Properties

$response

$response : string

The decoded, unprocessed XML response provided to the constructor.

Type

string

$document

$document : \DomDocument

A DOMDocument class loaded from the SAML Response.

Type

\DomDocument

$decryptedDocument

$decryptedDocument : \DomDocument

A DOMDocument class loaded from the SAML Response (Decrypted).

Type

\DomDocument

$encrypted

$encrypted : boolean

The response contains an encrypted assertion.

Type

boolean

$_error

$_error : string

After validation, if it fail this var has the cause of the problem

Type

string

$_validSCDNotOnOrAfter

$_validSCDNotOnOrAfter : integer

NotOnOrAfter value of a valid SubjectConfirmationData node

Type

integer

Methods

__construct()

__construct(\OneLogin_Saml2_Settings  $settings, string  $response) 

Constructs the SAML Response object.

Parameters

\OneLogin_Saml2_Settings $settings

Settings.

string $response

A UUEncoded SAML response from the IdP.

Throws

\OneLogin_Saml2_Error
\OneLogin_Saml2_ValidationError

isValid()

isValid(string|null  $requestId = null) : boolean

Determines if the SAML Response is valid using the certificate.

Parameters

string|null $requestId

The ID of the AuthNRequest sent by this SP to the IdP

Returns

boolean —

Validate the document

getId()

getId() : string|null

Returns

string|null —

the ID of the Response

getAssertionId()

getAssertionId() : string|null

Throws

\InvalidArgumentException

Returns

string|null —

the ID of the assertion in the Response

getAssertionNotOnOrAfter()

getAssertionNotOnOrAfter() : integer

Returns

integer —

the NotOnOrAfter value of the valid SubjectConfirmationData node if any

checkStatus()

checkStatus() 

Checks if the Status is success

Throws

\OneLogin_Saml2_ValidationError

If status is not success

checkOneCondition()

checkOneCondition() : boolean

Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique.

Returns

boolean —

true if the Conditions element exists and is unique

checkOneAuthnStatement()

checkOneAuthnStatement() : boolean

Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique.

Returns

boolean —

true if the AuthnStatement element exists and is unique

getAudiences()

getAudiences() : array

Gets the audiences.

Returns

array —

@audience The valid audiences of the response

getIssuers()

getIssuers() : array

Gets the Issuers (from Response and Assertion).

Throws

\OneLogin_Saml2_ValidationError

Returns

array —

@issuers The issuers of the assertion/response

getNameIdData()

getNameIdData() : array

Gets the NameID Data provided by the SAML response from the IdP.

Throws

\OneLogin_Saml2_ValidationError

Returns

array —

Name ID Data (Value, Format, NameQualifier, SPNameQualifier)

getNameId()

getNameId() : string|null

Gets the NameID provided by the SAML response from the IdP.

Throws

\OneLogin_Saml2_ValidationError

Returns

string|null —

Name ID Value

getNameIdFormat()

getNameIdFormat() : string|null

Gets the NameID Format provided by the SAML response from the IdP.

Throws

\OneLogin_Saml2_ValidationError

Returns

string|null —

Name ID Format

getNameIdNameQualifier()

getNameIdNameQualifier() : string|null

Gets the NameID NameQualifier provided by the SAML response from the IdP.

Throws

\OneLogin_Saml2_ValidationError

Returns

string|null —

Name ID NameQualifier

getNameIdSPNameQualifier()

getNameIdSPNameQualifier() : string|null

Gets the NameID SP NameQualifier provided by the SAML response from the IdP.

Throws

\ValidationError

Returns

string|null —

NameID SP NameQualifier

getSessionNotOnOrAfter()

getSessionNotOnOrAfter() : integer|null

Gets the SessionNotOnOrAfter from the AuthnStatement.

Could be used to set the local session expiration

Throws

\Exception

Returns

integer|null —

The SessionNotOnOrAfter value

getSessionIndex()

getSessionIndex() : string|null

Gets the SessionIndex from the AuthnStatement.

Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted

Returns

string|null —

The SessionIndex value

getAttributes()

getAttributes() : array

Gets the Attributes from the AttributeStatement element.

Throws

\OneLogin_Saml2_ValidationError

Returns

array —

The attributes of the SAML Assertion

getAttributesWithFriendlyName()

getAttributesWithFriendlyName() : array

Gets the Attributes from the AttributeStatement element using their FriendlyName.

Throws

\OneLogin_Saml2_ValidationError

Returns

array —

The attributes of the SAML Assertion

validateNumAssertions()

validateNumAssertions() : boolean

Verifies that the document only contains a single Assertion (encrypted or not).

Returns

boolean —

TRUE if the document passes.

processSignedElements()

processSignedElements() : array

Verifies the signature nodes: - Checks that are Response or Assertion - Check that IDs and reference URI are unique and consistent.

Throws

\OneLogin_Saml2_ValidationError

Returns

array —

Signed element tags

validateTimestamps()

validateTimestamps() : boolean

Verifies that the document is still valid according Conditions Element.

Throws

\Exception
\OneLogin_Saml2_ValidationError

Returns

boolean

validateSignedElements()

validateSignedElements(  $signedElements) : boolean

Verifies that the document has the expected signed nodes.

Parameters

$signedElements

Throws

\OneLogin_Saml2_ValidationError

Returns

boolean

getError()

getError() : string

After execute a validation process, if fails this method returns the cause

Returns

string —

Cause

getXMLDocument()

getXMLDocument() : \DomDocument

Returns the SAML Response document (If contains an encrypted assertion, decrypts it)

Returns

\DomDocument —

SAML Response

_queryAssertion()

_queryAssertion(string  $assertionXpath) : \DOMNodeList

Extracts a node from the DOMDocument (Assertion).

Parameters

string $assertionXpath

Xpath Expression

Returns

\DOMNodeList —

The queried node

_decryptAssertion()

_decryptAssertion(\DomNode  $dom) : \DOMDocument

Decrypts the Assertion (DOMDocument)

Parameters

\DomNode $dom

DomDocument

Throws

\OneLogin_Saml2_Error
\OneLogin_Saml2_ValidationError

Returns

\DOMDocument —

Decrypted Assertion

_getAttributesByKeyName()

_getAttributesByKeyName(string  $keyName = "Name") : array

Parameters

string $keyName

Throws

\OneLogin_Saml2_ValidationError

Returns

array

_query()

_query(string  $query) : \DOMNodeList

Extracts nodes that match the query from the DOMDocument (Response Menssage)

Parameters

string $query

Xpath Expresion

Returns

\DOMNodeList —

The queried nodes