public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result)
{
$notBefore = $subjectConfirmation->SubjectConfirmationData->NotBefore;
if ($notBefore && $notBefore > SAML2_Utilities_Temporal::getTime() + 60) {
$result->addError('NotBefore in SubjectConfirmationData is in the future');
}
}
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result)
{
$notOnOrAfter = $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter;
if ($notOnOrAfter && $notOnOrAfter <= SAML2_Utilities_Temporal::getTime() - 60) {
$result->addError('NotOnOrAfter in SubjectConfirmationData is in the past');
}
}
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result)
{
$inResponseTo = $subjectConfirmation->SubjectConfirmationData->InResponseTo;
if ($inResponseTo && $this->getInResponseTo() && $this->getInResponseTo() !== $inResponseTo) {
$result->addError(sprintf('InResponseTo in SubjectConfirmationData ("%s") does not match the Response InResponseTo ("%s")', $inResponseTo, $this->getInResponseTo()));
}
}
public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result)
{
$notBeforeTimestamp = $assertion->getNotBefore();
if ($notBeforeTimestamp && $notBeforeTimestamp > SAML2_Utilities_Temporal::getTime() + 60) {
$result->addError('Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.');
}
}
public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result)
{
$notValidOnOrAfterTimestamp = $assertion->getNotOnOrAfter();
if ($notValidOnOrAfterTimestamp && $notValidOnOrAfterTimestamp <= SAML2_Utilities_Temporal::getTime() - 60) {
$result->addError('Received an assertion that has expired. Check clock synchronization on IdP and SP.');
}
}
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result)
{
$recipient = $subjectConfirmation->SubjectConfirmationData->Recipient;
if ($recipient && !$this->destination->equals(new SAML2_Configuration_Destination($recipient))) {
$result->addError(sprintf('Recipient in SubjectConfirmationData ("%s") does not match the current destination ("%s")', $recipient, $this->destination));
}
}
public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result)
{
$intendedAudiences = $assertion->getValidAudiences();
if ($intendedAudiences === NULL) {
return;
}
$entityId = $this->serviceProvider->getEntityId();
if (!in_array($entityId, $intendedAudiences)) {
$result->addError(sprintf('The configured Service Provider [%s] is not a valid audience for the assertion. Audiences: [%s]', $entityId, implode('], [', $intendedAudiences)));
}
}
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result)
{
if ($subjectConfirmation->Method !== SAML2_Const::CM_BEARER) {
$result->addError(sprintf('Invalid Method on SubjectConfirmation, current;y only Bearer (%s) is supported', SAML2_Const::CM_BEARER));
}
}
