Assertion
in package
This is the Assertion Class. It reads the Assertion coming in the SAML Response and creates an Assertion object. The class would throw an error if the assertion doesn't pass the validation check or has some missing attributes.
Tags
Table of Contents
- $wasSignedAtConstruction : mixed
- $attributes : mixed
- $AuthenticatingAuthority : mixed
- $authnContextClassRef : mixed
- $authnContextDecl : mixed
- $authnContextDeclRef : mixed
- $authnInstant : mixed
- $certificates : mixed
- $encryptedAttribute : mixed
- $encryptedNameId : mixed
- $encryptionKey : mixed
- $id : mixed
- $issueInstant : mixed
- $issuer : mixed
- $nameFormat : mixed
- $nameId : mixed
- $notBefore : mixed
- $notOnOrAfter : mixed
- $requiredEncAttributes : mixed
- $sessionIndex : mixed
- $sessionNotOnOrAfter : mixed
- $signatureData : mixed
- $signatureKey : mixed
- $SubjectConfirmation : mixed
- $validAudiences : mixed
- __construct() : mixed
- Assertion constructor.
- decryptAttributes() : mixed
- Decrypt the assertion attributes.
- decryptNameId() : mixed
- getAttributeNameFormat() : string
- Retrieve the NameFormat used on all attributes.
- getAttributes() : array<string|int, mixed>
- Retrieve all attributes.
- getAuthenticatingAuthority() : array<string|int, mixed>
- Retrieve the AuthenticatingAuthority.
- getAuthnContext() : string|null
- Retrieve the authentication method used to authenticate the user.
- getAuthnContextClassRef() : string|null
- Retrieve the authentication method used to authenticate the user.
- getAuthnContextDecl() : SAML2_XML_Chunk|null
- Get the authentication context declaration.
- getAuthnContextDeclRef() : string
- Get the authentication context declaration reference.
- getAuthnInstant() : int|null
- Retrieve the AuthnInstant of the assertion.
- getCertificates() : array<string|int, mixed>
- Retrieve the certificates that are included in the assertion.
- getEncryptionKey() : XMLSecurityKey|null
- Return the key we should use to encrypt the assertion.
- getId() : string
- Retrieve the identifier of this assertion.
- getIssueInstant() : int
- Retrieve the issue timestamp of this assertion.
- getIssuer() : string
- Retrieve the issuer if this assertion.
- getNameId() : array<string|int, mixed>|null
- Retrieve the NameId of the subject in the assertion.
- getNotBefore() : int|null
- Retrieve the earliest timestamp this assertion is valid.
- getNotOnOrAfter() : int|null
- Retrieve the expiration timestamp of this assertion.
- getSessionIndex() : string|null
- Retrieve the session index of the user at the IdP.
- getSessionNotOnOrAfter() : int|null
- Retrieve the session expiration timestamp.
- getSignatureData() : mixed
- getSignatureKey() : XMLSecurityKey|null
- Retrieve the private key we should use to sign the assertion.
- getSubjectConfirmation() : array<string|int, mixed>
- Retrieve the SubjectConfirmation elements we have in our Subject element.
- getValidAudiences() : array<string|int, mixed>|null
- Retrieve the audiences that are allowed to receive this assertion.
- getWasSignedAtConstruction() : bool
- isNameIdEncrypted() : true
- Check whether the NameId is encrypted.
- setAttributeNameFormat() : mixed
- Set the NameFormat used on all attributes.
- setAttributes() : mixed
- Replace all attributes.
- setAuthenticatingAuthority() : mixed
- Set the AuthenticatingAuthority
- setAuthnContext() : mixed
- Set the authentication method used to authenticate the user.
- setAuthnContextClassRef() : mixed
- Set the authentication method used to authenticate the user.
- setAuthnContextDecl() : mixed
- Set the authentication context declaration.
- setAuthnContextDeclRef() : mixed
- Set the authentication context declaration reference.
- setAuthnInstant() : mixed
- Set the AuthnInstant of the assertion.
- setCertificates() : mixed
- Set the certificates that should be included in the assertion.
