public function validate(SAML2_Assertion $assertion, SAML2_Assertion_Validation_Result $result)
{
$notValidOnOrAfterTimestamp = $assertion->getNotOnOrAfter();
if ($notValidOnOrAfterTimestamp && $notValidOnOrAfterTimestamp <= SAML2_Utilities_Temporal::getTime() - 60) {
$result->addError('Received an assertion that has expired. Check clock synchronization on IdP and SP.');
}
}
public function validate($token)
{
$data = $this->parseToken($token);
// validate digest and thumbprint
$assertion = new SAML2_Assertion($data['Assertion']);
$certificates = $assertion->getCertificates();
$this->validateCertificateThumbprint($certificates[0]);
// validate issuer
if ($this->validateIssuer) {
$this->validateIssuer($assertion->getIssuer());
}
// validate audiences
if ($this->validateAudiences) {
$this->validateAudiences($assertion->getValidAudiences(), $assertion->getNotBefore(), $assertion->getNotOnOrAfter());
}
return $this->getClaims($data);
}
