class Keycard::Request::ShibbolethAttributes

This class extracts attributes for Shibboleth-enabled applications. It trusts specific HTTP headers, so the app must not be exposed to direct requests. The pid is typically a SAML2 Persistent NameID, which is very long and cumbersome. The presence of an eid depends on attribute release by the IdP, and will commonly be an eduPersonPrincipalName. The only two attributes guaranteed to have usable values are the client_ip, for all requests, and the user_pid, for requests from authenticated users.

Public Instance Methods

affiliation() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 55
def affiliation
  safe('HTTP_X_SHIB_EDUPERSONSCOPEDAFFILIATION').split(';')
end
authn_context() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 63
def authn_context
  get 'HTTP_X_SHIB_AUTHNCONTEXT_CLASS'
end
authn_method() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 59
def authn_method
  get 'HTTP_X_SHIB_AUTHENTICATION_METHOD'
end
base() click to toggle source
Calls superclass method Keycard::Request::Attributes#base
# File lib/keycard/request/shibboleth_attributes.rb, line 12
def base # rubocop:disable Metrics/MethodLength
  super.merge(
    {
      persistentNameID:           persistent_id,
      eduPersonPrincipalName:     principal_name,
      eduPersonScopedAffiliation: affiliation,
      displayName:                display_name,
      mail:                       email,
      authnContextClassRef:       authn_context,
      authenticationMethod:       authn_method,
      identity_provider:          identity_provider
    }
  )
end
client_ip() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 35
def client_ip
  safe('HTTP_X_FORWARDED_FOR').split(',').first
end
display_name() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 47
def display_name
  get 'HTTP_X_SHIB_DISPLAYNAME'
end
email() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 51
def email
  get 'HTTP_X_SHIB_MAIL'
end
identity_keys() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 71
def identity_keys
  %i[user_pid user_eid eduPersonScopedAffiliation]
end
identity_provider() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 67
def identity_provider
  get 'HTTP_X_SHIB_IDENTITY_PROVIDER'
end
persistent_id() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 39
def persistent_id
  get 'HTTP_X_SHIB_PERSISTENT_ID'
end
principal_name() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 43
def principal_name
  get 'HTTP_X_SHIB_EDUPERSONPRINCIPALNAME'
end
user_eid() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 31
def user_eid
  principal_name
end
user_pid() click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 27
def user_pid
  persistent_id
end