/**
  * Process a response message.
  *
  * If the response is an error response, we will throw a sspmod_saml_Error
  * exception with the error.
  *
  * @param SimpleSAML_Configuration $spMetadata  The metadata of the service provider.
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the identity provider.
  * @param \SAML2\Response $response  The response.
  * @return array  Array with \SAML2\Assertion objects, containing valid assertions from the response.
  */
 public static function processResponse(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, \SAML2\Response $response)
 {
     if (!$response->isSuccess()) {
         throw self::getResponseError($response);
     }
     /* Validate Response-element destination. */
     $currentURL = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery();
     $msgDestination = $response->getDestination();
     if ($msgDestination !== NULL && $msgDestination !== $currentURL) {
         throw new Exception('Destination in response doesn\'t match the current URL. Destination is "' . $msgDestination . '", current URL is "' . $currentURL . '".');
     }
     $responseSigned = self::checkSign($idpMetadata, $response);
     /*
      * When we get this far, the response itself is valid.
      * We only need to check signatures and conditions of the response.
      */
     $assertion = $response->getAssertions();
     if (empty($assertion)) {
         throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.');
     }
     $ret = array();
     foreach ($assertion as $a) {
         $ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned);
     }
     return $ret;
 }
Beispiel #2
0
 public function validate(Response $response, Result $result)
 {
     if (!$response->isSuccess()) {
         $result->addError($this->buildMessage($response->getStatus()));
     }
 }