public function test_logout_response_with_xsd()
{
$logoutResponse = new LogoutResponse();
$logoutResponse->setInResponseTo(Helper::generateID())->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS), 'Successfully logged out from service'))->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://destination.com')->setIssuer(new Issuer('https://issuer.com'));
$this->sign($logoutResponse);
$this->validateProtocol($logoutResponse);
}
/**
* @param string $email
* @param string $message_id
* @return string
*/
public function send($email, $message_id)
{
$message = $this->saml_data_manager->get($message_id);
if (!$message) {
if ($this->logger) {
$this->logger->error("Saml message with id {$message_id} not found or expired");
}
throw new RuntimeException('Authentication message does not exist');
}
$this->saml_data_manager->delete($message_id);
$response = new Response();
$assertion = new Assertion();
$response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue()));
$assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
$certificate = X509Certificate::fromFile($this->saml_crt);
$private_key = KeyHelper::createPrivateKey($this->saml_key, '', true);
$response->setSignature(new SignatureWriter($certificate, $private_key));
$binding_factory = new BindingFactory();
$post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST);
$message_context = new MessageContext();
$message_context->setMessage($response);
/** @var SymfonyResponse $http_response */
$http_response = $post_binding->send($message_context);
return $http_response->getContent();
}
/**
* @return string|null
*/
public function getNotOnOrAfterString()
{
if ($this->notOnOrAfter) {
return Helper::time2string($this->notOnOrAfter);
}
return null;
}
public function test_authn_request_with_xsd()
{
$authnRequest = new AuthnRequest();
$authnRequest->setAssertionConsumerServiceURL('https://sp.com/acs')->setNameIDPolicy(new NameIDPolicy(SamlConstants::NAME_ID_FORMAT_EMAIL, true))->setProtocolBinding(SamlConstants::PROTOCOL_SAML2)->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/destination')->setIssuer(new Issuer('https://sp.com'));
$this->sign($authnRequest);
$this->validateProtocol($authnRequest);
}
public function test_logout_request_with_xsd()
{
$logoutRequest = new LogoutRequest();
$logoutRequest->setNameID(new NameID('*****@*****.**', SamlConstants::NAME_ID_FORMAT_EMAIL))->setSessionIndex(Helper::generateID())->setNotOnOrAfter(new \DateTime('+2 minute'))->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://destination.com')->setIssuer(new Issuer('https://issuer.com'));
$this->sign($logoutRequest);
$this->validateProtocol($logoutRequest);
}
public function test_success_response_with_xsd()
{
$response = new Response();
$response->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS)))->setInResponseTo(Helper::generateID())->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'));
$response->addAssertion($assertion = new Assertion());
$assertion->setId(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'))->setSubject((new Subject())->setNameID(new NameID('*****@*****.**', SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo(Helper::generateID())->setNotOnOrAfter(new \DateTime('+1 hour'))->setRecipient('https://sp.com/acs'))))->setConditions((new Conditions())->setNotBefore(new \DateTime())->setNotOnOrAfter(new \DateTime('+1 hour'))->addItem(new AudienceRestriction(['https://sp.com/acs'])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, '*****@*****.**')))->addItem((new AuthnStatement())->setAuthnInstant(new \DateTime('-1 hour'))->setSessionIndex(Helper::generateID())->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
$this->sign($assertion);
$this->sign($response);
$this->validateProtocol($response);
}
protected function validateSubjectConfirmationData(SubjectConfirmationData $subjectConfirmationData)
{
if ($subjectConfirmationData->getRecipient()) {
if (false == Helper::validateWellFormedUriString($subjectConfirmationData->getRecipient())) {
throw new LightSamlValidationException('Recipient of SubjectConfirmationData must be a wellformed absolute URI.');
}
}
if ($subjectConfirmationData->getNotBeforeTimestamp() && $subjectConfirmationData->getNotOnOrAfterTimestamp() && $subjectConfirmationData->getNotBeforeTimestamp() >= $subjectConfirmationData->getNotOnOrAfterTimestamp()) {
