Class: Authentik::Api::SAMLProviderRequest

Inherits:

ApiModelBase

• Object
• ApiModelBase
• Authentik::Api::SAMLProviderRequest

Defined in:

lib/authentik/api/models/saml_provider_request.rb

Overview

SAMLProvider Serializer

Defined Under Namespace

Classes: EnumAttributeValidator

Instance Attribute Summary

• #acs_url ⇒ Object

  Returns the value of attribute acs_url.

• #assertion_valid_not_before ⇒ Object

  Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

• #assertion_valid_not_on_or_after ⇒ Object

  Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

• #audience ⇒ Object

  Value of the audience restriction field of the assertion.

• #authentication_flow ⇒ Object

  Flow used for authentication when the associated application is accessed by an un-authenticated user.

• #authn_context_class_ref_mapping ⇒ Object

  Configure how the AuthnContextClassRef value will be created.

• #authorization_flow ⇒ Object

  Flow used when authorizing this provider.

• #default_name_id_policy ⇒ Object

  Returns the value of attribute default_name_id_policy.

• #default_relay_state ⇒ Object

  Default relay_state value for IDP-initiated logins.

• #digest_algorithm ⇒ Object

  Returns the value of attribute digest_algorithm.

• #encryption_kp ⇒ Object

  When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair.

• #invalidation_flow ⇒ Object

  Flow used ending the session from a provider.

• #issuer ⇒ Object

  Also known as EntityID.

• #logout_method ⇒ Object

  Method to use for logout.

• #name ⇒ Object

  Returns the value of attribute name.

• #name_id_mapping ⇒ Object

  Configure how the NameID value will be created.

• #property_mappings ⇒ Object

  Returns the value of attribute property_mappings.

• #session_valid_not_on_or_after ⇒ Object

  Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

• #sign_assertion ⇒ Object

  Returns the value of attribute sign_assertion.

• #sign_logout_request ⇒ Object

  Returns the value of attribute sign_logout_request.

• #sign_response ⇒ Object

  Returns the value of attribute sign_response.

• #signature_algorithm ⇒ Object

  Returns the value of attribute signature_algorithm.

• #signing_kp ⇒ Object

  Keypair used to sign outgoing Responses going to the Service Provider.

• #sls_binding ⇒ Object

  This determines how authentik sends the logout response back to the Service Provider.

• #sls_url ⇒ Object

  Single Logout Service URL where the logout response should be sent.

• #sp_binding ⇒ Object

  This determines how authentik sends the response back to the Service Provider.

• #verification_kp ⇒ Object

  When selected, incoming assertion’s Signatures will be validated against this certificate.

Class Method Summary

• .acceptable_attribute_map ⇒ Object

  Returns attribute mapping this model knows about.

• .acceptable_attributes ⇒ Object

  Returns all the JSON keys this model knows about.

• .attribute_map ⇒ Object

  Attribute mapping from ruby-style variable name to JSON key.

• .build_from_hash(attributes) ⇒ Object

  Builds the object from hash.

• .openapi_nullable ⇒ Object

  List of attributes with nullable: true.

• .openapi_types ⇒ Object

  Attribute type mapping.

Instance Method Summary

• #==(o) ⇒ Object

  Checks equality by comparing each attribute.

• #eql?(o) ⇒ Boolean
• #hash ⇒ Integer

  Calculates hash code according to all attributes.

• #initialize(attributes = {}) ⇒ SAMLProviderRequest constructor

  Initializes the object.

• #list_invalid_properties ⇒ Object

  Show invalid properties with the reasons.

• #to_hash ⇒ Hash

  Returns the object in the form of hash.

• #valid? ⇒ Boolean

  Check to see if the all the properties in the model are valid.

Methods inherited from ApiModelBase

_deserialize, #_to_hash, #to_body, #to_s

Constructor Details

#initialize(attributes = {}) ⇒ SAMLProviderRequest

Initializes the object

Parameters:

• attributes (Hash) (defaults to: {}) —

  Model attributes in the form of hash

# File 'lib/authentik/api/models/saml_provider_request.rb', line 197

def initialize(attributes = {})
  if (!attributes.is_a?(Hash))
    fail ArgumentError, "The input argument (attributes) must be a hash in `Authentik::Api::SAMLProviderRequest` initialize method"
  end

