Class: SamlIdp::Request
- Inherits:
-
Object
- Object
- SamlIdp::Request
- Defined in:
- lib/saml_idp/request.rb
Instance Attribute Summary collapse
-
#raw_xml ⇒ Object
Returns the value of attribute raw_xml.
Class Method Summary collapse
Instance Method Summary collapse
- #acs_url ⇒ Object
- #authn_request? ⇒ Boolean
-
#initialize(raw_xml = "") ⇒ Request
constructor
A new instance of Request.
- #issuer ⇒ Object
- #log(msg) ⇒ Object
- #logout_request? ⇒ Boolean
- #logout_url ⇒ Object
- #name_id ⇒ Object
- #request ⇒ Object
- #request_id ⇒ Object
- #requested_authn_context ⇒ Object
- #response_url ⇒ Object
- #service_provider ⇒ Object
- #service_provider? ⇒ Boolean
- #session_index ⇒ Object
- #valid? ⇒ Boolean
- #valid_signature? ⇒ Boolean
Constructor Details
#initialize(raw_xml = "") ⇒ Request
Returns a new instance of Request.
30 31 32 |
# File 'lib/saml_idp/request.rb', line 30 def initialize(raw_xml = "") self.raw_xml = raw_xml end |
Instance Attribute Details
#raw_xml ⇒ Object
Returns the value of attribute raw_xml.
23 24 25 |
# File 'lib/saml_idp/request.rb', line 23 def raw_xml @raw_xml end |
Class Method Details
.from_deflated_request(raw) ⇒ Object
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/saml_idp/request.rb', line 5 def self.from_deflated_request(raw) if raw decoded = Base64.decode64(raw) zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS) begin inflated = zstream.inflate(decoded).tap do zstream.finish zstream.close end rescue Zlib::BufError, Zlib::DataError # not compressed inflated = decoded end else inflated = "" end new(inflated) end |
Instance Method Details
#acs_url ⇒ Object
62 63 64 65 |
# File 'lib/saml_idp/request.rb', line 62 def acs_url service_provider.acs_url || authn_request["AssertionConsumerServiceURL"].to_s end |
#authn_request? ⇒ Boolean
38 39 40 |
# File 'lib/saml_idp/request.rb', line 38 def authn_request? authn_request.nil? ? false : true end |
#issuer ⇒ Object
125 126 127 128 |
# File 'lib/saml_idp/request.rb', line 125 def issuer @_issuer ||= xpath("//saml:Issuer", saml: assertion).first.try(:content) @_issuer if @_issuer.present? end |
#log(msg) ⇒ Object
79 80 81 82 83 84 85 |
# File 'lib/saml_idp/request.rb', line 79 def log(msg) if Rails && Rails.logger Rails.logger.info msg else puts msg end end |
#logout_request? ⇒ Boolean
34 35 36 |
# File 'lib/saml_idp/request.rb', line 34 def logout_request? logout_request.nil? ? false : true end |
#logout_url ⇒ Object
67 68 69 |
# File 'lib/saml_idp/request.rb', line 67 def logout_url service_provider.assertion_consumer_logout_service_url end |
#name_id ⇒ Object
130 131 132 |
# File 'lib/saml_idp/request.rb', line 130 def name_id @_name_id ||= xpath("//saml:NameID", saml: assertion).first.try(:content) end |
#request ⇒ Object
46 47 48 49 50 51 52 |
# File 'lib/saml_idp/request.rb', line 46 def request if authn_request? authn_request elsif logout_request? logout_request end end |
#request_id ⇒ Object
42 43 44 |
# File 'lib/saml_idp/request.rb', line 42 def request_id request["ID"] end |
#requested_authn_context ⇒ Object
54 55 56 57 58 59 60 |
# File 'lib/saml_idp/request.rb', line 54 def requested_authn_context if authn_request? && authn_context_node authn_context_node.content else nil end end |
#response_url ⇒ Object
71 72 73 74 75 76 77 |
# File 'lib/saml_idp/request.rb', line 71 def response_url if authn_request? acs_url elsif logout_request? logout_url end end |
#service_provider ⇒ Object
121 122 123 |
# File 'lib/saml_idp/request.rb', line 121 def service_provider @_service_provider ||= ServiceProvider.new((service_provider_finder[issuer] || {}).merge(identifier: issuer)) end |
#service_provider? ⇒ Boolean
117 118 119 |
# File 'lib/saml_idp/request.rb', line 117 def service_provider? service_provider.valid? end |
#session_index ⇒ Object
134 135 136 |
# File 'lib/saml_idp/request.rb', line 134 def session_index @_session_index ||= xpath("//samlp:SessionIndex", samlp: samlp).first.try(:content) end |
#valid? ⇒ Boolean
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/saml_idp/request.rb', line 87 def valid? unless service_provider? log "Unable to find service provider for issuer #{issuer}" return false end unless (authn_request? ^ logout_request?) log "One and only one of authnrequest and logout request is required. authnrequest: #{authn_request?} logout_request: #{logout_request?} " return false end unless valid_signature? log "Signature is invalid in #{raw_xml}" return false end if response_url.nil? log "Unable to find response url for #{issuer}: #{raw_xml}" return false end return true end |
#valid_signature? ⇒ Boolean
111 112 113 114 115 |
# File 'lib/saml_idp/request.rb', line 111 def valid_signature? # Force signatures for logout requests because there is no other # protection against a cross-site DoS. service_provider.valid_signature?(document, logout_request?) end |