Class: RSAML::Protocol::AuthnRequest

Inherits:
Request show all
Defined in:
lib/rsaml/protocol/authn_request.rb

Overview

To request that an identity provider issue an assertion with an authentication statement, a presenter authenticates to that identity provider (or relies on an existing security context) and sends it an <AuthnRequest> message that describes the properties that the resulting assertion needs to have to satisfy its purpose. Among these properties may be information that relates to the content of the assertion and/or information that relates to how the resulting <Response> message should be delivered to the requester. The process of authentication of the presenter may take place before, during, or after the initial delivery of the <AuthnRequest> message.

The requester might not be the same as the presenter of the request if, for example, the requester is a relying party that intends to use the resulting assertion to authenticate or authorize the requested subject so that the relying party can decide whether to provide a service.

Instance Attribute Summary collapse

Attributes inherited from Message

#consent, #destination, #id, #issue_instant, #issuer, #signature, #version

Instance Method Summary collapse

Methods inherited from Request

#respond

Methods inherited from Message

#extensions, #initialize

Constructor Details

This class inherits a constructor from RSAML::Protocol::Message

Instance Attribute Details

#assertion_consumer_service_indexObject

Returns the value of attribute assertion_consumer_service_index.



49
50
51
# File 'lib/rsaml/protocol/authn_request.rb', line 49

def assertion_consumer_service_index
  @assertion_consumer_service_index
end

#assertion_consumer_service_urlObject

Returns the value of attribute assertion_consumer_service_url.



51
52
53
# File 'lib/rsaml/protocol/authn_request.rb', line 51

def assertion_consumer_service_url
  @assertion_consumer_service_url
end

#attribute_consuming_service_urlObject

Indirectly identifies information associated with the requester describing the SAML attributes the requester desires or requires to be supplied by the identity provider in the <Response> message. The identity provider MUST have a trusted means to map the index value in the attribute to information associated with the requester.



60
61
62
# File 'lib/rsaml/protocol/authn_request.rb', line 60

def attribute_consuming_service_url
  @attribute_consuming_service_url
end

#conditionsObject

Specifies the SAML conditions the requester expects to limit the validity and/or use of the resulting assertion(s). The responder MAY modify or supplement this set as it deems necessary. The information in this element is used as input to the process of constructing the assertion, rather than as conditions on the use of the request itself.



27
28
29
# File 'lib/rsaml/protocol/authn_request.rb', line 27

def conditions
  @conditions
end

#force_authnObject

A Boolean value. If “true”, the identity provider MUST authenticate the presenter directly rather than rely on a previous security context. If a value is not provided, the default is “false”. However, if both ForceAuthn and IsPassive are “true”, the identity provider MUST NOT freshly authenticate the presenter unless the constraints of IsPassive can be met.



42
43
44
# File 'lib/rsaml/protocol/authn_request.rb', line 42

def force_authn
  @force_authn
end

#is_passiveObject

A Boolean value. If “true”, the identity provider and the user agent itself MUST NOT visibly take control of the user interface from the requester and interact with the presenter in a noticeable fashion. If a value is not provided, the default is “false”.



47
48
49
# File 'lib/rsaml/protocol/authn_request.rb', line 47

def is_passive
  @is_passive
end

#name_id_policyObject

Specifies constraints on the name identifier to be used to represent the requested subject. If omitted, then any type of identifier supported by the identity provider for the requested subject can be used, constrained by any relevant deployment-specific policies, with respect to privacy, for example.



21
22
23
# File 'lib/rsaml/protocol/authn_request.rb', line 21

def name_id_policy
  @name_id_policy
end

#protocol_bindingObject

A URI reference that identifies a SAML protocol binding to be used when returning the response message.



54
55
56
# File 'lib/rsaml/protocol/authn_request.rb', line 54

def protocol_binding
  @protocol_binding
end

#provider_nameObject

Specifies the human-readable name of the requester for use by the presenter’s user agent or the identity provider



64
65
66
# File 'lib/rsaml/protocol/authn_request.rb', line 64

def provider_name
  @provider_name
end

#requested_authn_contextObject

Specifies the requirements, if any, that the requester places on the authentication context that applies to the responding provider’s authentication of the presenter.



31
32
33
# File 'lib/rsaml/protocol/authn_request.rb', line 31

def requested_authn_context
  @requested_authn_context
end

#scopingObject

Specifies a set of identity providers trusted by the requester to authenticate the presenter, as well as limitations and context related to proxying of the <Au message to subsequent identity providers by the responder.



36
37
38
# File 'lib/rsaml/protocol/authn_request.rb', line 36

def scoping
  @scoping
end

#subjectObject

Specifies the requested subject of the resulting assertion(s).



16
17
18
# File 'lib/rsaml/protocol/authn_request.rb', line 16

def subject
  @subject
end

Instance Method Details

#to_xml(xml = Builder::XmlMarkup.new) ⇒ Object

Construct an XML fragment representing the authentication request



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/rsaml/protocol/authn_request.rb', line 72

def to_xml(xml=Builder::XmlMarkup.new)
  attributes = {}
  attributes['ForceAuthn'] = force_authn unless force_authn.nil?
  attributes['IsPassive'] = is_passive unless is_passive.nil?
  # TODO implement assertion consumer service index
  # TODO implement assertion consumer service URL
  attributes['ProtocolBinding'] = protocol_binding unless protocol_binding.nil?
  attributes['AttributeConsumingServiceURL'] = attribute_consuming_service_url unless attribute_consuming_service_url.nil?
  attributes['ProviderName'] = provider_name unless provider_name.nil?
  xml.tag!('samlp:AuthnRequest', attributes) {
    xml << subject.to_xml unless subject.nil?
    xml << name_id_policy.to_xml unless name_id_policy.nil?
    xml << conditions.to_xml unless conditions.nil?
    xml << requested_authn_context unless requested_authn_context.nil?
    xml << scoping.to_xml unless scoping.nil?
  }
end

#validateObject

Validate the authentication request.

Raises:



67
68
69
# File 'lib/rsaml/protocol/authn_request.rb', line 67

def validate
  raise ValidationError, "Conditions must be of type Conditions" if conditions && !conditions.is_a?(Conditions)
end