  # check to see if the attribute exists and convert string to symbol for hash key
  acceptable_attribute_map = self.class.acceptable_attribute_map
  attributes = attributes.each_with_object({}) { |(k, v), h|
    if (!acceptable_attribute_map.key?(k.to_sym))
      fail ArgumentError, "`#{k}` is not a valid attribute in `Authentik::Api::SAMLProviderRequest`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
    end
    h[k.to_sym] = v
  }

  if attributes.key?(:'name')
    self.name = attributes[:'name']
  else
    self.name = nil
  end

  if attributes.key?(:'authentication_flow')
    self.authentication_flow = attributes[:'authentication_flow']
  end

  if attributes.key?(:'authorization_flow')
    self.authorization_flow = attributes[:'authorization_flow']
  else
    self.authorization_flow = nil
  end

  if attributes.key?(:'invalidation_flow')
    self.invalidation_flow = attributes[:'invalidation_flow']
  else
    self.invalidation_flow = nil
  end

  if attributes.key?(:'property_mappings')
    if (value = attributes[:'property_mappings']).is_a?(Array)
      self.property_mappings = value
    end
  end

  if attributes.key?(:'acs_url')
    self.acs_url = attributes[:'acs_url']
  else
    self.acs_url = nil
  end

  if attributes.key?(:'sls_url')
    self.sls_url = attributes[:'sls_url']
  end

  if attributes.key?(:'audience')
    self.audience = attributes[:'audience']
  end

  if attributes.key?(:'issuer')
    self.issuer = attributes[:'issuer']
  end

  if attributes.key?(:'assertion_valid_not_before')
    self.assertion_valid_not_before = attributes[:'assertion_valid_not_before']
  end

  if attributes.key?(:'assertion_valid_not_on_or_after')
    self.assertion_valid_not_on_or_after = attributes[:'assertion_valid_not_on_or_after']
  end

  if attributes.key?(:'session_valid_not_on_or_after')
    self.session_valid_not_on_or_after = attributes[:'session_valid_not_on_or_after']
  end

  if attributes.key?(:'name_id_mapping')
    self.name_id_mapping = attributes[:'name_id_mapping']
  end

  if attributes.key?(:'authn_context_class_ref_mapping')
    self.authn_context_class_ref_mapping = attributes[:'authn_context_class_ref_mapping']
  end

  if attributes.key?(:'digest_algorithm')
    self.digest_algorithm = attributes[:'digest_algorithm']
  end

  if attributes.key?(:'signature_algorithm')
    self.signature_algorithm = attributes[:'signature_algorithm']
  end

  if attributes.key?(:'signing_kp')
    self.signing_kp = attributes[:'signing_kp']
  end

  if attributes.key?(:'verification_kp')
    self.verification_kp = attributes[:'verification_kp']
  end

  if attributes.key?(:'encryption_kp')
    self.encryption_kp = attributes[:'encryption_kp']
  end

  if attributes.key?(:'sign_assertion')
    self.sign_assertion = attributes[:'sign_assertion']
  end

  if attributes.key?(:'sign_response')
    self.sign_response = attributes[:'sign_response']
  end

  if attributes.key?(:'sign_logout_request')
    self.sign_logout_request = attributes[:'sign_logout_request']
  end

  if attributes.key?(:'sp_binding')
    self.sp_binding = attributes[:'sp_binding']
  end

  if attributes.key?(:'sls_binding')
    self.sls_binding = attributes[:'sls_binding']
  end

  if attributes.key?(:'logout_method')
    self.logout_method = attributes[:'logout_method']
  end

  if attributes.key?(:'default_relay_state')
    self.default_relay_state = attributes[:'default_relay_state']
  end

  if attributes.key?(:'default_name_id_policy')
    self.default_name_id_policy = attributes[:'default_name_id_policy']
  end
end

Instance Attribute Details

#acs_url ⇒ Object

Returns the value of attribute acs_url.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 26

def acs_url
  @acs_url
end

#assertion_valid_not_before ⇒ Object

Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3).

# File 'lib/authentik/api/models/saml_provider_request.rb', line 38

def assertion_valid_not_before
  @assertion_valid_not_before
end

#assertion_valid_not_on_or_after ⇒ Object

Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

# File 'lib/authentik/api/models/saml_provider_request.rb', line 41

def assertion_valid_not_on_or_after
  @assertion_valid_not_on_or_after
end

#audience ⇒ Object

Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 32

def audience
  @audience
end

#authentication_flow ⇒ Object

Flow used for authentication when the associated application is accessed by an un-authenticated user.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 16

def authentication_flow
  @authentication_flow
end

#authn_context_class_ref_mapping ⇒ Object

Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 50

def authn_context_class_ref_mapping
  @authn_context_class_ref_mapping
end

#authorization_flow ⇒ Object

Flow used when authorizing this provider.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 19