- setEncryptedAttributes() : mixed
- Set $EncryptedAttributes if attributes will send encrypted
- setEncryptionKey() : mixed
- Set the private key we should use to encrypt the attributes.
- setId() : mixed
- Set the identifier of this assertion.
- setIssueInstant() : mixed
- Set the issue timestamp of this assertion.
- setIssuer() : mixed
- Set the issuer of this message.
- setNameId() : mixed
- Set the NameId of the subject in the assertion.
- setNotBefore() : mixed
- Set the earliest timestamp this assertion can be used.
- setNotOnOrAfter() : mixed
- Set the expiration timestamp of this assertion.
- setSessionIndex() : mixed
- Set the session index of the user at the IdP.
- setSessionNotOnOrAfter() : mixed
- Set the session expiration timestamp.
- setSignatureKey() : mixed
- Set the private key we should use to sign the assertion.
- setSubjectConfirmation() : mixed
- Set the SubjectConfirmation elements that should be included in the assertion.
- setValidAudiences() : mixed
- Set the audiences that are allowed to receive this assertion.
- validate() : bool
- Validate this assertion against a public key.
- parseAttributes() : mixed
- Parse attribute statements in assertion.
- parseAuthnContext() : mixed
- Parse AuthnContext in AuthnStatement.
- parseAuthnStatement() : mixed
- Parse AuthnStatement in assertion.
- parseConditions() : mixed
- Parse conditions in assertion.
- parseEncryptedAttributes() : mixed
- Parse encrypted attribute statements in assertion.
- parseSignature() : mixed
- parseSubject() : mixed
- Parse subject in assertion.
Properties
$wasSignedAtConstruction
protected
mixed
$wasSignedAtConstruction
= FALSE
$attributes
private
mixed
$attributes
$AuthenticatingAuthority
private
mixed
$AuthenticatingAuthority
$authnContextClassRef
private
mixed
$authnContextClassRef
$authnContextDecl
private
mixed
$authnContextDecl
$authnContextDeclRef
private
mixed
$authnContextDeclRef
$authnInstant
private
mixed
$authnInstant
$certificates
private
mixed
$certificates
$encryptedAttribute
private
mixed
$encryptedAttribute
$encryptedNameId
private
mixed
$encryptedNameId
$encryptionKey
private
mixed
$encryptionKey
$id
private
mixed
$id
$issueInstant
private
mixed
$issueInstant
$issuer
private
mixed
$issuer
$nameFormat
private
mixed
$nameFormat
$nameId
private
mixed
$nameId
$notBefore
private
mixed
$notBefore
$notOnOrAfter
private
mixed
$notOnOrAfter
$requiredEncAttributes
private
mixed
$requiredEncAttributes
$sessionIndex
private
mixed
$sessionIndex
$sessionNotOnOrAfter
private
mixed
$sessionNotOnOrAfter
$signatureData
private
mixed
$signatureData
$signatureKey
private
mixed
$signatureKey
$SubjectConfirmation
private
mixed
$SubjectConfirmation
$validAudiences
private
mixed
$validAudiences
Methods
__construct()
Assertion constructor.
public
__construct([DOMElement|null $xml = NULL ]) : mixed
Parameters
- $xml : DOMElement|null = NULL
Tags
Return values
mixed —decryptAttributes()
Decrypt the assertion attributes.
public
decryptAttributes(XMLSecurityKey $key[, array<string|int, mixed> $blacklist = array() ]) : mixed
Parameters
- $key : XMLSecurityKey
- $blacklist : array<string|int, mixed> = array()
Tags
Return values
mixed —decryptNameId()
public
decryptNameId(XMLSecurityKey $key[, array<string|int, mixed> $blacklist = array() ]) : mixed
Parameters
- $key : XMLSecurityKey
- $blacklist : array<string|int, mixed> = array()
Tags
Return values
mixed —getAttributeNameFormat()
Retrieve the NameFormat used on all attributes.
public
getAttributeNameFormat() : string
If more than one NameFormat is used in the received attributes, this returns the unspecified NameFormat.
