Class: OneLogin::RubySaml::Logoutrequest

Inherits:

SamlMessage

• Object
• SamlMessage
• OneLogin::RubySaml::Logoutrequest

Defined in:

lib/onelogin/ruby-saml/logoutrequest.rb

Overview

SAML2 Logout Request (SLO SP initiated, Builder)

Constant Summary

Constants inherited from SamlMessage

SamlMessage::ASSERTION, SamlMessage::BASE64_FORMAT, SamlMessage::PROTOCOL

Instance Attribute Summary

• #uuid ⇒ Object

  Logout Request ID.

Instance Method Summary

• #create(settings, params = {}) ⇒ String

  Creates the Logout Request string.

• #create_logout_request_xml_doc(settings) ⇒ String

  Creates the SAMLRequest String.

• #create_params(settings, params = {}) ⇒ Hash

  Creates the Get parameters for the logout request.

• #create_xml_document(settings) ⇒ Object
• #initialize ⇒ Logoutrequest constructor

  Initializes the Logout Request.

• #request_id ⇒ Object
• #sign_document(document, settings) ⇒ Object

Methods inherited from SamlMessage

#id, schema, #valid_saml?, #version

Constructor Details

#initialize ⇒ Logoutrequest

Initializes the Logout Request. A Logoutrequest Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 20

def initialize
  @uuid = OneLogin::RubySaml::Utils.uuid
end

Instance Attribute Details

#uuid ⇒ Object

Logout Request ID

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 15

def uuid
  @uuid
end

Instance Method Details

#create(settings, params = {}) ⇒ String

Creates the Logout Request string.

Parameters:

• settings (OneLogin::RubySaml::Settings|nil) —

  Toolkit settings

• params (Hash) (defaults to: {}) —

  Some extra parameters to be added in the GET for example the RelayState

Returns:

• (String) —

  Logout Request string that includes the SAMLRequest

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 33

def create(settings, params={})
  params = create_params(settings, params)
  params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
  saml_request = CGI.escape(params.delete("SAMLRequest"))
  request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
  params.each_pair do |key, value|
    request_params << "&#{key}=#{CGI.escape(value.to_s)}"
  end
  raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
  @logout_url = settings.idp_slo_service_url + request_params
end

#create_logout_request_xml_doc(settings) ⇒ String

Creates the SAMLRequest String.

Parameters:

• settings (OneLogin::RubySaml::Settings|nil) —

  Toolkit settings

Returns:

• (String) —

  The SAMLRequest String.

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 98

def create_logout_request_xml_doc(settings)
  document = create_xml_document(settings)
  sign_document(document, settings)
end

#create_params(settings, params = {}) ⇒ Hash

Creates the Get parameters for the logout request.

Parameters:

• settings (OneLogin::RubySaml::Settings|nil) —

  Toolkit settings

• params (Hash) (defaults to: {}) —

  Some extra parameters to be added in the GET for example the RelayState

Returns:

• (Hash) —

  Parameters

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 50

def create_params(settings, params={})
  # The method expects :RelayState but sometimes we get 'RelayState' instead.
  # Based on the HashWithIndifferentAccess value in Rails we could experience
  # conflicts so this line will solve them.
  relay_state = params[:RelayState] || params['RelayState']

  if relay_state.nil?
    params.delete(:RelayState)
    params.delete('RelayState')
  end

  request_doc = create_logout_request_xml_doc(settings)
  request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values

  request = ""
  request_doc.write(request)

  Logging.debug "Created SLO Logout Request: #{request}"

  request = deflate(request) if settings.compress_request
  base64_request = encode(request)
  request_params = {"SAMLRequest" => base64_request}
  sp_signing_key = settings.get_sp_signing_key

  if settings.idp_slo_service_binding == Utils::BINDINGS[:redirect] && settings.security[:logout_requests_signed] && sp_signing_key
    params['SigAlg'] = settings.security[:signature_method]
    url_string = OneLogin::RubySaml::Utils.build_query(
      :type => 'SAMLRequest',
      :data => base64_request,
      :relay_state => relay_state,
      :sig_alg => params['SigAlg']
    )
    sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
    signature = settings.get_sp_signing_key.sign(sign_algorithm.new, url_string)
    params['Signature'] = encode(signature)
  end

  params.each_pair do |key, value|
    request_params[key] = value.to_s
  end

  request_params
end

#create_xml_document(settings) ⇒ Object

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 103

def create_xml_document(settings)
  time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")

  request_doc = XMLSecurity::Document.new
  request_doc.uuid = uuid

  root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
  root.attributes['ID'] = uuid
  root.attributes['IssueInstant'] = time
  root.attributes['Version'] = "2.0"
  root.attributes['Destination'] = settings.idp_slo_service_url  unless settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?

  if settings.sp_entity_id
    issuer = root.add_element "saml:Issuer"
    issuer.text = settings.sp_entity_id
  end

  nameid = root.add_element "saml:NameID"
  if settings.name_identifier_value
    nameid.attributes['NameQualifier'] = settings.idp_name_qualifier if settings.idp_name_qualifier
    nameid.attributes['SPNameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
    nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
    nameid.text = settings.name_identifier_value
  else
    # If no NameID is present in the settings we generate one
    nameid.text = OneLogin::RubySaml::Utils.uuid
    nameid.attributes['Format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
  end

  if settings.sessionindex
    sessionindex = root.add_element "samlp:SessionIndex"
    sessionindex.text = settings.sessionindex
  end

  request_doc
end

#request_id ⇒ Object

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 24

def request_id
  @uuid
end

#sign_document(document, settings) ⇒ Object

# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 140

def sign_document(document, settings)
  # embed signature
  cert, private_key = settings.get_sp_signing_pair
  if settings.idp_slo_service_binding == Utils::BINDINGS[:post] && settings.security[:logout_requests_signed] && private_key && cert
    document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
  end

  document
end