private static function createSubjectConfirmationValidator(SAML2_Configuration_IdentityProvider $identityProvider, SAML2_Configuration_ServiceProvider $serviceProvider, SAML2_Configuration_Destination $currentDestination, SAML2_Response $response) { $validator = new SAML2_Assertion_Validation_SubjectConfirmationValidator($identityProvider, $serviceProvider); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationMethod()); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationNotBefore()); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationNotOnOrAfter()); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationRecipientMatches($currentDestination)); $validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationResponseToMatches($response)); return $validator; }
/** * @param SAML2_Assertion $assertion */ public function validateAssertion(SAML2_Assertion $assertion) { $assertionValidationResult = $this->assertionValidator->validate($assertion); if (!$assertionValidationResult->isValid()) { throw new SAML2_Assertion_Exception_InvalidAssertionException(sprintf('Invalid Assertion in SAML Response, erorrs: "%s"', implode('", "', $assertionValidationResult->getErrors()))); } foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) { $subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate($subjectConfirmation); if (!$subjectConfirmationValidationResult->isValid()) { throw new SAML2_Assertion_Exception_InvalidSubjectConfirmationException(sprintf('Invalid SubjectConfirmation in Assertion, errors: "%s"', implode('", "', $subjectConfirmationValidationResult->getErrors()))); } } }