def authorization_flow
  @authorization_flow
end

#default_name_id_policy ⇒ Object

Returns the value of attribute default_name_id_policy.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 83

def default_name_id_policy
  @default_name_id_policy
end

#default_relay_state ⇒ Object

Default relay_state value for IDP-initiated logins

# File 'lib/authentik/api/models/saml_provider_request.rb', line 81

def default_relay_state
  @default_relay_state
end

#digest_algorithm ⇒ Object

Returns the value of attribute digest_algorithm.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 52

def digest_algorithm
  @digest_algorithm
end

#encryption_kp ⇒ Object

When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 63

def encryption_kp
  @encryption_kp
end

#invalidation_flow ⇒ Object

Flow used ending the session from a provider.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 22

def invalidation_flow
  @invalidation_flow
end

#issuer ⇒ Object

Also known as EntityID

# File 'lib/authentik/api/models/saml_provider_request.rb', line 35

def issuer
  @issuer
end

#logout_method ⇒ Object

Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding).

# File 'lib/authentik/api/models/saml_provider_request.rb', line 78

def logout_method
  @logout_method
end

#name ⇒ Object

Returns the value of attribute name.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 13

def name
  @name
end

#name_id_mapping ⇒ Object

Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered

# File 'lib/authentik/api/models/saml_provider_request.rb', line 47

def name_id_mapping
  @name_id_mapping
end

#property_mappings ⇒ Object

Returns the value of attribute property_mappings.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 24

def property_mappings
  @property_mappings
end

#session_valid_not_on_or_after ⇒ Object

Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).

# File 'lib/authentik/api/models/saml_provider_request.rb', line 44

def session_valid_not_on_or_after
  @session_valid_not_on_or_after
end

#sign_assertion ⇒ Object

Returns the value of attribute sign_assertion.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 65

def sign_assertion
  @sign_assertion
end

#sign_logout_request ⇒ Object

Returns the value of attribute sign_logout_request.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 69

def sign_logout_request
  @sign_logout_request
end

#sign_response ⇒ Object

Returns the value of attribute sign_response.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 67

def sign_response
  @sign_response
end

#signature_algorithm ⇒ Object

Returns the value of attribute signature_algorithm.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 54

def signature_algorithm
  @signature_algorithm
end

#signing_kp ⇒ Object

Keypair used to sign outgoing Responses going to the Service Provider.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 57

def signing_kp
  @signing_kp
end

#sls_binding ⇒ Object

This determines how authentik sends the logout response back to the Service Provider.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 75

def sls_binding
  @sls_binding
end

#sls_url ⇒ Object

Single Logout Service URL where the logout response should be sent.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 29

def sls_url
  @sls_url
end

#sp_binding ⇒ Object

This determines how authentik sends the response back to the Service Provider.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 72

def sp_binding
  @sp_binding
end

#verification_kp ⇒ Object

When selected, incoming assertion’s Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 60

def verification_kp
  @verification_kp
end

Class Method Details

.acceptable_attribute_map ⇒ Object

Returns attribute mapping this model knows about

# File 'lib/authentik/api/models/saml_provider_request.rb', line 141

def self.acceptable_attribute_map
  attribute_map
end

.acceptable_attributes ⇒ Object

Returns all the JSON keys this model knows about

# File 'lib/authentik/api/models/saml_provider_request.rb', line 146

def self.acceptable_attributes
  acceptable_attribute_map.values
end

.attribute_map ⇒ Object

Attribute mapping from ruby-style variable name to JSON key.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 108

def self.attribute_map
  {
    :'name' => :'name',
    :'authentication_flow' => :'authentication_flow',
    :'authorization_flow' => :'authorization_flow',
    :'invalidation_flow' => :'invalidation_flow',
    :'property_mappings' => :'property_mappings',
    :'acs_url' => :'acs_url',
    :'sls_url' => :'sls_url',
    :'audience' => :'audience',
    :'issuer' => :'issuer',
    :'assertion_valid_not_before' => :'assertion_valid_not_before',
    :'assertion_valid_not_on_or_after' => :'assertion_valid_not_on_or_after',
    :'session_valid_not_on_or_after' => :'session_valid_not_on_or_after',
    :'name_id_mapping' => :'name_id_mapping',
    :'authn_context_class_ref_mapping' => :'authn_context_class_ref_mapping',
    :'digest_algorithm' => :'digest_algorithm',
    :'signature_algorithm' => :'signature_algorithm',
    :'signing_kp' => :'signing_kp',
    :'verification_kp' => :'verification_kp',
    :'encryption_kp' => :'encryption_kp',
    :'sign_assertion' => :'sign_assertion',
    :'sign_response' => :'sign_response',
    :'sign_logout_request' => :'sign_logout_request',
    :'sp_binding' => :'sp_binding',
    :'sls_binding' => :'sls_binding',
    :'logout_method' => :'logout_method',
    :'default_relay_state' => :'default_relay_state',
    :'default_name_id_policy' => :'default_name_id_policy'
  }
end

