module SamlIdp::Controller
Attributes
algorithm[RW]
Protected Instance Methods
acs_url()
click to toggle source
# File lib/saml_idp/controller.rb, line 29 def acs_url nil end
authn_context_classref()
click to toggle source
# File lib/saml_idp/controller.rb, line 47 def authn_context_classref Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD end
authn_request?()
click to toggle source
# File lib/saml_idp/controller.rb, line 21 def authn_request? true end
decode_request(raw_saml_request)
click to toggle source
# File lib/saml_idp/controller.rb, line 43 def decode_request(raw_saml_request) @saml_request = Request.from_deflated_request(raw_saml_request) end
default_algorithm()
click to toggle source
# File lib/saml_idp/controller.rb, line 140 def default_algorithm OpenSSL::Digest::SHA256 end
encode_authn_response(principal, opts = {})
click to toggle source
# File lib/saml_idp/controller.rb, line 51 def encode_authn_response(principal, opts = {}) response_id = get_saml_response_id reference_id = opts[:reference_id] || get_saml_reference_id audience_uri = opts[:audience_uri] || saml_request.issuer || saml_acs_url[/^(.*?\/\/.*?\/)/, 1] opt_issuer_uri = opts[:issuer_uri] || issuer_uri my_authn_context_classref = opts[:authn_context_classref] || authn_context_classref acs_url = opts[:acs_url] || saml_acs_url expiry = opts[:expiry] || 60*60 session_expiry = opts[:session_expiry] encryption_opts = opts[:encryption] || nil name_id_formats_opts = opts[:name_id_formats] || nil asserted_attributes_opts = opts[:attributes] || nil signed_message_opts = opts[:signed_message] || false name_id_formats_opts = opts[:name_id_formats] || nil asserted_attributes_opts = opts[:attributes] || nil signed_assertion_opts = opts[:signed_assertion] || true compress_opts = opts[:compress] || false SamlResponse.new( reference_id, response_id, opt_issuer_uri, principal, audience_uri, saml_request_id, acs_url, (opts[:algorithm] || algorithm || default_algorithm), my_authn_context_classref, expiry, encryption_opts, session_expiry, name_id_formats_opts, asserted_attributes_opts, signed_assertion_opts, signed_message_opts, compress_opts ).build end
encode_logout_response(_principal, opts = {})
click to toggle source
# File lib/saml_idp/controller.rb, line 90 def encode_logout_response(_principal, opts = {}) SamlIdp::LogoutResponseBuilder.new( get_saml_response_id, (opts[:issuer_uri] || issuer_uri), saml_logout_url, saml_request_id, (opts[:algorithm] || algorithm || default_algorithm) ).signed end
encode_response(principal, opts = {})
click to toggle source
# File lib/saml_idp/controller.rb, line 100 def encode_response(principal, opts = {}) if saml_request.authn_request? encode_authn_response(principal, opts) elsif saml_request.logout_request? encode_logout_response(principal, opts) else raise "Unknown request: #{saml_request}" end end
get_saml_reference_id()
click to toggle source
# File lib/saml_idp/controller.rb, line 136 def get_saml_reference_id SecureRandom.uuid end
get_saml_response_id()
click to toggle source
# File lib/saml_idp/controller.rb, line 132 def get_saml_response_id SecureRandom.uuid end
issuer()
click to toggle source
# File lib/saml_idp/controller.rb, line 25 def issuer nil end
issuer_uri()
click to toggle source
# File lib/saml_idp/controller.rb, line 110 def issuer_uri (SamlIdp.config.base_saml_location.present? && SamlIdp.config.base_saml_location) || (defined?(request) && request.url.to_s.split("?").first) || "http://example.com" end
saml_acs_url()
click to toggle source
# File lib/saml_idp/controller.rb, line 124 def saml_acs_url saml_request.acs_url end
saml_logout_url()
click to toggle source
# File lib/saml_idp/controller.rb, line 128 def saml_logout_url saml_request.logout_url end
saml_request()
click to toggle source
# File lib/saml_idp/controller.rb, line 19 def saml_request @saml_request ||= Struct.new(:request_id) do def authn_request? true end def issuer nil end def acs_url nil end end.new(nil) end
saml_request_id()
click to toggle source
# File lib/saml_idp/controller.rb, line 120 def saml_request_id saml_request.request_id end
valid_saml_request?()
click to toggle source
# File lib/saml_idp/controller.rb, line 116 def valid_saml_request? saml_request.valid? end
validate_saml_request(raw_saml_request = params[:SAMLRequest])
click to toggle source
# File lib/saml_idp/controller.rb, line 35 def validate_saml_request(raw_saml_request = params[:SAMLRequest]) decode_request(raw_saml_request) return true if valid_saml_request? head :forbidden if defined?(::Rails) false end