Skip to main content

Parse metadata

MetadataParser::parse() parses any SAML metadata XML and returns an Entity (either Idp or Sp) or an EntityList when the document is a federation EntitiesDescriptor.

use Litesaml\Support\MetadataParser;

$xml = file_get_contents('https://idp.example.com/saml/metadata');
$result = MetadataParser::parse($xml);

Single entity

When the XML contains a single <EntityDescriptor>, parse() returns an Idp or Sp depending on the descriptor type found inside.

use Litesaml\Models\Descriptors\Idp;
use Litesaml\Models\Descriptors\Sp;
use Litesaml\Support\MetadataParser;

$entity = MetadataParser::parse($xml);

if ($entity instanceof Idp) {
// Use as IdP descriptor
$spWrapper->sendAuthnRequest($entity);
}

if ($entity instanceof Sp) {
// Use as SP descriptor
$idpWrapper->sendAuthnResponse($entity, $attributes);
}

What is extracted

For an IdP entity:

Idp propertySource in XML
entityId<EntityDescriptor entityID="...">
ssoFirst <SingleSignOnService> in <IDPSSODescriptor>
sloFirst <SingleLogoutService> in <IDPSSODescriptor>
signingFirst <KeyDescriptor use="signing"> certificate

For an SP entity:

Sp propertySource in XML
entityId<EntityDescriptor entityID="...">
acsFirst <AssertionConsumerService> in <SPSSODescriptor>
sloFirst <SingleLogoutService> in <SPSSODescriptor>
signingFirst <KeyDescriptor use="signing"> certificate
encryptionFirst <KeyDescriptor use="encryption"> certificate

Federation metadata (EntitiesDescriptor)

When the XML root is <EntitiesDescriptor> (a federation metadata document), parse() returns an EntityList:

use Litesaml\Models\Descriptors\EntityList;
use Litesaml\Models\Descriptors\Idp;
use Litesaml\Support\MetadataParser;

$result = MetadataParser::parse($federationXml);

if ($result instanceof EntityList) {
foreach ($result->entities as $entity) {
if ($entity instanceof Idp) {
// Register this IdP
}
}
}

EntityList::$entities is an Entity[] array that can contain a mix of Idp and Sp objects.

Error handling

MetadataParser::parse() throws a SamlException when:

  • An <EntityDescriptor> contains neither an <IDPSSODescriptor> nor an <SPSSODescriptor>
  • A required endpoint (SSO, SLO, or ACS) is missing a location or binding
use Litesaml\Exceptions\SamlException;
use Litesaml\Support\MetadataParser;

try {
$entity = MetadataParser::parse($xml);
} catch (SamlException $e) {
// Invalid or incomplete metadata
}

Caching

Metadata documents change rarely. Cache the parsed result or the raw XML and re-parse only when needed.