NAME

Net::SPID::SAML::In::Response

VERSION

version 0.15

SYNOPSIS

    use Net::SPID;
    
    # initialize our SPID object
    my $spid = Net::SPID->new(...);
    
    # parse a response from an Identity Provider and validate it
    my $assertion = eval {
        $spid->parse_response($saml_response_xml, $authnreq_id);
    };
    die "Invalid assertion: $@" if $@;
    
    # read the SPID level
    print "SPID Level: ", $assertion->spid_level, "\n";
    
    # get a Net::SPID::Session object (serializable for later reuse, such as logout)
    my $session = $assertion->spid_session;

ABSTRACT

This class represents an incoming SPID Response/Assertion message. We get such messages either after an AuthnRequest (Single Sign-On) or after an AttributeQuery.

CONSTRUCTOR

This class is not supposed to be instantiated directly. It is returned by "parse_response" in Net::SPID::SAML.

METHODS

xml

This method returns the raw assertion in its XML format.

    my $xml = $assertion->xml;

validate

On success it returns a true value. On failure it will throw an exception.

    eval {
        $assertion->validate(
            in_response_to  => $authnrequest_id,
            acs_url         => $acs_url,
        );
    };
    die "Invalid assertion: $@" if $@;

The following arguments are expected:

in_response_to

This must be the ID of the AuthnRequest we sent, which you should store in the user's session in order to supply it to this method. It will be used for checking that the InResponseTo field of the assertion matches our request.

success

This method returns true if authentication succeeded (and thus we got an assertion from the Identity Provider). In case of failure, you can call the StatusCode method for more details.

spid_level

This method returns the SPID level asserted by the Identity Provider, as an integer (1, 2 or 3). Note that this may not coincide with the level requested in the AuthnRequest.

spid_session

This method returns a Net::SPID::Session object populated with information from this Assertion. It's serializable and you might want to store it for later reuse (i.e. for generating a logout request).

attributes

This method returns a hashref containing the attributes.

StatusCode

This method returns the SAML response StatusCode.

AUTHOR

Alessandro Ranellucci <aar@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2018 by Alessandro Ranellucci.

This is free software, licensed under:

  The (three-clause) BSD License