/** * @param Assertion $assertion * * @throws LightSamlValidationException */ protected function validateAssertionAttributes(Assertion $assertion) { if (false == Helper::validateRequiredString($assertion->getVersion())) { throw new LightSamlValidationException('Assertion element must have the Version attribute set.'); } if ($assertion->getVersion() != SamlConstants::VERSION_20) { throw new LightSamlValidationException('Assertion element must have the Version attribute value equal to 2.0.'); } if (false == Helper::validateRequiredString($assertion->getId())) { throw new LightSamlValidationException('Assertion element must have the ID attribute set.'); } if (false == Helper::validateIdString($assertion->getId())) { throw new LightSamlValidationException('Assertion element must have an ID attribute with at least 16 characters (the equivalent of 128 bits).'); } if (false == $assertion->getIssueInstantTimestamp()) { throw new LightSamlValidationException('Assertion element must have the IssueInstant attribute set.'); } if (false == $assertion->getIssuer()) { throw new LightSamlValidationException('Assertion element must have an issuer element.'); } $this->nameIdValidator->validateNameId($assertion->getIssuer()); }