.build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

• attributes (Hash) —

  Model attributes in the form of hash

Returns:

• (Object) —

  Returns the model itself

# File 'lib/authentik/api/models/saml_provider_request.rb', line 548

def self.build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)
  attributes = attributes.transform_keys(&:to_sym)
  transformed_hash = {}
  openapi_types.each_pair do |key, type|
    if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
      transformed_hash["#{key}"] = nil
    elsif type =~ /\AArray<(.*)>/i
      # check to ensure the input is an array given that the attribute
      # is documented as an array but the input is not
      if attributes[attribute_map[key]].is_a?(Array)
        transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
      end
    elsif !attributes[attribute_map[key]].nil?
      transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
    end
  end
  new(transformed_hash)
end

.openapi_nullable ⇒ Object

List of attributes with nullable: true

# File 'lib/authentik/api/models/saml_provider_request.rb', line 184

def self.openapi_nullable
  Set.new([
    :'authentication_flow',
    :'name_id_mapping',
    :'authn_context_class_ref_mapping',
    :'signing_kp',
    :'verification_kp',
    :'encryption_kp',
  ])
end

.openapi_types ⇒ Object

Attribute type mapping.

# File 'lib/authentik/api/models/saml_provider_request.rb', line 151

def self.openapi_types
  {
    :'name' => :'String',
    :'authentication_flow' => :'String',
    :'authorization_flow' => :'String',
    :'invalidation_flow' => :'String',
    :'property_mappings' => :'Array<String>',
    :'acs_url' => :'String',
    :'sls_url' => :'String',
    :'audience' => :'String',
    :'issuer' => :'String',
    :'assertion_valid_not_before' => :'String',
    :'assertion_valid_not_on_or_after' => :'String',
    :'session_valid_not_on_or_after' => :'String',
    :'name_id_mapping' => :'String',
    :'authn_context_class_ref_mapping' => :'String',
    :'digest_algorithm' => :'DigestAlgorithmEnum',
    :'signature_algorithm' => :'SignatureAlgorithmEnum',
    :'signing_kp' => :'String',
    :'verification_kp' => :'String',
    :'encryption_kp' => :'String',
    :'sign_assertion' => :'Boolean',
    :'sign_response' => :'Boolean',
    :'sign_logout_request' => :'Boolean',
    :'sp_binding' => :'SAMLBindingsEnum',
    :'sls_binding' => :'SAMLBindingsEnum',
    :'logout_method' => :'SAMLLogoutMethods',
    :'default_relay_state' => :'String',
    :'default_name_id_policy' => :'SAMLNameIDPolicyEnum'
  }
end

Instance Method Details

#==(o) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

• Object (Object) —

  to be compared

# File 'lib/authentik/api/models/saml_provider_request.rb', line 501

def ==(o)
  return true if self.equal?(o)
  self.class == o.class &&
      name == o.name &&
      authentication_flow == o.authentication_flow &&
      authorization_flow == o.authorization_flow &&
      invalidation_flow == o.invalidation_flow &&
      property_mappings == o.property_mappings &&
      acs_url == o.acs_url &&
      sls_url == o.sls_url &&
      audience == o.audience &&
      issuer == o.issuer &&
      assertion_valid_not_before == o.assertion_valid_not_before &&
      assertion_valid_not_on_or_after == o.assertion_valid_not_on_or_after &&
      session_valid_not_on_or_after == o.session_valid_not_on_or_after &&
      name_id_mapping == o.name_id_mapping &&
      authn_context_class_ref_mapping == o.authn_context_class_ref_mapping &&
      digest_algorithm == o.digest_algorithm &&
      signature_algorithm == o.signature_algorithm &&
      signing_kp == o.signing_kp &&
      verification_kp == o.verification_kp &&
      encryption_kp == o.encryption_kp &&
      sign_assertion == o.sign_assertion &&
      sign_response == o.sign_response &&
      sign_logout_request == o.sign_logout_request &&
      sp_binding == o.sp_binding &&
      sls_binding == o.sls_binding &&
      logout_method == o.logout_method &&
      default_relay_state == o.default_relay_state &&
      default_name_id_policy == o.default_name_id_policy
end

#eql?(o) ⇒ Boolean

Parameters:

• Object (Object) —

  to be compared

Returns:

• (Boolean)

See Also:

• `==` method

# File 'lib/authentik/api/models/saml_provider_request.rb', line 535

def eql?(o)
  self == o
end

#hash ⇒ Integer

Calculates hash code according to all attributes.

