Class: Onelogin::Saml::Response
- Inherits:
-
Object
- Object
- Onelogin::Saml::Response
- Defined in:
- lib/onelogin/ruby-samlnechotech/response.rb
Constant Summary collapse
- ASSERTION =
"urn:oasis:names:tc:SAML:2.0:assertion"
- PROTOCOL =
"urn:oasis:names:tc:SAML:2.0:protocol"
- DSIG =
"http://www.w3.org/2000/09/xmldsig#"
Instance Attribute Summary collapse
-
#document ⇒ Object
readonly
Returns the value of attribute document.
-
#options ⇒ Object
readonly
Returns the value of attribute options.
-
#response ⇒ Object
readonly
Returns the value of attribute response.
-
#settings ⇒ Object
TODO: This should probably be ctor initialized too…
Instance Method Summary collapse
-
#attributes ⇒ Object
A hash of alle the attributes with the response.
-
#conditions ⇒ Object
Conditions (if any) for the assertion to run.
-
#initialize(response, options = {}) ⇒ Response
constructor
A new instance of Response.
- #is_valid? ⇒ Boolean
- #issuer ⇒ Object
- #log ⇒ Object
-
#name_id ⇒ Object
The value of the user identifier as designated by the initialization request response.
-
#session_expires_at ⇒ Object
When this user session should expire at latest.
- #sessionindex ⇒ Object
-
#success? ⇒ Boolean
Checks the status of the response for a “Success” code (nechotech: …or a “NoPassive” secondary status code).
- #validate! ⇒ Object
- #xml_cert_validate(idp_cert_fingerprint, logger) ⇒ Object
Constructor Details
#initialize(response, options = {}) ⇒ Response
Returns a new instance of Response.
21 22 23 24 25 26 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 21 def initialize(response, = {}) raise ArgumentError.new("Response cannot be nil") if response.nil? @options = @response = (response =~ /^</) ? response : Base64.decode64(response) @document = XMLSecurity::SignedDocument.new(@response) end |
Instance Attribute Details
#document ⇒ Object (readonly)
Returns the value of attribute document.
19 20 21 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 19 def document @document end |
#options ⇒ Object (readonly)
Returns the value of attribute options.
17 18 19 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 17 def @options end |
#response ⇒ Object (readonly)
Returns the value of attribute response.
18 19 20 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 18 def response @response end |
#settings ⇒ Object
TODO: This should probably be ctor initialized too… WDYT?
15 16 17 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 15 def settings @settings end |
Instance Method Details
#attributes ⇒ Object
A hash of alle the attributes with the response. Assuming there is only one value for each key
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 67 def attributes @attr_statements ||= begin result = {} stmt_element = xpath_first_from_signed_assertion('/a:AttributeStatement') return {} if stmt_element.nil? stmt_element.elements.each do |attr_element| name = attr_element.attributes["Name"] value = attr_element.elements.first.text rescue nil result[name] = value end result.keys.each do |key| result[key.intern] = result[key] end result end end |
#conditions ⇒ Object
Conditions (if any) for the assertion to run
116 117 118 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 116 def conditions @conditions ||= xpath_first_from_signed_assertion('/a:Conditions') end |
#is_valid? ⇒ Boolean
28 29 30 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 28 def is_valid? validate end |
#issuer ⇒ Object
120 121 122 123 124 125 126 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 120 def issuer @issuer ||= begin node = REXML::XPath.first(document, "/p:Response/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION }) node ||= xpath_first_from_signed_assertion('/a:Issuer') node.nil? ? nil : node.text end end |
#log ⇒ Object
128 129 130 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 128 def log Logging.debug "SAML Response:\n#{document}\n" end |
#name_id ⇒ Object
The value of the user identifier as designated by the initialization request response
52 53 54 55 56 57 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 52 def name_id @name_id ||= begin node = xpath_first_from_signed_assertion('/a:Subject/a:NameID') node.nil? ? nil : node.text end end |
#session_expires_at ⇒ Object
When this user session should expire at latest
90 91 92 93 94 95 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 90 def session_expires_at @expires_at ||= begin node = xpath_first_from_signed_assertion('/a:AuthnStatement') parse_time(node, "SessionNotOnOrAfter") end end |
#sessionindex ⇒ Object
59 60 61 62 63 64 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 59 def sessionindex @sessionindex ||= begin node = xpath_first_from_signed_assertion('/a:AuthnStatement') node.nil? ? nil : node.attributes['SessionIndex'] end end |
#success? ⇒ Boolean
Checks the status of the response for a “Success” code (nechotech: …or a “NoPassive” secondary status code)
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 99 def success? @status_code ||= begin node = REXML::XPath.first(document, "/p:Response/p:Status/p:StatusCode", { "p" => PROTOCOL, "a" => ASSERTION }) primary_status = node.attributes["Value"] case primary_status when "urn:oasis:names:tc:SAML:2.0:status:Success" true when "urn:oasis:names:tc:SAML:2.0:status:Responder" secondary_status = node.elements[1].attributes["Value"] secondary_status == "urn:oasis:names:tc:SAML:2.0:status:NoPassive" else false end end end |
#validate! ⇒ Object
47 48 49 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 47 def validate! validate(false) end |
#xml_cert_validate(idp_cert_fingerprint, logger) ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/onelogin/ruby-samlnechotech/response.rb', line 32 def xml_cert_validate(idp_cert_fingerprint, logger) # get cert from response base64_cert = document.elements["//ds:X509Certificate"].text cert_text = Base64.decode64(base64_cert) cert = OpenSSL::X509::Certificate.new(cert_text) # check cert matches registered idp cert fingerprint = Digest::SHA1.hexdigest(cert.to_der) valid_flag = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase return valid_flag if !valid_flag document.validate_doc(base64_cert, Logging) end |