Module: Saml::Provider

Extended by:

ActiveSupport::Concern

Included in:

BasicProvider, NullProvider

Defined in:

lib/saml/provider.rb

Instance Method Summary

• #artifact_resolution_service_url(index = nil, type = :descriptor) ⇒ Object
• #assertion_consumer_service(index = nil) ⇒ Object
• #assertion_consumer_service_indices ⇒ Object
• #assertion_consumer_service_url(index = nil) ⇒ Object
• #attribute_consuming_service(index = nil) ⇒ Object
• #attribute_service_url(binding) ⇒ Object
• #authn_requests_signed? ⇒ Boolean
• #certificate(key_name = nil, use = "signing", type = :descriptor) ⇒ Object
• #encryption_key ⇒ Object
• #entity_descriptor ⇒ Object
• #entity_id ⇒ Object
• #find_key_descriptor(key_name = nil, use = "signing", type = :descriptor) ⇒ Object
• #private_key ⇒ Object
• #sign(signature_algorithm, data) ⇒ Object
• #signing_key ⇒ Object
• #single_logout_service_url(binding, type = :descriptor) ⇒ Object
• #single_sign_on_service_url(binding) ⇒ Object
• #type ⇒ Object
• #verify(signature_algorithm, signature, data, key_name = nil) ⇒ Object

Instance Method Details

#artifact_resolution_service_url(index = nil, type = :descriptor) ⇒ Object

Parameters:

• type (Symbol) (defaults to: :descriptor) —

  (see #descriptor)

# File 'lib/saml/provider.rb', line 10

def artifact_resolution_service_url(index = nil, type = :descriptor)
  find_indexed_service_url(descriptor(type).artifact_resolution_services, index)
end

#assertion_consumer_service(index = nil) ⇒ Object

# File 'lib/saml/provider.rb', line 18

def assertion_consumer_service(index = nil)
  find_indexed_service(sp_descriptor.assertion_consumer_services, index)
end

#assertion_consumer_service_indices ⇒ Object

# File 'lib/saml/provider.rb', line 22

def assertion_consumer_service_indices
  if sp_descriptor.assertion_consumer_services.present?
    sp_descriptor.assertion_consumer_services.map(&:index)
  else
    []
  end
end

#assertion_consumer_service_url(index = nil) ⇒ Object

# File 'lib/saml/provider.rb', line 5

def assertion_consumer_service_url(index = nil)
  find_indexed_service_url(sp_descriptor.assertion_consumer_services, index)
end

#attribute_consuming_service(index = nil) ⇒ Object

# File 'lib/saml/provider.rb', line 14

def attribute_consuming_service(index = nil)
  find_indexed_service(sp_descriptor.attribute_consuming_services, index)
end

#attribute_service_url(binding) ⇒ Object

# File 'lib/saml/provider.rb', line 75

def attribute_service_url(binding)
  find_binding_service(aa_descriptor.attribute_service, binding)
end

#authn_requests_signed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/provider.rb', line 100

def authn_requests_signed?
  sp_descriptor(false).try(:authn_requests_signed)
end

#certificate(key_name = nil, use = "signing", type = :descriptor) ⇒ Object

Parameters:

• type (Symbol) (defaults to: :descriptor) —

  (see #descriptor)

# File 'lib/saml/provider.rb', line 39

def certificate(key_name = nil, use = "signing", type = :descriptor)
  key_descriptor = find_key_descriptor(key_name, use, type)
  key_descriptor.certificate if key_descriptor
end

#encryption_key ⇒ Object

# File 'lib/saml/provider.rb', line 58

def encryption_key
  @encryption_key
end

#entity_descriptor ⇒ Object

# File 'lib/saml/provider.rb', line 30

def entity_descriptor
  @entity_descriptor
end

#entity_id ⇒ Object

# File 'lib/saml/provider.rb', line 34

def entity_id
  entity_descriptor.entity_id
end

#find_key_descriptor(key_name = nil, use = "signing", type = :descriptor) ⇒ Object

Parameters:

• type (Symbol) (defaults to: :descriptor) —

  (see #descriptor)

# File 'lib/saml/provider.rb', line 45

def find_key_descriptor(key_name = nil, use = "signing", type = :descriptor)
  descriptor(type).find_key_descriptor(key_name, use)
end

#private_key ⇒ Object

# File 'lib/saml/provider.rb', line 49

def private_key
  warn '[DEPRECATED] `private_key` please use signing_key or encryption_key'
  encryption_key
end

#sign(signature_algorithm, data) ⇒ Object

# File 'lib/saml/provider.rb', line 62

def sign(signature_algorithm, data)
  signing_key.sign(digest_method(signature_algorithm).new, data)
end

#signing_key ⇒ Object

# File 'lib/saml/provider.rb', line 54

def signing_key
  @signing_key || encryption_key
end

#single_logout_service_url(binding, type = :descriptor) ⇒ Object

Parameters:

• type (Symbol) (defaults to: :descriptor) —

  (see #descriptor)

# File 'lib/saml/provider.rb', line 71

def single_logout_service_url(binding, type = :descriptor)
  find_binding_service(descriptor(type).single_logout_services, binding)
end

#single_sign_on_service_url(binding) ⇒ Object

# File 'lib/saml/provider.rb', line 66

def single_sign_on_service_url(binding)
  find_binding_service(idp_descriptor.single_sign_on_services, binding)
end

#type ⇒ Object

# File 'lib/saml/provider.rb', line 79

def type
  if idp_descriptor(false)
    if sp_descriptor(false)
      "identity_and_service_provider"
    else
      "identity_provider"
    end
  else
    "service_provider"
  end
end

#verify(signature_algorithm, signature, data, key_name = nil) ⇒ Object

# File 'lib/saml/provider.rb', line 91

def verify(signature_algorithm, signature, data, key_name = nil)
  valid = certificate(key_name).public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue nil

  # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
  OpenSSL.errors if !valid

  valid
end