Return values
string —The NameFormat used on all attributes.
getAttributes()
Retrieve all attributes.
public
getAttributes() : array<string|int, mixed>
Return values
array<string|int, mixed> —All attributes, as an associative array.
getAuthenticatingAuthority()
Retrieve the AuthenticatingAuthority.
public
getAuthenticatingAuthority() : array<string|int, mixed>
Return values
array<string|int, mixed> —getAuthnContext()
Retrieve the authentication method used to authenticate the user.
public
getAuthnContext() : string|null
This will return NULL if no authentication statement was included in the assertion.
Note that this returns either the AuthnContextClassRef or the AuthnConextDeclRef, whose definition overlaps but is slightly different (consult the specification for more information). This was done to work around an old bug of Shibboleth ( https://bugs.internet2.edu/jira/browse/SIDP-187 ). Should no longer be required, please use either getAuthnConextClassRef or getAuthnContextDeclRef.
Tags
Return values
string|null —The authentication method.
getAuthnContextClassRef()
Retrieve the authentication method used to authenticate the user.
public
getAuthnContextClassRef() : string|null
This will return NULL if no authentication statement was included in the assertion.
Return values
string|null —The authentication method.
getAuthnContextDecl()
Get the authentication context declaration.
public
getAuthnContextDecl() : SAML2_XML_Chunk|null
See:
Tags
Return values
SAML2_XML_Chunk|null —getAuthnContextDeclRef()
Get the authentication context declaration reference.
public
getAuthnContextDeclRef() : string
URI reference that identifies an authentication context declaration.
The URI reference MAY directly resolve into an XML document containing the referenced declaration.
Return values
string —getAuthnInstant()
Retrieve the AuthnInstant of the assertion.
public
getAuthnInstant() : int|null
Return values
int|null —The timestamp the user was authenticated, or NULL if the user isn't authenticated.
getCertificates()
Retrieve the certificates that are included in the assertion.
public
getCertificates() : array<string|int, mixed>
Return values
array<string|int, mixed> —An array of certificates.
getEncryptionKey()
Return the key we should use to encrypt the assertion.
public
getEncryptionKey() : XMLSecurityKey|null
Return values
XMLSecurityKey|null —The key, or NULL if no key is specified..
getId()
Retrieve the identifier of this assertion.
public
getId() : string
Return values
string —The identifier of this assertion.
getIssueInstant()
Retrieve the issue timestamp of this assertion.
public
getIssueInstant() : int
Return values
int —The issue timestamp of this assertion, as an UNIX timestamp.
getIssuer()
Retrieve the issuer if this assertion.
public
getIssuer() : string
Return values
string —The issuer of this assertion.
getNameId()
Retrieve the NameId of the subject in the assertion.
public
getNameId() : array<string|int, mixed>|null
The returned NameId is in the format used by samlutilities::addNameId().
Tags
Return values
array<string|int, mixed>|null —The name identifier of the assertion.
getNotBefore()
Retrieve the earliest timestamp this assertion is valid.
public
getNotBefore() : int|null
This function returns NULL if there are no restrictions on how early the assertion can be used.
Return values
int|null —The earliest timestamp this assertion is valid.
getNotOnOrAfter()
Retrieve the expiration timestamp of this assertion.
public
getNotOnOrAfter() : int|null
This function returns NULL if there are no restrictions on how late the assertion can be used.
Return values
int|null —The latest timestamp this assertion is valid.
getSessionIndex()
Retrieve the session index of the user at the IdP.
public
getSessionIndex() : string|null
Return values
string|null —The session index of the user at the IdP.
getSessionNotOnOrAfter()
Retrieve the session expiration timestamp.
public
getSessionNotOnOrAfter() : int|null
This function returns NULL if there are no restrictions on the session lifetime.
Return values
int|null —The latest timestamp this session is valid.
getSignatureData()
public
getSignatureData() : mixed
Return values
mixed —getSignatureKey()
Retrieve the private key we should use to sign the assertion.
public
getSignatureKey() : XMLSecurityKey|null
Return values
XMLSecurityKey|null —The key, or NULL if no key is specified.
getSubjectConfirmation()
Retrieve the SubjectConfirmation elements we have in our Subject element.
public
getSubjectConfirmation() : array<string|int, mixed>
Return values
array<string|int, mixed> —Array of SAML2_XML_saml_SubjectConfirmation elements.
getValidAudiences()
Retrieve the audiences that are allowed to receive this assertion.
public
getValidAudiences() : array<string|int, mixed>|null
This may be NULL, in which case all audiences are allowed.
