class Keycard::Request::ShibbolethAttributes
This class extracts attributes for Shibboleth-enabled applications. It trusts specific HTTP headers, so the app must not be exposed to direct requests. The pid is typically a SAML2 Persistent NameID, which is very long and cumbersome. The presence of an eid depends on attribute release by the IdP, and will commonly be an eduPersonPrincipalName. The only two attributes guaranteed to have usable values are the client_ip
, for all requests, and the user_pid
, for requests from authenticated users.
Public Instance Methods
affiliation()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 55 def affiliation safe('HTTP_X_SHIB_EDUPERSONSCOPEDAFFILIATION').split(';') end
authn_context()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 63 def authn_context get 'HTTP_X_SHIB_AUTHNCONTEXT_CLASS' end
authn_method()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 59 def authn_method get 'HTTP_X_SHIB_AUTHENTICATION_METHOD' end
base()
click to toggle source
Calls superclass method
Keycard::Request::Attributes#base
# File lib/keycard/request/shibboleth_attributes.rb, line 12 def base # rubocop:disable Metrics/MethodLength super.merge( { persistentNameID: persistent_id, eduPersonPrincipalName: principal_name, eduPersonScopedAffiliation: affiliation, displayName: display_name, mail: email, authnContextClassRef: authn_context, authenticationMethod: authn_method, identity_provider: identity_provider } ) end
client_ip()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 35 def client_ip safe('HTTP_X_FORWARDED_FOR').split(',').first end
display_name()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 47 def display_name get 'HTTP_X_SHIB_DISPLAYNAME' end
email()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 51 def email get 'HTTP_X_SHIB_MAIL' end
identity_keys()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 71 def identity_keys %i[user_pid user_eid eduPersonScopedAffiliation] end
identity_provider()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 67 def identity_provider get 'HTTP_X_SHIB_IDENTITY_PROVIDER' end
persistent_id()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 39 def persistent_id get 'HTTP_X_SHIB_PERSISTENT_ID' end
principal_name()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 43 def principal_name get 'HTTP_X_SHIB_EDUPERSONPRINCIPALNAME' end
user_eid()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 31 def user_eid principal_name end
user_pid()
click to toggle source
# File lib/keycard/request/shibboleth_attributes.rb, line 27 def user_pid persistent_id end