Properties

$_attributes

$_attributes : array

User attributes data.

Type

array

$_attributesWithFriendlyName

$_attributesWithFriendlyName : array

User attributes data with FriendlyName index.

Type

array

$_nameid

$_nameid : string

NameID

Type

string

$_nameidFormat

$_nameidFormat : string

NameID Format

Type

string

$_nameidNameQualifier

$_nameidNameQualifier : string

NameID NameQualifier

Type

string

$_nameidSPNameQualifier

$_nameidSPNameQualifier : string

NameID SP NameQualifier

Type

string

$_authenticated

$_authenticated : boolean

If user is authenticated.

Type

boolean

$_sessionIndex

$_sessionIndex : string

SessionIndex. When the user is logged, this stored it from the AuthnStatement of the SAML Response

Type

string

$_sessionExpiration

$_sessionExpiration : integer|null

SessionNotOnOrAfter. When the user is logged, this stored it from the AuthnStatement of the SAML Response

Type

integer|null

$_lastMessageId

$_lastMessageId : string

The ID of the last message processed

Type

string

$_lastAssertionId

$_lastAssertionId : string

The ID of the last assertion processed

Type

string

$_lastAssertionNotOnOrAfter

$_lastAssertionNotOnOrAfter : integer

The NotOnOrAfter value of the valid SubjectConfirmationData node (if any) of the last assertion processed

Type

integer

$_errors

$_errors : array

If any error.

Type

array

$_errorReason

$_errorReason : string|null

Reason of the last error.

Type

string|null

$_lastRequestID

$_lastRequestID : string

Last AuthNRequest ID or LogoutRequest ID generated by this Service Provider

Type

string

$_lastRequest

$_lastRequest : string

The most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)

Type

string

$_lastResponse

$_lastResponse : string|\DomDocument|null

The most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse). If the SAMLResponse was encrypted, by default tries to return the decrypted XML

Type

string|\DomDocument|null

Methods

__construct()

__construct(array|object|null  $oldSettings = null, boolean  $spValidationOnly = false) 

Initializes the SP SAML instance.

Parameters

array|object|null $oldSettings

Setting data (You can provide a OneLogin_Saml_Settings, the settings object of the Saml folder implementation)

boolean $spValidationOnly

if you only as an SP , you should set it to false if not you should set it to true

Throws

\OneLogin_Saml2_Error

getSettings()

getSettings() : \OneLogin_Saml2_Settings

Returns the settings info

Returns

\OneLogin_Saml2_Settings

The settings data.

setStrict()

setStrict(boolean  $value) 

Set the strict mode active/disable

Parameters

boolean $value

Strict parameter

Throws

\OneLogin_Saml2_Error

setSchemasPath()

setSchemasPath(string  $path) : $this

Set schemas path

Parameters

string $path

Returns

$this

processResponse()

processResponse(string|null  $requestId = null) 

Process the SAML Response sent by the IdP.

Parameters

string|null $requestId

The ID of the AuthNRequest sent by this SP to the IdP

Throws

\OneLogin_Saml2_Error
\OneLogin_Saml2_ValidationError

processSLO()

processSLO(boolean  $keepLocalSession = false, string|null  $requestId = null, boolean  $retrieveParametersFromServer = false, callable  $cbDeleteSession = null, boolean  $stay = false) : string|null

Process the SAML Logout Response / Logout Request sent by the IdP.

Parameters

boolean $keepLocalSession

When false will destroy the local session, otherwise will keep it

string|null $requestId

The ID of the LogoutRequest sent by this SP to the IdP

boolean $retrieveParametersFromServer

True if we want to use parameters from $_SERVER to validate the signature

callable $cbDeleteSession

Callback to be executed to delete session

boolean $stay

True if we want to stay (returns the url string) False to redirect

Throws

\OneLogin_Saml2_Error

Returns

string|null

redirectTo()

redirectTo(string  $url = '', array  $parameters = array(), boolean  $stay = false) : string|null

Redirects the user to the url past by parameter or to the url that we defined in our SSO Request.

Parameters

string $url

The target URL to redirect the user.

array $parameters

Extra parameters to be passed as part of the url

boolean $stay

True if we want to stay (returns the url string) False to redirect

Throws

\OneLogin_Saml2_Error

Returns

string|null

isAuthenticated()

isAuthenticated() : boolean

Checks if the user is authenticated or not.

Returns

boolean —

True if the user is authenticated

getAttributes()

getAttributes() : array

Returns the set of SAML attributes.

Returns

array —

Attributes of the user.

getAttributesWithFriendlyName()

getAttributesWithFriendlyName() : array

Returns the set of SAML attributes indexed by FriendlyName

Returns

array —

Attributes of the user.

getNameId()

getNameId() : string

Returns the nameID

Returns

string —

The nameID of the assertion

getNameIdFormat()

getNameIdFormat() : string

Returns the nameID Format

Returns

string —

The nameID Format of the assertion

getNameIdNameQualifier()

getNameIdNameQualifier() : string

Returns the nameID NameQualifier

Returns

string —

The nameID NameQualifier of the assertion

getNameIdSPNameQualifier()

getNameIdSPNameQualifier() : string

Returns the nameID SP NameQualifier

Returns

string —

The nameID SP NameQualifier of the assertion

getSessionIndex()

getSessionIndex() : string|null

Returns the SessionIndex

Returns

string|null —

The SessionIndex of the assertion

getSessionExpiration()

getSessionExpiration() : integer|null

Returns the SessionNotOnOrAfter

Returns

integer|null —

The SessionNotOnOrAfter of the assertion

getErrors()

getErrors() : array

Returns if there were any error

Returns

array —

Errors

getLastErrorReason()

getLastErrorReason() : string|null

Returns the reason for the last error

Returns

string|null —

Error reason

getAttribute()

getAttribute(string  $name) : array|null

Returns the requested SAML attribute

Parameters

string $name

The requested attribute of the user.

