/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { if (false === in_array($context->getInboundContext()->getBindingType(), $this->expectedBindingTypes)) { $message = sprintf('Unexpected binding type "%s" - expected binding types are: %s', $context->getInboundContext()->getBindingType(), implode(' ', $this->expectedBindingTypes)); $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, array('actualBindingType' => $context->getInboundContext()->getBindingType(), 'expectedBindingTypes' => $this->expectedBindingTypes))); throw new LightSamlContextException($context, $message); } }
/** * @expectedException \LightSaml\Error\LightSamlContextException * @expectedExceptionMessage Response must contain at least one bearer assertion */ public function test_throws_context_exception_if_no_bearer_assertion() { $action = new HasBearerAssertionsValidatorAction(TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $action->execute($context); }
/** * @expectedException \LightSaml\Error\LightSamlContextException * @expectedExceptionMessage Inbound messages does not have Issuer */ public function test_throws_when_inbound_message_has_no_issuer() { $action = new EntityIdFromMessageIssuerAction(TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage(new AuthnRequest()); $action->execute($context); }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); if (count($response->getAllEncryptedAssertions()) === 0) { $this->logger->debug('Response has no encrypted assertions', LogHelper::getActionContext($context, $this)); return; } $ownEntityDescriptor = $context->getOwnEntityDescriptor(); $query = $this->credentialResolver->query(); $query->add(new EntityIdCriteria($ownEntityDescriptor->getEntityID()))->add(new MetadataCriteria(ProfileContext::ROLE_IDP === $context->getOwnRole() ? MetadataCriteria::TYPE_IDP : MetadataCriteria::TYPE_SP, SamlConstants::PROTOCOL_SAML2))->add(new UsageCriteria(UsageType::ENCRYPTION)); $query->resolve(); $privateKeys = $query->getPrivateKeys(); if (empty($privateKeys)) { $message = 'No credentials resolved for assertion decryption'; $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $this->logger->info('Trusted decryption candidates', LogHelper::getActionContext($context, $this, array('credentials' => array_map(function (CredentialInterface $credential) { return sprintf("Entity: '%s'; PK X509 Thumb: '%s'", $credential->getEntityId(), $credential->getPublicKey() ? $credential->getPublicKey()->getX509Thumbprint() : ''); }, $privateKeys)))); foreach ($response->getAllEncryptedAssertions() as $index => $encryptedAssertion) { if ($encryptedAssertion instanceof EncryptedAssertionReader) { $name = sprintf('assertion_encrypted_%s', $index); /** @var DeserializationContext $deserializationContext */ $deserializationContext = $context->getInboundContext()->getSubContext($name, DeserializationContext::class); $assertion = $encryptedAssertion->decryptMultiAssertion($privateKeys, $deserializationContext); $response->addAssertion($assertion); $this->logger->info('Assertion decrypted', LogHelper::getActionContext($context, $this, array('assertion' => $deserializationContext->getDocument()->saveXML()))); } } }
protected function doExecute(ProfileContext $context) { $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); if (null == $message->getIssuer()) { throw new LightSamlContextException($context, 'Inbound messages does not have Issuer'); } $context->getPartyEntityContext()->setEntityId($message->getIssuer()->getValue()); }
protected function doExecute(ProfileContext $context) { if (null == $context->getInboundContext()->getMessage()) { return; } $this->logger->debug(sprintf('Forwarding relay state: "%s"', $context->getInboundMessage()->getRelayState())); $context->getOutboundMessage()->setRelayState($context->getInboundMessage()->getRelayState()); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $this->flush($context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, null)); foreach ($context as $child) { if ($child instanceof AssertionContext) { $this->flush($child->getSubContext(ProfileContexts::REQUEST_STATE, null)); } } }
/** * @expectedException \LightSaml\Error\LightSamlContextException * @expectedExceptionMessage Unknown InResponseTo '1234567890' */ public function test_throws_context_exception_if_no_request_state_for_in_response_to_from_message() { $action = new InResponseToValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $requestStateStoreMock = $this->getRequestStateStoreMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = $this->getStatusResponseMock()); $response->setInResponseTo($inResponseTo = '1234567890'); $requestStateStoreMock->expects($this->once())->method('get')->willReturn(null); $loggerMock->expects($this->once())->method('critical'); $action->execute($context); }
protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); if ($response->getBearerAssertions()) { return; } $message = 'Response must contain at least one bearer assertion'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); }
/** * @expectedException \LightSaml\Error\LightSamlAuthenticationException * @expectedExceptionMessage("Unsuccessful SAML response: urn:oasis:names:tc:SAML:2.0:status:Requester * urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding") */ public function test_throws_authentication_exception_if_status_not_success() { $action = new StatusAction($loggerMock = TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->setStatus(new Status($statusCode = new StatusCode(SamlConstants::STATUS_REQUESTER))); $statusCode->setStatusCode(new StatusCode(SamlConstants::STATUS_UNSUPPORTED_BINDING)); $loggerMock->expects($this->once())->method('error'); $action->execute($context); }
public function test_sets_relat_state_from_inbound_to_outbound_message() { $action = new ForwardRelayStateAction(TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($inboundMessage = new AuthnRequest()); $context->getOutboundContext()->setMessage($outboundMessage = new Response()); $inboundMessage->setRelayState($relayState = '123'); $action->execute($context); $this->assertEquals($relayState, $context->getOutboundMessage()->getRelayState()); }
/** * @param string $ownRole * @param string $destination * * @return ProfileContext */ private function buildContext($ownRole, $destination) { $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, $ownRole); $context->getInboundContext()->setMessage(new AuthnRequest()); if ($destination) { $context->getInboundMessage()->setDestination($destination); } $context->getOwnEntityContext()->setEntityDescriptor(new EntityDescriptor()); return $context; }
/** * @expectedException \LightSaml\Error\LightSamlContextException * @expectedExceptionMessage No credentials resolved for assertion decryption */ public function test_throws_context_exception_when_no_credentials_resolved() { $action = new DecryptAssertionsAction($loggerMock = TestHelper::getLoggerMock($this), $credentialResolverMock = $this->getCredentialResolverMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getOwnEntityContext()->setEntityDescriptor(new EntityDescriptor($entityId = 'http://entity.id')); $context->getInboundContext()->setMessage($response = new Response()); $response->addEncryptedAssertion($encryptedAssertionMock1 = $this->getEncryptedAssertionReaderMock()); $credentialResolverMock->expects($this->once())->method('query')->willReturn($query = new CredentialResolverQuery($credentialResolverMock)); $credentialResolverMock->expects($this->once())->method('resolve')->with($query)->willReturn([]); $action->execute($context); }
/** * @expectedException \LightSaml\Error\LightSamlContextException * @expectedExceptionMessage Error from name id validator */ public function test_wrapps_validation_exception_in_context_exception() { $nameIdValidatorMock = $this->getNameIdValidatorMock(); $action = new IssuerValidatorAction(TestHelper::getLoggerMock($this), $nameIdValidatorMock, $allowedFormat = SamlConstants::NAME_ID_FORMAT_EMAIL); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage(new AuthnRequest()); $expectedIssuer = new Issuer('http://localhost', $allowedFormat); $context->getInboundMessage()->setIssuer($expectedIssuer); $nameIdValidatorMock->expects($this->once())->method('validateNameId')->with($expectedIssuer)->willThrowException(new LightSamlValidationException('Error from name id validator')); $action->execute($context); }
