class SamlIdp::Request

Attributes

raw_xml[RW]

Public Class Methods

from_deflated_request(raw) click to toggle source
# File lib/saml_idp/request.rb, line 5
def self.from_deflated_request(raw)
  if raw
    decoded = Base64.decode64(raw)
    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
    begin
      inflated = zstream.inflate(decoded).tap do
        zstream.finish
        zstream.close
      end
    rescue Zlib::BufError, Zlib::DataError # not compressed
      inflated = decoded
    end
  else
    inflated = ""
  end
  new(inflated)
end
new(raw_xml = "") click to toggle source
# File lib/saml_idp/request.rb, line 30
def initialize(raw_xml = "")
  self.raw_xml = raw_xml
end

Public Instance Methods

acs_url() click to toggle source
# File lib/saml_idp/request.rb, line 62
def acs_url
  service_provider.acs_url ||
    authn_request["AssertionConsumerServiceURL"].to_s
end
authn_request?() click to toggle source
# File lib/saml_idp/request.rb, line 38
def authn_request?
  authn_request.nil? ? false : true
end
issuer() click to toggle source
# File lib/saml_idp/request.rb, line 125
def issuer
  @_issuer ||= xpath("//saml:Issuer", saml: assertion).first.try(:content)
  @_issuer if @_issuer.present?
end
log(msg) click to toggle source
# File lib/saml_idp/request.rb, line 79
def log(msg)
  if Rails && Rails.logger
    Rails.logger.info msg
  else
    puts msg
  end
end
logout_request?() click to toggle source
# File lib/saml_idp/request.rb, line 34
def logout_request?
  logout_request.nil? ? false : true
end
logout_url() click to toggle source
# File lib/saml_idp/request.rb, line 67
def logout_url
  service_provider.assertion_consumer_logout_service_url
end
name_id() click to toggle source
# File lib/saml_idp/request.rb, line 130
def name_id
  @_name_id ||= xpath("//saml:NameID", saml: assertion).first.try(:content)
end
request() click to toggle source
# File lib/saml_idp/request.rb, line 46
def request
  if authn_request?
    authn_request
  elsif logout_request?
    logout_request
  end
end
request_id() click to toggle source
# File lib/saml_idp/request.rb, line 42
def request_id
  request["ID"]
end
requested_authn_context() click to toggle source
# File lib/saml_idp/request.rb, line 54
def requested_authn_context
  if authn_request? && authn_context_node
    authn_context_node.content
  else
    nil
  end
end
response_url() click to toggle source
# File lib/saml_idp/request.rb, line 71
def response_url
  if authn_request?
    acs_url
  elsif logout_request?
    logout_url
  end
end
service_provider() click to toggle source
# File lib/saml_idp/request.rb, line 121
def service_provider
  @_service_provider ||= ServiceProvider.new((service_provider_finder[issuer] || {}).merge(identifier: issuer))
end
service_provider?() click to toggle source
# File lib/saml_idp/request.rb, line 117
def service_provider?
  service_provider.valid?
end
session_index() click to toggle source
# File lib/saml_idp/request.rb, line 134
def session_index
  @_session_index ||= xpath("//samlp:SessionIndex", samlp: samlp).first.try(:content)
end
valid?() click to toggle source
# File lib/saml_idp/request.rb, line 87
def valid?
  unless service_provider?
    log "Unable to find service provider for issuer #{issuer}"
    return false
  end

  unless (authn_request? ^ logout_request?)
    log "One and only one of authnrequest and logout request is required. authnrequest: #{authn_request?} logout_request: #{logout_request?} "
    return false
  end

  unless valid_signature?
    log "Signature is invalid in #{raw_xml}"
    return false
  end

  if response_url.nil?
    log "Unable to find response url for #{issuer}: #{raw_xml}"
    return false
  end

  return true
end
valid_signature?() click to toggle source
# File lib/saml_idp/request.rb, line 111
def valid_signature?
  # Force signatures for logout requests because there is no other
  # protection against a cross-site DoS.
  service_provider.valid_signature?(document, logout_request?)
end

Private Instance Methods

assertion() click to toggle source
# File lib/saml_idp/request.rb, line 165
def assertion
  Saml::XML::Namespaces::ASSERTION
end
authn_context_node() click to toggle source
# File lib/saml_idp/request.rb, line 143
def authn_context_node
  @_authn_context_node ||= xpath("//samlp:AuthnRequest/samlp:RequestedAuthnContext/saml:AuthnContextClassRef",
    samlp: samlp,
    saml: assertion).first
end
authn_request() click to toggle source
# File lib/saml_idp/request.rb, line 150
def authn_request
  @_authn_request ||= xpath("//samlp:AuthnRequest", samlp: samlp).first
end
document() click to toggle source
# File lib/saml_idp/request.rb, line 138
def document
  @_document ||= Saml::XML::Document.parse(raw_xml)
end
logout_request() click to toggle source
# File lib/saml_idp/request.rb, line 155
def logout_request
  @_logout_request ||= xpath("//samlp:LogoutRequest", samlp: samlp).first
end
samlp() click to toggle source
# File lib/saml_idp/request.rb, line 160
def samlp
  Saml::XML::Namespaces::PROTOCOL
end
service_provider_finder() click to toggle source
# File lib/saml_idp/request.rb, line 175
def service_provider_finder
  config.service_provider.finder
end
signature_namespace() click to toggle source
# File lib/saml_idp/request.rb, line 170
def signature_namespace
  Saml::XML::Namespaces::SIGNATURE
end