Returns

array|null —

Requested SAML attribute ($name).

getAttributeWithFriendlyName()

getAttributeWithFriendlyName(string  $friendlyName) : array|null

Returns the requested SAML attribute indexed by FriendlyName

Parameters

string $friendlyName

The requested attribute of the user.

Returns

array|null —

Requested SAML attribute ($friendlyName).

login()

login(string|null  $returnTo = null, array  $parameters = array(), boolean  $forceAuthn = false, boolean  $isPassive = false, boolean  $stay = false, boolean  $setNameIdPolicy = true, string  $nameIdValueReq = null) : string|null

Initiates the SSO process.

Parameters

string|null $returnTo

The target URL the user should be returned to after login.

array $parameters

Extra parameters to be added to the GET

boolean $forceAuthn

When true the AuthNRequest will set the ForceAuthn='true'

boolean $isPassive

When true the AuthNRequest will set the Ispassive='true'

boolean $stay

True if we want to stay (returns the url string) False to redirect

boolean $setNameIdPolicy

When true the AuthNRueqest will set a nameIdPolicy element

string $nameIdValueReq

Indicates to the IdP the subject that should be authenticated

Throws

\OneLogin_Saml2_Error

Returns

string|null —

If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters

logout()

logout(string|null  $returnTo = null, array  $parameters = array(), string|null  $nameId = null, string|null  $sessionIndex = null, boolean  $stay = false, string|null  $nameIdFormat = null, string|null  $nameIdNameQualifier = null,   $nameIdSPNameQualifier = null) : string|null

Initiates the SLO process.

Parameters

string|null $returnTo

The target URL the user should be returned to after logout.

array $parameters

Extra parameters to be added to the GET

string|null $nameId

The NameID that will be set in the LogoutRequest.

string|null $sessionIndex

The SessionIndex (taken from the SAML Response in the SSO process).

boolean $stay

True if we want to stay (returns the url string) False to redirect

string|null $nameIdFormat

The NameID Format will be set in the LogoutRequest.

string|null $nameIdNameQualifier

The NameID NameQualifier will be set in the LogoutRequest.

$nameIdSPNameQualifier

Throws

\OneLogin_Saml2_Error

Returns

string|null —

If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters

getSSOurl()

getSSOurl() : string

Gets the IdP SSO url.

Returns

string —

The url of the IdP Single Sign On Service

getSLOurl()

getSLOurl() : string|null

Gets the IdP SLO url.

Returns

string|null —

The url of the IdP Single Logout Service

getSLOResponseUrl()

getSLOResponseUrl() : string|null

Gets the IdP SLO response url.

Returns

string|null —

The response url of the IdP Single Logout Service

getLastRequestID()

getLastRequestID() : string

Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider.

Returns

string —

The ID of the Request SAML message.

buildRequestSignature()

buildRequestSignature(string  $samlRequest, string  $relayState, string  $signAlgorithm = \XMLSecurityKey::RSA_SHA1) : string

Generates the Signature for a SAML Request

Parameters

string $samlRequest

The SAML Request

string $relayState

The RelayState

string $signAlgorithm

Signature algorithm method

Throws

\OneLogin_Saml2_Error

Returns

string —

A base64 encoded signature

buildResponseSignature()

buildResponseSignature(string  $samlResponse, string  $relayState, string  $signAlgorithm = \XMLSecurityKey::RSA_SHA1) : string

Generates the Signature for a SAML Response

Parameters

string $samlResponse

The SAML Response

string $relayState

The RelayState

string $signAlgorithm

Signature algorithm method

Throws

\OneLogin_Saml2_Error

Returns

string —

A base64 encoded signature

getLastMessageId()

getLastMessageId() : string

Returns

string —

The ID of the last message processed

getLastAssertionId()

getLastAssertionId() : string

Returns

string —

The ID of the last assertion processed

getLastAssertionNotOnOrAfter()

getLastAssertionNotOnOrAfter() : integer

Returns

integer —

The NotOnOrAfter value of the valid SubjectConfirmationData node (if any) of the last assertion processed

getLastRequestXML()

getLastRequestXML() : string

Returns the most recently-constructed/processed XML SAML request (AuthNRequest, LogoutRequest)

Returns

string —

The Request XML

getLastResponseXML()

getLastResponseXML() : string|null

Returns the most recently-constructed/processed XML SAML response (SAMLResponse, LogoutResponse).

If the SAMLResponse was encrypted, by default tries to return the decrypted XML.

Returns

string|null —

The Response XML

buildMessageSignature()

buildMessageSignature(string  $samlMessage, string  $relayState, string  $signAlgorithm = \XMLSecurityKey::RSA_SHA256, string  $type = "SAMLRequest") : string

Generates the Signature for a SAML Response

Parameters

string $samlMessage

The SAML Response

string $relayState

The RelayState

string $signAlgorithm

Signature algorithm method

string $type

"SAMLRequest" or "SAMLResponse"

Throws

\OneLogin_Saml2_Error

Returns

string —

A base64 encoded signature