throw new LightSamlValidationException('SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter');
}
}
public function test_entity_descriptor_with_xsd()
{
$entityDescriptor = new EntityDescriptor();
$entityDescriptor->setID(Helper::generateID())->setEntityID('https://idp.com');
$entityDescriptor->addItem($idpSsoDescriptor = new IdpSsoDescriptor());
$idpSsoDescriptor->addAttribute((new Attribute(ClaimTypes::EMAIL_ADDRESS))->setNameFormat('urn:oasis:names:tc:SAML:2.0:attrname-format:uri')->setFriendlyName('Email address'))->addSingleSignOnService(new SingleSignOnService('https://idp.com/login', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleSignOnService(new SingleSignOnService('https://idp.com/login', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addSingleLogoutService(new SingleLogoutService('https://idp.com/logout', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://idp.com/logout', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->setProtocolSupportEnumeration(SamlConstants::PROTOCOL_SAML2)->addKeyDescriptor(new KeyDescriptor(UsageType::SIGNING, $this->getX509Certificate()))->addKeyDescriptor(new KeyDescriptor(UsageType::ENCRYPTION, $this->getX509Certificate()));
$entityDescriptor->addItem($spSsoDescriptor = new SpSsoDescriptor());
$spSsoDescriptor->addAssertionConsumerService(new AssertionConsumerService('https://sp.com/acs', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://sp.com/logout', SamlConstants::BINDING_SAML2_HTTP_POST))->addSingleLogoutService(new SingleLogoutService('https://sp.com/logout', SamlConstants::BINDING_SAML2_HTTP_REDIRECT))->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_PERSISTENT)->addNameIDFormat(SamlConstants::NAME_ID_FORMAT_EMAIL)->setProtocolSupportEnumeration(SamlConstants::PROTOCOL_SAML2)->addKeyDescriptor(new KeyDescriptor(UsageType::SIGNING, $this->getX509Certificate()))->addKeyDescriptor(new KeyDescriptor(UsageType::ENCRYPTION, $this->getX509Certificate()));
$entityDescriptor->addContactPerson((new ContactPerson())->setContactType(ContactPerson::TYPE_SUPPORT)->setEmailAddress('*****@*****.**'))->addOrganization((new Organization())->setOrganizationName('Org name')->setOrganizationDisplayName('Org display name')->setOrganizationURL('https://idp.com'));
$this->sign($entityDescriptor);
$this->validateMetadata($entityDescriptor);
}
public function test_receive_response_profile()
{
$buildContainer = $this->getBuildContainer('_1db06e4f91d3997b7ed3285a59f77028071db2dc5f', new TimeProviderMock(new \DateTime('@' . Helper::parseSAMLTime('2015-11-22T15:37:14Z'), new \DateTimeZone('UTC'))));
$builder = new \LightSaml\Builder\Profile\WebBrowserSso\Sp\SsoSpReceiveResponseProfileBuilder($buildContainer);
$context = $builder->buildContext();
$action = $builder->buildAction();
$request = Request::create('https://localhost/lightsaml/lightSAML/web/sp/acs.php', 'POST', ['SAMLResponse' => $this->getSamlResponseCode()]);
$context->getHttpRequestContext()->setRequest($request);
$action->execute($context);
/** @var Response $response */
$response = $context->getInboundMessage();
$this->assertInstanceOf(Response::class, $response);
$this->assertCount(1, $response->getAllAssertions());
$this->assertEquals('*****@*****.**', $response->getFirstAssertion()->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::EMAIL_ADDRESS)->getFirstAttributeValue());
}
/**
* @param Assertion $assertion
* @param int $now
* @param int $allowedSecondsSkew
*/
protected function validateSubject(Assertion $assertion, $now, $allowedSecondsSkew)
{
if (false == $assertion->getSubject()) {
return;
}
foreach ($assertion->getSubject()->getAllSubjectConfirmations() as $subjectConfirmation) {
if ($subjectConfirmation->getSubjectConfirmationData()) {
if (false == Helper::validateNotBefore($subjectConfirmation->getSubjectConfirmationData()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) {
throw new LightSamlValidationException('SubjectConfirmationData.NotBefore must not be in the future');
}
if (false == Helper::validateNotOnOrAfter($subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) {
throw new LightSamlValidationException('SubjectConfirmationData.NotOnOrAfter must not be in the past');
}
}
}
}
/**
* Get saml authnRequest.
