/** * @param Request $request * @return \SAML2_Assertion * @throws \Surfnet\StepupRa\RaBundle\Security\Exception\UnmetLoaException When required LoA is not met by response * @throws \SAML2_Response_Exception_PreconditionNotMetException * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException When response LoA cannot be resolved */ public function processSamlResponse(Request $request) { /** @var \SAML2_Assertion $assertion */ $assertion = $this->postBinding->processResponse($request, $this->identityProvider, $this->serviceProvider); $this->sessionHandler->clearRequestId(); $authnContextClassRef = $assertion->getAuthnContextClassRef(); if (!$this->loaResolutionService->hasLoa($authnContextClassRef)) { throw new AuthenticationException('Received SAML response with unresolvable LoA'); } if (!$this->loaResolutionService->getLoa($authnContextClassRef)->canSatisfyLoa($this->requiredLoa)) { throw new UnmetLoaException(sprintf("Gateway responded with LoA '%s', which is lower than required LoA '%s'", $assertion->getAuthnContextClassRef(), (string) $this->requiredLoa)); } return $assertion; }
/** * @test * @group service */ public function if_the_loa_definition_does_not_exist_null_is_returned() { $loaResolutionService = new LoaResolutionService($this->loas); $this->assertNull($loaResolutionService->getLoa('An unknown identifier')); }