Class: OneLogin::RubySaml::IdpMetadataParser

Inherits:
Object
  • Object
show all
Defined in:
lib/onelogin/ruby-saml/idp_metadata_parser.rb

Overview

Auxiliary class to retrieve and parse the Identity Provider Metadata

Constant Summary collapse

METADATA =
"urn:oasis:names:tc:SAML:2.0:metadata"
DSIG =
"http://www.w3.org/2000/09/xmldsig#"
NAME_FORMAT =
"urn:oasis:names:tc:SAML:2.0:attrname-format:*"
SAML_ASSERTION =
"urn:oasis:names:tc:SAML:2.0:assertion"

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#documentObject (readonly)

Returns the value of attribute document


23
24
25
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 23

def document
  @document
end

#optionsObject (readonly)

Returns the value of attribute options


25
26
27
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 25

def options
  @options
end

#responseObject (readonly)

Returns the value of attribute response


24
25
26
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 24

def response
  @response
end

Instance Method Details

#parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

  • idp_metadata (String)
  • options (Hash) (defaults to: {})

    :settings to provide the OneLogin::RubySaml::Settings object or an hash for Settings overrides

Options Hash (options):

  • :settings (OneLogin::RubySaml::Settings, Hash)

    the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:


76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 76

def parse(, options = {})
   = parse_to_hash(, options)

  settings = options[:settings]

  if settings.nil?
    OneLogin::RubySaml::Settings.new()
  elsif settings.is_a?(Hash)
    OneLogin::RubySaml::Settings.new(settings.merge())
  else
    (settings, )
  end
end

#parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

  • url (String)

    Url where the XML of the Identity Provider Metadata is published.

  • validate_cert (Boolean) (defaults to: true)

    If true and the URL is HTTPs, the cert of the domain is checked.

  • options (Hash) (defaults to: {})

    options used for parsing the metadata and the returned Settings instance

Options Hash (options):

  • :settings (OneLogin::RubySaml::Settings, Hash)

    the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

Raises:

  • (HttpError)

    Failure to fetch remote IdP metadata


42
43
44
45
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 42

def parse_remote(url, validate_cert = true, options = {})
   = (url, validate_cert)
  parse(, options)
end

#parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

  • url (String)

    Url where the XML of the Identity Provider Metadata is published.

  • validate_cert (Boolean) (defaults to: true)

    If true and the URL is HTTPs, the cert of the domain is checked.

  • options (Hash) (defaults to: {})

    options used for parsing the metadata

Options Hash (options):

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

  • (Hash)

Raises:

  • (HttpError)

    Failure to fetch remote IdP metadata


60
61
62
63
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 60

def parse_remote_to_hash(url, validate_cert = true, options = {})
   = (url, validate_cert)
  parse_to_hash(, options)
end

#parse_to_hash(idp_metadata, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

  • idp_metadata (String)
  • options (Hash) (defaults to: {})

    options used for parsing the metadata and the returned Settings instance

Options Hash (options):

  • :sso_binding (Array<String>, nil)

    an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

  • :slo_binding (Array<String>, nil)

    an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

  • :entity_id (String, nil)

    when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

  • (Hash)

100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 100

def parse_to_hash(, options = {})
  @document = REXML::Document.new()
  @options = options
  @entity_descriptor = nil
  @certificates = nil
  @fingerprint = nil

  if idpsso_descriptor.nil?
    raise ArgumentError.new("idp_metadata must contain an IDPSSODescriptor element")
  end

  {
    :idp_entity_id => idp_entity_id,
    :name_identifier_format => idp_name_id_format,
    :idp_sso_target_url => single_signon_service_url(options),
    :idp_slo_target_url => single_logout_service_url(options),
    :idp_attribute_names => attribute_names,
    :idp_cert => nil,
    :idp_cert_fingerprint => nil,
    :idp_cert_multi => nil
  }.tap do |response_hash|
    merge_certificates_into(response_hash) unless certificates.nil?
  end
end