PHP Class OneLogin_Saml2_Response

Mostra file Open project: onelogin/php-saml Class Usage Examples

Public Properties

Property Type Description
$decryptedDocument DomDocument A DOMDocument class loaded from the SAML Response (Decrypted).
$document DomDocument A DOMDocument class loaded from the SAML Response.
$encrypted boolean The response contains an encrypted assertion.
$response string The decoded, unprocessed XML response provided to the constructor.

Protected Properties

Property Type Description
$_settings OneLogin_Saml2_Settings Settings

Public Methods

Method Description
__construct ( OneLogin_Saml2_Settings $settings, string $response ) Constructs the SAML Response object.
checkOneAuthnStatement ( ) : boolean Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique.
checkOneCondition ( ) : boolean Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique.
checkStatus ( ) Checks if the Status is success
getAttributes ( ) : array Gets the Attributes from the AttributeStatement element.
getAudiences ( ) : array Gets the audiences.
getError ( ) * After execute a validation process, if fails this method returns the cause
getIssuers ( ) : array Gets the Issuers (from Response and Assertion).
getNameId ( ) : string Gets the NameID provided by the SAML response from the IdP.
getNameIdData ( ) : array Gets the NameID Data provided by the SAML response from the IdP.
getNameIdFormat ( ) : string Gets the NameID Format provided by the SAML response from the IdP.
getSessionIndex ( ) : string | null Gets the SessionIndex from the AuthnStatement.
getSessionNotOnOrAfter ( ) : integer | null Gets the SessionNotOnOrAfter from the AuthnStatement.
isValid ( string | null $requestId = null ) : boolean Determines if the SAML Response is valid using the certificate.
processSignedElements ( ) : array Verifies the signature nodes: - Checks that are Response or Assertion - Check that IDs and reference URI are unique and consistent.
validateNumAssertions ( ) : boolean Verifies that the document only contains a single Assertion (encrypted or not).
validateSignedElements ( $signedElements ) : boolean Verifies that the document has the expected signed nodes.
validateTimestamps ( ) : boolean Verifies that the document is still valid according Conditions Element.

Protected Methods

Method Description
_decryptAssertion ( DomNode $dom ) : DOMDocument Decrypts the Assertion (DOMDocument)
_queryAssertion ( string $assertionXpath ) : DOMNodeList Extracts a node from the DOMDocument (Assertion).

Private Methods

Method Description
_query ( string $query ) : DOMNodeList Extracts nodes that match the query from the DOMDocument (Response Menssage)

Method Details

__construct() public method

Constructs the SAML Response object.
public __construct ( OneLogin_Saml2_Settings $settings, string $response )
$settings OneLogin_Saml2_Settings Settings.
$response string A UUEncoded SAML response from the IdP.

_decryptAssertion() protected method

Decrypts the Assertion (DOMDocument)
protected _decryptAssertion ( DomNode $dom ) : DOMDocument
$dom DomNode DomDocument
return DOMDocument Decrypted Assertion

_queryAssertion() protected method

Extracts a node from the DOMDocument (Assertion).
protected _queryAssertion ( string $assertionXpath ) : DOMNodeList
$assertionXpath string Xpath Expresion
return DOMNodeList The queried node

checkOneAuthnStatement() public method

Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique.
public checkOneAuthnStatement ( ) : boolean
return boolean true if the AuthnStatement element exists and is unique

checkOneCondition() public method

Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique.
public checkOneCondition ( ) : boolean
return boolean true if the Conditions element exists and is unique

checkStatus() public method

Checks if the Status is success
public checkStatus ( )

getAttributes() public method

Gets the Attributes from the AttributeStatement element.
public getAttributes ( ) : array
return array The attributes of the SAML Assertion

getAudiences() public method

Gets the audiences.
public getAudiences ( ) : array
return array @audience The valid audiences of the response

getError() public method

* After execute a validation process, if fails this method returns the cause
public getError ( )

getIssuers() public method

Gets the Issuers (from Response and Assertion).
public getIssuers ( ) : array
return array @issuers The issuers of the assertion/response

getNameId() public method

Gets the NameID provided by the SAML response from the IdP.
public getNameId ( ) : string
return string Name ID Value

getNameIdData() public method

Gets the NameID Data provided by the SAML response from the IdP.
public getNameIdData ( ) : array
return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)

getNameIdFormat() public method

Gets the NameID Format provided by the SAML response from the IdP.
public getNameIdFormat ( ) : string
return string Name ID Format

getSessionIndex() public method

Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted
public getSessionIndex ( ) : string | null
return string | null The SessionIndex value

getSessionNotOnOrAfter() public method

Could be used to set the local session expiration
public getSessionNotOnOrAfter ( ) : integer | null
return integer | null The SessionNotOnOrAfter value

isValid() public method

Determines if the SAML Response is valid using the certificate.
public isValid ( string | null $requestId = null ) : boolean
$requestId string | null The ID of the AuthNRequest sent by this SP to the IdP
return boolean Validate the document

processSignedElements() public method

Verifies the signature nodes: - Checks that are Response or Assertion - Check that IDs and reference URI are unique and consistent.
public processSignedElements ( ) : array
return array Signed element tags

validateNumAssertions() public method

Verifies that the document only contains a single Assertion (encrypted or not).
public validateNumAssertions ( ) : boolean
return boolean TRUE if the document passes.

validateSignedElements() public method

Verifies that the document has the expected signed nodes.
public validateSignedElements ( $signedElements ) : boolean
return boolean

validateTimestamps() public method

Verifies that the document is still valid according Conditions Element.
public validateTimestamps ( ) : boolean
return boolean

Property Details

$_settings protected_oe property

Settings
protected OneLogin_Saml2_Settings $_settings
return OneLogin_Saml2_Settings

$decryptedDocument public_oe property

A DOMDocument class loaded from the SAML Response (Decrypted).
public DomDocument $decryptedDocument
return DomDocument

$document public_oe property

A DOMDocument class loaded from the SAML Response.
public DomDocument $document
return DomDocument

$encrypted public_oe property

The response contains an encrypted assertion.
public bool $encrypted
return boolean

$response public_oe property

The decoded, unprocessed XML response provided to the constructor.
public string $response
return string