Class: Samlr::Response

Inherits:

Object

• Object
• Samlr::Response

Extended by:

Forwardable

Defined in:

lib/samlr/response.rb

Overview

This is the object interface to the XML response object.

Instance Attribute Summary

• #document ⇒ Object readonly

  Returns the value of attribute document.

• #options ⇒ Object readonly

  Returns the value of attribute options.

Class Method Summary

• .parse(data) ⇒ Object

  Tries to parse the SAML response.

Instance Method Summary

• #assertion ⇒ Object

  Returns the assertion element.

• #initialize(data, options) ⇒ Response constructor

  A new instance of Response.

• #location ⇒ Object
• #signature ⇒ Object
• #verify! ⇒ Object

  The verification process assumes that all signatures are enveloped.

Constructor Details

#initialize(data, options) ⇒ Response

Returns a new instance of Response.

# File 'lib/samlr/response.rb', line 13

def initialize(data, options)
  @options  = options
  @document = Response.parse(data)
end

Instance Attribute Details

#document ⇒ Object (readonly)

Returns the value of attribute document.

# File 'lib/samlr/response.rb', line 11

def document
  @document
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/samlr/response.rb', line 11

def options
  @options
end

Class Method Details

.parse(data) ⇒ Object

Tries to parse the SAML response. First, it assumes it to be Base64 encoded If this fails, it subsequently attempts to parse the raw input as select IdP’s send that rather than a Base64 encoded value

# File 'lib/samlr/response.rb', line 47

def self.parse(data)
  begin
    document = Nokogiri::XML(Base64.decode64(data)) { |config| config.strict }
  rescue Nokogiri::XML::SyntaxError => e
    begin
      document = Nokogiri::XML(data) { |config| config.strict }
    rescue
      raise Samlr::FormatError.new(e.message)
    end
  end

  begin
    Samlr::Tools.validate!(:document => document)
  rescue Samlr::SamlrError => e
    Samlr.logger.warn("Accepting non schema conforming response: #{e.message}, #{e.details}")
    raise e unless Samlr.validation_mode == :log
  end

  document
end

Instance Method Details

#assertion ⇒ Object

Returns the assertion element. Only supports a single assertion.

# File 'lib/samlr/response.rb', line 40

def assertion
  @assertion ||= Samlr::Assertion.new(document, options)
end

#location ⇒ Object

# File 'lib/samlr/response.rb', line 31

def location
  "/samlp:Response"
end

#signature ⇒ Object

# File 'lib/samlr/response.rb', line 35

def signature
  @signature ||= Samlr::Signature.new(document, location, options)
end

#verify! ⇒ Object

The verification process assumes that all signatures are enveloped. Since this process is destructive the document needs to verify itself first, and then any signed assertions

# File 'lib/samlr/response.rb', line 20

def verify!
  if signature.missing? && assertion.signature.missing?
    raise Samlr::SignatureError.new("Neither response nor assertion signed")
  end

  signature.verify! unless signature.missing?
  assertion.verify!

  true
end