Class: OneLogin::RubySaml::Settings

Inherits:
Object
  • Object
show all
Defined in:
lib/onelogin/ruby-saml/settings.rb

Overview

SAML2 Toolkit Settings

Constant Summary collapse

DEFAULTS = 
{
  :assertion_consumer_service_binding        => Utils::BINDINGS[:post],
  :single_logout_service_binding             => Utils::BINDINGS[:redirect],
  :idp_cert_fingerprint_algorithm            => XMLSecurity::Document::SHA1,
  :compress_request                          => true,
  :compress_response                         => true,
  :message_max_bytesize                      => 250000,
  :soft                                      => true,
  :double_quote_xml_attribute_values         => false,
  :security                                  => {
    :authn_requests_signed      => false,
    :logout_requests_signed     => false,
    :logout_responses_signed    => false,
    :want_assertions_signed     => false,
    :want_assertions_encrypted  => false,
    :want_name_id               => false,
    :metadata_signed            => false,
    :embed_sign                 => false, # Deprecated
    :digest_method              => XMLSecurity::Document::SHA1,
    :signature_method           => XMLSecurity::Document::RSA_SHA1,
    :check_idp_cert_expiration  => false,
    :check_sp_cert_expiration   => false,
    :strict_audience_validation => false,
    :lowercase_url_encoding     => false
  }.freeze
}.freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(overrides = {}, keep_security_attributes = false) ⇒ Settings

Returns a new instance of Settings.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 13

def initialize(overrides = {}, keep_security_attributes = false)
  if keep_security_attributes
    security_attributes = overrides.delete(:security) || {}
    config = DEFAULTS.merge(overrides)
    config[:security] = DEFAULTS[:security].merge(security_attributes)
  else
    config = DEFAULTS.merge(overrides)
  end

  config.each do |k,v|
    acc = "#{k}=".to_sym
    if respond_to? acc
      value = v.is_a?(Hash) ? v.dup : v
      send(acc, value)
    end
  end
  @attribute_consuming_service = AttributeService.new
end

Instance Attribute Details

#assertion_consumer_logout_service_bindingObject

Returns the value of attribute assertion_consumer_logout_service_binding.



75
76
77
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 75

def assertion_consumer_logout_service_binding
  @assertion_consumer_logout_service_binding
end

#assertion_consumer_logout_service_urlObject

Returns the value of attribute assertion_consumer_logout_service_url.



74
75
76
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 74

def assertion_consumer_logout_service_url
  @assertion_consumer_logout_service_url
end

#assertion_consumer_service_bindingObject

Returns the value of attribute assertion_consumer_service_binding.



47
48
49
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 47

def assertion_consumer_service_binding
  @assertion_consumer_service_binding
end

#assertion_consumer_service_urlObject

Returns the value of attribute assertion_consumer_service_url.



46
47
48
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 46

def assertion_consumer_service_url
  @assertion_consumer_service_url
end

#attribute_consuming_serviceObject (readonly)

Returns the value of attribute attribute_consuming_service.



68
69
70
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 68

def attribute_consuming_service
  @attribute_consuming_service
end

#attributes_indexObject

Returns the value of attribute attributes_index.



60
61
62
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 60

def attributes_index
  @attributes_index
end

#authn_contextObject

Returns the value of attribute authn_context.



65
66
67
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 65

def authn_context
  @authn_context
end

#authn_context_comparisonObject

Returns the value of attribute authn_context_comparison.



66
67
68
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 66

def authn_context_comparison
  @authn_context_comparison
end

#authn_context_decl_refObject

Returns the value of attribute authn_context_decl_ref.



67
68
69
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 67

def authn_context_decl_ref
  @authn_context_decl_ref
end

#certificateObject

Returns the value of attribute certificate.



62
63
64
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 62

def certificate
  @certificate
end

#certificate_newObject

Deprecated



73
74
75
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 73

def certificate_new
  @certificate_new
end

#compress_requestObject

Returns the value of attribute compress_request.



