PHP 클래스 SAML2\Assertion

상속: implements saml2\SignedElement

파일 보기 프로젝트 열기: simplesamlphp/saml2 1 사용 예제들

보호된 프로퍼티들

프로퍼티	타입	설명
$wasSignedAtConstruction	boolean

공개 메소드들

메소드	설명
__construct ( DOMElement $xml = null )	Constructor for SAML 2 assertions.
decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )	Decrypt the assertion attributes.
decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )	Decrypt the NameId of the subject in the assertion.
encryptNameId ( XMLSecurityKey $key )	Encrypt the NameID in the Assertion.
getAttributeNameFormat ( ) : string	Retrieve the NameFormat used on all attributes.
getAttributes ( ) : array	Retrieve all attributes.
getAuthenticatingAuthority ( ) : array	Retrieve the AuthenticatingAuthority.
getAuthnContext ( ) : string \| null	Retrieve the authentication method used to authenticate the user.
getAuthnContextClassRef ( ) : string \| null	Retrieve the authentication method used to authenticate the user.
getAuthnContextDecl ( ) : Chunk \| null	Get the authentication context declaration.
getAuthnContextDeclRef ( ) : string	Get the authentication context declaration reference.
getAuthnInstant ( ) : integer \| null	Retrieve the AuthnInstant of the assertion.
getCertificates ( ) : array	Retrieve the certificates that are included in the assertion.
getEncryptionKey ( ) : XMLSecurityKey \| null	Return the key we should use to encrypt the assertion.
getId ( ) : string	Retrieve the identifier of this assertion.
getIssueInstant ( ) : integer	Retrieve the issue timestamp of this assertion.
getIssuer ( ) : string \| Issuer	Retrieve the issuer if this assertion.
getNameId ( ) : array \| null	Retrieve the NameId of the subject in the assertion.
getNotBefore ( ) : integer \| null	Retrieve the earliest timestamp this assertion is valid.
getNotOnOrAfter ( ) : integer \| null	Retrieve the expiration timestamp of this assertion.
getSessionIndex ( ) : string \| null	Retrieve the session index of the user at the IdP.
getSessionNotOnOrAfter ( ) : integer \| null	Retrieve the session expiration timestamp.
getSignatureKey ( ) : XMLSecurityKey \| null	Retrieve the private key we should use to sign the assertion.
getSignatureMethod ( ) : null \| string
getSubjectConfirmation ( ) : array	Retrieve the SubjectConfirmation elements we have in our Subject element.
getValidAudiences ( ) : array \| null	Retrieve the audiences that are allowed to receive this assertion.
getWasSignedAtConstruction ( ) : boolean
hasEncryptedAttributes ( ) : boolean	Did this Assertion contain encrypted Attributes?
isNameIdEncrypted ( ) : true	Check whether the NameId is encrypted.
setAttributeNameFormat ( string $nameFormat )	Set the NameFormat used on all attributes.
setAttributes ( array $attributes )	Replace all attributes.
setAuthenticatingAuthority ( $authenticatingAuthority )	Set the AuthenticatingAuthority
setAuthnContext ( string \| null $authnContext )	Set the authentication method used to authenticate the user.
setAuthnContextClassRef ( string \| null $authnContextClassRef )	Set the authentication method used to authenticate the user.
setAuthnContextDecl ( Chunk $authnContextDecl )	Set the authentication context declaration.
setAuthnContextDeclRef ( string $authnContextDeclRef )	Set the authentication context declaration reference.
setAuthnInstant ( integer \| null $authnInstant )	Set the AuthnInstant of the assertion.
setCertificates ( array $certificates )	Set the certificates that should be included in the assertion.
setEncryptedAttributes ( boolean $ea )	Set $EncryptedAttributes if attributes will send encrypted
setEncryptionKey ( XMLSecurityKey $Key = null )	Set the private key we should use to encrypt the attributes.
setId ( string $id )	Set the identifier of this assertion.
setIssueInstant ( integer $issueInstant )	Set the issue timestamp of this assertion.
setIssuer ( string \| Issuer $issuer )	Set the issuer of this message.
setNameId ( array \| null $nameId )	Set the NameId of the subject in the assertion.
setNotBefore ( integer \| null $notBefore )	Set the earliest timestamp this assertion can be used.
setNotOnOrAfter ( integer \| null $notOnOrAfter )	Set the expiration timestamp of this assertion.
setSessionIndex ( string \| null $sessionIndex )	Set the session index of the user at the IdP.
setSessionNotOnOrAfter ( integer \| null $sessionNotOnOrAfter )	Set the session expiration timestamp.
setSignatureKey ( XMLsecurityKey $signatureKey = null )	Set the private key we should use to sign the assertion.
setSubjectConfirmation ( array $SubjectConfirmation )	Set the SubjectConfirmation elements that should be included in the assertion.
setValidAudiences ( array $validAudiences = null )	Set the audiences that are allowed to receive this assertion.
toXML ( DOMNode $parentElement = null ) : DOMElement	Convert this assertion to an XML element.
validate ( XMLSecurityKey $key ) : boolean	Validate this assertion against a public key.

