public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result)
{
$notBeforeTimestamp = $assertion->getNotBefore();
if ($notBeforeTimestamp && $notBeforeTimestamp > SAML2_Utilities_Temporal::getTime() + 60) {
$result->addError('Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.');
}
}
public function validate($token)
{
$data = $this->parseToken($token);
// validate digest and thumbprint
$assertion = new SAML2_Assertion($data['Assertion']);
$certificates = $assertion->getCertificates();
$this->validateCertificateThumbprint($certificates[0]);
// validate issuer
if ($this->validateIssuer) {
$this->validateIssuer($assertion->getIssuer());
}
// validate audiences
if ($this->validateAudiences) {
$this->validateAudiences($assertion->getValidAudiences(), $assertion->getNotBefore(), $assertion->getNotOnOrAfter());
}
return $this->getClaims($data);
}