*
* @param string $consumer_service_url
* @param string $idp_destination
* @param string $issuer
* @param string $saml_crt
* @param string $saml_key
* @return string
*/
public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
{
$authn_request = new AuthnRequest();
$authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
$certificate = new X509Certificate();
$certificate->loadPem($saml_crt);
$private_key = KeyHelper::createPrivateKey($saml_key, '', false);
$authn_request->setSignature(new SignatureWriter($certificate, $private_key));
$serialization_context = new SerializationContext();
$authn_request->serialize($serialization_context->getDocument(), $serialization_context);
$binding_factory = new BindingFactory();
$redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
$message_context = new MessageContext();
$message_context->setMessage($authn_request);
/** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
$http_response = $redirect_binding->send($message_context);
return $http_response->getTargetUrl();
}
/**
* @dataProvider notOnOrAfterProvider
*/
public function test__validate_not_on_or_after($notOnOrAfter, $now, $allowedSecondsSkew, $expected)
{
$this->assertEquals($expected, Helper::validateNotOnOrAfter($notOnOrAfter, $now, $allowedSecondsSkew));
}
<?php
require_once __DIR__ . '/../autoload.php';
$authnRequest = new \LightSaml\Model\Protocol\AuthnRequest();
$authnRequest->setAssertionConsumerServiceURL('https://my.site/acs')->setProtocolBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://idp.com/login')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://my.entity.id'));
$expectedXmlOutput = <<<EOT
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7"
Version="2.0"
IssueInstant="2015-10-10T15:26:20Z"
Destination="https://idp.com/login"
AssertionConsumerServiceURL="https://my.site/acs"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>
<saml:Issuer>https://my.entity.id</saml:Issuer>
</samlp:AuthnRequest>
EOT
;
/**
* @param AudienceRestriction $item
*
* @throws LightSamlValidationException
*/
protected function validateAudienceRestriction(AudienceRestriction $item)
{
if (false == $item->getAllAudience()) {
return;
}
foreach ($item->getAllAudience() as $audience) {
if (false == Helper::validateWellFormedUriString($audience)) {
throw new LightSamlValidationException('AudienceRestriction MUST BE a wellformed uri');
}
}
}
/**
* @param Attribute $attribute
*
* @throws LightSamlValidationException
*
* @return void
*/
private function validateAttribute(Attribute $attribute)
{
if (false == Helper::validateRequiredString($attribute->getName())) {
throw new LightSamlValidationException('Name attribute of Attribute element MUST contain at least one non-whitespace character');
}
}
/**
* @return string|null
*/
public function getIssueInstantString()
{
if ($this->issueInstant) {
return Helper::time2string($this->issueInstant);
}
return null;
}
/**
* @param SamlMessage $message
*/
private function verify(SamlMessage $message)
{
$message->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://mydomain.com'));
$xml = $this->signAndSerialize($message);
$this->deserializeAndVerify($xml, get_class($message));
}
<?php
require_once __DIR__ . '/../autoload.php';
$entityDescriptor = new \LightSaml\Model\Metadata\EntityDescriptor();
