/**
* @param SAML2_Assertion $assertion
*/
public function validateAssertion(SAML2_Assertion $assertion)
{
$assertionValidationResult = $this->assertionValidator->validate($assertion);
if (!$assertionValidationResult->isValid()) {
throw new SAML2_Assertion_Exception_InvalidAssertionException(sprintf('Invalid Assertion in SAML Response, erorrs: "%s"', implode('", "', $assertionValidationResult->getErrors())));
}
foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) {
$subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate($subjectConfirmation);
if (!$subjectConfirmationValidationResult->isValid()) {
throw new SAML2_Assertion_Exception_InvalidSubjectConfirmationException(sprintf('Invalid SubjectConfirmation in Assertion, errors: "%s"', implode('", "', $subjectConfirmationValidationResult->getErrors())));
}
}
}
private static function createAssertionValidator(SAML2_Configuration_IdentityProvider $identityProvider, SAML2_Configuration_ServiceProvider $serviceProvider)
{
$validator = new SAML2_Assertion_Validation_AssertionValidator($identityProvider, $serviceProvider);
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_NotBefore());
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_NotOnOrAfter());
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SessionNotOnOrAfter());
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SpIsValidAudience());
return $validator;
}
