class OmniAuth::Strategies::MSAD
Public Class Methods
new(app, *args, &block)
click to toggle source
Calls superclass method
# File lib/omniauth/strategies/msad.rb, line 47 def initialize(app, *args, &block) super # Add the request attributes to the options. options[:sp_name_qualifier] = options[:sp_entity_id] if options[:sp_name_qualifier].nil? # Remove the nil options from the origianl options array that will be # defined by the MSAD options [ :idp_name_qualifier, :name_identifier_format, :security ].each do |key| options.delete(key) if options[key].nil? end # Add the MSAD options to the local options, most of which are fetched # from the metadata. The options array is the one that gets priority in # case it overrides some of the metadata or locally defined option # values. @options = OmniAuth::Strategy::Options.new( msad_options.merge(options) ) end
Public Instance Methods
response_object()
click to toggle source
This method can be used externally to fetch information about the response, e.g. in case of failures.
# File lib/omniauth/strategies/msad.rb, line 74 def response_object return nil unless request.params["SAMLResponse"] with_settings do |settings| response = OneLogin::RubySaml::Response.new( request.params["SAMLResponse"], options_for_response_object.merge(settings: settings) ) response.attributes["fingerprint"] = settings.idp_cert_fingerprint response end end
Private Instance Methods
msad_options()
click to toggle source
# File lib/omniauth/strategies/msad.rb, line 89 def msad_options idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new # Returns OneLogin::RubySaml::Settings prepopulated with idp metadata settings = begin begin idp_metadata_parser.parse_remote_to_hash( options.idp_metadata_url, true ) rescue ::URI::InvalidURIError # Allow the OmniAuth strategy to be configured with empty settings # in order to provide the metadata URL even when the authentication # endpoint is not configured. {} end end # Define the security settings as there are some defaults that need to be # modified security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security] settings[:security] = security_defaults.merge( authn_requests_signed: options.certificate.present?, want_assertions_signed: true, digest_method: XMLSecurity::Document::SHA256, signature_method: XMLSecurity::Document::RSA_SHA256 ) # Add some extra information that is necessary for correctly formatted # logout requests. settings[:idp_name_qualifier] = settings[:idp_entity_id] if !options.name_identifier_format.blank? # If the name identifier format has been configured, use that instead # of the IdP metadata value. Otherwise the first format available in # the IdP metadata would be used. settings[:name_identifier_format] = options.name_identifier_format elsif settings[:name_identifier_format].blank? # If the name identifier format is not defined in the IdP metadata, # add the persistent format to the SP metadata. settings[:name_identifier_format] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" end settings end
other_phase_for_metadata()
click to toggle source
Customize the metadata class in order to add custom nodes to the metadata.
# File lib/omniauth/strategies/msad.rb, line 142 def other_phase_for_metadata with_settings do |settings| response = OmniAuth::MSAD::Metadata.new add_request_attributes_to(settings) if options.request_attributes.length.positive? Rack::Response.new( response.generate(settings), 200, "Content-Type" => "application/xml" ).finish end end
other_phase_for_spslo()
click to toggle source
End the local user session BEFORE sending the logout request to the identity provider.
Calls superclass method
# File lib/omniauth/strategies/msad.rb, line 158 def other_phase_for_spslo return super unless options.idp_slo_target_url with_settings do |settings| # Some session variables are needed when generating the logout request request = generate_logout_request(settings) # Destroy the local user session options[:idp_slo_session_destroy].call @env, session # Send the logout request to the identity provider redirect(request) end end
slo_relay_state()
click to toggle source
Overridden to disable passing the relay state with a request parameter which is possible in the default implementation.
Calls superclass method
# File lib/omniauth/strategies/msad.rb, line 173 def slo_relay_state state = super # Ensure that we are only using the relay states to redirect the user # within the current website. This forces the relay state to always # start with a single forward slash character (/). return "/" unless state =~ %r{^/[^/].*} state end
with_settings() { |settings| ... }
click to toggle source
# File lib/omniauth/strategies/msad.rb, line 135 def with_settings options[:assertion_consumer_service_url] ||= callback_url yield OmniAuth::MSAD::Settings.new(options) end