54
55
56
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 54

def compress_request
  @compress_request
end

#compress_responseObject

Returns the value of attribute compress_response.



55
56
57
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 55

def compress_response
  @compress_response
end

#double_quote_xml_attribute_valuesObject

Returns the value of attribute double_quote_xml_attribute_values.



56
57
58
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 56

def double_quote_xml_attribute_values
  @double_quote_xml_attribute_values
end

#force_authnObject

Returns the value of attribute force_authn.



61
62
63
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 61

def force_authn
  @force_authn
end

#idp_attribute_namesObject

Returns the value of attribute idp_attribute_names.



41
42
43
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 41

def idp_attribute_names
  @idp_attribute_names
end

#idp_certObject

Returns the value of attribute idp_cert.



37
38
39
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 37

def idp_cert
  @idp_cert
end

#idp_cert_fingerprintObject

Returns the value of attribute idp_cert_fingerprint.



38
39
40
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 38

def idp_cert_fingerprint
  @idp_cert_fingerprint
end

#idp_cert_fingerprint_algorithmObject

Returns the value of attribute idp_cert_fingerprint_algorithm.



39
40
41
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 39

def idp_cert_fingerprint_algorithm
  @idp_cert_fingerprint_algorithm
end

#idp_cert_multiObject

Returns the value of attribute idp_cert_multi.



40
41
42
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 40

def idp_cert_multi
  @idp_cert_multi
end

#idp_entity_idObject

IdP Data



33
34
35
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 33

def idp_entity_id
  @idp_entity_id
end

#idp_name_qualifierObject

Returns the value of attribute idp_name_qualifier.



42
43
44
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 42

def idp_name_qualifier
  @idp_name_qualifier
end

#idp_slo_response_service_urlObject

Returns the value of attribute idp_slo_response_service_url.



36
37
38
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 36

def idp_slo_response_service_url
  @idp_slo_response_service_url
end

#idp_slo_service_urlString

Returns IdP Single Logout Service URL.

Returns:

  • (String)

    IdP Single Logout Service URL



88
89
90
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 88

def idp_slo_service_url
  @idp_slo_service_url || @idp_slo_target_url
end

#idp_slo_target_urlObject

Returns the value of attribute idp_slo_target_url.



78
79
80
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 78

def idp_slo_target_url
  @idp_slo_target_url
end

#idp_sso_service_urlString

Returns IdP Single Sign On Service URL.

Returns:

  • (String)

    IdP Single Sign On Service URL



82
83
84
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 82

def idp_sso_service_url
  @idp_sso_service_url || @idp_sso_target_url
end

#idp_sso_target_urlObject

Returns the value of attribute idp_sso_target_url.



77
78
79
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 77

def idp_sso_target_url
  @idp_sso_target_url
end

#issuerObject

Returns the value of attribute issuer.



76
77
78
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 76

def issuer
  @issuer
end

#message_max_bytesizeObject

Returns the value of attribute message_max_bytesize.



57
58
59
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 57

def message_max_bytesize
  @message_max_bytesize
end

#name_identifier_formatObject

Returns the value of attribute name_identifier_format.



50
51
52
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 50

def name_identifier_format
  @name_identifier_format
end

#name_identifier_valueObject

Returns the value of attribute name_identifier_value.



51
52
53
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 51

def name_identifier_value
  @name_identifier_value
end

#name_identifier_value_requestedObject

Returns the value of attribute name_identifier_value_requested.



52
53
54
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 52

def name_identifier_value_requested
  @name_identifier_value_requested
end

#passiveObject

Returns the value of attribute passive.



58
59
60
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 58

def passive
  @passive
end

#private_keyObject

Returns the value of attribute private_key.



63
64
65
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 63

def private_key
  @private_key
end

#protocol_bindingObject

Returns the value of attribute protocol_binding.



59
60
61
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 59

def protocol_binding
  @protocol_binding
end

#securityObject

Work-flow



70
71
72
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 70

def security
  @security
end

#sessionindexObject

Returns the value of attribute sessionindex.



