class CredSummoner::SAMLAssertion

Attributes

response[R]

Public Class Methods

new(response) click to toggle source
# File lib/credsummoner/saml_assertion.rb, line 8
def initialize(response)
  @response = response
end

Public Instance Methods

principal_arn_map() click to toggle source

Role->Principal mapping

# File lib/credsummoner/saml_assertion.rb, line 17
def principal_arn_map
  @principal_arn_map ||=
    begin
      # The SAML document has the principal ARNs and role ARNs in
      # "principal,role" pairs.  So, we generate a mapping from role
      # to principal for lookup later when we talk to AWS STS to
      # create a session.
      saml_xpath = "//saml2:Attribute[@Name='https://aws.amazon.com/SAML/Attributes/Role']/saml2:AttributeValue"
      saml_namespace = 'urn:oasis:names:tc:SAML:2.0:assertion'
      xml_tree.xpath(saml_xpath, saml2: saml_namespace).map do |node|
        node.text.split(',').reverse
      end.to_h
    end
end
xml_tree() click to toggle source
# File lib/credsummoner/saml_assertion.rb, line 12
def xml_tree
  @xml_tree ||= Nokogiri::XML(Base64.decode64(response))
end