Return values
array<string|int, mixed>|null —The allowed audiences.
getWasSignedAtConstruction()
public
getWasSignedAtConstruction() : bool
Return values
bool —isNameIdEncrypted()
Check whether the NameId is encrypted.
public
isNameIdEncrypted() : true
Return values
true —if the NameId is encrypted, FALSE if not.
setAttributeNameFormat()
Set the NameFormat used on all attributes.
public
setAttributeNameFormat(string $nameFormat) : mixed
Parameters
- $nameFormat : string
-
The NameFormat used on all attributes.
Return values
mixed —setAttributes()
Replace all attributes.
public
setAttributes(array<string|int, mixed> $attributes) : mixed
Parameters
- $attributes : array<string|int, mixed>
-
All new attributes, as an associative array.
Return values
mixed —setAuthenticatingAuthority()
Set the AuthenticatingAuthority
public
setAuthenticatingAuthority(mixed $authenticatingAuthority) : mixed
Parameters
- $authenticatingAuthority : mixed
Return values
mixed —setAuthnContext()
Set the authentication method used to authenticate the user.
public
setAuthnContext(string|null $authnContext) : mixed
If this is set to NULL, no authentication statement will be included in the assertion. The default is NULL.
Parameters
- $authnContext : string|null
-
The authentication method.
Tags
Return values
mixed —setAuthnContextClassRef()
Set the authentication method used to authenticate the user.
public
setAuthnContextClassRef(string|null $authnContextClassRef) : mixed
If this is set to NULL, no authentication statement will be included in the assertion. The default is NULL.
Parameters
- $authnContextClassRef : string|null
-
The authentication method.
Return values
mixed —setAuthnContextDecl()
Set the authentication context declaration.
public
setAuthnContextDecl(SAML2_XML_Chunk $authnContextDecl) : mixed
Parameters
- $authnContextDecl : SAML2_XML_Chunk
Tags
Return values
mixed —setAuthnContextDeclRef()
Set the authentication context declaration reference.
public
setAuthnContextDeclRef(string $authnContextDeclRef) : mixed
Parameters
- $authnContextDeclRef : string
Tags
Return values
mixed —setAuthnInstant()
Set the AuthnInstant of the assertion.
public
setAuthnInstant(int|null $authnInstant) : mixed
Parameters
- $authnInstant : int|null
-
Timestamp the user was authenticated, or NULL if we don't want an AuthnStatement.
Return values
mixed —setCertificates()
Set the certificates that should be included in the assertion.
public
setCertificates(array<string|int, mixed> $certificates) : mixed
The certificates should be strings with the PEM encoded data.
Parameters
- $certificates : array<string|int, mixed>
-
An array of certificates.
Return values
mixed —setEncryptedAttributes()
Set $EncryptedAttributes if attributes will send encrypted
public
setEncryptedAttributes(bool $ea) : mixed
Parameters
- $ea : bool
-
TRUE to encrypt attributes in the assertion.
Return values
mixed —setEncryptionKey()
Set the private key we should use to encrypt the attributes.
public
setEncryptionKey([XMLSecurityKey|null $Key = NULL ]) : mixed
Parameters
- $Key : XMLSecurityKey|null = NULL
Return values
mixed —setId()
Set the identifier of this assertion.
public
setId(string $id) : mixed
Parameters
- $id : string
-
The new identifier of this assertion.
Return values
mixed —setIssueInstant()
Set the issue timestamp of this assertion.
public
setIssueInstant(int $issueInstant) : mixed
Parameters
- $issueInstant : int
-
The new issue timestamp of this assertion, as an UNIX timestamp.
Return values
mixed —setIssuer()
Set the issuer of this message.
public
setIssuer(string $issuer) : mixed
Parameters
- $issuer : string
-
The new issuer of this assertion.
Return values
mixed —setNameId()
Set the NameId of the subject in the assertion.
public
setNameId(array<string|int, mixed>|null $nameId) : mixed
The NameId must be in the format accepted by samlutilities::addNameId().
