PHP Класс SAML2\Assertion

Наследование: implements saml2\SignedElement

Показать файл Открыть проект Примеры использования класса

Защищенные свойства (Protected)

Свойство	Тип	Описание
$wasSignedAtConstruction	boolean

Открытые методы

Метод	Описание
__construct ( DOMElement $xml = null )	Constructor for SAML 2 assertions.
decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )	Decrypt the assertion attributes.
decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )	Decrypt the NameId of the subject in the assertion.
encryptNameId ( XMLSecurityKey $key )	Encrypt the NameID in the Assertion.
getAttributeNameFormat ( ) : string	Retrieve the NameFormat used on all attributes.
getAttributes ( ) : array	Retrieve all attributes.
getAuthenticatingAuthority ( ) : array	Retrieve the AuthenticatingAuthority.
getAuthnContext ( ) : string \| null	Retrieve the authentication method used to authenticate the user.
getAuthnContextClassRef ( ) : string \| null	Retrieve the authentication method used to authenticate the user.
getAuthnContextDecl ( ) : Chunk \| null	Get the authentication context declaration.
getAuthnContextDeclRef ( ) : string	Get the authentication context declaration reference.
getAuthnInstant ( ) : integer \| null	Retrieve the AuthnInstant of the assertion.
getCertificates ( ) : array	Retrieve the certificates that are included in the assertion.
getEncryptionKey ( ) : XMLSecurityKey \| null	Return the key we should use to encrypt the assertion.
getId ( ) : string	Retrieve the identifier of this assertion.
getIssueInstant ( ) : integer	Retrieve the issue timestamp of this assertion.
getIssuer ( ) : string \| Issuer	Retrieve the issuer if this assertion.
getNameId ( ) : array \| null	Retrieve the NameId of the subject in the assertion.
getNotBefore ( ) : integer \| null	Retrieve the earliest timestamp this assertion is valid.
getNotOnOrAfter ( ) : integer \| null	Retrieve the expiration timestamp of this assertion.
getSessionIndex ( ) : string \| null	Retrieve the session index of the user at the IdP.
getSessionNotOnOrAfter ( ) : integer \| null	Retrieve the session expiration timestamp.
getSignatureKey ( ) : XMLSecurityKey \| null	Retrieve the private key we should use to sign the assertion.
getSignatureMethod ( ) : null \| string
getSubjectConfirmation ( ) : array	Retrieve the SubjectConfirmation elements we have in our Subject element.
getValidAudiences ( ) : array \| null	Retrieve the audiences that are allowed to receive this assertion.
getWasSignedAtConstruction ( ) : boolean
hasEncryptedAttributes ( ) : boolean	Did this Assertion contain encrypted Attributes?
isNameIdEncrypted ( ) : true	Check whether the NameId is encrypted.
setAttributeNameFormat ( string $nameFormat )	Set the NameFormat used on all attributes.
setAttributes ( array $attributes )	Replace all attributes.
setAuthenticatingAuthority ( $authenticatingAuthority )	Set the AuthenticatingAuthority
setAuthnContext ( string \| null $authnContext )	Set the authentication method used to authenticate the user.
setAuthnContextClassRef ( string \| null $authnContextClassRef )	Set the authentication method used to authenticate the user.
setAuthnContextDecl ( Chunk $authnContextDecl )	Set the authentication context declaration.
setAuthnContextDeclRef ( string $authnContextDeclRef )	Set the authentication context declaration reference.
setAuthnInstant ( integer \| null $authnInstant )	Set the AuthnInstant of the assertion.
setCertificates ( array $certificates )	Set the certificates that should be included in the assertion.
setEncryptedAttributes ( boolean $ea )	Set $EncryptedAttributes if attributes will send encrypted
setEncryptionKey ( XMLSecurityKey $Key = null )	Set the private key we should use to encrypt the attributes.
setId ( string $id )	Set the identifier of this assertion.
setIssueInstant ( integer $issueInstant )	Set the issue timestamp of this assertion.
setIssuer ( string \| Issuer $issuer )	Set the issuer of this message.
setNameId ( array \| null $nameId )	Set the NameId of the subject in the assertion.
setNotBefore ( integer \| null $notBefore )	Set the earliest timestamp this assertion can be used.
setNotOnOrAfter ( integer \| null $notOnOrAfter )	Set the expiration timestamp of this assertion.
setSessionIndex ( string \| null $sessionIndex )	Set the session index of the user at the IdP.
setSessionNotOnOrAfter ( integer \| null $sessionNotOnOrAfter )	Set the session expiration timestamp.
setSignatureKey ( XMLsecurityKey $signatureKey = null )	Set the private key we should use to sign the assertion.
setSubjectConfirmation ( array $SubjectConfirmation )	Set the SubjectConfirmation elements that should be included in the assertion.
setValidAudiences ( array $validAudiences = null )	Set the audiences that are allowed to receive this assertion.
toXML ( DOMNode $parentElement = null ) : DOMElement	Convert this assertion to an XML element.
validate ( XMLSecurityKey $key ) : boolean	Validate this assertion against a public key.

