module SamlIdp::Controller

Attributes

algorithm[RW]

Protected Instance Methods

acs_url() click to toggle source
# File lib/saml_idp/controller.rb, line 29
def acs_url
  nil
end
authn_context_classref() click to toggle source
# File lib/saml_idp/controller.rb, line 47
def authn_context_classref
  Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
end
authn_request?() click to toggle source
# File lib/saml_idp/controller.rb, line 21
def authn_request?
  true
end
decode_request(raw_saml_request) click to toggle source
# File lib/saml_idp/controller.rb, line 43
def decode_request(raw_saml_request)
  @saml_request = Request.from_deflated_request(raw_saml_request)
end
default_algorithm() click to toggle source
# File lib/saml_idp/controller.rb, line 140
def default_algorithm
  OpenSSL::Digest::SHA256
end
encode_authn_response(principal, opts = {}) click to toggle source
# File lib/saml_idp/controller.rb, line 51
def encode_authn_response(principal, opts = {})
  response_id = get_saml_response_id
  reference_id = opts[:reference_id] || get_saml_reference_id
  audience_uri = opts[:audience_uri] || saml_request.issuer || saml_acs_url[/^(.*?\/\/.*?\/)/, 1]
  opt_issuer_uri = opts[:issuer_uri] || issuer_uri
  my_authn_context_classref = opts[:authn_context_classref] || authn_context_classref
  acs_url = opts[:acs_url] || saml_acs_url
  expiry = opts[:expiry] || 60*60
  session_expiry = opts[:session_expiry]
  encryption_opts = opts[:encryption] || nil
  name_id_formats_opts = opts[:name_id_formats] || nil
  asserted_attributes_opts = opts[:attributes] || nil
  signed_message_opts = opts[:signed_message] || false
  name_id_formats_opts = opts[:name_id_formats] || nil
  asserted_attributes_opts = opts[:attributes] || nil
  signed_assertion_opts = opts[:signed_assertion] || true
  compress_opts = opts[:compress] || false

  SamlResponse.new(
    reference_id,
    response_id,
    opt_issuer_uri,
    principal,
    audience_uri,
    saml_request_id,
    acs_url,
    (opts[:algorithm] || algorithm || default_algorithm),
    my_authn_context_classref,
    expiry,
    encryption_opts,
    session_expiry,
    name_id_formats_opts,
    asserted_attributes_opts,
    signed_assertion_opts,
    signed_message_opts,
    compress_opts
  ).build
end
encode_logout_response(_principal, opts = {}) click to toggle source
# File lib/saml_idp/controller.rb, line 90
def encode_logout_response(_principal, opts = {})
  SamlIdp::LogoutResponseBuilder.new(
    get_saml_response_id,
    (opts[:issuer_uri] || issuer_uri),
    saml_logout_url,
    saml_request_id,
    (opts[:algorithm] || algorithm || default_algorithm)
  ).signed
end
encode_response(principal, opts = {}) click to toggle source
# File lib/saml_idp/controller.rb, line 100
def encode_response(principal, opts = {})
  if saml_request.authn_request?
    encode_authn_response(principal, opts)
  elsif saml_request.logout_request?
    encode_logout_response(principal, opts)
  else
    raise "Unknown request: #{saml_request}"
  end
end
get_saml_reference_id() click to toggle source
# File lib/saml_idp/controller.rb, line 136
def get_saml_reference_id
  SecureRandom.uuid
end
get_saml_response_id() click to toggle source
# File lib/saml_idp/controller.rb, line 132
def get_saml_response_id
  SecureRandom.uuid
end
issuer() click to toggle source
# File lib/saml_idp/controller.rb, line 25
def issuer
  nil
end
issuer_uri() click to toggle source
# File lib/saml_idp/controller.rb, line 110
def issuer_uri
  (SamlIdp.config.base_saml_location.present? && SamlIdp.config.base_saml_location) ||
    (defined?(request) && request.url.to_s.split("?").first) ||
    "http://example.com"
end
saml_acs_url() click to toggle source
# File lib/saml_idp/controller.rb, line 124
def saml_acs_url
  saml_request.acs_url
end
saml_logout_url() click to toggle source
# File lib/saml_idp/controller.rb, line 128
def saml_logout_url
  saml_request.logout_url
end
saml_request() click to toggle source
# File lib/saml_idp/controller.rb, line 19
def saml_request
  @saml_request ||= Struct.new(:request_id) do
    def authn_request?
      true
    end

    def issuer
      nil
    end

    def acs_url
      nil
    end
  end.new(nil)
end
saml_request_id() click to toggle source
# File lib/saml_idp/controller.rb, line 120
def saml_request_id
  saml_request.request_id
end
valid_saml_request?() click to toggle source
# File lib/saml_idp/controller.rb, line 116
def valid_saml_request?
  saml_request.valid?
end
validate_saml_request(raw_saml_request = params[:SAMLRequest]) click to toggle source
# File lib/saml_idp/controller.rb, line 35
def validate_saml_request(raw_saml_request = params[:SAMLRequest])
  decode_request(raw_saml_request)
  return true if valid_saml_request?

  head :forbidden if defined?(::Rails)
  false
end