public function validate(Assertion $assertion, Result $result)
{
$notBeforeTimestamp = $assertion->getNotBefore();
if ($notBeforeTimestamp && $notBeforeTimestamp > Temporal::getTime() + 60) {
$result->addError('Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.');
}
}
public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
{
$notBefore = $subjectConfirmation->SubjectConfirmationData->NotBefore;
if ($notBefore && $notBefore > Temporal::getTime() + 60) {
$result->addError('NotBefore in SubjectConfirmationData is in the future');
}
}
public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
{
$notOnOrAfter = $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter;
if ($notOnOrAfter && $notOnOrAfter <= Temporal::getTime() - 60) {
$result->addError('NotOnOrAfter in SubjectConfirmationData is in the past');
}
}
public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
{
$recipient = $subjectConfirmation->SubjectConfirmationData->Recipient;
if ($recipient && !$this->destination->equals(new Destination($recipient))) {
$result->addError(sprintf('Recipient in SubjectConfirmationData ("%s") does not match the current destination ("%s")', $recipient, $this->destination));
}
}
public function validate(Assertion $assertion, Result $result)
{
$notValidOnOrAfterTimestamp = $assertion->getNotOnOrAfter();
if ($notValidOnOrAfterTimestamp && $notValidOnOrAfterTimestamp <= Temporal::getTime() - 60) {
$result->addError('Received an assertion that has expired. Check clock synchronization on IdP and SP.');
}
}
public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
{
$inResponseTo = $subjectConfirmation->SubjectConfirmationData->InResponseTo;
if ($inResponseTo && $this->getInResponseTo() && $this->getInResponseTo() !== $inResponseTo) {
$result->addError(sprintf('InResponseTo in SubjectConfirmationData ("%s") does not match the Response InResponseTo ("%s")', $inResponseTo, $this->getInResponseTo()));
}
}
public function validate(Assertion $assertion, Result $result)
{
$sessionNotOnOrAfterTimestamp = $assertion->getSessionNotOnOrAfter();
$currentTime = Temporal::getTime();
if ($sessionNotOnOrAfterTimestamp && $sessionNotOnOrAfterTimestamp <= $currentTime - 60) {
$result->addError('Received an assertion with a session that has expired. Check clock synchronization on IdP and SP.');
}
}
public function validate(Assertion $assertion, Result $result)
{
$intendedAudiences = $assertion->getValidAudiences();
if ($intendedAudiences === null) {
return;
}
$entityId = $this->serviceProvider->getEntityId();
if (!in_array($entityId, $intendedAudiences)) {
$result->addError(sprintf('The configured Service Provider [%s] is not a valid audience for the assertion. Audiences: [%s]', $entityId, implode('], [', $intendedAudiences)));
}
}
public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
{
if ($subjectConfirmation->Method !== Constants::CM_BEARER) {
$result->addError(sprintf('Invalid Method on SubjectConfirmation, current;y only Bearer (%s) is supported', Constants::CM_BEARER));
}
}