Class: OneLogin::RubySaml::Response

Inherits:
SamlMessage show all
Defined in:
lib/onelogin/ruby-saml/response.rb

Constant Summary collapse

ASSERTION = 
"urn:oasis:names:tc:SAML:2.0:assertion"
PROTOCOL = 
"urn:oasis:names:tc:SAML:2.0:protocol"
DSIG = 
"http://www.w3.org/2000/09/xmldsig#"

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from SamlMessage

#valid_saml?, #validation_error

Constructor Details

#initialize(response, options = {}) ⇒ Response

Returns a new instance of Response.

Raises:

  • (ArgumentError) 


22
23
24
25
26
27
28
 
# File 'lib/onelogin/ruby-saml/response.rb', line 22

def initialize(response, options = {})
  @errors = []
  raise ArgumentError.new("Response cannot be nil") if response.nil?
  @options  = options
  @response = decode_raw_saml(response)
  @document = XMLSecurity::SignedDocument.new(@response, @errors)
end

Instance Attribute Details

#documentObject (readonly)

Returns the value of attribute document.



20
21
22
 
# File 'lib/onelogin/ruby-saml/response.rb', line 20

def document
  @document
end

#errorsObject

Returns the value of attribute errors.



16
17
18
 
# File 'lib/onelogin/ruby-saml/response.rb', line 16

def errors
  @errors
end

#optionsObject (readonly)

Returns the value of attribute options.



18
19
20
 
# File 'lib/onelogin/ruby-saml/response.rb', line 18

def options
  @options
end

#responseObject (readonly)

Returns the value of attribute response.



19
20
21
 
# File 'lib/onelogin/ruby-saml/response.rb', line 19

def response
  @response
end

#settingsObject

TODO: This should probably be ctor initialized too… WDYT?



15
16
17
 
# File 'lib/onelogin/ruby-saml/response.rb', line 15

def settings
  @settings
end

Instance Method Details

#attributesObject

Returns OneLogin::RubySaml::Attributes enumerable collection. All attributes can be iterated over attributes.each or returned as array by attributes.all

For backwards compatibility ruby-saml returns by default only the first value for a given attribute with

attributes['name']

To get all of the attributes, use:

attributes.multi('name')

Or turn off the compatibility:

OneLogin::RubySaml::Attributes.single_value_compatibility = false

Now this will return an array:

attributes['name']



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/onelogin/ruby-saml/response.rb', line 68

def attributes
  @attr_statements ||= begin
    attributes = Attributes.new

    stmt_element = xpath_first_from_signed_assertion('/a:AttributeStatement')
    return attributes if stmt_element.nil?

    stmt_element.elements.each do |attr_element|
      name  = attr_element.attributes["Name"]
      values = attr_element.elements.collect{|e|
        # SAMLCore requires that nil AttributeValues MUST contain xsi:nil XML attribute set to "true" or "1"
        # otherwise the value is to be regarded as empty.
        ["true", "1"].include?(e.attributes['xsi:nil']) ? nil : e.text.to_s
      }

      attributes.add(name, values)
    end

    attributes
  end
end

#conditionsObject

Conditions (if any) for the assertion to run



114
115
116
 
# File 'lib/onelogin/ruby-saml/response.rb', line 114

def conditions
  @conditions ||= xpath_first_from_signed_assertion('/a:Conditions')
end

#is_valid?Boolean

Returns:

  • (Boolean) 


30
31
32
 
# File 'lib/onelogin/ruby-saml/response.rb', line 30

def is_valid?
  validate
end

#issuerObject 



126
127
128
129
130
131
132
 
# File 'lib/onelogin/ruby-saml/response.rb', line 126

def issuer
  @issuer ||= begin
    node = REXML::XPath.first(document, "/p:Response/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
    node ||= xpath_first_from_signed_assertion('/a:Issuer')
    node.nil? ? nil : node.text
  end
end

#name_idObject

The value of the user identifier as designated by the initialization request response



43
44
45
46
47
48
 
# File 'lib/onelogin/ruby-saml/response.rb', line 43

def name_id
  @name_id ||= begin
    node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
    node.nil? ? nil : node.text
  end
end

#not_beforeObject 



118
119
120
 
# File 'lib/onelogin/ruby-saml/response.rb', line 118

def not_before
  @not_before ||= parse_time(conditions, "NotBefore")
end

#not_on_or_afterObject 



122
123
124
 
# File 'lib/onelogin/ruby-saml/response.rb', line 122

def not_on_or_after
  @not_on_or_after ||= parse_time(conditions, "NotOnOrAfter")
end

#session_expires_atObject

When this user session should expire at latest



91
92
93
94
95
96
 
# File 'lib/onelogin/ruby-saml/response.rb', line 91

def session_expires_at
  @expires_at ||= begin
    node = xpath_first_from_signed_assertion('/a:AuthnStatement')
    parse_time(node, "SessionNotOnOrAfter")
  end
end

#sessionindexObject 



50
51
52
53
54
55
 
# File 'lib/onelogin/ruby-saml/response.rb', line 50

def sessionindex
  @sessionindex ||= begin
    node = xpath_first_from_signed_assertion('/a:AuthnStatement')
    node.nil? ? nil : node.attributes['SessionIndex']
  end
end

#status_messageObject 



106
107
108
109
110
111
 
# File 'lib/onelogin/ruby-saml/response.rb', line 106

def status_message
  @status_message ||= begin
    node = REXML::XPath.first(document, "/p:Response/p:Status/p:StatusMessage", { "p" => PROTOCOL, "a" => ASSERTION })
    node.text if node
  end
end

#success?Boolean

Checks the status of the response for a “Success” code

Returns:

  • (Boolean) 


99
100
101
102
103
104
 
# File 'lib/onelogin/ruby-saml/response.rb', line 99

def success?
  @status_code ||= begin
    node = REXML::XPath.first(document, "/p:Response/p:Status/p:StatusCode", { "p" => PROTOCOL, "a" => ASSERTION })
    node.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
  end
end

#validate!Object 



34
35
36
 
# File 'lib/onelogin/ruby-saml/response.rb', line 34

def validate!
  validate(false)
end