비공개 메소드들

메소드	설명
addAttributeStatement ( DOMElement $root )	Add an AttributeStatement-node to the assertion.
addAuthnStatement ( DOMElement $root )	Add a AuthnStatement-node to the assertion.
addConditions ( DOMElement $root )	Add a Conditions-node to the assertion.
addEncryptedAttributeStatement ( DOMElement $root )	Add an EncryptedAttribute Statement-node to the assertion.
addSubject ( DOMElement $root )	Add a Subject-node to the assertion.
parseAttributeValue ( DOMNode $attribute, string $attributeName )
parseAttributes ( DOMElement $xml )	Parse attribute statements in assertion.
parseAuthnContext ( DOMElement $authnStatementEl )	Parse AuthnContext in AuthnStatement.
parseAuthnStatement ( DOMElement $xml )	Parse AuthnStatement in assertion.
parseConditions ( DOMElement $xml )	Parse conditions in assertion.
parseEncryptedAttributes ( DOMElement $xml )	Parse encrypted attribute statements in assertion.
parseSignature ( DOMElement $xml )	Parse signature on assertion.
parseSubject ( DOMElement $xml )	Parse subject in assertion.

메소드 상세

__construct() 공개 메소드

Constructor for SAML 2 assertions.

public __construct ( DOMElement $xml = null )
$xml	DOMElement	The input assertion.

decryptAttributes() 공개 메소드

Decrypt the assertion attributes.

public decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )
$key	RobRichards\XMLSecLibs\XMLSecurityKey
$blacklist	array

decryptNameId() 공개 메소드

Decrypt the NameId of the subject in the assertion.

public decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The decryption key.
$blacklist	array	Blacklisted decryption algorithms.

encryptNameId() 공개 메소드

Encrypt the NameID in the Assertion.

public encryptNameId ( XMLSecurityKey $key )
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The encryption key.

getAttributeNameFormat() 공개 메소드

If more than one NameFormat is used in the received attributes, this returns the unspecified NameFormat.

public getAttributeNameFormat ( ) : string
리턴	string	The NameFormat used on all attributes.

getAttributes() 공개 메소드

Retrieve all attributes.

public getAttributes ( ) : array
리턴	array	All attributes, as an associative array.

getAuthenticatingAuthority() 공개 메소드

Retrieve the AuthenticatingAuthority.

public getAuthenticatingAuthority ( ) : array
리턴	array

getAuthnContext() 공개 메소드

This will return null if no authentication statement was included in the assertion. Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps but is slightly different (consult the specification for more information). This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef.

사용 중단: use getAuthnContextClassRef

public getAuthnContext ( ) : string \| null
리턴	string \| null	The authentication method.

getAuthnContextClassRef() 공개 메소드

This will return null if no authentication statement was included in the assertion.

public getAuthnContextClassRef ( ) : string \| null
리턴	string \| null	The authentication method.

getAuthnContextDecl() 공개 메소드

See:

public getAuthnContextDecl ( ) : Chunk \| null
리턴	SAML2\XML\Chunk \| null

getAuthnContextDeclRef() 공개 메소드

URI reference that identifies an authentication context declaration. The URI reference MAY directly resolve into an XML document containing the referenced declaration.

public getAuthnContextDeclRef ( ) : string
리턴	string

getAuthnInstant() 공개 메소드

Retrieve the AuthnInstant of the assertion.

public getAuthnInstant ( ) : integer \| null
리턴	integer \| null	The timestamp the user was authenticated, or NULL if the user isn't authenticated.