53
54
55
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 53

def sessionindex
  @sessionindex
end

#single_logout_service_urlString

Returns Single Logout Service URL.

Returns:

  • (String)

    Single Logout Service URL.



140
141
142
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 140

def single_logout_service_url
  @single_logout_service_url || @assertion_consumer_logout_service_url
end

#softObject

Returns the value of attribute soft.



71
72
73
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 71

def soft
  @soft
end

#sp_cert_multiObject

Returns the value of attribute sp_cert_multi.



64
65
66
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 64

def sp_cert_multi
  @sp_cert_multi
end

#sp_entity_idString

Returns SP Entity ID.

Returns:

  • (String)

    SP Entity ID



120
121
122
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 120

def sp_entity_id
  @sp_entity_id || @issuer
end

#sp_name_qualifierObject

Returns the value of attribute sp_name_qualifier.



49
50
51
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 49

def sp_name_qualifier
  @sp_name_qualifier
end

#valid_untilObject

Returns the value of attribute valid_until.



43
44
45
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 43

def valid_until
  @valid_until
end

Instance Method Details

#get_binding(value) ⇒ Object 



270
271
272
273
274
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 270

def get_binding(value)
  return unless value

  Utils::BINDINGS[value.to_sym] || value
end

#get_fingerprintString

Calculates the fingerprint of the IdP x509 certificate.

Returns:

  • (String)

    The fingerprint



171
172
173
174
175
176
177
178
179
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 171

def get_fingerprint
  idp_cert_fingerprint || begin
    idp_cert = get_idp_cert
    if idp_cert
      fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(idp_cert_fingerprint_algorithm).new
      fingerprint_alg.hexdigest(idp_cert.to_der).upcase.scan(/../).join(":")
    end
  end
end

#get_idp_certOpenSSL::X509::Certificate|nil

Returns Build the IdP certificate from the settings (previously format it).

Returns:

  • (OpenSSL::X509::Certificate|nil)

    Build the IdP certificate from the settings (previously format it)



183
184
185
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 183

def get_idp_cert
  OneLogin::RubySaml::Utils.build_cert_object(idp_cert)
end

#get_idp_cert_multiHash with 2 arrays of OpenSSL::X509::Certificate

Returns Build multiple IdP certificates from the settings.

Returns:

  • (Hash with 2 arrays of OpenSSL::X509::Certificate)

    Build multiple IdP certificates from the settings.

Raises:

  • (ArgumentError) 


189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 189

def get_idp_cert_multi
  return nil if idp_cert_multi.nil? || idp_cert_multi.empty?

  raise ArgumentError.new("Invalid value for idp_cert_multi") unless idp_cert_multi.is_a?(Hash)

  certs = {:signing => [], :encryption => [] }

  [:signing, :encryption].each do |type|
    certs_for_type = idp_cert_multi[type] || idp_cert_multi[type.to_s]
    next if !certs_for_type || certs_for_type.empty?

    certs_for_type.each do |idp_cert|
      certs[type].push(OneLogin::RubySaml::Utils.build_cert_object(idp_cert))
    end
  end

  certs
end

#get_sp_certOpenSSL::X509::Certificate

Deprecated.

Use get_sp_signing_pair or get_sp_certs instead.

Returns The SP signing certificate.

Returns:

  • (OpenSSL::X509::Certificate)

    The SP signing certificate.



236
237
238
239
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 236

def get_sp_cert
  node = get_sp_signing_pair
  node[0] if node
end

#get_sp_cert_newOpenSSL::X509::Certificate|nil

Deprecated.

Use get_sp_certs instead

Returns Build the New SP certificate from the settings.

Returns:

  • (OpenSSL::X509::Certificate|nil)

    Build the New SP certificate from the settings.



261
262
263
264
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 261

def get_sp_cert_new
  node = get_sp_certs[:signing].last
  node[0] if node
end

#get_sp_certsHash<Symbol, Array<Array<OpenSSL::X509::Certificate, OpenSSL::PKey::RSA>>>

Returns Build the SP certificates and private keys from the settings. If check_sp_cert_expiration is true, only returns certificates and private keys that are not expired.