/** * @expectedException \LightSaml\Error\LightSamlContextException * @expectedExceptionMessage Unexpected binding type "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" - expected binding types are: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST */ public function test_throws_when_inbound_binding_type_not_one_of_expected() { $action = new AssertBindingTypeAction($logger = TestHelper::getLoggerMock($this), [SamlConstants::BINDING_SAML2_HTTP_POST]); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setBindingType(SamlConstants::BINDING_SAML2_SOAP); $logger->expects($this->once())->method('critical')->willReturnCallback(function ($message, $arr) { $this->assertEquals('Unexpected binding type "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" - expected binding types are: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', $message); $this->assertTrue(is_array($arr)); }); $action->execute($context); }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); foreach ($response->getAllAssertions() as $index => $assertion) { $name = sprintf('assertion_%s', $index); /** @var AssertionContext $assertionContext */ $assertionContext = $context->getSubContext($name, AssertionContext::class); $assertionContext->setAssertion($assertion)->setId($name); $this->assertionAction->execute($assertionContext); } }
protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asResponse($context->getInboundContext()); foreach ($response->getAllAssertions() as $assertion) { if ($assertion->getAllAuthnStatements()) { return; } } $message = 'Response must have at least one Assertion containing AuthnStatement element'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); }
public function test_warning_logged_if_no_verification() { $action = new MessageSignatureValidatorAction($logger = TestHelper::getLoggerMock($this), $signatureValidator = $this->getSignatureValidatorMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($message = new AuthnRequest()); $message->setSignature($signature = new SignatureStringReader()); $message->setIssuer(new Issuer($issuerValue = 'http://localhost/issuer')); $signatureValidator->expects($this->once())->method('validate')->willReturn(null); $logger->expects($this->never())->method('debug'); $logger->expects($this->once())->method('warning')->with('Signature verification was not performed', $this->isType('array')); $action->execute($context); }
public function test_receives_message() { $action = new ReceiveMessageAction($logger = TestHelper::getLoggerMock($this), $bindingFactory = $this->getBindingFactoryMock()); $context = new ProfileContext(Profiles::SSO_SP_SEND_AUTHN_REQUEST, ProfileContext::ROLE_SP); $context->getHttpRequestContext()->setRequest($request = new Request()); $binding = $this->getBindingMock(); $bindingFactory->expects($this->once())->method('detectBindingType')->with($request)->willReturn($bindingType = SamlConstants::BINDING_SAML2_HTTP_POST); $logger->expects($this->once())->method('debug')->with('Detected binding type: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', $this->isType('array')); $bindingFactory->expects($this->once())->method('create')->with($bindingType)->willReturn($binding); $binding->expects($this->once())->method('receive')->with($request, $context->getInboundContext()); $action->execute($context); $this->assertEquals($bindingType, $context->getInboundContext()->getBindingType()); }
public function test_flushes_store_with_inbound_request_state() { $loggerMock = $this->getLoggerMock(); $requestStoreMock = $this->getRequestStateStoreMock(); $action = new FlushRequestStatesAction($loggerMock, $requestStoreMock); $expectedIds = ['1111', '2222', '3333']; $context = new ProfileContext(Profiles::METADATA, ProfileContext::ROLE_IDP); $context->getInboundContext()->addSubContext(ProfileContexts::REQUEST_STATE, (new RequestStateContext())->setRequestState(new RequestState($expectedIds[0]))); $context->addSubContext('assertion_1', (new AssertionContext())->addSubContext(ProfileContexts::REQUEST_STATE, (new RequestStateContext())->setRequestState(new RequestState($expectedIds[1])))); $context->addSubContext('assertion_2', (new AssertionContext())->addSubContext(ProfileContexts::REQUEST_STATE, (new RequestStateContext())->setRequestState(new RequestState($expectedIds[2])))); $requestStoreMock->expects($this->exactly(3))->method('remove')->withConsecutive([$this->equalTo($expectedIds[0])], [$this->equalTo($expectedIds[1])], [$this->equalTo($expectedIds[2])])->willReturnOnConsecutiveCalls(true, true, false); $loggerMock->expects($this->exactly(3))->method('debug')->withConsecutive([$this->equalTo(sprintf('Removed request state "%s"', $expectedIds[0]))], [$this->equalTo(sprintf('Removed request state "%s"', $expectedIds[1]))], [$this->equalTo(sprintf('Request state "%s" does not exist', $expectedIds[2]))]); $action->execute($context); }
