Class: OneLogin::RubySaml::Logoutrequest

Inherits:
SamlMessage show all
Defined in:
lib/onelogin/ruby-saml/logoutrequest.rb

Overview

SAML2 Logout Request (SLO SP initiated, Builder)

Constant Summary

Constants inherited from SamlMessage

SamlMessage::ASSERTION, SamlMessage::BASE64_FORMAT, SamlMessage::PROTOCOL

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from SamlMessage

#id, schema, #valid_saml?, #version

Constructor Details

#initializeLogoutrequest

Initializes the Logout Request. A Logoutrequest Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.


19
20
21
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 19

def initialize
  @uuid = OneLogin::RubySaml::Utils.uuid
end

Instance Attribute Details

#uuidObject (readonly)

Logout Request ID


14
15
16
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 14

def uuid
  @uuid
end

Instance Method Details

#create(settings, params = {}) ⇒ String

Creates the Logout Request string.


28
29
30
31
32
33
34
35
36
37
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 28

def create(settings, params={})
  params = create_params(settings, params)
  params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
  saml_request = CGI.escape(params.delete("SAMLRequest"))
  request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
  params.each_pair do |key, value|
    request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
  end
  @logout_url = settings.idp_slo_target_url + request_params
end

#create_logout_request_xml_doc(settings) ⇒ String

Creates the SAMLRequest String.


91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 91

def create_logout_request_xml_doc(settings)
  time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")

  request_doc = XMLSecurity::Document.new
  request_doc.uuid = uuid

  root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
  root.attributes['ID'] = uuid
  root.attributes['IssueInstant'] = time
  root.attributes['Version'] = "2.0"
  root.attributes['Destination'] = settings.idp_slo_target_url  unless settings.idp_slo_target_url.nil?

  if settings.issuer
    issuer = root.add_element "saml:Issuer"
    issuer.text = settings.issuer
  end

  nameid = root.add_element "saml:NameID"
  if settings.name_identifier_value
    nameid.attributes['NameQualifier'] = settings.idp_name_qualifier if settings.idp_name_qualifier
    nameid.attributes['SPNameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
    nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
    nameid.text = settings.name_identifier_value
  else
    # If no NameID is present in the settings we generate one
    nameid.text = OneLogin::RubySaml::Utils.uuid
    nameid.attributes['Format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
  end

  if settings.sessionindex
    sessionindex = root.add_element "samlp:SessionIndex"
    sessionindex.text = settings.sessionindex
  end

  # embed signature
  if settings.security[:logout_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
    private_key = settings.get_sp_key
    cert = settings.get_sp_cert
    request_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
  end

  request_doc
end

#create_params(settings, params = {}) ⇒ Hash

Creates the Get parameters for the logout request.


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 44

def create_params(settings, params={})
  # The method expects :RelayState but sometimes we get 'RelayState' instead.
  # Based on the HashWithIndifferentAccess value in Rails we could experience
  # conflicts so this line will solve them.
  relay_state = params[:RelayState] || params['RelayState']

  if relay_state.nil?
    params.delete(:RelayState)
    params.delete('RelayState')
  end

  request_doc = create_logout_request_xml_doc(settings)
  request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values

  request = ""
  request_doc.write(request)

  Logging.debug "Created SLO Logout Request: #{request}"

  request = deflate(request) if settings.compress_request
  base64_request = encode(request)
  request_params = {"SAMLRequest" => base64_request}

  if settings.security[:logout_requests_signed] && !settings.security[:embed_sign] && settings.private_key
    params['SigAlg']    = settings.security[:signature_method]
    url_string = OneLogin::RubySaml::Utils.build_query(
      :type => 'SAMLRequest',
      :data => base64_request,
      :relay_state => relay_state,
      :sig_alg => params['SigAlg']
    )
    sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
    signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
    params['Signature'] = encode(signature)
  end

  params.each_pair do |key, value|
    request_params[key] = value.to_s
  end

  request_params
end