Class: RSAML::Assertion

Inherits:

Object

• Object
• RSAML::Assertion

Includes:

Validatable

Defined in:

lib/rsaml/assertion.rb

Overview

An assertion is a package of information that supplies zero or more statements made by a SAML authority.

Instance Attribute Summary

• #conditions ⇒ Object

  Conditions collection.

• #id ⇒ Object

  The identifier for this assertion.

• #issue_instant ⇒ Object

  The time instant of issue in UTC.

• #issuer ⇒ Object

  The SAML authority that is making the claim(s) in the assertion.

• #signature ⇒ Object

  A signature that protects the integrity of and authenticates the issuer of the assertion.

• #subject ⇒ Object

  The subject of the statement(s) in the assertion.

• #version ⇒ Object

  The version of this assertion.

Attributes included from Validatable

#verbose

Class Method Summary

• .from_xml(element) ⇒ Object

  Construct an Action instance from the given XML Element or fragment.

Instance Method Summary

• #advice ⇒ Object

  Additional information related to the assertion that assists processing in certain situations but which MAY be ignored by applications that do not understand the advice or do not wish to make use of it.

• #assert ⇒ Object

  Assert the assertion.

• #initialize(issuer) ⇒ Assertion constructor

  Construct a new assertion from the given issuer.

• #statements ⇒ Object

  Assertion statements.

• #to_xml(xml = Builder::XmlMarkup.new) ⇒ Object

  Construct an XML fragment representing the assertion.

• #validate ⇒ Object

  Validate the assertion.

Methods included from Validatable

#valid?

Constructor Details

#initialize(issuer) ⇒ Assertion

Construct a new assertion from the given issuer

# File 'lib/rsaml/assertion.rb', line 103

def initialize(issuer)
  @issuer = issuer
  @version = "2.0"
  @id = UUID.new.generate
  @issue_instant = Time.now.utc
end

Instance Attribute Details

#conditions ⇒ Object

Conditions collection

# File 'lib/rsaml/assertion.rb', line 100

def conditions
  @conditions
end

#id ⇒ Object

The identifier for this assertion.

# File 'lib/rsaml/assertion.rb', line 83

def id
  @id
end

#issue_instant ⇒ Object

The time instant of issue in UTC

# File 'lib/rsaml/assertion.rb', line 86

def issue_instant
  @issue_instant
end

#issuer ⇒ Object

The SAML authority that is making the claim(s) in the assertion. The issuer SHOULD be unambiguous to the intended relying parties.

# File 'lib/rsaml/assertion.rb', line 90

def issuer
  @issuer
end

#signature ⇒ Object

A signature that protects the integrity of and authenticates the issuer of the assertion.

# File 'lib/rsaml/assertion.rb', line 93

def signature
  @signature
end

#subject ⇒ Object

The subject of the statement(s) in the assertion.

# File 'lib/rsaml/assertion.rb', line 77

def subject
  @subject
end

#version ⇒ Object

The version of this assertion.

# File 'lib/rsaml/assertion.rb', line 80

def version
  @version
end

Class Method Details

.from_xml(element) ⇒ Object

Construct an Action instance from the given XML Element or fragment.

# File 'lib/rsaml/assertion.rb', line 173

def self.from_xml(element)
  element = REXML::Document.new(element).root if element.is_a?(String)
  issuer = Identifier::Issuer.from_xml(element.get_elements('saml:Issuer').first)
  assertion = Assertion.new(issuer)
  if (subject = element.get_elements('saml:Subject').first)
    assertion.subject = Subject.from_xml(subject)
  end
  assertion
end

Instance Method Details

#advice ⇒ Object

Additional information related to the assertion that assists processing in certain situations but which MAY be ignored by applications that do not understand the advice or do not wish to make use of it.

# File 'lib/rsaml/assertion.rb', line 122

def advice
  @advice ||= []
end

#assert ⇒ Object

Assert the assertion.

# File 'lib/rsaml/assertion.rb', line 127

def assert
  # rule: if there is a signature it must be asserted
  signature.assert if signature
  
  # rule: if there are conditions then they must be asserted
  if conditions
    # rule: an assertion cache should be kept if conditions allow it
    assertion_cache << self unless conditions.cache?
    conditions.assert
  end
end

#statements ⇒ Object

Assertion statements

# File 'lib/rsaml/assertion.rb', line 116

def statements
  @statements ||= []
end

#to_xml(xml = Builder::XmlMarkup.new) ⇒ Object

Construct an XML fragment representing the assertion

# File 'lib/rsaml/assertion.rb', line 160

def to_xml(xml=Builder::XmlMarkup.new)
  attributes = {'Version' => version, 'ID' => id, 'IssueInstant' => issue_instant.xmlschema}
  xml.tag!('saml:Assertion', attributes) {
    xml << issuer.to_xml
    xml << signature.to_xml unless signature.nil?
    xml << subject.to_xml unless subject.nil?
    xml << conditions.to_xml unless conditions.nil? || conditions.empty?
    advice.each { |a| xml << a.to_xml }
    statements.each { |s| xml << s.to_xml }
  }
end

#validate ⇒ Object

Validate the assertion. This validates the structural integrity of the assertion, not the validity of the assertion itself. To “assert” the assertion use the assert method.

# File 'lib/rsaml/assertion.rb', line 141

def validate
  # rule: if there are no statements there must be a subject
  if statements.length == 0 && subject.nil?
    raise ValidationError, "An assertion with no statements must have a subject"
  end
  
  # rule: if there is an authentication then there must be a subject
  statements.each do |statement|           
    if statement_classes.include?(statement.class)
      if subject.nil?
        raise ValidationError, "An assertion with an #{statement.class.name} must have a subject"
      else
        break
      end
    end
  end
end