Class: OneLogin::RubySaml::Settings

Inherits:
Object
  • Object
show all
Defined in:
lib/onelogin/ruby-saml/settings.rb

Overview

SAML2 Toolkit Settings

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(overrides = {}, keep_security_attributes = false) ⇒ Settings

Returns a new instance of Settings.


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/onelogin/ruby-saml/settings.rb', line 13

def initialize(overrides = {}, keep_security_attributes = false)
  if keep_security_attributes
    security_attributes = overrides.delete(:security) || {}
    config = DEFAULTS.merge(overrides)
    config[:security] = DEFAULTS[:security].merge(security_attributes)
  else
    config = DEFAULTS.merge(overrides)
  end

  config.each do |k,v|
    acc = "#{k.to_s}=".to_sym
    if respond_to? acc
      value = v.is_a?(Hash) ? v.dup : v
      send(acc, value)
    end
  end
  @attribute_consuming_service = AttributeService.new
end

Instance Attribute Details

#assertion_consumer_logout_service_bindingObject

Returns the value of attribute assertion_consumer_logout_service_binding


70
71
72
# File 'lib/onelogin/ruby-saml/settings.rb', line 70

def assertion_consumer_logout_service_binding
  @assertion_consumer_logout_service_binding
end

#assertion_consumer_logout_service_urlObject

Compability


69
70
71
# File 'lib/onelogin/ruby-saml/settings.rb', line 69

def assertion_consumer_logout_service_url
  @assertion_consumer_logout_service_url
end

#assertion_consumer_service_bindingObject

Returns the value of attribute assertion_consumer_service_binding


45
46
47
# File 'lib/onelogin/ruby-saml/settings.rb', line 45

def assertion_consumer_service_binding
  @assertion_consumer_service_binding
end

#assertion_consumer_service_urlObject

SP Data


44
45
46
# File 'lib/onelogin/ruby-saml/settings.rb', line 44

def assertion_consumer_service_url
  @assertion_consumer_service_url
end

#attribute_consuming_serviceObject (readonly)