Returns:

  • (Hash<Symbol, Array<Array<OpenSSL::X509::Certificate, OpenSSL::PKey::RSA>>>)

    Build the SP certificates and private keys from the settings. If check_sp_cert_expiration is true, only returns certificates and private keys that are not expired.



212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 212

def get_sp_certs
  certs = get_all_sp_certs
  return certs unless security[:check_sp_cert_expiration]

  active_certs = { signing: [], encryption: [] }
  certs.each do |use, pairs|
    next if pairs.empty?

    pairs = pairs.select { |cert, _| !cert || OneLogin::RubySaml::Utils.is_cert_active(cert) }
    raise OneLogin::RubySaml::ValidationError.new("The SP certificate expired.") if pairs.empty?

    active_certs[use] = pairs.freeze
  end
  active_certs.freeze
end

#get_sp_decryption_keysArray<OpenSSL::PKey::RSA>

Returns The SP decryption keys.

Returns:

  • (Array<OpenSSL::PKey::RSA>)

    The SP decryption keys.



251
252
253
254
255
256
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 251

def get_sp_decryption_keys
  ary = get_sp_certs[:encryption].map { |pair| pair[1] }
  ary.compact!
  ary.uniq!(&:to_pem)
  ary.freeze
end

#get_sp_signing_keyOpenSSL::PKey::RSA Also known as: get_sp_key

Returns The SP signing key.

Returns:

  • (OpenSSL::PKey::RSA)

    The SP signing key.



242
243
244
245
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 242

def get_sp_signing_key
  node = get_sp_signing_pair
  node[1] if node
end

#get_sp_signing_pairArray<OpenSSL::X509::Certificate, OpenSSL::PKey::RSA>

Returns The SP signing certificate and private key.

Returns:

  • (Array<OpenSSL::X509::Certificate, OpenSSL::PKey::RSA>)

    The SP signing certificate and private key.



230
231
232
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 230

def get_sp_signing_pair
  get_sp_certs[:signing].first
end

#idp_binding_from_embed_signObject 



266
267
268
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 266

def idp_binding_from_embed_sign
  security[:embed_sign] ? Utils::BINDINGS[:post] : Utils::BINDINGS[:redirect]
end

#idp_slo_service_bindingString

Returns IdP Single Logout Service Binding.

Returns:

  • (String)

    IdP Single Logout Service Binding



107
108
109
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 107

def idp_slo_service_binding
  @idp_slo_service_binding || idp_binding_from_embed_sign
end

#idp_slo_service_binding=(value) ⇒ Object

Setter for IdP Single Logout Service Binding

Parameters:

  • value (String, Symbol)

    .



114
115
116
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 114

def idp_slo_service_binding=(value)
  @idp_slo_service_binding = get_binding(value)
end

#idp_sso_service_bindingString

Returns IdP Single Sign On Service Binding.

Returns:

  • (String)

    IdP Single Sign On Service Binding



94
95
96
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 94

def idp_sso_service_binding
  @idp_sso_service_binding || idp_binding_from_embed_sign
end

#idp_sso_service_binding=(value) ⇒ Object

Setter for IdP Single Sign On Service Binding

Parameters:

  • value (String, Symbol)

    .



101
102
103
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 101

def idp_sso_service_binding=(value)
  @idp_sso_service_binding = get_binding(value)
end

#single_logout_service_bindingString

Returns Single Logout Service Binding.

Returns:

  • (String)

    Single Logout Service Binding.



146
147
148
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 146

def single_logout_service_binding
  @single_logout_service_binding || @assertion_consumer_logout_service_binding
end

#single_logout_service_binding=(value) ⇒ Object

Setter for Single Logout Service Binding.

(Currently we only support “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”)

Parameters:

  • value (String, Symbol) 


155
156
157
 
# File 'lib/onelogin/ruby-saml/settings.rb', line 155

def single_logout_service_binding=(value)
  @single_logout_service_binding = get_binding(value)
end