} /* Filter which attribute values we should return. */ $returnAttributes[$name] = array_intersect($values, $attributes[$name]); } } /* $returnAttributes contains the attributes we should return. Send them. */ $assertion = new \SAML2\Assertion(); $assertion->setIssuer($idpEntityId); $assertion->setNameId($query->getNameId()); $assertion->setNotBefore(time()); $assertion->setNotOnOrAfter(time() + 5 * 60); $assertion->setValidAudiences(array($spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($attributeNameFormat); $sc = new \SAML2\XML\saml\SubjectConfirmation(); $sc->Method = \SAML2\Constants::CM_BEARER; $sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + 5 * 60; $sc->SubjectConfirmationData->Recipient = $endpoint; $sc->SubjectConfirmationData->InResponseTo = $query->getId(); $assertion->setSubjectConfirmation(array($sc)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion); $response = new \SAML2\Response(); $response->setRelayState($query->getRelayState()); $response->setDestination($endpoint); $response->setIssuer($idpEntityId); $response->setInResponseTo($query->getId()); $response->setAssertions(array($assertion)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response); $binding = new \SAML2\HTTPPost(); $binding->send($response);