/** * @param SAML2_AuthnRequest $authnRequest * @param SimpleSAML_Configuration $idpConfig * @param $nameId * @param $issuer * @param array $attributes * @return SAML2_Response */ public function create(SAML2_AuthnRequest $authnRequest, SimpleSAML_Configuration $idpConfig, $nameId, $issuer, array $attributes) { /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new SAML2_Assertion(); $assertion->setIssuer($issuer); $assertion->setNameId(array('Value' => $nameId, 'Format' => SAML2_Const::NAMEID_UNSPECIFIED)); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); // Valid audiences is not required so disabled for now // $assertion->setValidAudiences(array($authnRequest->getIssuer())); $assertion->setAttributes($attributes); $assertion->setAttributeNameFormat(SAML2_Const::NAMEFORMAT_UNSPECIFIED); $assertion->setAuthnContext(SAML2_Const::AC_PASSWORD); $subjectConfirmation = new SAML2_XML_saml_SubjectConfirmation(); $subjectConfirmation->Method = SAML2_Const::CM_BEARER; $subjectConfirmation->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $subjectConfirmation->SubjectConfirmationData->Recipient = $authnRequest->getAssertionConsumerServiceURL(); $subjectConfirmation->SubjectConfirmationData->InResponseTo = $authnRequest->getId(); $assertion->setSubjectConfirmation(array($subjectConfirmation)); $response = new SAML2_Response(); $response->setRelayState($authnRequest->getRelayState()); $response->setDestination($authnRequest->getAssertionConsumerServiceURL()); $response->setIssuer($issuer); $response->setInResponseTo($authnRequest->getId()); $response->setAssertions(array($assertion)); $this->addSigns($response, $idpConfig); return $response; }
public function testMarshalling() { // Create an assertion $assertion = new \SAML2_Assertion(); $assertion->setIssuer('testIssuer'); $assertion->setValidAudiences(array('audience1', 'audience2')); $assertion->setAuthnContext('someAuthnContext'); // Marshall it to a DOMElement $assertionElement = $assertion->toXML(); // Test for an Issuer $issuerElements = \SAML2_Utils::xpQuery($assertionElement, './saml_assertion:Issuer'); $this->assertCount(1, $issuerElements); $this->assertEquals('testIssuer', $issuerElements[0]->textContent); // Test for an AudienceRestriction $audienceElements = \SAML2_Utils::xpQuery($assertionElement, './saml_assertion:Conditions/saml_assertion:AudienceRestriction/saml_assertion:Audience'); $this->assertCount(2, $audienceElements); $this->assertEquals('audience1', $audienceElements[0]->textContent); $this->assertEquals('audience2', $audienceElements[1]->textContent); // Test for an Authentication Context $authnContextElements = \SAML2_Utils::xpQuery($assertionElement, './saml_assertion:AuthnStatement/saml_assertion:AuthnContext/saml_assertion:AuthnContextClassRef'); $this->assertCount(1, $authnContextElements); $this->assertEquals('someAuthnContext', $authnContextElements[0]->textContent); }