Class: OmniAuth::Strategies::SAML::AuthResponse

Inherits:
Object
  • Object
show all
Defined in:
lib/omniauth/strategies/saml/auth_response.rb

Constant Summary collapse

ASSERTION = 
"urn:oasis:names:tc:SAML:2.0:assertion"
PROTOCOL = 
"urn:oasis:names:tc:SAML:2.0:protocol"
DSIG = 
"http://www.w3.org/2000/09/xmldsig#"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(response, options = {}) ⇒ AuthResponse

Returns a new instance of AuthResponse.

Raises:

  • (ArgumentError) 


14
15
16
17
18
19
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 14

def initialize(response, options = {})
  raise ArgumentError.new("Response cannot be nil") if response.nil?
  self.options  = options
  self.response = response
  self.document = OmniAuth::Strategies::SAML::XMLSecurity::SignedDocument.new(Base64.decode64(response))
end

Instance Attribute Details

#documentObject

Returns the value of attribute document.



12
13
14
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 12

def document
  @document
end

#optionsObject

Returns the value of attribute options.



12
13
14
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 12

def options
  @options
end

#responseObject

Returns the value of attribute response.



12
13
14
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 12

def response
  @response
end

#settingsObject

Returns the value of attribute settings.



12
13
14
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 12

def settings
  @settings
end

Instance Method Details

#attributesObject

A hash of alle the attributes with the response. Assuming there is only one value for each key



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 39

def attributes
  @attr_statements ||= begin
    result = {}

    stmt_element = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AttributeStatement", { "p" => PROTOCOL, "a" => ASSERTION })
    return {} if stmt_element.nil?

    stmt_element.elements.each do |attr_element|
      name  = attr_element.attributes["Name"]
      value = attr_element.elements.first.text

      result[name] = value
    end

    result.keys.each do |key|
      result[key.intern] = result[key]
    end

    result
  end
end

#conditionsObject

Conditions (if any) for the assertion to run



70
71
72
73
74
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 70

def conditions
  @conditions ||= begin
    REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
  end
end

#is_valid?Boolean

Returns:

  • (Boolean) 


21
22
23
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 21

def is_valid?
  validate(soft = true)
end

#name_idObject

The value of the user identifier as designated by the initialization request response



30
31
32
33
34
35
36
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 30

def name_id
  @name_id ||= begin
    node = REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
    node ||=  REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Assertion/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
    node.nil? ? nil : node.text
  end
end

#session_expires_atObject

When this user session should expire at latest



62
63
64
65
66
67
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 62

def session_expires_at
  @expires_at ||= begin
    node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
    parse_time(node, "SessionNotOnOrAfter")
  end
end

#validate!Object 



25
26
27
 
# File 'lib/omniauth/strategies/saml/auth_response.rb', line 25

def validate!
  validate(soft = false)
end