Приватные методы

Метод	Описание
addAttributeStatement ( DOMElement $root )	Add an AttributeStatement-node to the assertion.
addAuthnStatement ( DOMElement $root )	Add a AuthnStatement-node to the assertion.
addConditions ( DOMElement $root )	Add a Conditions-node to the assertion.
addEncryptedAttributeStatement ( DOMElement $root )	Add an EncryptedAttribute Statement-node to the assertion.
addSubject ( DOMElement $root )	Add a Subject-node to the assertion.
parseAttributeValue ( DOMNode $attribute, string $attributeName )
parseAttributes ( DOMElement $xml )	Parse attribute statements in assertion.
parseAuthnContext ( DOMElement $authnStatementEl )	Parse AuthnContext in AuthnStatement.
parseAuthnStatement ( DOMElement $xml )	Parse AuthnStatement in assertion.
parseConditions ( DOMElement $xml )	Parse conditions in assertion.
parseEncryptedAttributes ( DOMElement $xml )	Parse encrypted attribute statements in assertion.
parseSignature ( DOMElement $xml )	Parse signature on assertion.
parseSubject ( DOMElement $xml )	Parse subject in assertion.

Описание методов

__construct() публичный Метод

Constructor for SAML 2 assertions.

public __construct ( DOMElement $xml = null )
$xml	DOMElement	The input assertion.

decryptAttributes() публичный Метод

Decrypt the assertion attributes.

public decryptAttributes ( XMLSecurityKey $key, array $blacklist = [] )
$key	RobRichards\XMLSecLibs\XMLSecurityKey
$blacklist	array

decryptNameId() публичный Метод

Decrypt the NameId of the subject in the assertion.

public decryptNameId ( XMLSecurityKey $key, array $blacklist = [] )
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The decryption key.
$blacklist	array	Blacklisted decryption algorithms.

encryptNameId() публичный Метод

Encrypt the NameID in the Assertion.

public encryptNameId ( XMLSecurityKey $key )
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The encryption key.

getAttributeNameFormat() публичный Метод

If more than one NameFormat is used in the received attributes, this returns the unspecified NameFormat.

public getAttributeNameFormat ( ) : string
Результат	string	The NameFormat used on all attributes.

getAttributes() публичный Метод

Retrieve all attributes.

public getAttributes ( ) : array
Результат	array	All attributes, as an associative array.

getAuthenticatingAuthority() публичный Метод

Retrieve the AuthenticatingAuthority.

public getAuthenticatingAuthority ( ) : array
Результат	array

getAuthnContext() публичный Метод

This will return null if no authentication statement was included in the assertion. Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps but is slightly different (consult the specification for more information). This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef.

Устаревший: use getAuthnContextClassRef

public getAuthnContext ( ) : string \| null
Результат	string \| null	The authentication method.

getAuthnContextClassRef() публичный Метод

This will return null if no authentication statement was included in the assertion.

public getAuthnContextClassRef ( ) : string \| null
Результат	string \| null	The authentication method.

getAuthnContextDecl() публичный Метод

See:

public getAuthnContextDecl ( ) : Chunk \| null
Результат	SAML2\XML\Chunk \| null

getAuthnContextDeclRef() публичный Метод

URI reference that identifies an authentication context declaration. The URI reference MAY directly resolve into an XML document containing the referenced declaration.

public getAuthnContextDeclRef ( ) : string
Результат	string

getAuthnInstant() публичный Метод

Retrieve the AuthnInstant of the assertion.

public getAuthnInstant ( ) : integer \| null
Результат	integer \| null	The timestamp the user was authenticated, or NULL if the user isn't authenticated.

