Class: OneLogin::RubySaml::SloLogoutrequest

Inherits:
SamlMessage
  • Object
show all
Includes:
ErrorHandling
Defined in:
lib/onelogin/ruby-saml/slo_logoutrequest.rb

Overview

SAML2 Logout Request (SLO IdP initiated, Parser)

Constant Summary

Constants inherited from SamlMessage

OneLogin::RubySaml::SamlMessage::ASSERTION, OneLogin::RubySaml::SamlMessage::BASE64_FORMAT, OneLogin::RubySaml::SamlMessage::PROTOCOL

Instance Attribute Summary collapse

Attributes included from ErrorHandling

#errors

Instance Method Summary collapse

Methods included from ErrorHandling

#append_error, #reset_errors!

Methods inherited from SamlMessage

schema, #valid_saml?, #version

Constructor Details

#initialize(request, options = {}) ⇒ SloLogoutrequest

Constructs the Logout Request. A Logout Request Object that is an extension of the SamlMessage class.

Parameters:

  • request (String)

    A UUEncoded Logout Request from the IdP.

  • options (Hash) (defaults to: {})

    :settings to provide the OneLogin::RubySaml::Settings object Or :allowed_clock_drift for the logout request validation process to allow a clock drift when checking dates with Or :relax_signature_validation to accept signatures if no idp certificate registered on settings

Raises:

  • (ArgumentError)

    If Request is nil



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 33

def initialize(request, options = {})
  raise ArgumentError.new("Request cannot be nil") if request.nil?

  @errors = []
  @options = options
  @soft = true
  unless options[:settings].nil?
    @settings = options[:settings]
    unless @settings.soft.nil?
      @soft = @settings.soft
    end
  end

  @request = decode_raw_saml(request, settings)
  @document = REXML::Document.new(@request)
end

Instance Attribute Details

#documentObject (readonly)

Returns the value of attribute document.



19
20
21
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 19

def document
  @document
end

#optionsObject (readonly)

Returns the value of attribute options.



21
22
23
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 21

def options
  @options
end

#requestObject (readonly)

Returns the value of attribute request.



20
21
22
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 20

def request
  @request
end

#settingsObject

OneLogin::RubySaml::Settings Toolkit settings



17
18
19
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 17

def settings
  @settings
end

#softObject

Returns the value of attribute soft.



23
24
25
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 23

def soft
  @soft
end

Instance Method Details

#decrypt_nameid(encrypted_id_node) ⇒ REXML::Document

Decrypts an EncryptedID element

Parameters:

  • encrypted_id_node (REXML::Element)

    The EncryptedID element

Returns:

  • (REXML::Document)

    The decrypted EncrypedtID element



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 97

def decrypt_nameid(encrypted_id_node)

  if settings.nil? || settings.get_sp_decryption_keys.empty?
    raise ValidationError.new('An ' + encrypted_id_node.name + ' found and no SP private key found on the settings to decrypt it')
  end

  elem_plaintext = OneLogin::RubySaml::Utils.decrypt_multi(encrypted_id_node, settings.get_sp_decryption_keys)
  # If we get some problematic noise in the plaintext after decrypting.
  # This quick regexp parse will grab only the Element and discard the noise.
  elem_plaintext = elem_plaintext.match(/(.*<\/(\w+:)?NameID>)/m)[0]

  # To avoid namespace errors if saml namespace is not defined
  # create a parent node first with the namespace defined
  node_header = '<node xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">'
  elem_plaintext = node_header + elem_plaintext + '</node>'
  doc = REXML::Document.new(elem_plaintext)
  doc.root[0]
end

#idString|nil

Returns Gets the ID attribute from the Logout Request. if exists.

Returns:

  • (String|nil)

    Gets the ID attribute from the Logout Request. if exists.



118
119
120
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 118

def id
  super(document)
end

#is_valid?(collect_errors = false) ⇒ Boolean

Validates the Logout Request with the default values (soft = true)

Parameters:

  • collect_errors (Boolean) (defaults to: false)

    Stop validation when first error appears or keep validating.

Returns:

  • (Boolean)

    TRUE if the Logout Request is valid



58
59
60
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 58

def is_valid?(collect_errors = false)
  validate(collect_errors)
end

#issuerString

Returns Gets the Issuer from the Logout Request.

Returns:

  • (String)

    Gets the Issuer from the Logout Request.



124
125
126
127
128
129
130
131
132
133
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 124

def issuer
  @issuer ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutRequest/a:Issuer",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    Utils.element_text(node)
  end
end

#name_idString Also known as: nameid

Returns Gets the NameID of the Logout Request.

Returns:

  • (String)

    Gets the NameID of the Logout Request.



64
65
66
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 64

def name_id
  @name_id ||= Utils.element_text(name_id_node)
end

#name_id_formatString Also known as: nameid_format

Returns Gets the NameID Format of the Logout Request.

Returns:

  • (String)

    Gets the NameID Format of the Logout Request.



72
73
74
75
76
77
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 72

def name_id_format
  @name_id_format ||=
    if name_id_node && name_id_node.attribute("Format")
      name_id_node.attribute("Format").value
    end
end

#name_id_nodeObject 



81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 81

def name_id_node
  @name_id_node ||=
    begin
      encrypted_node = REXML::XPath.first(document, "/p:LogoutRequest/a:EncryptedID", { "p" => PROTOCOL, "a" => ASSERTION })
      if encrypted_node
        node = decrypt_nameid(encrypted_node)
      else
        node = REXML::XPath.first(document, "/p:LogoutRequest/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
      end
    end
end

#not_on_or_afterTime|nil

Returns Gets the NotOnOrAfter Attribute value if exists.

Returns:

  • (Time|nil)

    Gets the NotOnOrAfter Attribute value if exists.



137
138
139
140
141
142
143
144
145
146
147
148
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 137

def not_on_or_after
  @not_on_or_after ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutRequest",
      { "p" => PROTOCOL }
    )
    if node && node.attributes["NotOnOrAfter"]
      Time.parse(node.attributes["NotOnOrAfter"])
    end
  end
end

#request_idObject 



50
51
52
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 50

def request_id
  id(document)
end

#session_indexesArray

Returns Gets the SessionIndex if exists (Supported multiple values). Empty Array if none found.

Returns:

  • (Array)

    Gets the SessionIndex if exists (Supported multiple values). Empty Array if none found



152
153
154
155
156
157
158
159
160
 
# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 152

def session_indexes
  nodes = REXML::XPath.match(
    document,
    "/p:LogoutRequest/p:SessionIndex",
    { "p" => PROTOCOL }
  )

  nodes.map { |node| Utils.element_text(node) }
end