class Osso::Models::IdentityProvider

Base class for SAML Providers

Constants

ENTITY_ID_URI_REQUIRED
PEM_HEADER

Public Instance Methods

acs_url()
acs_url_validator() click to toggle source
# File lib/osso/models/identity_provider.rb, line 49
def acs_url_validator
  Regexp.escape(acs_url)
end
active!() click to toggle source
# File lib/osso/models/identity_provider.rb, line 65
def active!
  update(status: 'active')
end
assertion_consumer_service_url() click to toggle source
# File lib/osso/models/identity_provider.rb, line 37
def assertion_consumer_service_url
  [
    root_url,
    'auth',
    'saml',
    id,
    'callback',
  ].join('/')
end
Also aliased as: acs_url
error!() click to toggle source
# File lib/osso/models/identity_provider.rb, line 69
def error!
  update(status: 'error')
end
name() click to toggle source
# File lib/osso/models/identity_provider.rb, line 23
def name
  service.titlecase
end
root_url() click to toggle source
# File lib/osso/models/identity_provider.rb, line 73
def root_url
  return "https://#{ENV['HEROKU_APP_NAME']}.herokuapp.com" if ENV['HEROKU_APP_NAME']

  ENV.fetch('BASE_URL')
end
saml_options() click to toggle source
# File lib/osso/models/identity_provider.rb, line 27
def saml_options
  {
    domain: domain,
    idp_sso_target_url: sso_url,
    idp_cert: sso_cert,
    issuer: sso_issuer,
    name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
  }
end
set_sso_issuer() click to toggle source
# File lib/osso/models/identity_provider.rb, line 57
def set_sso_issuer
  parts = [domain, oauth_client_id]

  parts.unshift('https:/') if ENTITY_ID_URI_REQUIRED.any?(service)

  self.sso_issuer = parts.join('/')
end
set_status() click to toggle source
# File lib/osso/models/identity_provider.rb, line 53
def set_status
  self.status = 'configured' if sso_url && sso_cert && pending?
end
sso_cert_valid() click to toggle source
# File lib/osso/models/identity_provider.rb, line 79
def sso_cert_valid
  return if sso_cert.blank?

  has_header_and_footer = sso_cert.match(/#{PEM_HEADER}(?<cert>.*)#{PEM_FOOTER}/m)

  if has_header_and_footer
    OpenSSL::X509::Certificate.new(sso_cert)
    self.sso_cert = has_header_and_footer[:cert]
  else
    OpenSSL::X509::Certificate.new([PEM_HEADER, sso_cert, PEM_FOOTER].join)
  end
rescue OpenSSL::X509::CertificateError
  errors.add(:sso_cert, 'x509 Certificate is malformed')
end