Returns the value of attribute attribute_consuming_service


64
65
66
# File 'lib/onelogin/ruby-saml/settings.rb', line 64

def attribute_consuming_service
  @attribute_consuming_service
end

#attributes_indexObject

Returns the value of attribute attributes_index


56
57
58
# File 'lib/onelogin/ruby-saml/settings.rb', line 56

def attributes_index
  @attributes_index
end

#authn_contextObject

Returns the value of attribute authn_context


61
62
63
# File 'lib/onelogin/ruby-saml/settings.rb', line 61

def authn_context
  @authn_context
end

#authn_context_comparisonObject

Returns the value of attribute authn_context_comparison


62
63
64
# File 'lib/onelogin/ruby-saml/settings.rb', line 62

def authn_context_comparison
  @authn_context_comparison
end

#authn_context_decl_refObject

Returns the value of attribute authn_context_decl_ref


63
64
65
# File 'lib/onelogin/ruby-saml/settings.rb', line 63

def authn_context_decl_ref
  @authn_context_decl_ref
end

#certificateObject

Returns the value of attribute certificate


58
59
60
# File 'lib/onelogin/ruby-saml/settings.rb', line 58

def certificate
  @certificate
end

#certificate_newObject

Returns the value of attribute certificate_new


59
60
61
# File 'lib/onelogin/ruby-saml/settings.rb', line 59

def certificate_new
  @certificate_new
end

#compress_requestObject

Returns the value of attribute compress_request


51
52
53
# File 'lib/onelogin/ruby-saml/settings.rb', line 51

def compress_request
  @compress_request
end

#compress_responseObject

Returns the value of attribute compress_response


52
53
54
# File 'lib/onelogin/ruby-saml/settings.rb', line 52

def compress_response
  @compress_response
end

#double_quote_xml_attribute_valuesObject

Returns the value of attribute double_quote_xml_attribute_values


53
54
55
# File 'lib/onelogin/ruby-saml/settings.rb', line 53

def double_quote_xml_attribute_values
  @double_quote_xml_attribute_values
end

#force_authnObject

Returns the value of attribute force_authn


57
58
59
# File 'lib/onelogin/ruby-saml/settings.rb', line 57

def force_authn
  @force_authn
end

#idp_attribute_namesObject

Returns the value of attribute idp_attribute_names


40
41
42
# File 'lib/onelogin/ruby-saml/settings.rb', line 40

def idp_attribute_names
  @idp_attribute_names
end

#idp_certObject

Returns the value of attribute idp_cert


36
37
38
# File 'lib/onelogin/ruby-saml/settings.rb', line 36

def idp_cert
  @idp_cert
end

#idp_cert_fingerprintObject

Returns the value of attribute idp_cert_fingerprint


37
38
39
# File 'lib/onelogin/ruby-saml/settings.rb', line 37

def idp_cert_fingerprint
  @idp_cert_fingerprint
end

#idp_cert_fingerprint_algorithmObject

Returns the value of attribute idp_cert_fingerprint_algorithm


38
39
40
# File 'lib/onelogin/ruby-saml/settings.rb', line 38

def idp_cert_fingerprint_algorithm
  @idp_cert_fingerprint_algorithm
end

#idp_cert_multiObject

Returns the value of attribute idp_cert_multi


39
40
41
# File 'lib/onelogin/ruby-saml/settings.rb', line 39

def idp_cert_multi
  @idp_cert_multi
end

#idp_entity_idObject

IdP Data


33
34
35
# File 'lib/onelogin/ruby-saml/settings.rb', line 33

def idp_entity_id
  @idp_entity_id
end

#idp_name_qualifierObject

Returns the value of attribute idp_name_qualifier


41
42
43
# File 'lib/onelogin/ruby-saml/settings.rb', line 41

def idp_name_qualifier
  @idp_name_qualifier
end

#idp_slo_target_urlObject

Returns the value of attribute idp_slo_target_url


35
36
37
# File 'lib/onelogin/ruby-saml/settings.rb', line 35

def idp_slo_target_url
  @idp_slo_target_url
end

#idp_sso_target_urlObject

Returns the value of attribute idp_sso_target_url


34
35
36
# File 'lib/onelogin/ruby-saml/settings.rb', line 34

def idp_sso_target_url
  @idp_sso_target_url
end

#issuerObject

Returns the value of attribute issuer


71
72
73
# File 'lib/onelogin/ruby-saml/settings.rb', line 71

def issuer
  @issuer
end

#name_identifier_formatObject

Returns the value of attribute name_identifier_format


47
48
49
# File 'lib/onelogin/ruby-saml/settings.rb', line 47

def name_identifier_format
  @name_identifier_format
end

#name_identifier_valueObject

Returns the value of attribute name_identifier_value


48
49
50
# File 'lib/onelogin/ruby-saml/settings.rb', line 48

def name_identifier_value
  @name_identifier_value
end

#name_identifier_value_requestedObject

Returns the value of attribute name_identifier_value_requested


49
50
51
# File 'lib/onelogin/ruby-saml/settings.rb', line 49

def name_identifier_value_requested
  @name_identifier_value_requested
end

#passiveObject

Returns the value of attribute passive


54
55
56
# File 'lib/onelogin/ruby-saml/settings.rb', line 54

def passive
  @passive
end

#private_keyObject

Returns the value of attribute private_key


60
61
62
# File 'lib/onelogin/ruby-saml/settings.rb', line 60

def private_key
  @private_key
end

#protocol_bindingObject

Returns the value of attribute protocol_binding


55
56
57
# File 'lib/onelogin/ruby-saml/settings.rb', line 55

def protocol_binding
  @protocol_binding
end

#securityObject

Work-flow


66
67
68
# File 'lib/onelogin/ruby-saml/settings.rb', line 66

def security
  @security
end

#sessionindexObject

Returns the value of attribute sessionindex


50
51
52
# File 'lib/onelogin/ruby-saml/settings.rb', line 50

def sessionindex
  @sessionindex
end

#softObject

Returns the value of attribute soft


67
68
69
# File 'lib/onelogin/ruby-saml/settings.rb', line 67

def soft
  @soft
end

#sp_name_qualifierObject

Returns the value of attribute sp_name_qualifier


46
47
48
# File 'lib/onelogin/ruby-saml/settings.rb', line 46

def sp_name_qualifier
  @sp_name_qualifier
end

#valid_untilObject

Returns the value of attribute valid_until


42
43
44
# File 'lib/onelogin/ruby-saml/settings.rb', line 42

def valid_until
  @valid_until
end

Instance Method Details

#get_fingerprintString

Calculates the fingerprint of the IdP x509 certificate.

Returns:

  • (String)

    The fingerprint


141
142
143
144
145
146
147
148
149
# File 'lib/onelogin/ruby-saml/settings.rb', line 141

def get_fingerprint
  idp_cert_fingerprint || begin
    idp_cert = get_idp_cert
    if idp_cert
      fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(idp_cert_fingerprint_algorithm).new
      fingerprint_alg.hexdigest(idp_cert.to_der).upcase.scan(/../).join(":")
    end
  end
end

#get_idp_certOpenSSL::X509::Certificate|nil

Returns Build the IdP certificate from the settings (previously format it).

Returns:

  • (OpenSSL::X509::Certificate|nil)

    Build the IdP certificate from the settings (previously format it)


153
154
155
156
157
158
# File 'lib/onelogin/ruby-saml/settings.rb', line 153

def get_idp_cert
  return nil if idp_cert.nil? || idp_cert.empty?

  formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
  OpenSSL::X509::Certificate.new(formatted_cert)
end

#get_idp_cert_multiHash with 2 arrays of OpenSSL::X509::Certificate

Returns Build multiple IdP certificates from the settings.

Returns:

  • (Hash with 2 arrays of OpenSSL::X509::Certificate)

    Build multiple IdP certificates from the settings.

Raises:

  • (ArgumentError)

162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# File 'lib/onelogin/ruby-saml/settings.rb', line 162

def get_idp_cert_multi
  return nil if idp_cert_multi.nil? || idp_cert_multi.empty?

  raise ArgumentError.new("Invalid value for idp_cert_multi") if not idp_cert_multi.is_a?(Hash)

  certs = {:signing => [], :encryption => [] }

  if idp_cert_multi.key?(:signing) and not idp_cert_multi[:signing].empty?
    idp_cert_multi[:signing].each do |idp_cert|
      formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
      certs[:signing].push(OpenSSL::X509::Certificate.new(formatted_cert))
    end
  end

  if idp_cert_multi.key?(:encryption) and not idp_cert_multi[:encryption].empty?
    idp_cert_multi[:encryption].each do |idp_cert|
      formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
      certs[:encryption].push(OpenSSL::X509::Certificate.new(formatted_cert))
    end
  end

  certs
end

#get_sp_certOpenSSL::X509::Certificate|nil

Returns Build the SP certificate from the settings (previously format it).

Returns:

  • (OpenSSL::X509::Certificate|nil)

    Build the SP certificate from the settings (previously format it)


188
189
190
191
192
193
194
195
196
197
198
199
200
201
# File 'lib/onelogin/ruby-saml/settings.rb', line 188

def get_sp_cert
  return nil if certificate.nil? || certificate.empty?

  formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
  cert = OpenSSL::X509::Certificate.new(formatted_cert)

  if security[:check_sp_cert_expiration]
    if OneLogin::RubySaml::Utils.is_cert_expired(cert)
      raise OneLogin::RubySaml::ValidationError.new("The SP certificate expired.")
    end
  end

  cert
end

#get_sp_cert_newOpenSSL::X509::Certificate|nil

Returns Build the New SP certificate from the settings (previously format it).

Returns:

  • (OpenSSL::X509::Certificate|nil)

    Build the New SP certificate from the settings (previously format it)


205
206
207
208
209
210
# File 'lib/onelogin/ruby-saml/settings.rb', line 205

def get_sp_cert_new
  return nil if certificate_new.nil? || certificate_new.empty?

  formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate_new)
  OpenSSL::X509::Certificate.new(formatted_cert)
end

#get_sp_keyOpenSSL::PKey::RSA

Returns Build the SP private from the settings (previously format it).

Returns:

  • (OpenSSL::PKey::RSA)

    Build the SP private from the settings (previously format it)


214
215
216
217
218
219
# File 'lib/onelogin/ruby-saml/settings.rb', line 214

def get_sp_key
  return nil if private_key.nil? || private_key.empty?

  formatted_private_key = OneLogin::RubySaml::Utils.format_private_key(private_key)
  OpenSSL::PKey::RSA.new(formatted_private_key)
end

#single_logout_service_bindingString

Returns Single Logout Service Binding.

Returns:

  • (String)

    Single Logout Service Binding.


117
118
119
120
121
122
123
124
125
126
127
# File 'lib/onelogin/ruby-saml/settings.rb', line 117

def single_logout_service_binding
  val = nil
  if @single_logout_service_binding.nil?
    if @assertion_consumer_logout_service_binding
      val = @assertion_consumer_logout_service_binding
    end
  else
    val = @single_logout_service_binding
  end
  val
end

#single_logout_service_binding=(url) ⇒ Object

Setter for Single Logout Service Binding.

(Currently we only support “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”)

Parameters:

  • url (String)

134
135
136
# File 'lib/onelogin/ruby-saml/settings.rb', line 134

def single_logout_service_binding=(url)
  @single_logout_service_binding = url
end

#single_logout_service_urlString

Returns Single Logout Service URL.

Returns:

  • (String)

    Single Logout Service URL.


96
97
98
99
100
101
102
103
104
105
106
# File 'lib/onelogin/ruby-saml/settings.rb', line 96

def single_logout_service_url
  val = nil
  if @single_logout_service_url.nil?
    if @assertion_consumer_logout_service_url
      val = @assertion_consumer_logout_service_url
    end
  else
    val = @single_logout_service_url
  end
  val
end

#single_logout_service_url=(url) ⇒ Object

Setter for the Single Logout Service URL.

Parameters:

  • url (String)

    .


111
112
113
# File 'lib/onelogin/ruby-saml/settings.rb', line 111

def single_logout_service_url=(url)
  @single_logout_service_url = url
end

#sp_entity_idString

Returns SP Entity ID.

Returns:

  • (String)

    SP Entity ID


75
76
77
78
79
80
81
82
83
84
85
# File 'lib/onelogin/ruby-saml/settings.rb', line 75

def sp_entity_id
  val = nil
  if @sp_entity_id.nil?
    if @issuer
      val = @issuer
    end
  else
    val = @sp_entity_id
  end
  val
end

#sp_entity_id=(val) ⇒ Object

Setter for SP Entity ID.

Parameters:

  • val (String)

    .


90
91
92
# File 'lib/onelogin/ruby-saml/settings.rb', line 90

def sp_entity_id=(val)
  @sp_entity_id = val
end