Class: SAML2::AuthnRequest

Inherits:
Request show all
Defined in:
lib/saml2/authn_request.rb

Instance Attribute Summary collapse

Attributes inherited from Message

#destination, #id, #issue_instant, #issuer

Attributes inherited from Base

#xml

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Message

#from_xml, from_xml, inherited, #initialize, parse, #valid_schema?

Methods inherited from Base

from_xml, #from_xml, load_object_array, load_string_array, lookup_qname, #to_s, #to_xml

Constructor Details

This class inherits a constructor from SAML2::Message

Instance Attribute Details

#assertion_consumer_serviceObject (readonly)

Returns the value of attribute assertion_consumer_service.



90
91
92
 
# File 'lib/saml2/authn_request.rb', line 90

def assertion_consumer_service
  @assertion_consumer_service
end

#assertion_consumer_service_indexObject 



92
93
94
95
96
97
 
# File 'lib/saml2/authn_request.rb', line 92

def assertion_consumer_service_index
  if xml && !instance_variable_defined?(:@assertion_consumer_service_index)
    @assertion_consumer_service_index = xml['AssertionConsumerServiceIndex']&.to_i
  end
  @assertion_consumer_service_index
end

#assertion_consumer_service_urlObject 



99
100
101
102
103
104
 
# File 'lib/saml2/authn_request.rb', line 99

def assertion_consumer_service_url
  if xml && !instance_variable_defined?(:@assertion_consumer_service_url)
    @assertion_consumer_service_url = xml['AssertionConsumerServiceURL']
  end
  @assertion_consumer_service_url
end

#attribute_consuming_serviceObject (readonly)

Returns the value of attribute attribute_consuming_service.



90
91
92
 
# File 'lib/saml2/authn_request.rb', line 90

def attribute_consuming_service
  @attribute_consuming_service
end

#attribute_consuming_service_indexObject 



106
107
108
109
110
111
 
# File 'lib/saml2/authn_request.rb', line 106

def attribute_consuming_service_index
  if xml && !instance_variable_defined?(:@attribute_consuming_service_index)
    @attribute_consuming_service_index = xml['AttributeConsumingServiceIndex']&.to_i
  end
  @attribute_consuming_service_index
end

#force_authn=(value) ⇒ Object (writeonly)

Sets the attribute force_authn

Parameters:

  • value

    the value to set the attribute force_authn to.



25
26
27
 
# File 'lib/saml2/authn_request.rb', line 25

def force_authn=(value)
  @force_authn = value
end

#name_id_policyObject 



83
84
85
86
87
88
 
# File 'lib/saml2/authn_request.rb', line 83

def name_id_policy
  if xml && !instance_variable_defined?(:@name_id_policy)
    @name_id_policy = NameID::Policy.from_xml(xml.at_xpath('samlp:NameIDPolicy', Namespaces::ALL))
  end
  @name_id_policy
end

#passive=(value) ⇒ Object (writeonly)

Sets the attribute passive

Parameters:

  • value

    the value to set the attribute passive to.



25
26
27
 
# File 'lib/saml2/authn_request.rb', line 25

def passive=(value)
  @passive = value
end

#protocol_bindingObject 



127
128
129
130
131
132
 
# File 'lib/saml2/authn_request.rb', line 127

def protocol_binding
  if xml && !instance_variable_defined?(:@protocol_binding)
    @protocol_binding = xml['ProtocolBinding']
  end
  @protocol_binding
end

#requested_authn_contextObject

Returns the value of attribute requested_authn_context.



32
33
34
 
# File 'lib/saml2/authn_request.rb', line 32

def requested_authn_context
  @requested_authn_context
end

Class Method Details

.decode(authnrequest) ⇒ Object

deprecated; takes just the SAMLRequest parameter’s value



17
18
19
20
21
22
23
 
# File 'lib/saml2/authn_request.rb', line 17

def self.decode(authnrequest)
  result, _relay_state = Bindings::HTTPRedirect.decode("http://host/?SAMLRequest=#{CGI.escape(authnrequest)}")
  return nil unless result.is_a?(AuthnRequest)
  result
rescue CorruptMessage
  AuthnRequest.from_xml(Nokogiri::XML('<xml></xml>').root)
end

