module SamlIdp::Controller
Attributes
algorithm[RW]
Protected Instance Methods
acs_url()
click to toggle source
# File lib/saml_idp/controller.rb, line 30 def acs_url nil end
authn_context_classref()
click to toggle source
# File lib/saml_idp/controller.rb, line 45 def authn_context_classref Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD end
authn_request?()
click to toggle source
# File lib/saml_idp/controller.rb, line 22 def authn_request? true end
decode_request(raw_saml_request)
click to toggle source
# File lib/saml_idp/controller.rb, line 41 def decode_request(raw_saml_request) @saml_request = Request.from_deflated_request(raw_saml_request) end
default_algorithm()
click to toggle source
# File lib/saml_idp/controller.rb, line 124 def default_algorithm OpenSSL::Digest::SHA256 end
encode_authn_response(principal, opts = {})
click to toggle source
# File lib/saml_idp/controller.rb, line 49 def encode_authn_response(principal, opts = {}) response_id = get_saml_response_id reference_id = opts[:reference_id] || get_saml_reference_id audience_uri = opts[:audience_uri] || saml_request.issuer || saml_acs_url[/^(.*?\/\/.*?\/)/, 1] opt_issuer_uri = opts[:issuer_uri] || issuer_uri my_authn_context_classref = opts[:authn_context_classref] || authn_context_classref acs_url = opts[:acs_url] || saml_acs_url expiry = opts[:expiry] || 60*60 encryption_opts = opts[:encryption] || nil SamlResponse.new( reference_id, response_id, opt_issuer_uri, principal, audience_uri, saml_request_id, acs_url, (opts[:algorithm] || algorithm || default_algorithm), my_authn_context_classref, expiry, encryption_opts ).build end
encode_logout_response(principal, opts = {})
click to toggle source
# File lib/saml_idp/controller.rb, line 74 def encode_logout_response(principal, opts = {}) SamlIdp::LogoutResponseBuilder.new( get_saml_response_id, (opts[:issuer_uri] || issuer_uri), saml_logout_url, saml_request_id, (opts[:algorithm] || algorithm || default_algorithm) ).signed end
encode_response(principal, opts = {})
click to toggle source
# File lib/saml_idp/controller.rb, line 84 def encode_response(principal, opts = {}) if saml_request.authn_request? encode_authn_response(principal, opts) elsif saml_request.logout_request? encode_logout_response(principal, opts) else raise "Unknown request: #{saml_request}" end end
get_saml_reference_id()
click to toggle source
# File lib/saml_idp/controller.rb, line 120 def get_saml_reference_id UUID.generate end
get_saml_response_id()
click to toggle source
# File lib/saml_idp/controller.rb, line 116 def get_saml_response_id UUID.generate end
issuer()
click to toggle source
# File lib/saml_idp/controller.rb, line 26 def issuer nil end
issuer_uri()
click to toggle source
# File lib/saml_idp/controller.rb, line 94 def issuer_uri (SamlIdp.config.base_saml_location.present? && SamlIdp.config.base_saml_location) || (defined?(request) && request.url.to_s.split("?").first) || "http://example.com" end
saml_acs_url()
click to toggle source
# File lib/saml_idp/controller.rb, line 108 def saml_acs_url saml_request.acs_url end
saml_logout_url()
click to toggle source
# File lib/saml_idp/controller.rb, line 112 def saml_logout_url saml_request.logout_url end
saml_request()
click to toggle source
# File lib/saml_idp/controller.rb, line 20 def saml_request @saml_request ||= Struct.new(:request_id) do def authn_request? true end def issuer nil end def acs_url nil end end.new(nil) end
saml_request_id()
click to toggle source
# File lib/saml_idp/controller.rb, line 104 def saml_request_id saml_request.request_id end
valid_saml_request?()
click to toggle source
# File lib/saml_idp/controller.rb, line 100 def valid_saml_request? saml_request.valid? end
validate_saml_request(raw_saml_request = params[:SAMLRequest])
click to toggle source
# File lib/saml_idp/controller.rb, line 36 def validate_saml_request(raw_saml_request = params[:SAMLRequest]) decode_request(raw_saml_request) render nothing: true, status: :forbidden unless valid_saml_request? end