class Samlsso::IdpMetadataParser

Constants

DSIG
METADATA

Attributes

document[R]

Public Instance Methods

parse(idp_metadata) click to toggle source
# File lib/samlsso/idp_metadata_parser.rb, line 23
def parse(idp_metadata)
  @document = REXML::Document.new(idp_metadata)

  Samlsso::Settings.new.tap do |settings|

    settings.idp_sso_target_url = single_signon_service_url
    settings.idp_slo_target_url = single_logout_service_url
    settings.idp_cert_fingerprint = fingerprint
  end
end
parse_remote(url, validate_cert = true) click to toggle source
# File lib/samlsso/idp_metadata_parser.rb, line 18
def parse_remote(url, validate_cert = true)
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse(idp_metadata)
end

Private Instance Methods

certificate() click to toggle source
# File lib/samlsso/idp_metadata_parser.rb, line 69
def certificate
  @certificate ||= begin
    node = REXML::XPath.first(document, "/md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate", { "md" => METADATA, "ds" => DSIG })
    Base64.decode64(node.text) if node
  end
end
fingerprint() click to toggle source
# File lib/samlsso/idp_metadata_parser.rb, line 76
def fingerprint
  @fingerprint ||= begin
    if certificate
      cert = OpenSSL::X509::Certificate.new(certificate)
      Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(":")
    end
  end
end
get_idp_metadata(url, validate_cert) click to toggle source

Retrieve the remote IdP metadata from the URL or a cached copy # returns a REXML document of the metadata

# File lib/samlsso/idp_metadata_parser.rb, line 38
def get_idp_metadata(url, validate_cert)
  uri = URI.parse(url)
  if uri.scheme == "http"
    response = Net::HTTP.get_response(uri)
    meta_text = response.body
  elsif uri.scheme == "https"
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    # Most IdPs will probably use self signed certs
    if validate_cert
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
    else
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    end
    get = Net::HTTP::Get.new(uri.request_uri)
    response = http.request(get)
    meta_text = response.body
  end
  meta_text
end
single_logout_service_url() click to toggle source
# File lib/samlsso/idp_metadata_parser.rb, line 64
def single_logout_service_url
  node = REXML::XPath.first(document, "/md:EntityDescriptor/md:IDPSSODescriptor/md:SingleLogoutService/@Location", { "md" => METADATA })
  node.value if node
end
single_signon_service_url() click to toggle source
# File lib/samlsso/idp_metadata_parser.rb, line 59
def single_signon_service_url
  node = REXML::XPath.first(document, "/md:EntityDescriptor/md:IDPSSODescriptor/md:SingleSignOnService/@Location", { "md" => METADATA })
  node.value if node
end