/** * @param \SAML2\Assertion $assertion */ public function validateAssertion(Assertion $assertion) { $assertionValidationResult = $this->assertionValidator->validate($assertion); if (!$assertionValidationResult->isValid()) { throw new InvalidAssertionException(sprintf('Invalid Assertion in SAML Response, erorrs: "%s"', implode('", "', $assertionValidationResult->getErrors()))); } foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) { $subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate($subjectConfirmation); if (!$subjectConfirmationValidationResult->isValid()) { throw new InvalidSubjectConfirmationException(sprintf('Invalid SubjectConfirmation in Assertion, errors: "%s"', implode('", "', $subjectConfirmationValidationResult->getErrors()))); } } }
private static function createAssertionValidator(IdentityProvider $identityProvider, ServiceProvider $serviceProvider) { $validator = new AssertionValidator($identityProvider, $serviceProvider); $validator->addConstraintValidator(new NotBefore()); $validator->addConstraintValidator(new NotOnOrAfter()); $validator->addConstraintValidator(new SessionNotOnOrAfter()); $validator->addConstraintValidator(new SpIsValidAudience()); return $validator; }