You are here

private function SAML2_Assertion::parseAuthnContext in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

Parse AuthnContext in AuthnStatement.

Parameters

DOMElement $authnStatementEl:

Throws

Exception

1 call to SAML2_Assertion::parseAuthnContext()
SAML2_Assertion::parseAuthnStatement in includes/Assertion.php
Parse AuthnStatement in assertion.

File

includes/Assertion.php, line 253

Class

SAML2_Assertion

Code

private function parseAuthnContext(DOMElement $authnStatementEl) {

  // Get the AuthnContext element
  $authnContexts = Utilities::xpQuery($authnStatementEl, './saml_assertion:AuthnContext');
  if (count($authnContexts) > 1) {
    throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
  }
  elseif (empty($authnContexts)) {
    throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
  }
  $authnContextEl = $authnContexts[0];

  // Get the AuthnContextDeclRef (if available)
  $authnContextDeclRefs = Utilities::xpQuery($authnContextEl, './saml_assertion:AuthnContextDeclRef');
  if (count($authnContextDeclRefs) > 1) {
    throw new Exception('More than one <saml:AuthnContextDeclRef> found?');
  }
  elseif (count($authnContextDeclRefs) === 1) {
    $this
      ->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent));
  }

  // Get the AuthnContextDecl (if available)
  $authnContextDecls = Utilities::xpQuery($authnContextEl, './saml_assertion:AuthnContextDecl');
  if (count($authnContextDecls) > 1) {
    throw new Exception('More than one <saml:AuthnContextDecl> found?');
  }
  elseif (count($authnContextDecls) === 1) {
    $this
      ->setAuthnContextDecl(new SAML2_XML_Chunk($authnContextDecls[0]));
  }

  // Get the AuthnContextClassRef (if available)
  $authnContextClassRefs = Utilities::xpQuery($authnContextEl, './saml_assertion:AuthnContextClassRef');
  if (count($authnContextClassRefs) > 1) {
    throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
  }
  elseif (count($authnContextClassRefs) === 1) {
    $this
      ->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent));
  }

  // Constraint from XSD: MUST have one of the three
  if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) {
    throw new Exception('Missing either <saml:AuthnContextClassRef> or <saml:AuthnContextDeclRef> or <saml:AuthnContextDecl>');
  }
  $this->AuthenticatingAuthority = Utilities::extractStrings($authnContextEl, 'urn:oasis:names:tc:SAML:2.0:assertion', 'AuthenticatingAuthority');
}