Class: OneLogin::RubySaml::SloLogoutrequest

Inherits:

SamlMessage

• Object
• SamlMessage
• OneLogin::RubySaml::SloLogoutrequest

Includes:

ErrorHandling

Defined in:

lib/onelogin/ruby-saml/slo_logoutrequest.rb

Overview

SAML2 Logout Request (SLO IdP initiated, Parser)

Constant Summary

Constants inherited from SamlMessage

OneLogin::RubySaml::SamlMessage::ASSERTION, OneLogin::RubySaml::SamlMessage::BASE64_FORMAT, OneLogin::RubySaml::SamlMessage::PROTOCOL

Instance Attribute Summary

• #document ⇒ Object readonly

  Returns the value of attribute document.

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #request ⇒ Object readonly

  Returns the value of attribute request.

• #settings ⇒ Object

  OneLogin::RubySaml::Settings Toolkit settings.

• #soft ⇒ Object

  Returns the value of attribute soft.

Attributes included from ErrorHandling

#errors

Instance Method Summary

• #decrypt_nameid(encrypt_node) ⇒ REXML::Document

  Decrypts an EncryptedID element.

• #id ⇒ String|nil

  Gets the ID attribute from the Logout Request.

• #initialize(request, options = {}) ⇒ SloLogoutrequest constructor

  Constructs the Logout Request.

• #is_valid?(collect_errors = false) ⇒ Boolean

  Validates the Logout Request with the default values (soft = true).

• #issuer ⇒ String

  Gets the Issuer from the Logout Request.

• #name_id ⇒ String (also: #nameid)

  Gets the NameID of the Logout Request.

• #name_id_format ⇒ String (also: #nameid_format)

  Gets the NameID Format of the Logout Request.

• #name_id_node ⇒ Object
• #not_on_or_after ⇒ Time|nil

  Gets the NotOnOrAfter Attribute value if exists.

• #request_id ⇒ Object
• #session_indexes ⇒ Array

  Gets the SessionIndex if exists (Supported multiple values).

Methods included from ErrorHandling

#append_error, #reset_errors!

Methods inherited from SamlMessage

schema, #valid_saml?, #version

Constructor Details

#initialize(request, options = {}) ⇒ SloLogoutrequest

Constructs the Logout Request. A Logout Request Object that is an extension of the SamlMessage class.

Parameters:

• request (String) —

  A UUEncoded Logout Request from the IdP.

• options (Hash) (defaults to: {}) —

  :settings to provide the OneLogin::RubySaml::Settings object Or :allowed_clock_drift for the logout request validation process to allow a clock drift when checking dates with Or :relax_signature_validation to accept signatures if no idp certificate registered on settings

Raises:

• (ArgumentError) —

  If Request is nil

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 33

def initialize(request, options = {})
  raise ArgumentError.new("Request cannot be nil") if request.nil?

  @errors = []
  @options = options
  @soft = true
  unless options[:settings].nil?
    @settings = options[:settings]
    unless @settings.soft.nil?
      @soft = @settings.soft
    end
  end

  @request = decode_raw_saml(request, settings)
  @document = REXML::Document.new(@request)
end

Instance Attribute Details

#document ⇒ Object (readonly)

Returns the value of attribute document.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 19

def document
  @document
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 21

def options
  @options
end

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 20

def request
  @request
end

#settings ⇒ Object

OneLogin::RubySaml::Settings Toolkit settings

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 17

def settings
  @settings
end

#soft ⇒ Object

Returns the value of attribute soft.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 23

def soft
  @soft
end

Instance Method Details

#decrypt_nameid(encrypt_node) ⇒ REXML::Document

Decrypts an EncryptedID element

Parameters:

• encryptedid_node (REXML::Element) —

  The EncryptedID element

Returns:

• (REXML::Document) —

  The decrypted EncrypedtID element

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 97

def decrypt_nameid(encrypt_node)

  if settings.nil? || !settings.get_sp_key
    raise ValidationError.new('An ' + encrypt_node.name + ' found and no SP private key found on the settings to decrypt it')
  end

  elem_plaintext = OneLogin::RubySaml::Utils.decrypt_data(encrypt_node, settings.get_sp_key)
  # If we get some problematic noise in the plaintext after decrypting.
  # This quick regexp parse will grab only the Element and discard the noise.
  elem_plaintext = elem_plaintext.match(/(.*<\/(\w+:)?NameID>)/m)[0]

  # To avoid namespace errors if saml namespace is not defined
  # create a parent node first with the namespace defined
  node_header = '<node xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">'
  elem_plaintext = node_header + elem_plaintext + '</node>'
  doc = REXML::Document.new(elem_plaintext)
  doc.root[0]
end

#id ⇒ String|nil

Returns Gets the ID attribute from the Logout Request. if exists.

Returns:

• (String|nil) —

  Gets the ID attribute from the Logout Request. if exists.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 118

def id
  super(document)
end

#is_valid?(collect_errors = false) ⇒ Boolean

Validates the Logout Request with the default values (soft = true)

Parameters:

• collect_errors (Boolean) (defaults to: false) —

  Stop validation when first error appears or keep validating.

Returns:

• (Boolean) —

  TRUE if the Logout Request is valid

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 58

def is_valid?(collect_errors = false)
  validate(collect_errors)
end

#issuer ⇒ String

Returns Gets the Issuer from the Logout Request.

Returns:

• (String) —

  Gets the Issuer from the Logout Request.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 124

def issuer
  @issuer ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutRequest/a:Issuer",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    Utils.element_text(node)
  end
end

#name_id ⇒ String Also known as: nameid

Returns Gets the NameID of the Logout Request.

Returns:

• (String) —

  Gets the NameID of the Logout Request.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 64

def name_id
  @name_id ||= Utils.element_text(name_id_node)
end

#name_id_format ⇒ String Also known as: nameid_format

Returns Gets the NameID Format of the Logout Request.

Returns:

• (String) —

  Gets the NameID Format of the Logout Request.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 72

def name_id_format
  @name_id_format ||=
    if name_id_node && name_id_node.attribute("Format")
      name_id_node.attribute("Format").value
    end
end

#name_id_node ⇒ Object

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 81

def name_id_node
  @name_id_node ||=
    begin
      encrypted_node = REXML::XPath.first(document, "/p:LogoutRequest/a:EncryptedID", { "p" => PROTOCOL, "a" => ASSERTION })
      if encrypted_node
        node = decrypt_nameid(encrypted_node)
      else
        node = REXML::XPath.first(document, "/p:LogoutRequest/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
      end
    end
end

#not_on_or_after ⇒ Time|nil

Returns Gets the NotOnOrAfter Attribute value if exists.

Returns:

• (Time|nil) —

  Gets the NotOnOrAfter Attribute value if exists.

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 137

def not_on_or_after
  @not_on_or_after ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutRequest",
      { "p" => PROTOCOL }
    )
    if node && node.attributes["NotOnOrAfter"]
      Time.parse(node.attributes["NotOnOrAfter"])
    end
  end
end

#request_id ⇒ Object

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 50

def request_id
  id(document)
end

#session_indexes ⇒ Array

Returns Gets the SessionIndex if exists (Supported multiple values). Empty Array if none found.

Returns:

• (Array) —

  Gets the SessionIndex if exists (Supported multiple values). Empty Array if none found

# File 'lib/onelogin/ruby-saml/slo_logoutrequest.rb', line 152

def session_indexes
  nodes = REXML::XPath.match(
    document,
    "/p:LogoutRequest/p:SessionIndex",
    { "p" => PROTOCOL }
  )

  nodes.map { |node| Utils.element_text(node) }
end