public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result) { $notBefore = $subjectConfirmation->SubjectConfirmationData->NotBefore; if ($notBefore && $notBefore > SAML2_Utilities_Temporal::getTime() + 60) { $result->addError('NotBefore in SubjectConfirmationData is in the future'); } }
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result) { $notOnOrAfter = $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter; if ($notOnOrAfter && $notOnOrAfter <= SAML2_Utilities_Temporal::getTime() - 60) { $result->addError('NotOnOrAfter in SubjectConfirmationData is in the past'); } }
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result) { $inResponseTo = $subjectConfirmation->SubjectConfirmationData->InResponseTo; if ($inResponseTo && $this->getInResponseTo() && $this->getInResponseTo() !== $inResponseTo) { $result->addError(sprintf('InResponseTo in SubjectConfirmationData ("%s") does not match the Response InResponseTo ("%s")', $inResponseTo, $this->getInResponseTo())); } }
public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result) { $notBeforeTimestamp = $assertion->getNotBefore(); if ($notBeforeTimestamp && $notBeforeTimestamp > SAML2_Utilities_Temporal::getTime() + 60) { $result->addError('Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.'); } }
public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result) { $notValidOnOrAfterTimestamp = $assertion->getNotOnOrAfter(); if ($notValidOnOrAfterTimestamp && $notValidOnOrAfterTimestamp <= SAML2_Utilities_Temporal::getTime() - 60) { $result->addError('Received an assertion that has expired. Check clock synchronization on IdP and SP.'); } }
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result) { $recipient = $subjectConfirmation->SubjectConfirmationData->Recipient; if ($recipient && !$this->destination->equals(new SAML2_Configuration_Destination($recipient))) { $result->addError(sprintf('Recipient in SubjectConfirmationData ("%s") does not match the current destination ("%s")', $recipient, $this->destination)); } }
public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result) { $intendedAudiences = $assertion->getValidAudiences(); if ($intendedAudiences === NULL) { return; } $entityId = $this->serviceProvider->getEntityId(); if (!in_array($entityId, $intendedAudiences)) { $result->addError(sprintf('The configured Service Provider [%s] is not a valid audience for the assertion. Audiences: [%s]', $entityId, implode('], [', $intendedAudiences))); } }
public function validate(SAML2_XML_saml_SubjectConfirmation $subjectConfirmation, SAML2_Assertion_Validation_Result $result) { if ($subjectConfirmation->Method !== SAML2_Const::CM_BEARER) { $result->addError(sprintf('Invalid Method on SubjectConfirmation, current;y only Bearer (%s) is supported', SAML2_Const::CM_BEARER)); } }