Class: RSAML::SubjectConfirmationData

Inherits:
Object
  • Object
show all
Defined in:
lib/rsaml/subject_confirmation_data.rb

Overview

specifies additional data that allows the subject to be confirmed or constrains the circumstances under which the act of subject confirmation can take place. Subject confirmation takes place when a relying party seeks to verify the relationship between an entity presenting the assertion (that is, the attesting entity) and the subject of the assertion’s claims.

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#addressObject

The network address/location from which an attesting entity can present the assertion. For example, this attribute might be used to bind the assertion to particular client addresses to prevent an attacker from easily stealing and presenting the assertion from another location.



26
27
28
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 26

def address
  @address
end

#in_response_toObject

The ID of a SAML protocol message in response to which an attesting entity can present the assertion. For example, this attribute might be used to correlate the assertion to a SAML request that resulted in its presentation.



21
22
23
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 21

def in_response_to
  @in_response_to
end

#not_beforeObject

A time instant before which the subject cannot be confirmed. The time value is encoded in UTC.



8
9
10
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 8

def not_before
  @not_before
end

#not_on_or_afterObject

A time instant at which the subject can no longer be confirmed. The time value is encoded in UTC.



11
12
13
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 11

def not_on_or_after
  @not_on_or_after
end

#recipientObject

A URI specifying the entity or location to which an attesting entity can present the assertion. For example, this attribute might indicate that the assertion must be delivered to a particular network endpoint in order to prevent an intermediary from redirecting it someplace else.



16
17
18
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 16

def recipient
  @recipient
end

Instance Method Details

#attributesObject

Point for extension attributes



29
30
31
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 29

def attributes
  @attributes = []
end

#confirmObject

Confirm the subject confirmation data

Raises:



39
40
41
42
43
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 39

def confirm
  raise ConfirmationError, "Subject confirmation failed: not before" if not_before && Time.now < not_before
  raise ConfirmationError, "Subject confirmation failed: not on or after" if not_on_or_after && Time.now >= not_on_or_after
  # TODO implement tests for remaining elements such as recipient, in_response_to and address
end

#elementsObject

Point for extension elements



34
35
36
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 34

def elements
  @elements = []
end

#to_xml(xml = Builder::XmlMarkup.new) ⇒ Object 



45
46
47
48
49
50
51
52
53
 
# File 'lib/rsaml/subject_confirmation_data.rb', line 45

def to_xml(xml=Builder::XmlMarkup.new)
 attributes = {}
 attributes['Recipient'] = recipient unless recipient.nil?
 attributes['NotOnOrAfter'] = not_on_or_after.xmlschema unless not_on_or_after.nil?
 attributes['NotBefore'] = not_before.xmlschema unless not_before.nil?
 attributes['InResponseTo'] = in_response_to unless in_response_to.nil?
 attributes[ 'Address'] = address unless address.nil?
 xml.tag!('saml:SubjectConfirmationData', attributes)
end