The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
Net-SPID-0.11
River stage one • 1 direct dependent • 1 total dependent
3 ++
/ Net::SPID::SAML::Assertion

NAME

Net::SPID::SAML::Assertion

VERSION

version 0.11

SYNOPSIS

    use Net::SPID;
    
    # initialize our SPID object
    my $spid = Net::SPID->new(...);
    
    # parse a response from an Identity Provider
    my $assertion = eval {
        $spid->parse_assertion($saml_response_xml, $authnreq_id);
    };
    
    # perform validation
    die "Invalid assertion!" if !$assertion->validate($our_entityid, $request_id);
    
    # read the SPID level
    print "SPID Level: ", $assertion->spid_level, "\n";
    
    # get a Net::SPID::Session object (serializable for later reuse, such as logout)
    my $session = $assertion->spid_session;

ABSTRACT

This class represents a SPID Response/Assertion message. We get such messages either after an AuthnRequest (Single Sign-On) or after an AttributeQuery.

CONSTRUCTOR

This class is not supposed to be instantiated directly. It is returned by "parse_assertion" in Net::SPID::SAML.

METHODS

xml

This method returns the raw assertion in its XML format.

    my $xml = $assertion->xml;

validate

This method performs validation by calling all of the valid_* methods described below.

On success it returns a true value. On failure it will throw an exception.

    eval {
        $assertion->validate($request_id);
    };
    die "Invalid assertion: $@" if $@;

valid_audience

This method checks that the Audience attribute equals our entityID and returns a boolean value.

    die "Invalid audience" if !$assertion->valid_audience;

valid_in_response_to

This method checks that the InResponseTo attribute equals the supplied request ID and returns a boolean value.

    die "Invalid InResponseTo" if !$assertion->in_response_to($request_id);

valid_not_before

This method checks that the NotBefore condition contained in the assertion is compatible with the current timestamp and returns a boolean value.

    die "Invalid NotBefore" if !$assertion->valid_not_before;

valid_not_after

This method checks that the NotAfter condition contained in the assertion is compatible with the current timestamp and returns a boolean value.

    die "Invalid NotBefore" if !$assertion->valid_not_after;

spid_level

This method returns the SPID level asserted by the Identity Provider, as an integer (1, 2 or 3). Note that this may not coincide with the level requested in the AuthnRequest.

spid_session

This method returns a Net::SPID::Session object populated with information from this Assertion. It's serializable and you might want to store it for later reuse (i.e. for generating a logout request).

AUTHOR

Alessandro Ranellucci <aar@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2018 by Alessandro Ranellucci.

This is free software, licensed under:

  The (three-clause) BSD License