private function validateAuthnStatement(AuthnStatement $statement) { if (false == $statement->getAuthnInstantTimestamp()) { throw new LightSamlValidationException('AuthnStatement MUST have an AuthnInstant attribute'); } if (false == Helper::validateOptionalString($statement->getSessionIndex())) { throw new LightSamlValidationException('SessionIndex attribute of AuthnStatement must contain at least one non-whitespace character'); } if ($statement->getSubjectLocality()) { if (false == Helper::validateOptionalString($statement->getSubjectLocality()->getAddress())) { throw new LightSamlValidationException('Address attribute of SubjectLocality must contain at least one non-whitespace character'); } if (false == Helper::validateOptionalString($statement->getSubjectLocality()->getDnsName())) { throw new LightSamlValidationException('DNSName attribute of SubjectLocality must contain at least one non-whitespace character'); } } if (false == $statement->getAuthnContext()) { throw new LightSamlValidationException('AuthnStatement MUST have an AuthnContext element'); } $this->validateAuthnContext($statement->getAuthnContext()); }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $authnContext = new AuthnContext(); $authnContextClassRef = $this->sessionInfoProvider->getAuthnContextClassRef() ?: SamlConstants::AUTHN_CONTEXT_UNSPECIFIED; $authnContext->setAuthnContextClassRef($authnContextClassRef); $authnStatement = new AuthnStatement(); $authnStatement->setAuthnContext($authnContext); $sessionIndex = $this->sessionInfoProvider->getSessionIndex(); if ($sessionIndex) { $authnStatement->setSessionIndex($sessionIndex); } $authnInstant = $this->sessionInfoProvider->getAuthnInstant() ?: new \DateTime(); $authnStatement->setAuthnInstant($authnInstant); $subjectLocality = new SubjectLocality(); $subjectLocality->setAddress($context->getProfileContext()->getHttpRequest()->getClientIp()); $authnStatement->setSubjectLocality($subjectLocality); $context->getAssertion()->addItem($authnStatement); }
public function test_authn_statement_ok() { $authnContext = new AuthnContext(); $authnContext->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT); $authnStatement = new AuthnStatement(); $authnStatement->setAuthnInstant(123456789); $authnStatement->setAuthnContext($authnContext); $validator = new StatementValidator(); $validator->validateStatement($authnStatement); }