class SamlIdp::AssertionBuilder
Attributes
audience_uri[RW]
authn_context_classref[RW]
encryption_opts[RW]
expiry[RW]
issuer_uri[RW]
principal[RW]
raw_algorithm[RW]
reference_id[RW]
saml_acs_url[RW]
saml_request_id[RW]
Public Class Methods
new(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60, encryption_opts=nil)
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 21 def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60, encryption_opts=nil) self.reference_id = reference_id self.issuer_uri = issuer_uri self.principal = principal self.audience_uri = audience_uri self.saml_request_id = saml_request_id self.saml_acs_url = saml_acs_url self.raw_algorithm = raw_algorithm self.authn_context_classref = authn_context_classref self.expiry = expiry self.encryption_opts = encryption_opts end
Public Instance Methods
encrypt(opts = {})
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 83 def encrypt(opts = {}) raise "Must set encryption_opts to encrypt" unless encryption_opts raw_xml = opts[:sign] ? signed : raw require 'saml_idp/encryptor' encryptor = Encryptor.new encryption_opts encryptor.encrypt(raw_xml) end
Private Instance Methods
asserted_attributes()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 91 def asserted_attributes if principal.respond_to?(:asserted_attributes) principal.send(:asserted_attributes) elsif !config.attributes.nil? && !config.attributes.empty? config.attributes end end
fresh()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 34 def fresh builder = Builder::XmlMarkup.new builder.Assertion xmlns: Saml::XML::Namespaces::ASSERTION, ID: reference_string, IssueInstant: now_iso, Version: "2.0" do |assertion| assertion.Issuer issuer_uri sign assertion assertion.Subject do |subject| subject.NameID name_id, Format: name_id_format[:name] subject.SubjectConfirmation Method: Saml::XML::Namespaces::Methods::BEARER do |confirmation| confirmation_hash = {} confirmation_hash[:InResponseTo] = saml_request_id unless saml_request_id.nil? confirmation_hash[:NotOnOrAfter] = not_on_or_after_subject confirmation_hash[:Recipient] = saml_acs_url confirmation.SubjectConfirmationData "", confirmation_hash end end assertion.Conditions NotBefore: not_before, NotOnOrAfter: not_on_or_after_condition do |conditions| conditions.AudienceRestriction do |restriction| restriction.Audience audience_uri end end if asserted_attributes assertion.AttributeStatement do |attr_statement| asserted_attributes.each do |friendly_name, attrs| attrs = (attrs || {}).with_indifferent_access attr_statement.Attribute Name: attrs[:name] || friendly_name, NameFormat: attrs[:name_format] || Saml::XML::Namespaces::Formats::Attr::URI, FriendlyName: friendly_name.to_s do |attr| values = get_values_for friendly_name, attrs[:getter] values.each do |val| attr.AttributeValue val.to_s end end end end end assertion.AuthnStatement AuthnInstant: now_iso, SessionIndex: reference_string do |statement| statement.AuthnContext do |context| context.AuthnContextClassRef authn_context_classref end end end end
Also aliased as: raw
get_values_for(friendly_name, getter)
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 100 def get_values_for(friendly_name, getter) result = nil if getter.present? if getter.respond_to?(:call) result = getter.call(principal) else message = getter.to_s.underscore result = principal.public_send(message) if principal.respond_to?(message) end elsif getter.nil? message = friendly_name.to_s.underscore result = principal.public_send(message) if principal.respond_to?(message) end Array(result) end
iso() { || ... }
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 167 def iso yield.iso8601 end
name_id()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 117 def name_id name_id_getter.call principal end
name_id_format()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 132 def name_id_format @name_id_format ||= NameIdFormatter.new(config.name_id.formats).chosen end
name_id_getter()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 122 def name_id_getter getter = name_id_format[:getter] if getter.respond_to? :call getter else ->(principal) { principal.public_send getter.to_s } end end
not_before()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 152 def not_before iso { now - 5 } end
not_on_or_after_condition()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 157 def not_on_or_after_condition iso { now + expiry } end
not_on_or_after_subject()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 162 def not_on_or_after_subject iso { now + 3 * 60 } end
now()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 142 def now @now ||= Time.now.utc end
now_iso()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 147 def now_iso iso { now } end
reference_string()
click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 137 def reference_string "_#{reference_id}" end