Returns:

• (Integer) —

  Hash code

# File 'lib/authentik/api/models/saml_provider_request.rb', line 541

def hash
  [name, authentication_flow, authorization_flow, invalidation_flow, property_mappings, acs_url, sls_url, audience, issuer, assertion_valid_not_before, assertion_valid_not_on_or_after, session_valid_not_on_or_after, name_id_mapping, authn_context_class_ref_mapping, digest_algorithm, signature_algorithm, signing_kp, verification_kp, encryption_kp, sign_assertion, sign_response, sign_logout_request, sp_binding, sls_binding, logout_method, default_relay_state, default_name_id_policy].hash
end

#list_invalid_properties ⇒ Object

Show invalid properties with the reasons. Usually used together with valid?

Returns:

• Array for valid properties with the reasons

# File 'lib/authentik/api/models/saml_provider_request.rb', line 332

def list_invalid_properties
  warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
  invalid_properties = Array.new
  if @name.nil?
    invalid_properties.push('invalid value for "name", name cannot be nil.')
  end

  if @name.to_s.length < 1
    invalid_properties.push('invalid value for "name", the character length must be greater than or equal to 1.')
  end

  if @authorization_flow.nil?
    invalid_properties.push('invalid value for "authorization_flow", authorization_flow cannot be nil.')
  end

  if @invalidation_flow.nil?
    invalid_properties.push('invalid value for "invalidation_flow", invalidation_flow cannot be nil.')
  end

  if @acs_url.nil?
    invalid_properties.push('invalid value for "acs_url", acs_url cannot be nil.')
  end

  if @acs_url.to_s.length < 1
    invalid_properties.push('invalid value for "acs_url", the character length must be greater than or equal to 1.')
  end

  if !@issuer.nil? && @issuer.to_s.length < 1
    invalid_properties.push('invalid value for "issuer", the character length must be greater than or equal to 1.')
  end

  if !@assertion_valid_not_before.nil? && @assertion_valid_not_before.to_s.length < 1
    invalid_properties.push('invalid value for "assertion_valid_not_before", the character length must be greater than or equal to 1.')
  end

  if !@assertion_valid_not_on_or_after.nil? && @assertion_valid_not_on_or_after.to_s.length < 1
    invalid_properties.push('invalid value for "assertion_valid_not_on_or_after", the character length must be greater than or equal to 1.')
  end

  if !@session_valid_not_on_or_after.nil? && @session_valid_not_on_or_after.to_s.length < 1
    invalid_properties.push('invalid value for "session_valid_not_on_or_after", the character length must be greater than or equal to 1.')
  end

  invalid_properties
end

#to_hash ⇒ Hash

Returns the object in the form of hash

Returns:

• (Hash) —

  Returns the object in the form of hash

# File 'lib/authentik/api/models/saml_provider_request.rb', line 570

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = self.send(attr)
    if value.nil?
      is_nullable = self.class.openapi_nullable.include?(attr)
      next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
    end

    hash[param] = _to_hash(value)
  end
  hash
end

#valid? ⇒ Boolean

Check to see if the all the properties in the model are valid

Returns:

• (Boolean) —

  true if the model is valid

# File 'lib/authentik/api/models/saml_provider_request.rb', line 380

def valid?
  warn '[DEPRECATED] the `valid?` method is obsolete'
  return false if @name.nil?
  return false if @name.to_s.length < 1
  return false if @authorization_flow.nil?
  return false if @invalidation_flow.nil?
  return false if @acs_url.nil?
  return false if @acs_url.to_s.length < 1
  return false if !@issuer.nil? && @issuer.to_s.length < 1
  return false if !@assertion_valid_not_before.nil? && @assertion_valid_not_before.to_s.length < 1
  return false if !@assertion_valid_not_on_or_after.nil? && @assertion_valid_not_on_or_after.to_s.length < 1
  return false if !@session_valid_not_on_or_after.nil? && @session_valid_not_on_or_after.to_s.length < 1
  true
end