class OmniAuth::Strategies::WSFed
Constants
- WS_POLICY
- WS_TRUST
Public Instance Methods
callback_phase()
click to toggle source
Parse SAML token…
Calls superclass method
# File lib/omniauth/strategies/wsfed.rb, line 29 def callback_phase begin validate_callback_params(@request) wsfed_callback = request.params['wresult'] signed_document = OmniAuth::Strategies::WSFed::XMLSecurity::SignedDocument.new(wsfed_callback, options) signed_document.validate(get_fingerprint, false) auth_callback = OmniAuth::Strategies::WSFed::AuthCallback.new(wsfed_callback, options) validator = OmniAuth::Strategies::WSFed::AuthCallbackValidator.new(auth_callback, options) validator.validate! @name_id = auth_callback.name_id @claims = auth_callback.attributes super rescue ArgumentError => e fail!(:invalid_response, e) rescue OmniAuth::Strategies::WSFed::ValidationError => e fail!(:invalid_authn_token, e) end end
request_phase()
click to toggle source
Issues passive WS-Federation redirect for authentication…
# File lib/omniauth/strategies/wsfed.rb, line 21 def request_phase settings = options.dup settings[:reply] ||= callback_url auth_request = OmniAuth::Strategies::WSFed::AuthRequest.new(settings, :whr => @request.params['whr']) redirect(auth_request.redirect_url) end
Private Instance Methods
get_fingerprint()
click to toggle source
# File lib/omniauth/strategies/wsfed.rb, line 65 def get_fingerprint if options[:idp_cert_fingerprint] options[:idp_cert_fingerprint] else cert = OpenSSL::X509::Certificate.new(options[:idp_cert].gsub(/^ +/, '')) Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':') end end
validate_callback_params(request)
click to toggle source
# File lib/omniauth/strategies/wsfed.rb, line 74 def validate_callback_params(request) if request.params['wresult'].nil? || request.params['wresult'].empty? raise OmniAuth::Strategies::WSFed::ValidationError.new('AuthN token (wresult) missing in callback.') end end