class OmniAuth::Strategies::MPASSid

Public Class Methods

new(app, *args, &block) click to toggle source
Calls superclass method
# File lib/omniauth/strategies/mpassid.rb, line 248
def initialize(app, *args, &block)
  super

  # Add the MPASSid options to the local options, most of which are
  # fetched from the metadata. The options array is the one that gets
  # priority in case it overrides some of the metadata or locally defined
  # option values.
  @options = OmniAuth::Strategy::Options.new(
    mpassid_options.merge(options)
  )
end

Public Instance Methods

callback_url() click to toggle source

Override the callback URL so that it always matches the one expected by MPASSid. No additional query string parameters can be included in the string.

# File lib/omniauth/strategies/mpassid.rb, line 292
def callback_url
  full_host + script_name + callback_path
end
request_phase() click to toggle source

Override the request phase to be able to pass the lang parameter to the redirect URL. Note that this needs to be the last parameter to be passed to the redirect URL.

# File lib/omniauth/strategies/mpassid.rb, line 263
def request_phase
  authn_request = OneLogin::RubySaml::Authrequest.new
  lang = lang_for_authn_request

  with_settings do |settings|
    url = authn_request.create(settings, additional_params_for_authn_request)
    url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
    redirect(url)
  end
end
response_object() click to toggle source

This method can be used externally to fetch information about the response, e.g. in case of failures.

# File lib/omniauth/strategies/mpassid.rb, line 276
def response_object
  return nil unless request.params['SAMLResponse']

  with_settings do |settings|
    response = OneLogin::RubySaml::Response.new(
      request.params['SAMLResponse'],
      options_for_response_object.merge(settings: settings)
    )
    response.attributes['fingerprint'] = settings.idp_cert_fingerprint
    response
  end
end

Private Instance Methods

idp_metadata_url() click to toggle source
# File lib/omniauth/strategies/mpassid.rb, line 298
def idp_metadata_url
  case options.mode
  when :test
    'https://mpass-proxy-test.csc.fi/idp/shibboleth'
  else
    'https://mpass-proxy.csc.fi/idp/shibboleth'
  end
end
lang_for_authn_request() click to toggle source
# File lib/omniauth/strategies/mpassid.rb, line 348
def lang_for_authn_request
  if options.idp_sso_service_url_lang_params.is_a?(Array)
    options.idp_sso_service_url_lang_params.each do |param|
      next unless request.params.key?(param.to_s)

      lang = parse_language_value(request.params[param.to_s])
      return lang unless lang.nil?
    end
  end

  options.idp_sso_service_url_default_lang
end
mpassid_options() click to toggle source
# File lib/omniauth/strategies/mpassid.rb, line 307
def mpassid_options
  idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new

  # Returns OneLogin::RubySaml::Settings prepopulated with idp metadata
  # We are using the redirect binding for the SSO and SLO URLs as these
  # are the ones expected by omniauth-saml. Otherwise the default would be
  # the first one defined in the IdP metadata, which would be the
  # HTTP-POST binding.
  settings = idp_metadata_parser.parse_remote_to_hash(
    idp_metadata_url,
    true,
    sso_binding: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
  )

  # Define the security settings as there are some defaults that need to be
  # modified
  security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security]
  settings[:security] = security_defaults.merge(options.security_settings)

  settings
end
parse_language_value(string) click to toggle source
# File lib/omniauth/strategies/mpassid.rb, line 361
def parse_language_value(string)
  language = string.sub('_', '-').split('-').first

  language if language =~ /^(fi|sv)$/
end
saml_attributes() click to toggle source
# File lib/omniauth/strategies/mpassid.rb, line 329
def saml_attributes
  {}.tap do |attrs|
    options.saml_attributes_map.each do |target, definition|
      unless definition.is_a?(Hash)
        definition = {
          name: definition,
          type: :single
        }
      end

      value = definition[:name].map do |key|
        @attributes.public_send(definition[:type], key)
      end.reject(&:nil?).first

      attrs[target] = value
    end
  end
end