class SamlIdp::Request
Attributes
raw_xml[RW]
Public Class Methods
from_deflated_request(raw)
click to toggle source
# File lib/saml_idp/request.rb, line 5 def self.from_deflated_request(raw) if raw decoded = Base64.decode64(raw) zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS) begin inflated = zstream.inflate(decoded).tap do zstream.finish zstream.close end rescue Zlib::BufError, Zlib::DataError # not compressed inflated = decoded end else inflated = "" end new(inflated) end
new(raw_xml = "")
click to toggle source
# File lib/saml_idp/request.rb, line 30 def initialize(raw_xml = "") self.raw_xml = raw_xml end
Public Instance Methods
acs_url()
click to toggle source
# File lib/saml_idp/request.rb, line 62 def acs_url service_provider.acs_url || authn_request["AssertionConsumerServiceURL"].to_s end
authn_request?()
click to toggle source
# File lib/saml_idp/request.rb, line 38 def authn_request? authn_request.nil? ? false : true end
issuer()
click to toggle source
# File lib/saml_idp/request.rb, line 125 def issuer @_issuer ||= xpath("//saml:Issuer", saml: assertion).first.try(:content) @_issuer if @_issuer.present? end
log(msg)
click to toggle source
# File lib/saml_idp/request.rb, line 79 def log(msg) if Rails && Rails.logger Rails.logger.info msg else puts msg end end
logout_request?()
click to toggle source
# File lib/saml_idp/request.rb, line 34 def logout_request? logout_request.nil? ? false : true end
logout_url()
click to toggle source
# File lib/saml_idp/request.rb, line 67 def logout_url service_provider.assertion_consumer_logout_service_url end
name_id()
click to toggle source
# File lib/saml_idp/request.rb, line 130 def name_id @_name_id ||= xpath("//saml:NameID", saml: assertion).first.try(:content) end
request()
click to toggle source
# File lib/saml_idp/request.rb, line 46 def request if authn_request? authn_request elsif logout_request? logout_request end end
request_id()
click to toggle source
# File lib/saml_idp/request.rb, line 42 def request_id request["ID"] end
requested_authn_context()
click to toggle source
# File lib/saml_idp/request.rb, line 54 def requested_authn_context if authn_request? && authn_context_node authn_context_node.content else nil end end
response_url()
click to toggle source
# File lib/saml_idp/request.rb, line 71 def response_url if authn_request? acs_url elsif logout_request? logout_url end end
service_provider()
click to toggle source
# File lib/saml_idp/request.rb, line 121 def service_provider @_service_provider ||= ServiceProvider.new((service_provider_finder[issuer] || {}).merge(identifier: issuer)) end
service_provider?()
click to toggle source
# File lib/saml_idp/request.rb, line 117 def service_provider? service_provider.valid? end
session_index()
click to toggle source
# File lib/saml_idp/request.rb, line 134 def session_index @_session_index ||= xpath("//samlp:SessionIndex", samlp: samlp).first.try(:content) end
valid?()
click to toggle source
# File lib/saml_idp/request.rb, line 87 def valid? unless service_provider? log "Unable to find service provider for issuer #{issuer}" return false end unless (authn_request? ^ logout_request?) log "One and only one of authnrequest and logout request is required. authnrequest: #{authn_request?} logout_request: #{logout_request?} " return false end unless valid_signature? log "Signature is invalid in #{raw_xml}" return false end if response_url.nil? log "Unable to find response url for #{issuer}: #{raw_xml}" return false end return true end
valid_signature?()
click to toggle source
# File lib/saml_idp/request.rb, line 111 def valid_signature? # Force signatures for logout requests because there is no other # protection against a cross-site DoS. service_provider.valid_signature?(document, logout_request?) end
Private Instance Methods
assertion()
click to toggle source
# File lib/saml_idp/request.rb, line 165 def assertion Saml::XML::Namespaces::ASSERTION end
authn_context_node()
click to toggle source
# File lib/saml_idp/request.rb, line 143 def authn_context_node @_authn_context_node ||= xpath("//samlp:AuthnRequest/samlp:RequestedAuthnContext/saml:AuthnContextClassRef", samlp: samlp, saml: assertion).first end
authn_request()
click to toggle source
# File lib/saml_idp/request.rb, line 150 def authn_request @_authn_request ||= xpath("//samlp:AuthnRequest", samlp: samlp).first end
document()
click to toggle source
# File lib/saml_idp/request.rb, line 138 def document @_document ||= Saml::XML::Document.parse(raw_xml) end
logout_request()
click to toggle source
# File lib/saml_idp/request.rb, line 155 def logout_request @_logout_request ||= xpath("//samlp:LogoutRequest", samlp: samlp).first end
samlp()
click to toggle source
# File lib/saml_idp/request.rb, line 160 def samlp Saml::XML::Namespaces::PROTOCOL end
service_provider_finder()
click to toggle source
# File lib/saml_idp/request.rb, line 175 def service_provider_finder config.service_provider.finder end
signature_namespace()
click to toggle source
# File lib/saml_idp/request.rb, line 170 def signature_namespace Saml::XML::Namespaces::SIGNATURE end