getCertificates() публичный Метод

Retrieve the certificates that are included in the assertion.

public getCertificates ( ) : array
Результат	array	An array of certificates.

getEncryptionKey() публичный Метод

Return the key we should use to encrypt the assertion.

public getEncryptionKey ( ) : XMLSecurityKey \| null
Результат	RobRichards\XMLSecLibs\XMLSecurityKey \| null	The key, or NULL if no key is specified..

getId() публичный Метод

Retrieve the identifier of this assertion.

public getId ( ) : string
Результат	string	The identifier of this assertion.

getIssueInstant() публичный Метод

Retrieve the issue timestamp of this assertion.

public getIssueInstant ( ) : integer
Результат	integer	The issue timestamp of this assertion, as an UNIX timestamp.

getIssuer() публичный Метод

Retrieve the issuer if this assertion.

public getIssuer ( ) : string \| Issuer
Результат	string \| SAML2\XML\saml\Issuer	The issuer of this assertion.

getNameId() публичный Метод

The returned NameId is in the format used by \SAML2\Utils::addNameId().

См. также: SAML2\Utils::addNameId()

public getNameId ( ) : array \| null
Результат	array \| null	The name identifier of the assertion.

getNotBefore() публичный Метод

This function returns null if there are no restrictions on how early the assertion can be used.

public getNotBefore ( ) : integer \| null
Результат	integer \| null	The earliest timestamp this assertion is valid.

getNotOnOrAfter() публичный Метод

This function returns null if there are no restrictions on how late the assertion can be used.

public getNotOnOrAfter ( ) : integer \| null
Результат	integer \| null	The latest timestamp this assertion is valid.

getSessionIndex() публичный Метод

Retrieve the session index of the user at the IdP.

public getSessionIndex ( ) : string \| null
Результат	string \| null	The session index of the user at the IdP.

getSessionNotOnOrAfter() публичный Метод

This function returns null if there are no restrictions on the session lifetime.

public getSessionNotOnOrAfter ( ) : integer \| null
Результат	integer \| null	The latest timestamp this session is valid.

getSignatureKey() публичный Метод

Retrieve the private key we should use to sign the assertion.

public getSignatureKey ( ) : XMLSecurityKey \| null
Результат	RobRichards\XMLSecLibs\XMLSecurityKey \| null	The key, or NULL if no key is specified.

getSignatureMethod() публичный Метод

public getSignatureMethod ( ) : null \| string
Результат	null \| string

getSubjectConfirmation() публичный Метод

Retrieve the SubjectConfirmation elements we have in our Subject element.

public getSubjectConfirmation ( ) : array
Результат	array	Array of \SAML2\XML\saml\SubjectConfirmation elements.

getValidAudiences() публичный Метод

This may be null, in which case all audiences are allowed.

public getValidAudiences ( ) : array \| null
Результат	array \| null	The allowed audiences.

getWasSignedAtConstruction() публичный Метод

public getWasSignedAtConstruction ( ) : boolean
Результат	boolean

hasEncryptedAttributes() публичный Метод

Did this Assertion contain encrypted Attributes?

public hasEncryptedAttributes ( ) : boolean
Результат	boolean

isNameIdEncrypted() публичный Метод

Check whether the NameId is encrypted.

public isNameIdEncrypted ( ) : true
Результат	true	if the NameId is encrypted, false if not.

setAttributeNameFormat() публичный Метод

Set the NameFormat used on all attributes.

public setAttributeNameFormat ( string $nameFormat )
$nameFormat	string	The NameFormat used on all attributes.

setAttributes() публичный Метод

Replace all attributes.

public setAttributes ( array $attributes )
$attributes	array	All new attributes, as an associative array.

setAuthenticatingAuthority() публичный Метод

Set the AuthenticatingAuthority

public setAuthenticatingAuthority ( $authenticatingAuthority )

setAuthnContext() публичный Метод

If this is set to null, no authentication statement will be included in the assertion. The default is null.

