted
public setEncryptedAttributes ( boolean $ea )
$ea boolean true to encrypt attributes in the assertion.

setEncryptionKey() public méthode

Set the private key we should use to encrypt the attributes.
public setEncryptionKey ( XMLSecurityKey $Key = null )
$Key RobRichards\XMLSecLibs\XMLSecurityKey

setId() public méthode

Set the identifier of this assertion.
public setId ( string $id )
$id string The new identifier of this assertion.

setIssueInstant() public méthode

Set the issue timestamp of this assertion.
public setIssueInstant ( integer $issueInstant )
$issueInstant integer The new issue timestamp of this assertion, as an UNIX timestamp.

setIssuer() public méthode

Set the issuer of this message.
public setIssuer ( string | Issuer $issuer )
$issuer string | SAML2\XML\saml\Issuer The new issuer of this assertion.

setNameId() public méthode

The NameId must be in the format accepted by \SAML2\Utils::addNameId().
See also: SAML2\Utils::addNameId()
public setNameId ( array | null $nameId )
$nameId array | null The name identifier of the assertion.

setNotBefore() public méthode

Set this to null if no limit is required.
public setNotBefore ( integer | null $notBefore )
$notBefore integer | null The earliest timestamp this assertion is valid.

setNotOnOrAfter() public méthode

Set this to null if no limit is required.
public setNotOnOrAfter ( integer | null $notOnOrAfter )
$notOnOrAfter integer | null The latest timestamp this assertion is valid.

setSessionIndex() public méthode

Note that the authentication context must be set before the session index can be inluded in the assertion.
public setSessionIndex ( string | null $sessionIndex )
$sessionIndex string | null The session index of the user at the IdP.

setSessionNotOnOrAfter() public méthode

Set this to null if no limit is required.
public setSessionNotOnOrAfter ( integer | null $sessionNotOnOrAfter )
$sessionNotOnOrAfter integer | null The latest timestamp this session is valid.

setSignatureKey() public méthode

If the key is null, the assertion will be sent unsigned.
public setSignatureKey ( XMLsecurityKey $signatureKey = null )
$signatureKey XMLsecurityKey

setSubjectConfirmation() public méthode

Set the SubjectConfirmation elements that should be included in the assertion.
public setSubjectConfirmation ( array $SubjectConfirmation )
$SubjectConfirmation array Array of \SAML2\XML\saml\SubjectConfirmation elements.

setValidAudiences() public méthode

This may be null, in which case all audiences are allowed.
public setValidAudiences ( array $validAudiences = null )
$validAudiences array The allowed audiences.

toXML() public méthode

Convert this assertion to an XML element.
public toXML ( DOMNode $parentElement = null ) : DOMElement
$parentElement DOMNode The DOM node the assertion should be created in.
Résultat DOMElement This assertion.

validate() public méthode

If no signature was present on the assertion, we will return false. Otherwise, true will be returned. An exception is thrown if the signature validation fails.
public validate ( XMLSecurityKey $key ) : boolean
$key RobRichards\XMLSecLibs\XMLSecurityKey The key we should check against.
Résultat boolean true if successful, false if it is unsigned.

Property Details

$wasSignedAtConstruction protected_oe property

protected bool $wasSignedAtConstruction
Résultat boolean