Пример #1
0
 public function validate(Assertion $assertion, Result $result)
 {
     $notBeforeTimestamp = $assertion->getNotBefore();
     if ($notBeforeTimestamp && $notBeforeTimestamp > Temporal::getTime() + 60) {
         $result->addError('Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.');
     }
 }
Пример #2
0
 public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
 {
     $notBefore = $subjectConfirmation->SubjectConfirmationData->NotBefore;
     if ($notBefore && $notBefore > Temporal::getTime() + 60) {
         $result->addError('NotBefore in SubjectConfirmationData is in the future');
     }
 }
Пример #3
0
 public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
 {
     $notOnOrAfter = $subjectConfirmation->SubjectConfirmationData->NotOnOrAfter;
     if ($notOnOrAfter && $notOnOrAfter <= Temporal::getTime() - 60) {
         $result->addError('NotOnOrAfter in SubjectConfirmationData is in the past');
     }
 }
Пример #4
0
 public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
 {
     $recipient = $subjectConfirmation->SubjectConfirmationData->Recipient;
     if ($recipient && !$this->destination->equals(new Destination($recipient))) {
         $result->addError(sprintf('Recipient in SubjectConfirmationData ("%s") does not match the current destination ("%s")', $recipient, $this->destination));
     }
 }
Пример #5
0
 public function validate(Assertion $assertion, Result $result)
 {
     $notValidOnOrAfterTimestamp = $assertion->getNotOnOrAfter();
     if ($notValidOnOrAfterTimestamp && $notValidOnOrAfterTimestamp <= Temporal::getTime() - 60) {
         $result->addError('Received an assertion that has expired. Check clock synchronization on IdP and SP.');
     }
 }
Пример #6
0
 public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
 {
     $inResponseTo = $subjectConfirmation->SubjectConfirmationData->InResponseTo;
     if ($inResponseTo && $this->getInResponseTo() && $this->getInResponseTo() !== $inResponseTo) {
         $result->addError(sprintf('InResponseTo in SubjectConfirmationData ("%s") does not match the Response InResponseTo ("%s")', $inResponseTo, $this->getInResponseTo()));
     }
 }
Пример #7
0
 public function validate(Assertion $assertion, Result $result)
 {
     $sessionNotOnOrAfterTimestamp = $assertion->getSessionNotOnOrAfter();
     $currentTime = Temporal::getTime();
     if ($sessionNotOnOrAfterTimestamp && $sessionNotOnOrAfterTimestamp <= $currentTime - 60) {
         $result->addError('Received an assertion with a session that has expired. Check clock synchronization on IdP and SP.');
     }
 }
Пример #8
0
 public function validate(Assertion $assertion, Result $result)
 {
     $intendedAudiences = $assertion->getValidAudiences();
     if ($intendedAudiences === null) {
         return;
     }
     $entityId = $this->serviceProvider->getEntityId();
     if (!in_array($entityId, $intendedAudiences)) {
         $result->addError(sprintf('The configured Service Provider [%s] is not a valid audience for the assertion. Audiences: [%s]', $entityId, implode('], [', $intendedAudiences)));
     }
 }
Пример #9
0
 public function validate(SubjectConfirmation $subjectConfirmation, Result $result)
 {
     if ($subjectConfirmation->Method !== Constants::CM_BEARER) {
         $result->addError(sprintf('Invalid Method on SubjectConfirmation, current;y only Bearer (%s) is supported', Constants::CM_BEARER));
     }
 }