Net::SPID::SAML::Assertion
version 0.11
use Net::SPID; # initialize our SPID object my $spid = Net::SPID->new(...); # parse a response from an Identity Provider my $assertion = eval { $spid->parse_assertion($saml_response_xml, $authnreq_id); }; # perform validation die "Invalid assertion!" if !$assertion->validate($our_entityid, $request_id); # read the SPID level print "SPID Level: ", $assertion->spid_level, "\n"; # get a Net::SPID::Session object (serializable for later reuse, such as logout) my $session = $assertion->spid_session;
This class represents a SPID Response/Assertion message. We get such messages either after an AuthnRequest (Single Sign-On) or after an AttributeQuery.
This class is not supposed to be instantiated directly. It is returned by "parse_assertion" in Net::SPID::SAML.
This method returns the raw assertion in its XML format.
my $xml = $assertion->xml;
This method performs validation by calling all of the valid_* methods described below.
valid_*
On success it returns a true value. On failure it will throw an exception.
eval { $assertion->validate($request_id); }; die "Invalid assertion: $@" if $@;
This method checks that the Audience attribute equals our entityID and returns a boolean value.
Audience
die "Invalid audience" if !$assertion->valid_audience;
This method checks that the InResponseTo attribute equals the supplied request ID and returns a boolean value.
InResponseTo
die "Invalid InResponseTo" if !$assertion->in_response_to($request_id);
This method checks that the NotBefore condition contained in the assertion is compatible with the current timestamp and returns a boolean value.
NotBefore
die "Invalid NotBefore" if !$assertion->valid_not_before;
This method checks that the NotAfter condition contained in the assertion is compatible with the current timestamp and returns a boolean value.
NotAfter
die "Invalid NotBefore" if !$assertion->valid_not_after;
This method returns the SPID level asserted by the Identity Provider, as an integer (1, 2 or 3). Note that this may not coincide with the level requested in the AuthnRequest.
This method returns a Net::SPID::Session object populated with information from this Assertion. It's serializable and you might want to store it for later reuse (i.e. for generating a logout request).
Alessandro Ranellucci <aar@cpan.org>
This software is Copyright (c) 2018 by Alessandro Ranellucci.
This is free software, licensed under:
The (three-clause) BSD License
To install Net::SPID, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::SPID
CPAN shell
perl -MCPAN -e shell install Net::SPID
For more information on module installation, please visit the detailed CPAN module installation guide.