Class: OneLogin::RubySaml::Logoutresponse

Inherits:
SamlMessage
  • Object
show all
Includes:
ErrorHandling
Defined in:
lib/onelogin/ruby-saml/logoutresponse.rb

Overview

SAML2 Logout Response (SLO IdP initiated, Parser)

Constant Summary

Constants inherited from SamlMessage

SamlMessage::ASSERTION, SamlMessage::BASE64_FORMAT, SamlMessage::PROTOCOL

Instance Attribute Summary collapse

Attributes included from ErrorHandling

#errors

Instance Method Summary collapse

Methods included from ErrorHandling

#append_error, #reset_errors!

Methods inherited from SamlMessage

#id, schema, #valid_saml?, #version

Constructor Details

#initialize(response, settings = nil, options = {}) ⇒ Logoutresponse

Constructs the Logout Response. A Logout Response Object that is an extension of the SamlMessage class.

Parameters:

  • response (String)

    A UUEncoded logout response from the IdP.

  • settings (OneLogin::RubySaml::Settings|nil) (defaults to: nil)

    Toolkit settings

  • options (Hash) (defaults to: {})

    Extra parameters. :matches_request_id It will validate that the logout response matches the ID of the request. :get_params GET Parameters, including the SAMLResponse :relax_signature_validation to accept signatures if no idp certificate registered on settings

Raises:

  • (ArgumentError)

    if response is nil


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 34

def initialize(response, settings = nil, options = {})
  @errors = []
  raise ArgumentError.new("Logoutresponse cannot be nil") if response.nil?
  @settings = settings

  if settings.nil? || settings.soft.nil?
    @soft = true
  else
    @soft = settings.soft
  end

  @options = options
  @response = decode_raw_saml(response)
  @document = XMLSecurity::SignedDocument.new(@response)
end

Instance Attribute Details

#documentObject (readonly)

Returns the value of attribute document


18
19
20
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 18

def document
  @document
end

#optionsObject (readonly)

Returns the value of attribute options


20
21
22
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 20

def options
  @options
end

#responseObject (readonly)

Returns the value of attribute response


19
20
21
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 19

def response
  @response
end

#settingsObject

OneLogin::RubySaml::Settings Toolkit settings


16
17
18
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 16

def settings
  @settings
end

#softObject

Returns the value of attribute soft


22
23
24
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 22

def soft
  @soft
end

Instance Method Details

#in_response_toString|nil

Returns Gets the InResponseTo attribute from the Logout Response if exists.

Returns:

  • (String|nil)

    Gets the InResponseTo attribute from the Logout Response if exists.


63
64
65
66
67
68
69
70
71
72
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 63

def in_response_to
  @in_response_to ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutResponse",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    node.nil? ? nil : node.attributes['InResponseTo']
  end
end

#issuerString

Returns Gets the Issuer from the Logout Response.

Returns:

  • (String)

    Gets the Issuer from the Logout Response.


76
77
78
79
80
81
82
83
84
85
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 76

def issuer
  @issuer ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutResponse/a:Issuer",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    Utils.element_text(node)
  end
end

#status_codeString

Returns Gets the StatusCode from a Logout Response.

Returns:

  • (String)

    Gets the StatusCode from a Logout Response.


89
90
91
92
93
94
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 89

def status_code
  @status_code ||= begin
    node = REXML::XPath.first(document, "/p:LogoutResponse/p:Status/p:StatusCode", { "p" => PROTOCOL, "a" => ASSERTION })
    node.nil? ? nil : node.attributes["Value"]
  end
end

#status_messageObject


96
97
98
99
100
101
102
103
104
105
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 96

def status_message
  @status_message ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutResponse/p:Status/p:StatusMessage",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    Utils.element_text(node)
  end
end

#success?Boolean

Checks if the Status has the “Success” code

Returns:

  • (Boolean)

    True if the StatusCode is Sucess

Raises:


54
55
56
57
58
59
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 54

def success?
  unless status_code == "urn:oasis:names:tc:SAML:2.0:status:Success"
    return append_error("Bad status code. Expected <urn:oasis:names:tc:SAML:2.0:status:Success>, but was: <#@status_code>")
  end
  true
end

#validate(collect_errors = false) ⇒ Boolean

Aux function to validate the Logout Response

Parameters:

  • collect_errors (Boolean) (defaults to: false)

    Stop validation when first error appears or keep validating. (if soft=true)

Returns:

  • (Boolean)

    TRUE if the SAML Response is valid

Raises:


112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'lib/onelogin/ruby-saml/logoutresponse.rb', line 112

def validate(collect_errors = false)
  reset_errors!

  validations = [
    :valid_state?,
    :validate_success_status,
    :validate_structure,
    :valid_in_response_to?,
    :valid_issuer?,
    :validate_signature
  ]

  if collect_errors
    validations.each { |validation| send(validation) }
    @errors.empty?
  else
    validations.all? { |validation| send(validation) }
  end
end