Class: OneLogin::KlRubySaml::Authrequest
- Inherits:
-
SamlMessage
- Object
- SamlMessage
- OneLogin::KlRubySaml::Authrequest
- Defined in:
- lib/onelogin/kl-ruby-saml/authrequest.rb
Overview
SAML2 Authentication. AuthNRequest (SSO SP initiated, Builder)
Constant Summary
Constants inherited from SamlMessage
SamlMessage::ASSERTION, SamlMessage::BASE64_FORMAT, SamlMessage::PROTOCOL
Instance Attribute Summary collapse
-
#uuid ⇒ Object
readonly
AuthNRequest ID.
Instance Method Summary collapse
-
#create(settings, params = {}) ⇒ String
Creates the AuthNRequest string.
-
#create_authentication_xml_doc(settings) ⇒ String
Creates the SAMLRequest String.
-
#create_params(settings, params = {}) ⇒ Hash
Creates the Get parameters for the request.
-
#initialize ⇒ Authrequest
constructor
Initializes the AuthNRequest.
Methods inherited from SamlMessage
#id, schema, #valid_saml?, #validation_error, #version
Constructor Details
#initialize ⇒ Authrequest
Initializes the AuthNRequest. An Authrequest Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.
22 23 24 |
# File 'lib/onelogin/kl-ruby-saml/authrequest.rb', line 22 def initialize @uuid = "_" + UUID.new.generate end |
Instance Attribute Details
#uuid ⇒ Object (readonly)
AuthNRequest ID
17 18 19 |
# File 'lib/onelogin/kl-ruby-saml/authrequest.rb', line 17 def uuid @uuid end |
Instance Method Details
#create(settings, params = {}) ⇒ String
Creates the AuthNRequest string.
31 32 33 34 35 36 37 38 39 40 |
# File 'lib/onelogin/kl-ruby-saml/authrequest.rb', line 31 def create(settings, params = {}) params = create_params(settings, params) params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?' saml_request = CGI.escape(params.delete("SAMLRequest")) request_params = "#{params_prefix}SAMLRequest=#{saml_request}" params.each_pair do |key, value| request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" end @login_url = settings.idp_sso_target_url + request_params end |
#create_authentication_xml_doc(settings) ⇒ String
Creates the SAMLRequest String.
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
# File 'lib/onelogin/kl-ruby-saml/authrequest.rb', line 89 def create_authentication_xml_doc(settings) time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ") request_doc = KlXMLSecurity::Document.new request_doc.uuid = uuid root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" } root.attributes['ID'] = uuid root.attributes['IssueInstant'] = time root.attributes['Version'] = "2.0" root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? root.attributes['IsPassive'] = settings.passive unless settings.passive.nil? root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil? root.attributes["AttributeConsumingServiceIndex"] = settings.attributes_index unless settings.attributes_index.nil? root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil? # Conditionally defined elements based on settings if settings.assertion_consumer_service_url != nil root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url end if settings.issuer != nil issuer = root.add_element "saml:Issuer" issuer.text = settings.issuer end if settings.name_identifier_format != nil root.add_element "samlp:NameIDPolicy", { # Might want to make AllowCreate a setting? "AllowCreate" => "true", "Format" => settings.name_identifier_format } end if settings.authn_context || settings.authn_context_decl_ref if settings.authn_context_comparison != nil comparison = settings.authn_context_comparison else comparison = 'exact' end requested_context = root.add_element "samlp:RequestedAuthnContext", { "Comparison" => comparison, } if settings.authn_context != nil class_ref = requested_context.add_element "saml:AuthnContextClassRef" class_ref.text = settings.authn_context end # add saml:AuthnContextDeclRef element if settings.authn_context_decl_ref != nil class_ref = requested_context.add_element "saml:AuthnContextDeclRef" class_ref.text = settings.authn_context_decl_ref end end # embed signature if settings.security[:authn_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign] private_key = settings.get_sp_key cert = settings.get_sp_cert request_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method]) end request_doc end |
#create_params(settings, params = {}) ⇒ Hash
Creates the Get parameters for the request.
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/onelogin/kl-ruby-saml/authrequest.rb', line 47 def create_params(settings, params={}) # The method expects :RelayState but sometimes we get 'RelayState' instead. # Based on the HashWithIndifferentAccess value in Rails we could experience # conflicts so this line will solve them. relay_state = params[:RelayState] || params['RelayState'] request_doc = create_authentication_xml_doc(settings) request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values request = "" request_doc.write(request) Logging.debug "Created AuthnRequest: #{request}" request = deflate(request) if settings.compress_request base64_request = encode(request) request_params = {"SAMLRequest" => base64_request} if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key params['SigAlg'] = settings.security[:signature_method] url_string = OneLogin::KlRubySaml::Utils.build_query( :type => 'SAMLRequest', :data => base64_request, :relay_state => relay_state, :sig_alg => params['SigAlg'] ) sign_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method]) signature = settings.get_sp_key.sign(sign_algorithm.new, url_string) params['Signature'] = encode(signature) end params.each_pair do |key, value| request_params[key] = value.to_s end request_params end |