Class: OneLogin::RubySaml::IdpMetadataParser

Inherits:

Object

• Object
• OneLogin::RubySaml::IdpMetadataParser

Defined in:

lib/onelogin/ruby-saml/idp_metadata_parser.rb

Overview

Auxiliary class to retrieve and parse the Identity Provider Metadata

Constant Summary

METADATA =

"urn:oasis:names:tc:SAML:2.0:metadata"

DSIG =

"http://www.w3.org/2000/09/xmldsig#"

NAME_FORMAT =

"urn:oasis:names:tc:SAML:2.0:attrname-format:*"

SAML_ASSERTION =

"urn:oasis:names:tc:SAML:2.0:assertion"

Instance Attribute Summary

• #document ⇒ Object readonly

  Returns the value of attribute document.

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #response ⇒ Object readonly

  Returns the value of attribute response.

Instance Method Summary

• #parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

  Parse the Identity Provider metadata and update the settings with the IdP values.

• #parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

  Parse the Identity Provider metadata and update the settings with the IdP values.

• #parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

  Parse the Identity Provider metadata and return the results as Hash.

• #parse_to_hash(idp_metadata, options = {}) ⇒ Hash

  Parse the Identity Provider metadata and return the results as Hash.

Instance Attribute Details

#document ⇒ Object (readonly)

Returns the value of attribute document.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 23

def document
  @document
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 25

def options
  @options
end

#response ⇒ Object (readonly)

Returns the value of attribute response.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 24

def response
  @response
end

Instance Method Details

#parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  :settings to provide the OneLogin::RubySaml::Settings object or an hash for Settings overrides

Options Hash (options):

• :settings (OneLogin::RubySaml::Settings, Hash) —

  the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (OneLogin::RubySaml::Settings)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 76

def parse(idp_metadata, options = {})
  parsed_metadata = parse_to_hash(idp_metadata, options)

  settings = options[:settings]

  if settings.nil?
    OneLogin::RubySaml::Settings.new(parsed_metadata)
  elsif settings.is_a?(Hash)
    OneLogin::RubySaml::Settings.new(settings.merge(parsed_metadata))
  else
    merge_parsed_metadata_into(settings, parsed_metadata)
  end
end

#parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :settings (OneLogin::RubySaml::Settings, Hash) —

  the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (OneLogin::RubySaml::Settings)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 42

def parse_remote(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse(idp_metadata, options)
end

#parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (Hash)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 60

def parse_remote_to_hash(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse_to_hash(idp_metadata, options)
end

#parse_to_hash(idp_metadata, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (Hash)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 100

def parse_to_hash(idp_metadata, options = {})
  @document = REXML::Document.new(idp_metadata)
  @options = options
  @entity_descriptor = nil

  if idpsso_descriptor.nil?
    raise ArgumentError.new("idp_metadata must contain an IDPSSODescriptor element")
  end

  {
    :idp_entity_id => idp_entity_id,
    :name_identifier_format => idp_name_id_format,
    :idp_sso_target_url => single_signon_service_url(options),
    :idp_slo_target_url => single_logout_service_url(options),
    :idp_attribute_names => attribute_names,
    :idp_cert => nil,
    :idp_cert_fingerprint => nil,
    :idp_cert_multi => nil
  }.tap do |response_hash|
    merge_certificates_into(response_hash) unless certificates.nil?
  end
end