/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $authnContext = new AuthnContext(); $authnContextClassRef = $this->sessionInfoProvider->getAuthnContextClassRef() ?: SamlConstants::AUTHN_CONTEXT_UNSPECIFIED; $authnContext->setAuthnContextClassRef($authnContextClassRef); $authnStatement = new AuthnStatement(); $authnStatement->setAuthnContext($authnContext); $sessionIndex = $this->sessionInfoProvider->getSessionIndex(); if ($sessionIndex) { $authnStatement->setSessionIndex($sessionIndex); } $authnInstant = $this->sessionInfoProvider->getAuthnInstant() ?: new \DateTime(); $authnStatement->setAuthnInstant($authnInstant); $subjectLocality = new SubjectLocality(); $subjectLocality->setAddress($context->getProfileContext()->getHttpRequest()->getClientIp()); $authnStatement->setSubjectLocality($subjectLocality); $context->getAssertion()->addItem($authnStatement); }
private function validateAuthnContext(AuthnContext $authnContext) { if (false == $authnContext->getAuthnContextClassRef() && false == $authnContext->getAuthnContextDecl() && false == $authnContext->getAuthnContextDeclRef()) { throw new LightSamlValidationException('AuthnContext element MUST contain at least one AuthnContextClassRef, AuthnContextDecl or AuthnContextDeclRef element'); } if ($authnContext->getAuthnContextClassRef() && $authnContext->getAuthnContextDecl() && $authnContext->getAuthnContextDeclRef()) { throw new LightSamlValidationException('AuthnContext MUST NOT contain more than two elements.'); } if ($authnContext->getAuthnContextClassRef()) { if (false == Helper::validateWellFormedUriString($authnContext->getAuthnContextClassRef())) { throw new LightSamlValidationException('AuthnContextClassRef has a value which is not a wellformed absolute uri'); } } if ($authnContext->getAuthnContextDeclRef()) { if (false === Helper::validateWellFormedUriString($authnContext->getAuthnContextDeclRef())) { throw new LightSamlValidationException('AuthnContextDeclRef has a value which is not a wellformed absolute uri'); } } }
public function test_authn_statement_ok() { $authnContext = new AuthnContext(); $authnContext->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT); $authnStatement = new AuthnStatement(); $authnStatement->setAuthnInstant(123456789); $authnStatement->setAuthnContext($authnContext); $validator = new StatementValidator(); $validator->validateStatement($authnStatement); }