Class: OneLogin::RubySaml::IdpMetadataParser

Inherits:
Object
  • Object
show all
Includes:
SamlMetadata::Vocabulary
Defined in:
lib/onelogin/ruby-saml/idp_metadata_parser.rb

Overview

Auxiliary class to retrieve and parse the Identity Provider Metadata

Defined Under Namespace

Modules: SamlMetadata Classes: IdpMetadata

Constant Summary

Constants included from SamlMetadata::Vocabulary

SamlMetadata::Vocabulary::DSIG, SamlMetadata::Vocabulary::METADATA, SamlMetadata::Vocabulary::NAME_FORMAT, SamlMetadata::Vocabulary::SAML_ASSERTION

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#documentObject (readonly)

Returns the value of attribute document


33
34
35
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 33

def document
  @document
end

#optionsObject (readonly)

Returns the value of attribute options


35
36
37
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 35

def options
  @options
end

#responseObject (readonly)

Returns the value of attribute response


34
35
36
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 34

def response
  @response
end

Class Method Details

.get_idps(metadata_document, only_entity_id = nil) ⇒ Object

fetch IdP descriptors from a metadata document


38
39
40
41
42
43
44
45
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 38

def self.get_idps(, only_entity_id=nil)
  path = "//md:EntityDescriptor#{only_entity_id && '[@entityID="' + only_entity_id + '"]'}/md:IDPSSODescriptor"
  REXML::XPath.match(
    ,
    path,
    SamlMetadata::NAMESPACE
  )
end

Instance Method Details

#parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

  • idp_metadata (String)
  • options (Hash) (defaults to: {})

    :settings to provide the OneLogin::RubySaml::Settings object or an hash for Settings overrides

Options Hash (options):

  • :settings (OneLogin::RubySaml::Settings, Hash)

    the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:


113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 113

def parse(, options = {})
   = parse_to_hash(, options)

  settings = options[:settings]

  if settings.nil?
    OneLogin::RubySaml::Settings.new()
  elsif settings.is_a?(Hash)
    OneLogin::RubySaml::Settings.new(settings.merge())
  else
    (settings, )
  end
end

#parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

  • url (String)

    Url where the XML of the Identity Provider Metadata is published.

  • validate_cert (Boolean) (defaults to: true)

    If true and the URL is HTTPs, the cert of the domain is checked.

  • options (Hash) (defaults to: {})

    options used for parsing the metadata and the returned Settings instance

Options Hash (options):

  • :settings (OneLogin::RubySaml::Settings, Hash)

    the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

Raises:

  • (HttpError)

    Failure to fetch remote IdP metadata


62
63
64
65
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 62

def parse_remote(url, validate_cert = true, options = {})
   = (url, validate_cert)
  parse(, options)
end

#parse_remote_to_array(url, validate_cert = true, options = {}) ⇒ Array<Hash>

Parse all Identity Provider metadata and return the results as Array

Parameters:

  • url (String)

    Url where the XML of the Identity Provider Metadata is published.

  • validate_cert (Boolean) (defaults to: true)

    If true and the URL is HTTPs, the cert of the domain is checked.

  • options (Hash) (defaults to: {})

    options used for parsing the metadata

Options Hash (options):

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, all found IdPs are returned.

Returns:

  • (Array<Hash>)

Raises:

  • (HttpError)

    Failure to fetch remote IdP metadata


97
98
99
100
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 97

def parse_remote_to_array(url, validate_cert = true, options = {})
   = (url, validate_cert)
  parse_to_array(, options)
end

#parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

  • url (String)

    Url where the XML of the Identity Provider Metadata is published.

  • validate_cert (Boolean) (defaults to: true)

    If true and the URL is HTTPs, the cert of the domain is checked.

  • options (Hash) (defaults to: {})

    options used for parsing the metadata

Options Hash (options):

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

  • (Hash)

Raises:

  • (HttpError)

    Failure to fetch remote IdP metadata


80
81
82
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 80

def parse_remote_to_hash(url, validate_cert = true, options = {})
  parse_remote_to_array(url, validate_cert, options)[0]
end

#parse_to_array(idp_metadata, options = {}) ⇒ Array<Hash>

Parse all Identity Provider metadata and return the results as Array

Parameters:

  • idp_metadata (String)
  • options (Hash) (defaults to: {})

    options used for parsing the metadata and the returned Settings instance

Options Hash (options):

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, all found IdPs are returned.

Returns:

  • (Array<Hash>)

151
152
153
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 151

def parse_to_array(, options = {})
  (, options).map{|idp_md| idp_md.to_hash(options)}
end

#parse_to_hash(idp_metadata, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

  • idp_metadata (String)
  • options (Hash) (defaults to: {})

    options used for parsing the metadata and the returned Settings instance

Options Hash (options):

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

  • (Hash)

137
138
139
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 137

def parse_to_hash(, options = {})
  parse_to_array(, options)[0]
end

#parse_to_idp_metadata_array(idp_metadata, options = {}) ⇒ Object


155
156
157
158
159
160
161
162
163
164
165
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 155

def (, options = {})
  @document = REXML::Document.new()
  @options = options

  idpsso_descriptors = self.class.get_idps(@document, options[:entity_id])
  if !idpsso_descriptors.any?
    raise ArgumentError.new("idp_metadata must contain an IDPSSODescriptor element")
  end

  return idpsso_descriptors.map{|id| IdpMetadata.new(id, id.parent.attributes["entityID"])}
end