/** * @param SAML2_Assertion $assertion */ public function validateAssertion(SAML2_Assertion $assertion) { $assertionValidationResult = $this->assertionValidator->validate($assertion); if (!$assertionValidationResult->isValid()) { throw new SAML2_Assertion_Exception_InvalidAssertionException(sprintf('Invalid Assertion in SAML Response, erorrs: "%s"', implode('", "', $assertionValidationResult->getErrors()))); } foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) { $subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate($subjectConfirmation); if (!$subjectConfirmationValidationResult->isValid()) { throw new SAML2_Assertion_Exception_InvalidSubjectConfirmationException(sprintf('Invalid SubjectConfirmation in Assertion, errors: "%s"', implode('", "', $subjectConfirmationValidationResult->getErrors()))); } } }
private static function createAssertionValidator(SAML2_Configuration_IdentityProvider $identityProvider, SAML2_Configuration_ServiceProvider $serviceProvider) { $validator = new SAML2_Assertion_Validation_AssertionValidator($identityProvider, $serviceProvider); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_NotBefore()); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_NotOnOrAfter()); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SessionNotOnOrAfter()); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SpIsValidAudience()); return $validator; }