/** * @param Assertion $assertion * @param int $now * @param int $allowedSecondsSkew */ protected function validateSubject(Assertion $assertion, $now, $allowedSecondsSkew) { if (false == $assertion->getSubject()) { return; } foreach ($assertion->getSubject()->getAllSubjectConfirmations() as $subjectConfirmation) { if ($subjectConfirmation->getSubjectConfirmationData()) { if (false == Helper::validateNotBefore($subjectConfirmation->getSubjectConfirmationData()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) { throw new LightSamlValidationException('SubjectConfirmationData.NotBefore must not be in the future'); } if (false == Helper::validateNotOnOrAfter($subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) { throw new LightSamlValidationException('SubjectConfirmationData.NotOnOrAfter must not be in the past'); } } } }
/** * @param Assertion $assertion * * @return null|string */ private function getUsernameFromAssertion(Assertion $assertion) { foreach ($this->attributes as $attributeName) { if (self::NAME_ID == $attributeName) { if ($assertion->getSubject() && $assertion->getSubject()->getNameID() && $assertion->getSubject()->getNameID()->getValue()) { return $assertion->getSubject()->getNameID()->getValue(); } } else { foreach ($assertion->getAllAttributeStatements() as $attributeStatement) { $attribute = $attributeStatement->getFirstAttributeByName($attributeName); if ($attribute && $attribute->getFirstAttributeValue()) { return $attribute->getFirstAttributeValue(); } } } } return null; }
public function test_does_nothing_if_recipient_matches_own_acs_service_location() { $action = new RecipientValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $endpointResolver = TestHelper::getEndpointResolverMock($this)); $assertionContext = TestHelper::getAssertionContext($assertion = new Assertion()); $assertion->addItem(new AuthnStatement()); $assertion->setSubject(new Subject()); $assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = (new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)); $subjectConfirmation->setSubjectConfirmationData((new SubjectConfirmationData())->setRecipient($recipient = 'http://recipient.com')); $profileContext = TestHelper::getProfileContext(); $profileContext->getOwnEntityContext()->setEntityDescriptor($ownEntityDescriptor = new EntityDescriptor()); $assertionContext->setParent($profileContext); $endpointResolver->expects($this->once())->method('resolve')->willReturnCallback(function () use($recipient) { return [TestHelper::getEndpointReferenceMock($this, new AssertionConsumerService())]; }); $action->execute($assertionContext); }
/** * @param Assertion $assertion * * @throws LightSamlValidationException */ protected function validateSubject(Assertion $assertion) { if (false == $assertion->getSubject()) { if (false == $assertion->getAllItems()) { throw new LightSamlValidationException('Assertion with no Statements must have a subject.'); } foreach ($assertion->getAllItems() as $item) { if ($item instanceof AuthnStatement || $item instanceof AttributeStatement) { throw new LightSamlValidationException('AuthnStatement, AuthzDecisionStatement and AttributeStatement require a subject.'); } } } else { $this->subjectValidator->validateSubject($assertion->getSubject()); } }
/** * @param SsoState $ssoState * @param Assertion $assertion * @param string $ownEntityId * @param string $partyEntityId * * @return \LightSaml\State\Sso\SsoSessionState[] */ protected function filterSessions(SsoState $ssoState, Assertion $assertion, $ownEntityId, $partyEntityId) { return $ssoState->filter($partyEntityId, $ownEntityId, $assertion->getSubject()->getNameID()->getValue(), $assertion->getSubject()->getNameID()->getFormat(), $assertion->getFirstAuthnStatement()->getSessionIndex()); }
public function test_sets_unknown_assertion_id_to_store() { $action = new RepeatedIdValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $idStoreMock = TestHelper::getIdStoreMock($this)); $assertionContext = TestHelper::getAssertionContext($assertion = new Assertion()); $assertion->setId($assertionId = '123'); $assertion->setIssuer(new Issuer($issuer = 'http://issuer.com')); $assertion->addItem(new AuthnStatement()); $assertion->setSubject(new Subject()); $assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation()); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData()); $subjectConfirmation->getSubjectConfirmationData()->setNotOnOrAfter(new \DateTime()); $idStoreMock->expects($this->once())->method('has')->with($issuer, $assertionId)->willReturn(false); $idStoreMock->expects($this->once())->method('set')->with($issuer, $assertionId, $this->isInstanceOf(\DateTime::class)); $action->execute($assertionContext); }