Skip to content
Snippets Groups Projects
Commit a628c7cb authored by Olav Morken's avatar Olav Morken
Browse files

SAML2_Assertion: Support AuthnInstant. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2135 44740490-163a-0410-bde0-09ae8108e29a
parent 81f9a7c5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 34 additions and 1 deletion
lib/SAML2/Assertion.php
+ 34
1
View file @ a628c7cb
...@@ -116,6 +116,14 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -116,6 +116,14 @@ class SAML2_Assertion implements SAML2_SignedElement {
private $sessionIndex; private $sessionIndex;
/**
* The timestamp the user was authenticated, as an UNIX timestamp.
*
* @var int
*/
private $authnInstant;
/** /**
* The authentication context for this assertion. * The authentication context for this assertion.
* *
...@@ -180,6 +188,7 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -180,6 +188,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
$this->id = SimpleSAML_Utilities::generateID(); $this->id = SimpleSAML_Utilities::generateID();
$this->issueInstant = time(); $this->issueInstant = time();
$this->issuer = ''; $this->issuer = '';
$this->authnInstant = time();
$this->attributes = array(); $this->attributes = array();
$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED; $this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
$this->certificates = array(); $this->certificates = array();
...@@ -378,6 +387,7 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -378,6 +387,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
if (!$as->hasAttribute('AuthnInstant')) { if (!$as->hasAttribute('AuthnInstant')) {
throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.'); throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
} }
$this->authnInstant = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('AuthnInstant'));
if ($as->hasAttribute('SessionNotOnOrAfter')) { if ($as->hasAttribute('SessionNotOnOrAfter')) {
$this->sessionNotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('SessionNotOnOrAfter')); $this->sessionNotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('SessionNotOnOrAfter'));
...@@ -761,6 +771,29 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -761,6 +771,29 @@ class SAML2_Assertion implements SAML2_SignedElement {
} }
/**
* Retrieve the AuthnInstant of the assertion.
*
* @return int The timestamp the user was authenticated.
*/
public function getAuthnInstant() {
return $this->authnInstant;
}
/**
* Set the AuthnInstant of the assertion.
*
* @param int $authnInstant The timestamp the user was authenticated.
*/
public function setAuthnInstant($authnInstant) {
assert('is_int($authnInstant)');
$this->authnInstant = $authnInstant;
}
/** /**
* Retrieve the session expiration timestamp. * Retrieve the session expiration timestamp.
* *
...@@ -1069,7 +1102,7 @@ class SAML2_Assertion implements SAML2_SignedElement { ...@@ -1069,7 +1102,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
$as = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement'); $as = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement');
$root->appendChild($as); $root->appendChild($as);
$as->setAttribute('AuthnInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant)); $as->setAttribute('AuthnInstant', gmdate('Y-m-d\TH:i:s\Z', $this->authnInstant));
if ($this->sessionNotOnOrAfter !== NULL) { if ($this->sessionNotOnOrAfter !== NULL) {
$as->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter)); $as->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter));
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment