/**
* Gets the NameID Data provided by the SAML response from the IdP.
*
* @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
*/
public function getNameIdData()
{
$encryptedIdDataEntries = $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData');
if ($encryptedIdDataEntries->length == 1) {
$encryptedData = $encryptedIdDataEntries->item(0);
$key = $this->_settings->getSPkey();
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'private'));
$seckey->loadKey($key);
$nameId = OneLogin_Saml2_Utils::decryptElement($encryptedData, $seckey);
} else {
$entries = $this->_queryAssertion('/saml:Subject/saml:NameID');
if ($entries->length == 1) {
$nameId = $entries->item(0);
}
}
$nameIdData = array();
if (!isset($nameId)) {
$security = $this->_settings->getSecurityData();
if ($security['wantNameId']) {
throw new Exception("Not NameID found in the assertion of the Response");
}
} else {
if ($this->_settings->isStrict() && empty($nameId->nodeValue)) {
throw new Exception("An empty NameID value found");
}
$nameIdData['Value'] = $nameId->nodeValue;
foreach (array('Format', 'SPNameQualifier', 'NameQualifier') as $attr) {
if ($nameId->hasAttribute($attr)) {
if ($this->_settings->isStrict() && $attr == 'SPNameQualifier') {
$spData = $this->_settings->getSPData();
$spEntityId = $spData['entityId'];
if ($spEntityId != $nameId->getAttribute($attr)) {
throw new Exception("The SPNameQualifier value mistmatch the SP entityID value.");
}
}
$nameIdData[$attr] = $nameId->getAttribute($attr);
}
}
}
return $nameIdData;
}