Parameters
- $nameId : array<string|int, mixed>|null
-
The name identifier of the assertion.
Tags
Return values
mixed —setNotBefore()
Set the earliest timestamp this assertion can be used.
public
setNotBefore(int|null $notBefore) : mixed
Set this to NULL if no limit is required.
Parameters
- $notBefore : int|null
-
The earliest timestamp this assertion is valid.
Return values
mixed —setNotOnOrAfter()
Set the expiration timestamp of this assertion.
public
setNotOnOrAfter(int|null $notOnOrAfter) : mixed
Set this to NULL if no limit is required.
Parameters
- $notOnOrAfter : int|null
-
The latest timestamp this assertion is valid.
Return values
mixed —setSessionIndex()
Set the session index of the user at the IdP.
public
setSessionIndex(string|null $sessionIndex) : mixed
Note that the authentication context must be set before the session index can be inluded in the assertion.
Parameters
- $sessionIndex : string|null
-
The session index of the user at the IdP.
Return values
mixed —setSessionNotOnOrAfter()
Set the session expiration timestamp.
public
setSessionNotOnOrAfter(int|null $sessionNotOnOrAfter) : mixed
Set this to NULL if no limit is required.
Parameters
- $sessionNotOnOrAfter : int|null
-
The latest timestamp this session is valid.
Return values
mixed —setSignatureKey()
Set the private key we should use to sign the assertion.
public
setSignatureKey([XMLSecurityKey|null $signatureKey = NULL ]) : mixed
If the key is NULL, the assertion will be sent unsigned.
Parameters
- $signatureKey : XMLSecurityKey|null = NULL
Return values
mixed —setSubjectConfirmation()
Set the SubjectConfirmation elements that should be included in the assertion.
public
setSubjectConfirmation(array<string|int, mixed> $SubjectConfirmation) : mixed
Parameters
- $SubjectConfirmation : array<string|int, mixed>
-
Array of SAML2_XML_saml_SubjectConfirmation elements.
Return values
mixed —setValidAudiences()
Set the audiences that are allowed to receive this assertion.
public
setValidAudiences([array<string|int, mixed>|null $validAudiences = NULL ]) : mixed
This may be NULL, in which case all audiences are allowed.
Parameters
- $validAudiences : array<string|int, mixed>|null = NULL
-
The allowed audiences.
Return values
mixed —validate()
Validate this assertion against a public key.
public
validate(XMLSecurityKey $key) : bool
If no signature was present on the assertion, we will return FALSE. Otherwise, TRUE will be returned. An exception is thrown if the signature validation fails.
Parameters
- $key : XMLSecurityKey
Tags
Return values
bool —parseAttributes()
Parse attribute statements in assertion.
private
parseAttributes(DOMElement $xml) : mixed
Parameters
- $xml : DOMElement
-
The XML element with the assertion.
Tags
Return values
mixed —parseAuthnContext()
Parse AuthnContext in AuthnStatement.
private
parseAuthnContext(DOMElement $authnStatementEl) : mixed
Parameters
- $authnStatementEl : DOMElement
Tags
Return values
mixed —parseAuthnStatement()
Parse AuthnStatement in assertion.
private
parseAuthnStatement(DOMElement $xml) : mixed
Parameters
- $xml : DOMElement
-
The assertion XML element.
Tags
Return values
mixed —parseConditions()
Parse conditions in assertion.
private
parseConditions(DOMElement $xml) : mixed
Parameters
- $xml : DOMElement
-
The assertion XML element.
Tags
Return values
mixed —parseEncryptedAttributes()
Parse encrypted attribute statements in assertion.
private
parseEncryptedAttributes(DOMElement $xml) : mixed
Parameters
- $xml : DOMElement
-
The XML element with the assertion.
Return values
mixed —parseSignature()
private
parseSignature(DOMElement $xml) : mixed
Parameters
- $xml : DOMElement
Tags
Return values
mixed —parseSubject()
Parse subject in assertion.
private
parseSubject(DOMElement $xml) : mixed
Parameters
- $xml : DOMElement
-
The assertion XML element.