.initiate(issuer, identity_provider = nil, assertion_consumer_service: nil, service_provider: nil) ⇒ Object 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/saml2/authn_request.rb', line 34

def self.initiate(issuer, identity_provider = nil,
    assertion_consumer_service: nil,
    service_provider: nil)
  authn_request = new
  authn_request.issuer = issuer
  authn_request.destination = identity_provider.single_sign_on_services.first.location if identity_provider
  authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED)
  assertion_consumer_service ||= service_provider.assertion_consumer_services.default if service_provider
  if assertion_consumer_service
    authn_request.protocol_binding = assertion_consumer_service.binding
    authn_request.assertion_consumer_service_url = assertion_consumer_service.location
  end
  authn_request
end

Instance Method Details

#build(builder) ⇒ Object 



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
 
# File 'lib/saml2/authn_request.rb', line 141

def build(builder)
  builder['samlp'].AuthnRequest(
      'xmlns:samlp' => Namespaces::SAMLP,
      'xmlns:saml' => Namespaces::SAML
  ) do |authn_request|
    super(authn_request)

    authn_request.parent['AssertionConsumerServiceIndex'] = assertion_consumer_service_index if assertion_consumer_service_index
    authn_request.parent['AssertionConsumerServiceURL'] = assertion_consumer_service_url if assertion_consumer_service_url
    authn_request.parent['AttributeConsumingServiceIndex'] = attribute_consuming_service_index if attribute_consuming_service_index
    authn_request.parent['ForceAuthn'] = force_authn? unless force_authn?.nil?
    authn_request.parent['IsPassive'] = passive? unless passive?.nil?
    authn_request.parent['ProtocolBinding'] = protocol_binding if protocol_binding

    subject.build(authn_request) if subject
    name_id_policy.build(authn_request) if name_id_policy
    requested_authn_context.build(authn_request) if requested_authn_context
  end
end

#force_authn?Boolean

Returns:

  • (Boolean) 


113
114
115
116
117
118
 
# File 'lib/saml2/authn_request.rb', line 113

def force_authn?
  if xml && !instance_variable_defined?(:@force_authn)
    @force_authn = xml['ForceAuthn']&.== 'true'
  end
  @force_authn
end

#passive?Boolean

Returns:

  • (Boolean) 


120
121
122
123
124
125
 
# File 'lib/saml2/authn_request.rb', line 120

def passive?
  if xml && !instance_variable_defined?(:@passive)
    @passive = xml['IsPassive']&.== 'true'
  end
  @passive
end

#resolve(service_provider) ⇒ Object 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/saml2/authn_request.rb', line 67

def resolve(service_provider)
  # TODO: check signature if present

  if assertion_consumer_service_url
    @assertion_consumer_service = service_provider.assertion_consumer_services.find { |acs| acs.location == assertion_consumer_service_url }
  else
    @assertion_consumer_service  = service_provider.assertion_consumer_services.resolve(assertion_consumer_service_index)
  end
  @attribute_consuming_service = service_provider.attribute_consuming_services.resolve(attribute_consuming_service_index)

  return false unless @assertion_consumer_service
  return false if attribute_consuming_service_index && !@attribute_consuming_service

  true
end

#subjectObject 



134
135
136
137
138
139
 
# File 'lib/saml2/authn_request.rb', line 134

def subject
  if xml && !instance_variable_defined?(:@subject)
    @subject = Subject.from_xml(xml.at_xpath('saml:Subject', Namespaces::ALL))
  end
  @subject
end

#valid_interoperable_profile?Boolean

Returns:

  • (Boolean) 


56
57
58
59
60
61
62
63
64
65
 
# File 'lib/saml2/authn_request.rb', line 56

def valid_interoperable_profile?
  # It's a subset of Web Browser SSO profile
  return false unless valid_web_browser_sso_profile?

  return false unless assertion_consumer_service_url
  return false if protocol_binding && protocol_binding != Endpoint::Bindings::HTTP_POST
  return false if subject

  true
end

#valid_web_browser_sso_profile?Boolean

Returns:

  • (Boolean) 


49
50
51
52
53
54
 
# File 'lib/saml2/authn_request.rb', line 49

def valid_web_browser_sso_profile?
  return false unless issuer
  return false if issuer.format && issuer.format != NameID::Format::ENTITY

  true
end