module SamlIdp::Controller

Attributes

algorithm[RW]

Protected Instance Methods

acs_url() click to toggle source
# File lib/saml_idp/controller.rb, line 30
def acs_url
  nil
end
authn_context_classref() click to toggle source
# File lib/saml_idp/controller.rb, line 45
def authn_context_classref
  Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
end
authn_request?() click to toggle source
# File lib/saml_idp/controller.rb, line 22
def authn_request?
  true
end
decode_request(raw_saml_request) click to toggle source
# File lib/saml_idp/controller.rb, line 41
def decode_request(raw_saml_request)
  @saml_request = Request.from_deflated_request(raw_saml_request)
end
default_algorithm() click to toggle source
# File lib/saml_idp/controller.rb, line 124
def default_algorithm
  OpenSSL::Digest::SHA256
end
encode_authn_response(principal, opts = {}) click to toggle source
# File lib/saml_idp/controller.rb, line 49
def encode_authn_response(principal, opts = {})
  response_id = get_saml_response_id
  reference_id = opts[:reference_id] || get_saml_reference_id
  audience_uri = opts[:audience_uri] || saml_request.issuer || saml_acs_url[/^(.*?\/\/.*?\/)/, 1]
  opt_issuer_uri = opts[:issuer_uri] || issuer_uri
  my_authn_context_classref = opts[:authn_context_classref] || authn_context_classref
  acs_url = opts[:acs_url] || saml_acs_url
  expiry = opts[:expiry] || 60*60
  encryption_opts = opts[:encryption] || nil

  SamlResponse.new(
    reference_id,
    response_id,
    opt_issuer_uri,
    principal,
    audience_uri,
    saml_request_id,
    acs_url,
    (opts[:algorithm] || algorithm || default_algorithm),
    my_authn_context_classref,
    expiry,
    encryption_opts
  ).build
end
encode_logout_response(principal, opts = {}) click to toggle source
# File lib/saml_idp/controller.rb, line 74
def encode_logout_response(principal, opts = {})
  SamlIdp::LogoutResponseBuilder.new(
    get_saml_response_id,
    (opts[:issuer_uri] || issuer_uri),
    saml_logout_url,
    saml_request_id,
    (opts[:algorithm] || algorithm || default_algorithm)
  ).signed
end
encode_response(principal, opts = {}) click to toggle source
# File lib/saml_idp/controller.rb, line 84
def encode_response(principal, opts = {})
  if saml_request.authn_request?
    encode_authn_response(principal, opts)
  elsif saml_request.logout_request?
    encode_logout_response(principal, opts)
  else
    raise "Unknown request: #{saml_request}"
  end
end
get_saml_reference_id() click to toggle source
# File lib/saml_idp/controller.rb, line 120
def get_saml_reference_id
  UUID.generate
end
get_saml_response_id() click to toggle source
# File lib/saml_idp/controller.rb, line 116
def get_saml_response_id
  UUID.generate
end
issuer() click to toggle source
# File lib/saml_idp/controller.rb, line 26
def issuer
  nil
end
issuer_uri() click to toggle source
# File lib/saml_idp/controller.rb, line 94
def issuer_uri
  (SamlIdp.config.base_saml_location.present? && SamlIdp.config.base_saml_location) ||
    (defined?(request) && request.url.to_s.split("?").first) ||
    "http://example.com"
end
saml_acs_url() click to toggle source
# File lib/saml_idp/controller.rb, line 108
def saml_acs_url
  saml_request.acs_url
end
saml_logout_url() click to toggle source
# File lib/saml_idp/controller.rb, line 112
def saml_logout_url
  saml_request.logout_url
end
saml_request() click to toggle source
# File lib/saml_idp/controller.rb, line 20
def saml_request
  @saml_request ||= Struct.new(:request_id) do
    def authn_request?
      true
    end

    def issuer
      nil
    end

    def acs_url
      nil
    end
  end.new(nil)
end
saml_request_id() click to toggle source
# File lib/saml_idp/controller.rb, line 104
def saml_request_id
  saml_request.request_id
end
valid_saml_request?() click to toggle source
# File lib/saml_idp/controller.rb, line 100
def valid_saml_request?
  saml_request.valid?
end
validate_saml_request(raw_saml_request = params[:SAMLRequest]) click to toggle source
# File lib/saml_idp/controller.rb, line 36
def validate_saml_request(raw_saml_request = params[:SAMLRequest])
  decode_request(raw_saml_request)
  render nothing: true, status: :forbidden unless valid_saml_request?
end