class SamlIdp::Request

Attributes

raw_xml[RW]

Public Class Methods

from_deflated_request(raw) click to toggle source
# File lib/saml_idp/request.rb, line 6
def self.from_deflated_request(raw)
  if raw
    decoded = Base64.decode64(raw)
    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
    begin
      inflated = zstream.inflate(decoded).tap do
        zstream.finish
        zstream.close
      end
    rescue Zlib::BufError, Zlib::DataError # not compressed
      inflated = decoded
    end
  else
    inflated = ""
  end
  new(inflated)
end
new(raw_xml = "") click to toggle source
# File lib/saml_idp/request.rb, line 31
def initialize(raw_xml = "")
  self.raw_xml = raw_xml
end

Public Instance Methods

acs_url() click to toggle source
# File lib/saml_idp/request.rb, line 63
def acs_url
  service_provider.acs_url ||
    authn_request["AssertionConsumerServiceURL"].to_s
end
authn_request?() click to toggle source
# File lib/saml_idp/request.rb, line 39
def authn_request?
  authn_request.nil? ? false : true
end
issuer() click to toggle source
# File lib/saml_idp/request.rb, line 138
def issuer
  @_issuer ||= xpath("//saml:Issuer", saml: assertion).first.try(:content)
  @_issuer if @_issuer.present?
end
log(msg) click to toggle source
# File lib/saml_idp/request.rb, line 80
def log(msg)
  if config.logger.class <= ::Logger
    config.logger.info msg
  else
    config.logger.call msg
  end
end
logout_request?() click to toggle source
# File lib/saml_idp/request.rb, line 35
def logout_request?
  logout_request.nil? ? false : true
end
logout_url() click to toggle source
# File lib/saml_idp/request.rb, line 68
def logout_url
  service_provider.assertion_consumer_logout_service_url
end
name_id() click to toggle source
# File lib/saml_idp/request.rb, line 143
def name_id
  @_name_id ||= xpath("//saml:NameID", saml: assertion).first.try(:content)
end
request() click to toggle source
# File lib/saml_idp/request.rb, line 47
def request
  if authn_request?
    authn_request
  elsif logout_request?
    logout_request
  end
end
request_id() click to toggle source
# File lib/saml_idp/request.rb, line 43
def request_id
  request["ID"]
end
requested_authn_context() click to toggle source
# File lib/saml_idp/request.rb, line 55
def requested_authn_context
  if authn_request? && authn_context_node
    authn_context_node.content
  else
    nil
  end
end
response_url() click to toggle source
# File lib/saml_idp/request.rb, line 72
def response_url
  if authn_request?
    acs_url
  elsif logout_request?
    logout_url
  end
end
service_provider() click to toggle source
# File lib/saml_idp/request.rb, line 133
def service_provider
  return unless issuer.present?
  @_service_provider ||= ServiceProvider.new((service_provider_finder[issuer] || {}).merge(identifier: issuer))
end
service_provider?() click to toggle source
# File lib/saml_idp/request.rb, line 129
def service_provider?
  service_provider && service_provider.valid?
end
session_index() click to toggle source
# File lib/saml_idp/request.rb, line 147
def session_index
  @_session_index ||= xpath("//samlp:SessionIndex", samlp: samlp).first.try(:content)
end
valid?() click to toggle source
# File lib/saml_idp/request.rb, line 88
def valid?
  unless service_provider?
    log "Unable to find service provider for issuer #{issuer}"
    return false
  end

  unless (authn_request? ^ logout_request?)
    log "One and only one of authnrequest and logout request is required. authnrequest: #{authn_request?} logout_request: #{logout_request?} "
    return false
  end

  unless valid_signature?
    log "Signature is invalid in #{raw_xml}"
    return false
  end

  if response_url.nil?
    log "Unable to find response url for #{issuer}: #{raw_xml}"
    return false
  end

  if !service_provider.acceptable_response_hosts.include?(response_host)
    log "#{service_provider.acceptable_response_hosts} compare to #{response_host}"
    log "No acceptable AssertionConsumerServiceURL, either configure them via config.service_provider.response_hosts or match to your metadata_url host"
    return false
  end

  return true
end
valid_signature?() click to toggle source
# File lib/saml_idp/request.rb, line 118
def valid_signature?
  # Force signatures for logout requests because there is no other protection against a cross-site DoS.
  # Validate signature when metadata specify AuthnRequest should be signed
  metadata = service_provider.current_metadata
  if logout_request? || authn_request? && metadata.respond_to?(:sign_authn_request?) && metadata.sign_authn_request?
    document.valid_signature?(service_provider.fingerprint)
  else
    true
  end
end

Private Instance Methods

assertion() click to toggle source
# File lib/saml_idp/request.rb, line 186
def assertion
  Saml::XML::Namespaces::ASSERTION
end
authn_context_node() click to toggle source
# File lib/saml_idp/request.rb, line 164
def authn_context_node
  @_authn_context_node ||= xpath("//samlp:AuthnRequest/samlp:RequestedAuthnContext/saml:AuthnContextClassRef",
    samlp: samlp,
    saml: assertion).first
end
authn_request() click to toggle source
# File lib/saml_idp/request.rb, line 171
def authn_request
  @_authn_request ||= xpath("//samlp:AuthnRequest", samlp: samlp).first
end
document() click to toggle source
# File lib/saml_idp/request.rb, line 159
def document
  @_document ||= Saml::XML::Document.parse(raw_xml)
end
logout_request() click to toggle source
# File lib/saml_idp/request.rb, line 176
def logout_request
  @_logout_request ||= xpath("//samlp:LogoutRequest", samlp: samlp).first
end
response_host() click to toggle source
# File lib/saml_idp/request.rb, line 151
def response_host
  uri = URI(response_url)
  if uri
    uri.host
  end
end
samlp() click to toggle source
# File lib/saml_idp/request.rb, line 181
def samlp
  Saml::XML::Namespaces::PROTOCOL
end
service_provider_finder() click to toggle source
# File lib/saml_idp/request.rb, line 196
def service_provider_finder
  config.service_provider.finder
end
signature_namespace() click to toggle source
# File lib/saml_idp/request.rb, line 191
def signature_namespace
  Saml::XML::Namespaces::SIGNATURE
end