Class: SamlIdp::Request

Inherits:

Object

• Object
• SamlIdp::Request

Defined in:

lib/saml_idp/request.rb

Instance Attribute Summary

• #raw_xml ⇒ Object

  Returns the value of attribute raw_xml.

Class Method Summary

• .from_deflated_request(raw) ⇒ Object

Instance Method Summary

• #acs_url ⇒ Object
• #authn_request? ⇒ Boolean
• #initialize(raw_xml = "") ⇒ Request constructor

  A new instance of Request.

• #issuer ⇒ Object
• #log(msg) ⇒ Object
• #logout_request? ⇒ Boolean
• #logout_url ⇒ Object
• #name_id ⇒ Object
• #request ⇒ Object
• #request_id ⇒ Object
• #requested_authn_context ⇒ Object
• #response_url ⇒ Object
• #service_provider ⇒ Object
• #service_provider? ⇒ Boolean
• #session_index ⇒ Object
• #valid? ⇒ Boolean
• #valid_signature? ⇒ Boolean

Constructor Details

#initialize(raw_xml = "") ⇒ Request

Returns a new instance of Request.

# File 'lib/saml_idp/request.rb', line 30

def initialize(raw_xml = "")
  self.raw_xml = raw_xml
end

Instance Attribute Details

#raw_xml ⇒ Object

Returns the value of attribute raw_xml.

# File 'lib/saml_idp/request.rb', line 23

def raw_xml
  @raw_xml
end

Class Method Details

.from_deflated_request(raw) ⇒ Object

# File 'lib/saml_idp/request.rb', line 5

def self.from_deflated_request(raw)
  if raw
    decoded = Base64.decode64(raw)
    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
    begin
      inflated = zstream.inflate(decoded).tap do
        zstream.finish
        zstream.close
      end
    rescue Zlib::BufError, Zlib::DataError # not compressed
      inflated = decoded
    end
  else
    inflated = ""
  end
  new(inflated)
end

Instance Method Details

#acs_url ⇒ Object

# File 'lib/saml_idp/request.rb', line 62

def acs_url
  service_provider.acs_url ||
    authn_request["AssertionConsumerServiceURL"].to_s
end

#authn_request? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml_idp/request.rb', line 38

def authn_request?
  authn_request.nil? ? false : true
end

#issuer ⇒ Object

# File 'lib/saml_idp/request.rb', line 125

def issuer
  @_issuer ||= xpath("//saml:Issuer", saml: assertion).first.try(:content)
  @_issuer if @_issuer.present?
end

#log(msg) ⇒ Object

# File 'lib/saml_idp/request.rb', line 79

def log(msg)
  if Rails && Rails.logger
    Rails.logger.info msg
  else
    puts msg
  end
end

#logout_request? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml_idp/request.rb', line 34

def logout_request?
  logout_request.nil? ? false : true
end

#logout_url ⇒ Object

# File 'lib/saml_idp/request.rb', line 67

def logout_url
  service_provider.assertion_consumer_logout_service_url
end

#name_id ⇒ Object

# File 'lib/saml_idp/request.rb', line 130

def name_id
  @_name_id ||= xpath("//saml:NameID", saml: assertion).first.try(:content)
end

#request ⇒ Object

# File 'lib/saml_idp/request.rb', line 46

def request
  if authn_request?
    authn_request
  elsif logout_request?
    logout_request
  end
end

#request_id ⇒ Object

# File 'lib/saml_idp/request.rb', line 42

def request_id
  request["ID"]
end

#requested_authn_context ⇒ Object

# File 'lib/saml_idp/request.rb', line 54

def requested_authn_context
  if authn_request? && authn_context_node
    authn_context_node.content
  else
    nil
  end
end

#response_url ⇒ Object

# File 'lib/saml_idp/request.rb', line 71

def response_url
  if authn_request?
    acs_url
  elsif logout_request?
    logout_url
  end
end

#service_provider ⇒ Object

# File 'lib/saml_idp/request.rb', line 121

def service_provider
  @_service_provider ||= ServiceProvider.new((service_provider_finder[issuer] || {}).merge(identifier: issuer))
end

#service_provider? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml_idp/request.rb', line 117

def service_provider?
  service_provider.valid?
end

#session_index ⇒ Object

# File 'lib/saml_idp/request.rb', line 134

def session_index
  @_session_index ||= xpath("//samlp:SessionIndex", samlp: samlp).first.try(:content)
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml_idp/request.rb', line 87

def valid?
  unless service_provider?
    log "Unable to find service provider for issuer #{issuer}"
    return false
  end

  unless (authn_request? ^ logout_request?)
    log "One and only one of authnrequest and logout request is required. authnrequest: #{authn_request?} logout_request: #{logout_request?} "
    return false
  end

  unless valid_signature?
    log "Signature is invalid in #{raw_xml}"
    return false
  end

  if response_url.nil?
    log "Unable to find response url for #{issuer}: #{raw_xml}"
    return false
  end

  return true
end

#valid_signature? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml_idp/request.rb', line 111

def valid_signature?
  # Force signatures for logout requests because there is no other
  # protection against a cross-site DoS.
  service_provider.valid_signature?(document, logout_request?)
end