This may be null, in which case all audiences are allowed.
| public setValidAudiences ( array $validAudiences = null ) | ||
| $validAudiences | array | The allowed audiences. |
public function testMarshalling()
{
// Create an assertion
$assertion = new Assertion();
$assertion->setIssuer('testIssuer');
$assertion->setValidAudiences(array('audience1', 'audience2'));
$assertion->setAuthnContext('someAuthnContext');
// Marshall it to a \DOMElement
$assertionElement = $assertion->toXML();
// Test for an Issuer
$issuerElements = Utils::xpQuery($assertionElement, './saml_assertion:Issuer');
$this->assertCount(1, $issuerElements);
$this->assertEquals('testIssuer', $issuerElements[0]->textContent);
// Test for an AudienceRestriction
$audienceElements = Utils::xpQuery($assertionElement, './saml_assertion:Conditions/saml_assertion:AudienceRestriction/saml_assertion:Audience');
$this->assertCount(2, $audienceElements);
$this->assertEquals('audience1', $audienceElements[0]->textContent);
$this->assertEquals('audience2', $audienceElements[1]->textContent);
// Test for an Authentication Context
$authnContextElements = Utils::xpQuery($assertionElement, './saml_assertion:AuthnStatement/saml_assertion:AuthnContext/saml_assertion:AuthnContextClassRef');
$this->assertCount(1, $authnContextElements);
$this->assertEquals('someAuthnContext', $authnContextElements[0]->textContent);
}
/**
* Test NameID Encryption and Decryption.
*/
public function testNameIdEncryption()
{
// Create an assertion
$assertion = new Assertion();
$assertion->setIssuer('testIssuer');
$assertion->setValidAudiences(array('audience1', 'audience2'));
$assertion->setAuthnContext('someAuthnContext');
$assertion->setNameId(array("Value" => "just_a_basic_identifier", "Format" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
$this->assertFalse($assertion->isNameIdEncrypted());
$publicKey = CertificatesMock::getPublicKey();
$assertion->encryptNameId($publicKey);
$this->assertTrue($assertion->isNameIdEncrypted());
// Marshall it to a \DOMElement
$assertionElement = $assertion->toXML()->ownerDocument->saveXML();
$assertionToVerify = new Assertion(DOMDocumentFactory::fromString($assertionElement)->firstChild);
$this->assertTrue($assertionToVerify->isNameIdEncrypted());
$privateKey = CertificatesMock::getPrivateKey();
$assertionToVerify->decryptNameId($privateKey);
$this->assertFalse($assertionToVerify->isNameIdEncrypted());
$nameID = $assertionToVerify->getNameID();
$this->assertEquals('just_a_basic_identifier', $nameID['Value']);
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:nameid-format:transient', $nameID['Format']);
}
