/** * @param Assertion $assertion * @param int $now * @param int $allowedSecondsSkew */ protected function validateAuthnStatements(Assertion $assertion, $now, $allowedSecondsSkew) { if (false == $assertion->getAllAuthnStatements()) { return; } foreach ($assertion->getAllAuthnStatements() as $authnStatement) { if (false == Helper::validateNotOnOrAfter($authnStatement->getSessionNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) { throw new LightSamlValidationException('AuthnStatement attribute SessionNotOnOrAfter MUST be in the future'); } // TODO: Consider validating that authnStatement.AuthnInstant is in the past } }