class SamlIdp::Request
Attributes
raw_xml[RW]
Public Class Methods
from_deflated_request(raw)
click to toggle source
# File lib/saml_idp/request.rb, line 6 def self.from_deflated_request(raw) if raw decoded = Base64.decode64(raw) zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS) begin inflated = zstream.inflate(decoded).tap do zstream.finish zstream.close end rescue Zlib::BufError, Zlib::DataError # not compressed inflated = decoded end else inflated = "" end new(inflated) end
new(raw_xml = "")
click to toggle source
# File lib/saml_idp/request.rb, line 31 def initialize(raw_xml = "") self.raw_xml = raw_xml end
Public Instance Methods
acs_url()
click to toggle source
# File lib/saml_idp/request.rb, line 63 def acs_url service_provider.acs_url || authn_request["AssertionConsumerServiceURL"].to_s end
authn_request?()
click to toggle source
# File lib/saml_idp/request.rb, line 39 def authn_request? authn_request.nil? ? false : true end
issuer()
click to toggle source
# File lib/saml_idp/request.rb, line 138 def issuer @_issuer ||= xpath("//saml:Issuer", saml: assertion).first.try(:content) @_issuer if @_issuer.present? end
log(msg)
click to toggle source
# File lib/saml_idp/request.rb, line 80 def log(msg) if config.logger.class <= ::Logger config.logger.info msg else config.logger.call msg end end
logout_request?()
click to toggle source
# File lib/saml_idp/request.rb, line 35 def logout_request? logout_request.nil? ? false : true end
logout_url()
click to toggle source
# File lib/saml_idp/request.rb, line 68 def logout_url service_provider.assertion_consumer_logout_service_url end
name_id()
click to toggle source
# File lib/saml_idp/request.rb, line 143 def name_id @_name_id ||= xpath("//saml:NameID", saml: assertion).first.try(:content) end
request()
click to toggle source
# File lib/saml_idp/request.rb, line 47 def request if authn_request? authn_request elsif logout_request? logout_request end end
request_id()
click to toggle source
# File lib/saml_idp/request.rb, line 43 def request_id request["ID"] end
requested_authn_context()
click to toggle source
# File lib/saml_idp/request.rb, line 55 def requested_authn_context if authn_request? && authn_context_node authn_context_node.content else nil end end
response_url()
click to toggle source
# File lib/saml_idp/request.rb, line 72 def response_url if authn_request? acs_url elsif logout_request? logout_url end end
service_provider()
click to toggle source
# File lib/saml_idp/request.rb, line 133 def service_provider return unless issuer.present? @_service_provider ||= ServiceProvider.new((service_provider_finder[issuer] || {}).merge(identifier: issuer)) end
service_provider?()
click to toggle source
# File lib/saml_idp/request.rb, line 129 def service_provider? service_provider && service_provider.valid? end
session_index()
click to toggle source
# File lib/saml_idp/request.rb, line 147 def session_index @_session_index ||= xpath("//samlp:SessionIndex", samlp: samlp).first.try(:content) end
valid?()
click to toggle source
# File lib/saml_idp/request.rb, line 88 def valid? unless service_provider? log "Unable to find service provider for issuer #{issuer}" return false end unless (authn_request? ^ logout_request?) log "One and only one of authnrequest and logout request is required. authnrequest: #{authn_request?} logout_request: #{logout_request?} " return false end unless valid_signature? log "Signature is invalid in #{raw_xml}" return false end if response_url.nil? log "Unable to find response url for #{issuer}: #{raw_xml}" return false end if !service_provider.acceptable_response_hosts.include?(response_host) log "#{service_provider.acceptable_response_hosts} compare to #{response_host}" log "No acceptable AssertionConsumerServiceURL, either configure them via config.service_provider.response_hosts or match to your metadata_url host" return false end return true end
valid_signature?()
click to toggle source
# File lib/saml_idp/request.rb, line 118 def valid_signature? # Force signatures for logout requests because there is no other protection against a cross-site DoS. # Validate signature when metadata specify AuthnRequest should be signed metadata = service_provider.current_metadata if logout_request? || authn_request? && metadata.respond_to?(:sign_authn_request?) && metadata.sign_authn_request? document.valid_signature?(service_provider.fingerprint) else true end end
Private Instance Methods
assertion()
click to toggle source
# File lib/saml_idp/request.rb, line 186 def assertion Saml::XML::Namespaces::ASSERTION end
authn_context_node()
click to toggle source
# File lib/saml_idp/request.rb, line 164 def authn_context_node @_authn_context_node ||= xpath("//samlp:AuthnRequest/samlp:RequestedAuthnContext/saml:AuthnContextClassRef", samlp: samlp, saml: assertion).first end
authn_request()
click to toggle source
# File lib/saml_idp/request.rb, line 171 def authn_request @_authn_request ||= xpath("//samlp:AuthnRequest", samlp: samlp).first end
document()
click to toggle source
# File lib/saml_idp/request.rb, line 159 def document @_document ||= Saml::XML::Document.parse(raw_xml) end
logout_request()
click to toggle source
# File lib/saml_idp/request.rb, line 176 def logout_request @_logout_request ||= xpath("//samlp:LogoutRequest", samlp: samlp).first end
response_host()
click to toggle source
# File lib/saml_idp/request.rb, line 151 def response_host uri = URI(response_url) if uri uri.host end end
samlp()
click to toggle source
# File lib/saml_idp/request.rb, line 181 def samlp Saml::XML::Namespaces::PROTOCOL end
service_provider_finder()
click to toggle source
# File lib/saml_idp/request.rb, line 196 def service_provider_finder config.service_provider.finder end
signature_namespace()
click to toggle source
# File lib/saml_idp/request.rb, line 191 def signature_namespace Saml::XML::Namespaces::SIGNATURE end