/**
* @param Assertion $assertion
* @param int $now
* @param int $allowedSecondsSkew
*/
protected function validateAuthnStatements(Assertion $assertion, $now, $allowedSecondsSkew)
{
if (false == $assertion->getAllAuthnStatements()) {
return;
}
foreach ($assertion->getAllAuthnStatements() as $authnStatement) {
if (false == Helper::validateNotOnOrAfter($authnStatement->getSessionNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) {
throw new LightSamlValidationException('AuthnStatement attribute SessionNotOnOrAfter MUST be in the future');
}
// TODO: Consider validating that authnStatement.AuthnInstant is in the past
}
}
