Class: OneLogin::RubySaml::Authrequest
- Inherits:
-
SamlMessage
- Object
- SamlMessage
- OneLogin::RubySaml::Authrequest
- Defined in:
- lib/onelogin/ruby-saml/authrequest.rb
Constant Summary
Constants inherited from SamlMessage
SamlMessage::ASSERTION, SamlMessage::PROTOCOL
Instance Attribute Summary collapse
-
#uuid ⇒ Object
readonly
Can be obtained if neccessary.
Instance Method Summary collapse
- #create(settings, params = {}) ⇒ Object
- #create_authentication_xml_doc(settings) ⇒ Object
- #create_params(settings, params = {}) ⇒ Object
-
#initialize ⇒ Authrequest
constructor
A new instance of Authrequest.
Methods inherited from SamlMessage
#valid_saml?, #validation_error
Constructor Details
#initialize ⇒ Authrequest
Returns a new instance of Authrequest.
12 13 14 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 12 def initialize @uuid = "_" + UUID.new.generate end |
Instance Attribute Details
#uuid ⇒ Object (readonly)
Can be obtained if neccessary
10 11 12 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 10 def uuid @uuid end |
Instance Method Details
#create(settings, params = {}) ⇒ Object
16 17 18 19 20 21 22 23 24 25 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 16 def create(settings, params = {}) params = create_params(settings, params) params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?' saml_request = CGI.escape(params.delete("SAMLRequest")) request_params = "#{params_prefix}SAMLRequest=#{saml_request}" params.each_pair do |key, value| request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" end @login_url = settings.idp_sso_target_url + request_params end |
#create_authentication_xml_doc(settings) ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 59 def create_authentication_xml_doc(settings) time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ") request_doc = XMLSecurity::Document.new request_doc.uuid = uuid root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" } root.attributes['ID'] = uuid root.attributes['IssueInstant'] = time root.attributes['Version'] = "2.0" root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? root.attributes['IsPassive'] = settings.passive unless settings.passive.nil? root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil? root.attributes["AttributeConsumingServiceIndex"] = settings.attributes_index unless settings.attributes_index.nil? root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil? # Conditionally defined elements based on settings if settings.assertion_consumer_service_url != nil root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url end if settings.issuer != nil issuer = root.add_element "saml:Issuer" issuer.text = settings.issuer end if settings.name_identifier_format != nil root.add_element "samlp:NameIDPolicy", { # Might want to make AllowCreate a setting? "AllowCreate" => "true", "Format" => settings.name_identifier_format } end if settings.authn_context || settings.authn_context_decl_ref if settings.authn_context_comparison != nil comparison = settings.authn_context_comparison else comparison = 'exact' end requested_context = root.add_element "samlp:RequestedAuthnContext", { "Comparison" => comparison, } if settings.authn_context != nil class_ref = requested_context.add_element "saml:AuthnContextClassRef" class_ref.text = settings.authn_context end # add saml:AuthnContextDeclRef element if settings.authn_context_decl_ref != nil class_ref = requested_context.add_element "saml:AuthnContextDeclRef" class_ref.text = settings.authn_context_decl_ref end end # embebed sign if settings.security[:authn_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign] private_key = settings.get_sp_key() cert = settings.get_sp_cert() request_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method]) end request_doc end |
#create_params(settings, params = {}) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 27 def create_params(settings, params={}) params = {} if params.nil? request_doc = create_authentication_xml_doc(settings) request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values request = "" request_doc.write(request) Logging.debug "Created AuthnRequest: #{request}" request = deflate(request) if settings.compress_request base64_request = encode(request) request_params = {"SAMLRequest" => base64_request} if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key params['SigAlg'] = XMLSecurity::Document::SHA1 url_string = "SAMLRequest=#{CGI.escape(base64_request)}" url_string += "&RelayState=#{CGI.escape(params['RelayState'])}" if params['RelayState'] url_string += "&SigAlg=#{CGI.escape(params['SigAlg'])}" private_key = settings.get_sp_key() signature = private_key.sign(XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method]).new, url_string) params['Signature'] = encode(signature) end params.each_pair do |key, value| request_params[key] = value.to_s end request_params end |