$entityDescriptor->setID(\LightSaml\Helper::generateID())->setEntityID('http://some.entity.id');
$entityDescriptor->addItem($spSsoDescriptor = (new \LightSaml\Model\Metadata\SpSsoDescriptor())->setWantAssertionsSigned(true));
$spSsoDescriptor->addKeyDescriptor($keyDescriptor = (new \LightSaml\Model\Metadata\KeyDescriptor())->setUse(\LightSaml\Model\Metadata\KeyDescriptor::USE_SIGNING)->setCertificate(\LightSaml\Credential\X509Certificate::fromFile('/path/to/file.crt')));
$spSsoDescriptor->addAssertionConsumerService($acs = (new \LightSaml\Model\Metadata\AssertionConsumerService())->setBinding(\LightSaml\SamlConstants::BINDING_SAML2_HTTP_POST)->setLocation('https://my.site/saml/acs'));
$expectedSerializaedXml = <<<EOT
<EntityDescriptor ID="_2240bd9c-30c4-4d2a-ab3e-87a94ea334fd" entityID="http://some.entity.id" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIIC0jCCAbqgAwIBAgIQGFT6omLmWbhAD65bM40rGzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDExpBREZTIFNpZ25pbmcgLSBCMS5iZWFkLmxvYzAeFw0xMzEwMDkxNDUyMDVaFw0xNDEwMDkxNDUyMDVaMCUxIzAhBgNVBAMTGkFERlMgU2lnbmluZyAtIEIxLmJlYWQubG9jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGKV64+63lpqdPmCTZ0kt/yKr8xukR1Y071SlmRVV5sSFhTe8cjylPqqxdyEBrfPhpL6vwFQyKfDhuM8T9E+BW5fUdoXO4WmIHrLOxV/BzKv2rDGidlCFzDSQPDxPH2RdQkMBksiauIMSHIYXB92rO4fkcsTgQ6cc+PZp4M3Z/jR1mcxQzz9RQk3I9w2OtI9xcv+uDC5mQU0ZWVHc99VSFQt+zshduwIqxQdHvMdTRslso+oCLEQom42pGCD8TksQTGw4sB7Ctb0mgXdfy0PDIznfi2oDBGtPY2Hkms6/n9xoyCynQea0YYXcpEe7lAvs+t6Lq+ZaKp2kUaa2x8d+QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBfwlmaN1iPg0gNiqdVphJjWnzpV4h6/Mz3L0xYzNQeglWCDKCKuajQfmo/AQBErtOWZJsP8avzK79gNRqFHXF6CirjGnL6WO+S6Ug1hvy3xouOxOkIYgZsbmcNL2XO1hIxP4z/QWPthotp3FSUTae2hFBHuy4Gtb+9d9a60GDtgrHnfgVeCTE7CSiaI/D/51JNbtpg2tCpcEzMQgPkQqb8E+V79xc0dnEcI5cBaS6eYgkJgS5gKIMbwaJ/VxzCVGIKwFjFnJedJ5N7zH7OVwor56Q7nuKD7X4yFY9XR3isjGnwXveh9E4d9wD4CMl52AHJpsYsToXsi3eRvApDV/PE
</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://my.site/saml/acs"/>
</SPSSODescriptor>
</EntityDescriptor>
EOT
;
protected function prepareForXml()
{
if (false == $this->getId()) {
$this->setId(Helper::generateID());
}
if (false == $this->getIssueInstantTimestamp()) {
$this->setIssueInstant(time());
}
}
<?php
require_once __DIR__ . '/../autoload.php';
$response = new \LightSaml\Model\Protocol\Response();
$response->addAssertion($assertion = new \LightSaml\Model\Assertion\Assertion())->setStatus(new \LightSaml\Model\Protocol\Status(new \LightSaml\Model\Protocol\StatusCode(\LightSaml\SamlConstants::STATUS_SUCCESS)))->setID(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setDestination('https://sp.com/acs')->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://idp.com'));
$assertion->setId(\LightSaml\Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new \LightSaml\Model\Assertion\Issuer('https://idp.com'))->setSubject((new \LightSaml\Model\Assertion\Subject())->setNameID(new \LightSaml\Model\Assertion\NameID('email.domain.com', \LightSaml\SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new \LightSaml\Model\Assertion\SubjectConfirmation())->setMethod(\LightSaml\SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new \LightSaml\Model\Assertion\SubjectConfirmationData())->setInResponseTo('id_of_the_authn_request')->setNotOnOrAfter(new \DateTime('+1 MINUTE'))->setRecipient('https://sp.com/acs'))))->setConditions((new \LightSaml\Model\Assertion\Conditions())->setNotBefore(new \DateTime())->setNotOnOrAfter(new \DateTime('+1 MINUTE'))->addItem(new \LightSaml\Model\Assertion\AudienceRestriction(['https://sp.com/acs'])))->addItem((new \LightSaml\Model\Assertion\AttributeStatement())->addAttribute(new \LightSaml\Model\Assertion\Attribute(\LightSaml\ClaimTypes::EMAIL_ADDRESS, '*****@*****.