@spec decode_assertion(tuple()) :: {:ok, ExSaml.Core.Assertion.t()} | {:error, term()}

Decodes a SAML Assertion XML element into an ExSaml.Core.Assertion struct.

@spec decode_idp_metadata(tuple()) ::
  {:ok, ExSaml.Core.IdpMetadata.t()} | {:error, term()}

Decodes an IdP metadata XML element into an ExSaml.Core.IdpMetadata struct.

@spec decode_logout_request(tuple()) ::
  {:ok, ExSaml.Core.LogoutRequest.t()} | {:error, term()}

Decodes a SAML LogoutRequest XML element into an ExSaml.Core.LogoutRequest struct.

@spec decode_logout_response(tuple()) ::
  {:ok, ExSaml.Core.LogoutResponse.t()} | {:error, term()}

Decodes a SAML LogoutResponse XML element into an ExSaml.Core.LogoutResponse struct.

@spec decode_response(tuple()) :: {:ok, ExSaml.Core.Response.t()} | {:error, term()}

Decodes a SAML Response XML element into an ExSaml.Core.Response struct.

@spec lang_elems(tuple(), String.t() | [{atom(), String.t()}]) :: [tuple()]

Produces cloned XML elements with xml:lang set for multi-locale strings.

If vals is a keyword list of {locale, string} pairs, generates one element per locale. Otherwise generates a single element with xml:lang="en".

@spec stale_time(ExSaml.Core.Assertion.t()) :: integer()

Returns the gregorian seconds at which an assertion is considered stale.

Examines the Subject's NotOnOrAfter, the Conditions NotOnOrAfter, and falls back to issue_instant + 5 minutes.

@spec to_xml(struct()) :: tuple()

Converts a SAML struct to an xmerl XML element.

Supports AuthnRequest, LogoutRequest, LogoutResponse, and SpMetadata.

@spec validate_assertion(tuple(), String.t(), String.t()) ::
  {:ok, ExSaml.Core.Assertion.t()} | {:error, term()}

Validates a SAML assertion XML element.

Decodes the assertion and validates:

• Version is "2.0"
• Recipient matches the expected value
• Audience matches (if present in conditions)
• Assertion is not stale