/**
* @param \SAML2\Assertion $assertion
*/
public function validateAssertion(Assertion $assertion)
{
$assertionValidationResult = $this->assertionValidator->validate($assertion);
if (!$assertionValidationResult->isValid()) {
throw new InvalidAssertionException(sprintf('Invalid Assertion in SAML Response, erorrs: "%s"', implode('", "', $assertionValidationResult->getErrors())));
}
foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) {
$subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate($subjectConfirmation);
if (!$subjectConfirmationValidationResult->isValid()) {
throw new InvalidSubjectConfirmationException(sprintf('Invalid SubjectConfirmation in Assertion, errors: "%s"', implode('", "', $subjectConfirmationValidationResult->getErrors())));
}
}
}
private static function createAssertionValidator(IdentityProvider $identityProvider, ServiceProvider $serviceProvider)
{
$validator = new AssertionValidator($identityProvider, $serviceProvider);
$validator->addConstraintValidator(new NotBefore());
$validator->addConstraintValidator(new NotOnOrAfter());
$validator->addConstraintValidator(new SessionNotOnOrAfter());
$validator->addConstraintValidator(new SpIsValidAudience());
return $validator;
}