**'))->addAttribute(new \LightSaml\Model\Assertion\Attribute(\LightSaml\ClaimTypes::COMMON_NAME, 'x123')))->addItem((new \LightSaml\Model\Assertion\AuthnStatement())->setAuthnInstant(new \DateTime('-10 MINUTE'))->setSessionIndex('_some_session_index')->setAuthnContext((new \LightSaml\Model\Assertion\AuthnContext())->setAuthnContextClassRef(\LightSaml\SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
$expectedXmlOutput = <<<EOT
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_8a3904146809db7b19d4eaaba9876baed805c216e5" Version="2.0"
IssueInstant="2015-10-18T20:02:55Z" Destination="https://sp.com/acs">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.com</saml:Issuer>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_4a9400f18f507a46339c622929c6795c6195bd2b1d" Version="2.0" IssueInstant="2015-10-18T20:02:55Z">
<Issuer>https://idp.com</Issuer>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">email.domain.com</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="id_of_the_authn_request" NotOnOrAfter="2015-10-18T20:03:55Z" Recipient="https://sp.com/acs"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2015-10-18T20:02:55Z" NotOnOrAfter="2015-10-18T20:03:55Z">
<AudienceRestriction>
<Audience>https://sp.com/acs</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>email@domain.com</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/claims/CommonName">
<AttributeValue>x123</AttributeValue>
</Attribute>
</AttributeStatement>
/**
* @param AbstractNameID $nameId
*/
protected function validateTransientFormat(AbstractNameID $nameId)
{
if (false == Helper::validateRequiredString($nameId->getValue())) {
throw new LightSamlValidationException('NameID with Transient Format attribute MUST contain a Value that contains more than whitespace characters');
}
if (strlen($nameId->getValue()) > 256) {
throw new LightSamlValidationException('NameID with Transient Format attribute MUST have a Value that contains no more than 256 characters');
}
if (false == Helper::validateIdString($nameId->getValue())) {
throw new LightSamlValidationException(sprintf("NameID '%s' with Transient Format attribute MUST have a Value with at least 16 characters (the equivalent of 128 bits)", $nameId->getValue()));
}
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$id = Helper::generateID();
$context->getAssertion()->setId($id);
$this->logger->info(sprintf('Assertion ID set to "%s"', $id), LogHelper::getActionContext($context, $this, array('message_id' => $id)));
}
/**
* @return string
*/
public function getValidUntilString()
{
if ($this->validUntil) {
return Helper::time2string($this->validUntil);
}
return;
}
protected function doExecute(ProfileContext $context)
{
$id = Helper::generateID();
MessageContextHelper::asSamlMessage($context->getOutboundContext())->setId($id);
$this->logger->info(sprintf('Message ID set to "%s"', $id), LogHelper::getActionContext($context, $this, array('message_id' => $id)));
}
