/** * Process a response message. * * If the response is an error response, we will throw a sspmod_saml_Error * exception with the error. * * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. * @param \SAML2\Response $response The response. * @return array Array with \SAML2\Assertion objects, containing valid assertions from the response. */ public static function processResponse(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, \SAML2\Response $response) { if (!$response->isSuccess()) { throw self::getResponseError($response); } /* Validate Response-element destination. */ $currentURL = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(); $msgDestination = $response->getDestination(); if ($msgDestination !== NULL && $msgDestination !== $currentURL) { throw new Exception('Destination in response doesn\'t match the current URL. Destination is "' . $msgDestination . '", current URL is "' . $currentURL . '".'); } $responseSigned = self::checkSign($idpMetadata, $response); /* * When we get this far, the response itself is valid. * We only need to check signatures and conditions of the response. */ $assertion = $response->getAssertions(); if (empty($assertion)) { throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.'); } $ret = array(); foreach ($assertion as $a) { $ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned); } return $ret; }
public function validate(Response $response, Result $result) { if (!$response->isSuccess()) { $result->addError($this->buildMessage($response->getStatus())); } }