NAME

Net::SAML2::Protocol::Assertion - SAML2 assertion object

VERSION

version 0.81

SYNOPSIS

my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(
  xml => decode_base64($SAMLResponse)
);

METHODS

new_from_xml( ... )

Constructor. Creates an instance of the Assertion object, parsing the given XML to find the attributes, session and nameid.

Arguments:

xml

XML data

key_file

Optional but Required handling Encrypted Assertions.

path to the SP's private key file that matches the SP's public certificate used by the IdP to Encrypt the response (or parts of the response)

cacert

path to the CA certificate for verification. Optional: This is only used for validating the certificate provided for a signed Assertion that was found when the EncryptedAssertion is decrypted.

While optional it is recommended for ensuring that the Assertion in an EncryptedAssertion is properly validated.

response_status

Returns the response status

response_substatus

SAML errors are usually "nested" ("Responder -> RequestDenied" for instance, means that the responder in this transaction (the IdP) denied the login request). For proper error message generation, both levels are needed.

name

Returns the CN attribute, if provided.

nameid

Returns the NameID

nameid_format

Returns the NameID Format

nameid_name_qualifier

Returns the NameID NameQualifier

nameid_sp_name_qualifier

Returns the NameID SPNameQualifier

nameid_sp_provided_id

Returns the NameID SPProvidedID

authnstatement

Returns the AuthnStatement

authnstatement_authninstant

Returns the AuthnStatement AuthnInstant

authnstatement_sessionindex

Returns the AuthnStatement SessionIndex

authnstatement_subjectlocality

Returns the AuthnStatement SubjectLocality

subjectlocality_address

Returns the SubjectLocality Address

subjectlocality_dnsname

Returns the SubjectLocality DNSName

authnstatement_authncontext

Returns the AuthnContext for the AuthnStatement

contextclass_authncontextclassref

Returns the ContextClass AuthnContextClassRef

valid( $audience, $in_response_to )

Returns true if this Assertion is currently valid for the given audience.

Also accepts $in_response_to which it checks against the returned Assertion. This is very important for security as it helps ensure that the assertion that was received was for the request that was made.

Checks the audience matches, and that the current time is within the Assertions validity period as specified in its Conditions element.

success

Returns true if the response status is a success, returns false otherwise. In case the assertion isn't successfull, the "response_status" and "response_substatus" calls can be use to see why the assertion wasn't successful.

AUTHORS

  • Chris Andrews <chrisa@cpan.org>

  • Timothy Legge <timlegge@gmail.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2024 by Venda Ltd, see the CONTRIBUTORS file for others.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.