getCertificates() 공개 메소드

Retrieve the certificates that are included in the assertion.

public getCertificates ( ) : array
리턴	array	An array of certificates.

getEncryptionKey() 공개 메소드

Return the key we should use to encrypt the assertion.

public getEncryptionKey ( ) : XMLSecurityKey \| null
리턴	RobRichards\XMLSecLibs\XMLSecurityKey \| null	The key, or NULL if no key is specified..

getId() 공개 메소드

Retrieve the identifier of this assertion.

public getId ( ) : string
리턴	string	The identifier of this assertion.

getIssueInstant() 공개 메소드

Retrieve the issue timestamp of this assertion.

public getIssueInstant ( ) : integer
리턴	integer	The issue timestamp of this assertion, as an UNIX timestamp.

getIssuer() 공개 메소드

Retrieve the issuer if this assertion.

public getIssuer ( ) : string \| Issuer
리턴	string \| SAML2\XML\saml\Issuer	The issuer of this assertion.

getNameId() 공개 메소드

The returned NameId is in the format used by \SAML2\Utils::addNameId().

또한 보기: SAML2\Utils::addNameId()

public getNameId ( ) : array \| null
리턴	array \| null	The name identifier of the assertion.

getNotBefore() 공개 메소드

This function returns null if there are no restrictions on how early the assertion can be used.

public getNotBefore ( ) : integer \| null
리턴	integer \| null	The earliest timestamp this assertion is valid.

getNotOnOrAfter() 공개 메소드

This function returns null if there are no restrictions on how late the assertion can be used.

public getNotOnOrAfter ( ) : integer \| null
리턴	integer \| null	The latest timestamp this assertion is valid.

getSessionIndex() 공개 메소드

Retrieve the session index of the user at the IdP.

public getSessionIndex ( ) : string \| null
리턴	string \| null	The session index of the user at the IdP.

getSessionNotOnOrAfter() 공개 메소드

This function returns null if there are no restrictions on the session lifetime.

public getSessionNotOnOrAfter ( ) : integer \| null
리턴	integer \| null	The latest timestamp this session is valid.

getSignatureKey() 공개 메소드

Retrieve the private key we should use to sign the assertion.

public getSignatureKey ( ) : XMLSecurityKey \| null
리턴	RobRichards\XMLSecLibs\XMLSecurityKey \| null	The key, or NULL if no key is specified.

getSignatureMethod() 공개 메소드

public getSignatureMethod ( ) : null \| string
리턴	null \| string

getSubjectConfirmation() 공개 메소드

Retrieve the SubjectConfirmation elements we have in our Subject element.

public getSubjectConfirmation ( ) : array
리턴	array	Array of \SAML2\XML\saml\SubjectConfirmation elements.

getValidAudiences() 공개 메소드

This may be null, in which case all audiences are allowed.

public getValidAudiences ( ) : array \| null
리턴	array \| null	The allowed audiences.

getWasSignedAtConstruction() 공개 메소드

public getWasSignedAtConstruction ( ) : boolean
리턴	boolean

hasEncryptedAttributes() 공개 메소드

Did this Assertion contain encrypted Attributes?

public hasEncryptedAttributes ( ) : boolean
리턴	boolean

isNameIdEncrypted() 공개 메소드

Check whether the NameId is encrypted.

public isNameIdEncrypted ( ) : true
리턴	true	if the NameId is encrypted, false if not.

setAttributeNameFormat() 공개 메소드

Set the NameFormat used on all attributes.

public setAttributeNameFormat ( string $nameFormat )
$nameFormat	string	The NameFormat used on all attributes.

setAttributes() 공개 메소드

Replace all attributes.

public setAttributes ( array $attributes )
$attributes	array	All new attributes, as an associative array.

setAuthenticatingAuthority() 공개 메소드

Set the AuthenticatingAuthority

public setAuthenticatingAuthority ( $authenticatingAuthority )

setAuthnContext() 공개 메소드

If this is set to null, no authentication statement will be included in the assertion. The default is null.

