class OmniAuth::Strategies::WSFed

Constants

WS_POLICY
WS_TRUST

Public Instance Methods

callback_phase() click to toggle source

Parse SAML token…

Calls superclass method
# File lib/omniauth/strategies/wsfed.rb, line 29
def callback_phase
  begin
    validate_callback_params(@request)

    wsfed_callback = request.params['wresult']

    signed_document = OmniAuth::Strategies::WSFed::XMLSecurity::SignedDocument.new(wsfed_callback, options)
    signed_document.validate(get_fingerprint, false)

    auth_callback   = OmniAuth::Strategies::WSFed::AuthCallback.new(wsfed_callback, options)
    validator       = OmniAuth::Strategies::WSFed::AuthCallbackValidator.new(auth_callback, options)

    validator.validate!

    @name_id  = auth_callback.name_id
    @claims   = auth_callback.attributes

    super

  rescue ArgumentError => e
    fail!(:invalid_response, e)
  rescue OmniAuth::Strategies::WSFed::ValidationError => e
    fail!(:invalid_authn_token, e)
  end

end
request_phase() click to toggle source

Issues passive WS-Federation redirect for authentication…

# File lib/omniauth/strategies/wsfed.rb, line 21
def request_phase
  settings = options.dup
  settings[:reply] ||= callback_url
  auth_request = OmniAuth::Strategies::WSFed::AuthRequest.new(settings, :whr => @request.params['whr'])
  redirect(auth_request.redirect_url)
end

Private Instance Methods

get_fingerprint() click to toggle source
# File lib/omniauth/strategies/wsfed.rb, line 65
def get_fingerprint
  if options[:idp_cert_fingerprint]
    options[:idp_cert_fingerprint]
  else
    cert = OpenSSL::X509::Certificate.new(options[:idp_cert].gsub(/^ +/, ''))
    Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
  end
end
validate_callback_params(request) click to toggle source
# File lib/omniauth/strategies/wsfed.rb, line 74
def validate_callback_params(request)
  if request.params['wresult'].nil? || request.params['wresult'].empty?
    raise OmniAuth::Strategies::WSFed::ValidationError.new('AuthN token (wresult) missing in callback.')
  end
end