class SamlIdp::AssertionBuilder

Attributes

audience_uri[RW]
authn_context_classref[RW]
encryption_opts[RW]
expiry[RW]
issuer_uri[RW]
principal[RW]
raw_algorithm[RW]
reference_id[RW]
saml_acs_url[RW]
saml_request_id[RW]

Public Class Methods

new(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60, encryption_opts=nil) click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 21
def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60, encryption_opts=nil)
  self.reference_id = reference_id
  self.issuer_uri = issuer_uri
  self.principal = principal
  self.audience_uri = audience_uri
  self.saml_request_id = saml_request_id
  self.saml_acs_url = saml_acs_url
  self.raw_algorithm = raw_algorithm
  self.authn_context_classref = authn_context_classref
  self.expiry = expiry
  self.encryption_opts = encryption_opts
end

Public Instance Methods

encrypt(opts = {}) click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 83
def encrypt(opts = {})
  raise "Must set encryption_opts to encrypt" unless encryption_opts
  raw_xml = opts[:sign] ? signed : raw
  require 'saml_idp/encryptor'
  encryptor = Encryptor.new encryption_opts
  encryptor.encrypt(raw_xml)
end
raw()
Alias for: fresh

Private Instance Methods

asserted_attributes() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 91
def asserted_attributes
  if principal.respond_to?(:asserted_attributes)
    principal.send(:asserted_attributes)
  elsif !config.attributes.nil? && !config.attributes.empty?
    config.attributes
  end
end
fresh() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 34
def fresh
  builder = Builder::XmlMarkup.new
  builder.Assertion xmlns: Saml::XML::Namespaces::ASSERTION,
    ID: reference_string,
    IssueInstant: now_iso,
    Version: "2.0" do |assertion|
      assertion.Issuer issuer_uri
      sign assertion
      assertion.Subject do |subject|
        subject.NameID name_id, Format: name_id_format[:name]
        subject.SubjectConfirmation Method: Saml::XML::Namespaces::Methods::BEARER do |confirmation|
          confirmation_hash = {}
          confirmation_hash[:InResponseTo] = saml_request_id unless saml_request_id.nil?
          confirmation_hash[:NotOnOrAfter] = not_on_or_after_subject
          confirmation_hash[:Recipient] = saml_acs_url

          confirmation.SubjectConfirmationData "", confirmation_hash
        end
      end
      assertion.Conditions NotBefore: not_before, NotOnOrAfter: not_on_or_after_condition do |conditions|
        conditions.AudienceRestriction do |restriction|
          restriction.Audience audience_uri
        end
      end
      if asserted_attributes
        assertion.AttributeStatement do |attr_statement|
          asserted_attributes.each do |friendly_name, attrs|
            attrs = (attrs || {}).with_indifferent_access
            attr_statement.Attribute Name: attrs[:name] || friendly_name,
              NameFormat: attrs[:name_format] || Saml::XML::Namespaces::Formats::Attr::URI,
              FriendlyName: friendly_name.to_s do |attr|
                values = get_values_for friendly_name, attrs[:getter]
                values.each do |val|
                  attr.AttributeValue val.to_s
                end
              end
          end
        end
      end
      assertion.AuthnStatement AuthnInstant: now_iso, SessionIndex: reference_string do |statement|
        statement.AuthnContext do |context|
          context.AuthnContextClassRef authn_context_classref
        end
      end
    end
end
Also aliased as: raw
get_values_for(friendly_name, getter) click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 100
def get_values_for(friendly_name, getter)
  result = nil
  if getter.present?
    if getter.respond_to?(:call)
      result = getter.call(principal)
    else
      message = getter.to_s.underscore
      result = principal.public_send(message) if principal.respond_to?(message)
    end
  elsif getter.nil?
    message = friendly_name.to_s.underscore
    result = principal.public_send(message) if principal.respond_to?(message)
  end
  Array(result)
end
iso() { || ... } click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 167
def iso
  yield.iso8601
end
name_id() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 117
def name_id
  name_id_getter.call principal
end
name_id_format() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 132
def name_id_format
  @name_id_format ||= NameIdFormatter.new(config.name_id.formats).chosen
end
name_id_getter() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 122
def name_id_getter
  getter = name_id_format[:getter]
  if getter.respond_to? :call
    getter
  else
    ->(principal) { principal.public_send getter.to_s }
  end
end
not_before() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 152
def not_before
  iso { now - 5 }
end
not_on_or_after_condition() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 157
def not_on_or_after_condition
  iso { now + expiry }
end
not_on_or_after_subject() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 162
def not_on_or_after_subject
  iso { now + 3 * 60 }
end
now() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 142
def now
  @now ||= Time.now.utc
end
now_iso() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 147
def now_iso
  iso { now }
end
reference_string() click to toggle source
# File lib/saml_idp/assertion_builder.rb, line 137
def reference_string
  "_#{reference_id}"
end