public function test_creates_context_for_each_assertion() { $action = new AssertionAction(TestHelper::getLoggerMock($this), $assertionActionMock = $this->getActionMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion($assertion1 = new Assertion())->addAssertion($assertion2 = new Assertion()); $action->execute($context); /** @var AssertionContext $assertionContext */ $assertionContext = $context->getSubContext('assertion_0'); $this->assertInstanceOf(AssertionContext::class, $assertionContext); $this->assertSame($assertion1, $assertionContext->getAssertion()); $assertionContext = $context->getSubContext('assertion_1'); $this->assertInstanceOf(AssertionContext::class, $assertionContext); $this->assertSame($assertion2, $assertionContext->getAssertion()); }
public function test_calls_session_processor() { $action = new SpSsoStateAction(TestHelper::getLoggerMock($this), $sessionProcessorMock = $this->getSessionProcessorMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion($assertion1 = new Assertion()); $response->addAssertion($assertion2 = new Assertion()); $context->getOwnEntityContext()->setEntityDescriptor(new EntityDescriptor($ownEntityId = 'http://own.entity.id')); $context->getPartyEntityContext()->setEntityDescriptor(new EntityDescriptor($partyEntityId = 'http://party.id')); $sessionProcessorMock->expects($this->once())->method('processAssertions')->with($this->isType('array'), $ownEntityId, $partyEntityId)->willReturnCallback(function (array $assertions, $ownId, $partyId) use($assertion1, $assertion2) { $this->assertSame($assertion1, $assertions[0]); $this->assertSame($assertion2, $assertions[1]); }); $action->execute($context); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); $destination = $message->getDestination(); if (null == $destination) { return; } $criteriaSet = $this->getCriteriaSet($context, $destination); $endpoints = $this->endpointResolver->resolve($criteriaSet, $context->getOwnEntityDescriptor()->getAllEndpoints()); if ($endpoints) { return; } $message = sprintf('Invalid inbound message destination "%s"', $destination); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asStatusResponse($context->getInboundContext()); $inResponseTo = $response->getInResponseTo(); if ($inResponseTo) { $requestState = $this->requestStore->get($inResponseTo); if (null == $requestState) { $message = sprintf("Unknown InResponseTo '%s'", $inResponseTo); $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, array('in_response_to' => $inResponseTo))); throw new LightSamlContextException($context, $message); } /** @var RequestStateContext $requestStateContext */ $requestStateContext = $context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, RequestStateContext::class); $requestStateContext->setRequestState($requestState); } }
protected function doExecute(ProfileContext $context) { $logoutResponse = MessageContextHelper::asLogoutResponse($context->getInboundContext()); $id = $logoutResponse->getInResponseTo(); $requestState = $this->requestStore->get($id); $partyEntityId = $requestState->getParameters()->get(RequestStateParameters::PARTY); if ($partyEntityId && $logoutResponse->getIssuer() && $partyEntityId != $logoutResponse->getIssuer()->getValue()) { $message = sprintf('LogoutRequest sent to %s but LogoutResponse for that request was issued by %s', $partyEntityId, $logoutResponse->getIssuer()->getValue()); $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, ['sent_to' => $partyEntityId, 'received_from' => $logoutResponse->getIssuer()->getValue()])); throw new LightSamlContextException($context, $message); } $nameId = $requestState->getParameters()->get(RequestStateParameters::NAME_ID); $nameIdFormat = $requestState->getParameters()->get(RequestStateParameters::NAME_ID_FORMAT); $sessionIndex = $requestState->getParameters()->get(RequestStateParameters::SESSION_INDEX); $numberOfTerminatedSessions = $this->logoutResolver->terminateSession($logoutResponse->getIssuer()->getValue(), $nameId, $nameIdFormat, $sessionIndex); $this->logger->debug(sprintf('Processing LogoutResponse from %s for %s in format %s and session index %s resulted in termination of %s sso session from the store', $partyEntityId, $nameId, $nameIdFormat, $sessionIndex, $numberOfTerminatedSessions), LogHelper::getActionContext($context, $this)); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $authnRequest = MessageContextHelper::asAuthnRequest($context->getInboundContext()); if (false == $authnRequest->getAssertionConsumerServiceURL()) { return; } $spEntityDescriptor = $context->getPartyEntityDescriptor(); foreach ($spEntityDescriptor->getAllSpSsoDescriptors() as $sp) { if ($sp->getAllAssertionConsumerServicesByUrl($authnRequest->getAssertionConsumerServiceURL())) { $this->logger->debug(sprintf('AuthnRequest