Устаревший: use setAuthnContextClassRef

public setAuthnContext ( string \| null $authnContext )
$authnContext	string \| null	The authentication method.

setAuthnContextClassRef() публичный Метод

If this is set to null, no authentication statement will be included in the assertion. The default is null.

public setAuthnContextClassRef ( string \| null $authnContextClassRef )
$authnContextClassRef	string \| null	The authentication method.

setAuthnContextDecl() публичный Метод

Set the authentication context declaration.

public setAuthnContextDecl ( Chunk $authnContextDecl )
$authnContextDecl	SAML2\XML\Chunk

setAuthnContextDeclRef() публичный Метод

Set the authentication context declaration reference.

public setAuthnContextDeclRef ( string $authnContextDeclRef )
$authnContextDeclRef	string

setAuthnInstant() публичный Метод

Set the AuthnInstant of the assertion.

public setAuthnInstant ( integer \| null $authnInstant )
$authnInstant	integer \| null	Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.

setCertificates() публичный Метод

The certificates should be strings with the PEM encoded data.

public setCertificates ( array $certificates )
$certificates	array	An array of certificates.

setEncryptedAttributes() публичный Метод

Set $EncryptedAttributes if attributes will send encrypted

public setEncryptedAttributes ( boolean $ea )
$ea	boolean	true to encrypt attributes in the assertion.

setEncryptionKey() публичный Метод

Set the private key we should use to encrypt the attributes.

public setEncryptionKey ( XMLSecurityKey $Key = null )
$Key	RobRichards\XMLSecLibs\XMLSecurityKey

setId() публичный Метод

Set the identifier of this assertion.

public setId ( string $id )
$id	string	The new identifier of this assertion.

setIssueInstant() публичный Метод

Set the issue timestamp of this assertion.

public setIssueInstant ( integer $issueInstant )
$issueInstant	integer	The new issue timestamp of this assertion, as an UNIX timestamp.

setIssuer() публичный Метод

Set the issuer of this message.

public setIssuer ( string \| Issuer $issuer )
$issuer	string \| SAML2\XML\saml\Issuer	The new issuer of this assertion.

setNameId() публичный Метод

The NameId must be in the format accepted by \SAML2\Utils::addNameId().

См. также: SAML2\Utils::addNameId()

public setNameId ( array \| null $nameId )
$nameId	array \| null	The name identifier of the assertion.

setNotBefore() публичный Метод

Set this to null if no limit is required.

public setNotBefore ( integer \| null $notBefore )
$notBefore	integer \| null	The earliest timestamp this assertion is valid.

setNotOnOrAfter() публичный Метод

Set this to null if no limit is required.

public setNotOnOrAfter ( integer \| null $notOnOrAfter )
$notOnOrAfter	integer \| null	The latest timestamp this assertion is valid.

setSessionIndex() публичный Метод

Note that the authentication context must be set before the session index can be inluded in the assertion.

public setSessionIndex ( string \| null $sessionIndex )
$sessionIndex	string \| null	The session index of the user at the IdP.

setSessionNotOnOrAfter() публичный Метод

Set this to null if no limit is required.

public setSessionNotOnOrAfter ( integer \| null $sessionNotOnOrAfter )
$sessionNotOnOrAfter	integer \| null	The latest timestamp this session is valid.

setSignatureKey() публичный Метод

If the key is null, the assertion will be sent unsigned.

public setSignatureKey ( XMLsecurityKey $signatureKey = null )
$signatureKey	XMLsecurityKey

setSubjectConfirmation() публичный Метод

Set the SubjectConfirmation elements that should be included in the assertion.

public setSubjectConfirmation ( array $SubjectConfirmation )
$SubjectConfirmation	array	Array of \SAML2\XML\saml\SubjectConfirmation elements.

setValidAudiences() публичный Метод

This may be null, in which case all audiences are allowed.

public setValidAudiences ( array $validAudiences = null )
$validAudiences	array	The allowed audiences.

toXML() публичный Метод

Convert this assertion to an XML element.

public toXML ( DOMNode $parentElement = null ) : DOMElement
$parentElement	DOMNode	The DOM node the assertion should be created in.
Результат	DOMElement	This assertion.

validate() публичный Метод

If no signature was present on the assertion, we will return false. Otherwise, true will be returned. An exception is thrown if the signature validation fails.

public validate ( XMLSecurityKey $key ) : boolean
$key	RobRichards\XMLSecLibs\XMLSecurityKey	The key we should check against.
Результат	boolean	true if successful, false if it is unsigned.

Описание свойств

$wasSignedAtConstruction защищенное свойство

protected bool $wasSignedAtConstruction
Результат	boolean