diff --git a/lib/SAML2/AuthnRequest.php b/lib/SAML2/AuthnRequest.php
index a442dd64055d8afec36974f7b2f68a2074736670..094a0e4bd052c9ee17919883f21ce3ba2b274e9d 100644
--- a/lib/SAML2/AuthnRequest.php
+++ b/lib/SAML2/AuthnRequest.php
@@ -53,6 +53,18 @@ class SAML2_AuthnRequest extends SAML2_Request {
private $protocolBinding;
+ /**
+ * What authentication context was requested.
+ *
+ * Array with the following elements.
+ * - AuthnContextClassRef (required)
+ * - Comparison (optinal)
+ *
+ * @var array
+ */
+ private $requestedAuthnContext;
+
+
/**
* Constructor for SAML 2 authentication request messages.
*
@@ -94,7 +106,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
$this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
}
}
-
+
+ $requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
+ if (!empty($requestedAuthnContext)) {
+ $requestedAuthnContext = $requestedAuthnContext[0];
+
+ $rac = array(
+ 'AuthnContextClassRef' => array(),
+ 'Comparison' => 'exact',
+ );
+
+ $accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
+ foreach ($accr as $i) {
+ $rac['AuthnContextClassRef'][] = trim($i->textContent);
+ }
+
+ if ($requestedAuthnContext->hasAttribute('Comparison')) {
+ $rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
+ }
+
+ $this->requestedAuthnContext = $rac;
+ }
+
$idpEntries = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping/saml_protocol:IDPList/saml_protocol:IDPEntry');
foreach($idpEntries as $idpEntry) {
@@ -246,6 +279,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
}
+ /**
+ * Retrieve the RequestedAuthnContext.
+ *
+ * @return array|NULL The RequestedAuthnContext.
+ */
+ public function getRequestedAuthnContext() {
+ return $this->requestedAuthnContext;
+ }
+
+
+ /**
+ * Set the RequestedAuthnContext.
+ *
+ * @param array|NULL $requestedAuthnContext The RequestedAuthnContext.
+ */
+ public function setRequestedAuthnContext($requestedAuthnContext) {
+ assert('is_array($requestedAuthnContext) || is_null($requestedAuthnContext)');
+
+ $this->requestedAuthnContext = $requestedAuthnContext;
+ }
+
+
/**
* Convert this authentication request to an XML element.
*
@@ -285,6 +340,20 @@ class SAML2_AuthnRequest extends SAML2_Request {
$root->appendChild($nameIdPolicy);
}
+ $rac = $this->requestedAuthnContext;
+ if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
+ $e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
+ $root->appendChild($e);
+ if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
+ $e->setAttribute('Comparison', $rac['Comparison']);
+ }
+ foreach ($rac['AuthnContextClassRef'] as $accr) {
+ $i = $this->document->createElementNS(SAML2_Const::NS_SAML, 'AuthnContextClassRef');
+ $i->appendChild($this->document->createTextNode($accr));
+ $e->appendChild($i);
+ }
+ }
+
if (count($this->IDPList) > 0) {
$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
$idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');