has assertion consumer url "%s" that belongs to entity "%s"', $authnRequest->getAssertionConsumerServiceURL(), $spEntityDescriptor->getEntityID()), LogHelper::getActionContext($context, $this)); return; } } $message = sprintf("Invalid ACS Url '%s' for '%s' entity", $authnRequest->getAssertionConsumerServiceURL(), $spEntityDescriptor->getEntityID()); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlValidationException($message); }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); if (false == $message->getIssuer()) { $message = 'Inbound message must have Issuer element'; $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } if ($this->allowedFormat && $message->getIssuer()->getValue() && $message->getIssuer()->getFormat() && $message->getIssuer()->getFormat() != $this->allowedFormat) { $message = sprintf("Response Issuer Format if set must have value '%s' but it was '%s'", $this->allowedFormat, $message->getIssuer()->getFormat()); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } try { $this->nameIdValidator->validateNameId($message->getIssuer()); } catch (LightSamlValidationException $ex) { throw new LightSamlContextException($context, $ex->getMessage(), 0, $ex); } }
protected function doExecute(ProfileContext $context) { $statusResponse = MessageContextHelper::asStatusResponse($context->getInboundContext()); if ($statusResponse->getStatus() && $statusResponse->getStatus()->isSuccess()) { return; } if (null == $statusResponse->getStatus()) { $message = 'Status response does not have Status set'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $status = $statusResponse->getStatus()->getStatusCode()->getValue(); $status .= "\n" . $statusResponse->getStatus()->getStatusMessage(); if ($statusResponse->getStatus()->getStatusCode()->getStatusCode()) { $status .= "\n" . $statusResponse->getStatus()->getStatusCode()->getStatusCode()->getValue(); } $message = 'Unsuccessful SAML response: ' . $status; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['status' => $status])); throw new LightSamlAuthenticationException($statusResponse, $message); }
/** * @param ProfileContext $context */ protected function doExecute(ProfileContext $context) { $response = MessageContextHelper::asStatusResponse($context->getInboundContext()); $inResponseTo = $response->getInResponseTo(); if ($inResponseTo) { $requestState = $this->requestStore->get($inResponseTo); if (null == $requestState) { $message = sprintf("Unknown InResponseTo '%s'", $inResponseTo); $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, array('in_response_to' => $inResponseTo))); throw new LightSamlContextException($context, $message); } $sentToParty = $requestState->getParameters()->get(RequestStateParameters::PARTY); if ($sentToParty && $response->getIssuer() && $response->getIssuer()->getValue() != $sentToParty) { $message = sprintf('AuthnRequest with id "%s" sent to party "%s" but StatusResponse for that request issued by party "%s"', $inResponseTo, $sentToParty, $response->getIssuer()->getValue()); $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, array('sent_to' => $sentToParty, 'received_from' => $response->getIssuer()->getValue()))); throw new LightSamlContextException($context, $message); } /** @var RequestStateContext $requestStateContext */ $requestStateContext = $context->getInboundContext()->getSubContext(ProfileContexts::REQUEST_STATE, RequestStateContext::class); $requestStateContext->setRequestState($requestState); } }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); $signature = $message->getSignature(); if (null === $signature) { $this->logger->debug('Message is not signed', LogHelper::getActionContext($context, $this)); return; } if ($signature instanceof AbstractSignatureReader) { $metadataType = ProfileContext::ROLE_IDP === $context->getOwnRole() ? MetadataCriteria::TYPE_SP : MetadataCriteria::TYPE_IDP; $credential = $this->signatureValidator->validate($signature, $message->getIssuer()->getValue(), $metadataType); if ($credential) { $keyNames = $credential->getKeyNames(); $this->logger->debug(sprintf('Message signature validated with key "%s"', implode(', ', $keyNames)), LogHelper::getActionContext($context, $this, array('credential' => $credential))); } else { $this->logger->warning('Signature verification was not performed', LogHelper::getActionContext($context, $this)); } } else { $message = 'Expected AbstractSignatureReader'; $this->logger->critical($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlModelException($message); } }