Class: RSAML::Statement::AuthenticationStatement

Inherits:
Base
  • Object
show all
Defined in:
lib/rsaml/statement/authentication_statement.rb

Overview

The assertion subject was authenticated by a particular means at a particular time.

Instance Attribute Summary collapse

Attributes inherited from Base

#type

Instance Method Summary collapse

Constructor Details

#initialize(authn_context) ⇒ AuthenticationStatement

Initialize the statement



28
29
30
31
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 28

def initialize(authn_context)
  @authn_context = authn_context
  @authn_instant = Time.now.utc
end

Instance Attribute Details

#authn_contextObject

The authentication context.



25
26
27
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 25

def authn_context
  @authn_context
end

#authn_instantObject

Specifies the time at which the authentication took place. The time value is encoded in UTC



6
7
8
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 6

def authn_instant
  @authn_instant
end

#session_indexObject

Specifies the index of a particular session between the principal identified by the subject and the authenticating authority. In general, any string value MAY be used as a SessionIndex value. However, when privacy is a consideration, care must be taken to ensure that the SessionIndex value does not invalidate other privacy mechanisms. Accordingly, the value SHOULD NOT be usable to correlate activity by a principal across different session participants.



13
14
15
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 13

def session_index
  @session_index
end

#session_not_on_or_afterObject

Specifies a time instant at which the session between the principal identified by the subject and the SAML authority issuing this statement MUST be considered ended. The time value is encoded in UTCSpecifies



18
19
20
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 18

def session_not_on_or_after
  @session_not_on_or_after
end

#subject_localityObject

Specifies the DNS domain name and IP address for the system from which the assertion subject was apparently authenticated.



22
23
24
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 22

def subject_locality
  @subject_locality
end

Instance Method Details

#to_xml(xml = Builder::XmlMarkup.new) ⇒ Object

Construct an XML fragment representing the authentication statement



45
46
47
48
49
50
51
52
53
54
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 45

def to_xml(xml=Builder::XmlMarkup.new)
  validate
  attributes = {'AuthnInstant' => authn_instant.xmlschema}
  attributes['SessionIndex'] = session_index unless session_index.nil?
  attributes['SessionNotOnOrAfter'] = session_not_on_or_after.xmlschema unless session_not_on_or_after.nil?
  xml.tag!('saml:AuthnStatement', attributes) {
    xml << authn_context.to_xml
    xml << subject_locality.to_xml unless subject_locality.nil?
  }
end

#validateObject

Validate the structure of the authentication statement. Raise a ValidationError if the statement is invalid.

Raises:



35
36
37
38
39
40
41
42
 
# File 'lib/rsaml/statement/authentication_statement.rb', line 35

def validate
  if session_not_on_or_after && !session_not_on_or_after.utc?
    raise ValidationError, "Session not on or after must be UTC"
  end
  raise ValidationError, "Authn context required" unless authn_context
  raise ValidationError, "Authn instant required" unless authn_instant
  raise ValidationError, "Authn instant must be UTC" unless authn_instant.utc?
end