NAME
Net::SAML2::Protocol::Assertion - SAML2 assertion object
VERSION
version 0.81
SYNOPSIS
my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
xml => decode_base64($SAMLResponse)
);
METHODS
new_from_xml( ... )
Constructor. Creates an instance of the Assertion object, parsing the given XML to find the attributes, session and nameid.
Arguments:
- xml
-
XML data
- key_file
-
Optional but Required handling Encrypted Assertions.
path to the SP's private key file that matches the SP's public certificate used by the IdP to Encrypt the response (or parts of the response)
- cacert
-
path to the CA certificate for verification. Optional: This is only used for validating the certificate provided for a signed Assertion that was found when the EncryptedAssertion is decrypted.
While optional it is recommended for ensuring that the Assertion in an EncryptedAssertion is properly validated.
response_status
Returns the response status
response_substatus
SAML errors are usually "nested" ("Responder -> RequestDenied" for instance, means that the responder in this transaction (the IdP) denied the login request). For proper error message generation, both levels are needed.
name
Returns the CN attribute, if provided.
nameid
Returns the NameID
nameid_format
Returns the NameID Format
nameid_name_qualifier
Returns the NameID NameQualifier
nameid_sp_name_qualifier
Returns the NameID SPNameQualifier
nameid_sp_provided_id
Returns the NameID SPProvidedID
authnstatement
Returns the AuthnStatement
authnstatement_authninstant
Returns the AuthnStatement AuthnInstant
authnstatement_sessionindex
Returns the AuthnStatement SessionIndex
authnstatement_subjectlocality
Returns the AuthnStatement SubjectLocality
subjectlocality_address
Returns the SubjectLocality Address
subjectlocality_dnsname
Returns the SubjectLocality DNSName
authnstatement_authncontext
Returns the AuthnContext for the AuthnStatement
contextclass_authncontextclassref
Returns the ContextClass AuthnContextClassRef
valid( $audience, $in_response_to )
Returns true if this Assertion is currently valid for the given audience.
Also accepts $in_response_to which it checks against the returned Assertion. This is very important for security as it helps ensure that the assertion that was received was for the request that was made.
Checks the audience matches, and that the current time is within the Assertions validity period as specified in its Conditions element.
success
Returns true if the response status is a success, returns false otherwise. In case the assertion isn't successfull, the "response_status" and "response_substatus" calls can be use to see why the assertion wasn't successful.
AUTHORS
Chris Andrews <chrisa@cpan.org>
Timothy Legge <timlegge@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2024 by Venda Ltd, see the CONTRIBUTORS file for others.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.