사용 중단: use setAuthnContextClassRef

public setAuthnContext ( string \| null $authnContext )
$authnContext	string \| null	The authentication method.

setAuthnContextClassRef() 공개 메소드

If this is set to null, no authentication statement will be included in the assertion. The default is null.

public setAuthnContextClassRef ( string \| null $authnContextClassRef )
$authnContextClassRef	string \| null	The authentication method.

setAuthnContextDecl() 공개 메소드

Set the authentication context declaration.

public setAuthnContextDecl ( Chunk $authnContextDecl )
$authnContextDecl	SAML2\XML\Chunk

setAuthnContextDeclRef() 공개 메소드

Set the authentication context declaration reference.

public setAuthnContextDeclRef ( string $authnContextDeclRef )
$authnContextDeclRef	string

setAuthnInstant() 공개 메소드

Set the AuthnInstant of the assertion.

public setAuthnInstant ( integer \| null $authnInstant )
$authnInstant	integer \| null	Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.

setCertificates() 공개 메소드

The certificates should be strings with the PEM encoded data.

public setCertificates ( array $certificates )
$certificates	array	An array of certificates.

setEncryptedAttributes() 공개 메소드

Set $EncryptedAttributes if attributes will send encrypted

public setEncryptedAttributes ( boolean $ea )
$ea	boolean	true to encrypt attributes in the assertion.

setEncryptionKey() 공개 메소드

Set the private key we should use to encrypt the attributes.

public setEncryptionKey ( XMLSecurityKey $Key = null )
$Key	RobRichards\XMLSecLibs\XMLSecurityKey

setId() 공개 메소드

Set the identifier of this assertion.

public setId ( string $id )
$id	string	The new identifier of this assertion.

setIssueInstant() 공개 메소드

Set the issue timestamp of this assertion.

public setIssueInstant ( integer $issueInstant )
$issueInstant	integer	The new issue timestamp of this assertion, as an UNIX timestamp.

setIssuer() 공개 메소드

Set the issuer of this message.

public setIssuer ( string \| Issuer $issuer )
$issuer	string \| SAML2\XML\saml\Issuer	The new issuer of this assertion.

setNameId() 공개 메소드

The NameId must be in the format accepted by \SAML2\Utils::addNameId().

또한 보기: SAML2\Utils::addNameId()

public setNameId ( array \| null $nameId )
$nameId	array \| null	The name identifier of the assertion.

setNotBefore() 공개 메소드

Set this to null if no limit is required.

public setNotBefore ( integer \| null $notBefore )
$notBefore	integer \| null	The earliest timestamp this assertion is valid.

setNotOnOrAfter() 공개 메소드

Set this to null if no limit is required.

public setNotOnOrAfter ( integer \| null $notOnOrAfter )
$notOnOrAfter	integer \| null	The latest timestamp this assertion is valid.

setSessionIndex() 공개 메소드

Note that the authentication context must be set before the session index can be inluded in the assertion.

public setSessionIndex ( string \| null $sessionIndex )
$sessionIndex	string \| null	The session index of the user at the IdP.

setSessionNotOnOrAfter() 공개 메소드

Set this to null if no limit is required.

public setSessionNotOnOrAfter ( integer \| null $sessionNotOnOrAfter )
$sessionNotOnOrAfter	integer \| null	The latest timestamp this session is valid.

setSignatureKey() 공개 메소드

If the key is null, the assertion will be sent unsigned.

public setSignatureKey ( XMLsecurityKey $signatureKey = null )
$signatureKey	XMLsecurityKey

setSubjectConfirmation() 공개 메소드

Set the SubjectConfirmation elements that should be included in the assertion.

public setSubjectConfirmation ( array $SubjectConfirmation )
$SubjectConfirmation	array	Array of \SAML2\XML\saml\SubjectConfirmation elements.

setValidAudiences() 공개 메소드

This may be null, in which case all audiences are allowed.

public setValidAudiences ( array $validAudiences = null )
$validAudiences	array	The allowed audiences.

toXML() 공개 메소드

Convert this assertion to an XML element.

public toXML ( DOMNode $parentElement = null ) : DOMElement
$parentElement	DOMNode	The DOM node the assertion should be created in.
리턴	DOMElement	This assertion.

validate() 공개 메소드

If no signature was present on the assertion, we will return false. Otherwise, true will be returned. An exception is thrown if the signature validation fails.

public validate ( XMLSecurityKey $key ) : boolean
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The key we should check against.
리턴	boolean	true if successful, false if it is unsigned.

프로퍼티 상세

$wasSignedAtConstruction 보호되어 있는 프로퍼티

protected bool $wasSignedAtConstruction
리턴	boolean