private function parseAuthnContext(\DOMElement $authnStatementEl) { // Get the AuthnContext element $authnContexts = Utils::xpQuery($authnStatementEl, './saml_assertion:AuthnContext'); if (count($authnContexts) > 1) { throw new \Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.'); } elseif (empty($authnContexts)) { throw new \Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.'); } $authnContextEl = $authnContexts[0]; // Get the AuthnContextDeclRef (if available) $authnContextDeclRefs = Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextDeclRef'); if (count($authnContextDeclRefs) > 1) { throw new \Exception('More than one <saml:AuthnContextDeclRef> found?'); } elseif (count($authnContextDeclRefs) === 1) { $this->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent)); } // Get the AuthnContextDecl (if available) $authnContextDecls = Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextDecl'); if (count($authnContextDecls) > 1) { throw new \Exception('More than one <saml:AuthnContextDecl> found?'); } elseif (count($authnContextDecls) === 1) { $this->setAuthnContextDecl(new Chunk($authnContextDecls[0])); } // Get the AuthnContextClassRef (if available) $authnContextClassRefs = Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextClassRef'); if (count($authnContextClassRefs) > 1) { throw new \Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.'); } elseif (count($authnContextClassRefs) === 1) { $this->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent)); } // Constraint from XSD: MUST have one of the three if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) { throw new \Exception('Missing either <saml:AuthnContextClassRef> or <saml:AuthnContextDeclRef> or <saml:AuthnContextDecl>'); } $this->AuthenticatingAuthority = Utils::extractStrings($authnContextEl, Constants::NS_SAML, 'AuthenticatingAuthority'); }