27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# File 'lib/saml/bindings/http_post.rb', line 27
def receive_message(request, type)
receive_xml = request.params["SAMLRequest"] || request.params["SAMLResponse"]
if receive_xml.nil?
raise Saml::Errors::InvalidParams, 'require params `SAMLRequest` or `SAMLResponse`'
end
message = Saml::Encoding.decode_64(receive_xml)
notify('receive_message', message)
request_or_response = Saml.parse_message(message, type)
skip_signature_verification = (
request_or_response.is_a?(Saml::AuthnRequest) &&
!request_or_response.provider.authn_requests_signed?
)
verified_request_or_response = if skip_signature_verification
request_or_response
else
Saml::Util.verify_xml(request_or_response, message)
end
verified_request_or_response.actual_destination = request.url
verified_request_or_response
end
|