Class: Saml2::ArtifactResolver

Inherits:

Object

• Object
• Saml2::ArtifactResolver

Defined in:

lib/saml2/artifact_resolver.rb

Instance Attribute Summary

• #basic_auth_password ⇒ Object readonly

  Returns the value of attribute basic_auth_password.

• #basic_auth_realm ⇒ Object readonly

  Returns the value of attribute basic_auth_realm.

• #basic_auth_user_id ⇒ Object readonly

  Returns the value of attribute basic_auth_user_id.

• #idp_id ⇒ Object readonly

  Returns the value of attribute idp_id.

• #resolution_service_uri ⇒ Object readonly

  Returns the value of attribute resolution_service_uri.

• #source_id ⇒ Object readonly

  Returns the value of attribute source_id.

• #sp_id ⇒ Object readonly

  Returns the value of attribute sp_id.

Instance Method Summary

• #authenticator ⇒ Object
• #basic_auth_credentials(user_id, password, realm = nil) ⇒ Object

  Set HTTP basic authentication credentials.

• #http ⇒ Object
• #initialize(source_id, resolution_service_uri, idp_id, sp_id) ⇒ ArtifactResolver constructor

  Initialize and register a new artifact resolver.

• #logger ⇒ Object
• #resolve(artifact) ⇒ Saml2::Assertion

  Resolve ‘artifact` into an Assertion.

• #to_s ⇒ Object

Constructor Details

#initialize(source_id, resolution_service_uri, idp_id, sp_id) ⇒ ArtifactResolver

Initialize and register a new artifact resolver.

Parameters:

• source_id (string) —

  An opacque identifier used by the IDP to identify artifact that can be resolved by this service.

• resolution_service_uri (string) —

  The URI that will resolve artifacts into assertions.

• idp_id (String) —

  The URI identifying the assertion issuer at this source.

• sp_id (String) —

  The URI identifying (for this source) the service provider. IOW, the id of your application.

# File 'lib/saml2/artifact_resolver.rb', line 37

def initialize(source_id, resolution_service_uri, idp_id, sp_id)
  @source_id = source_id
  @resolution_service_uri = Addressable::URI.parse(resolution_service_uri) 
  @idp_id = idp_id
  @sp_id = sp_id
  ArtifactResolverRegistry.register self  
end

Instance Attribute Details

#basic_auth_password ⇒ Object (readonly)

Returns the value of attribute basic_auth_password.

# File 'lib/saml2/artifact_resolver.rb', line 22

def basic_auth_password
  @basic_auth_password
end

#basic_auth_realm ⇒ Object (readonly)

Returns the value of attribute basic_auth_realm.

# File 'lib/saml2/artifact_resolver.rb', line 22

def basic_auth_realm
  @basic_auth_realm
end

#basic_auth_user_id ⇒ Object (readonly)

Returns the value of attribute basic_auth_user_id.

# File 'lib/saml2/artifact_resolver.rb', line 22

def basic_auth_user_id
  @basic_auth_user_id
end

#idp_id ⇒ Object (readonly)

Returns the value of attribute idp_id.

# File 'lib/saml2/artifact_resolver.rb', line 21

def idp_id
  @idp_id
end

#resolution_service_uri ⇒ Object (readonly)

Returns the value of attribute resolution_service_uri.

# File 'lib/saml2/artifact_resolver.rb', line 21

def resolution_service_uri
  @resolution_service_uri
end

#source_id ⇒ Object (readonly)

Returns the value of attribute source_id.

# File 'lib/saml2/artifact_resolver.rb', line 21

def source_id
  @source_id
end

#sp_id ⇒ Object (readonly)

Returns the value of attribute sp_id.

# File 'lib/saml2/artifact_resolver.rb', line 21

def sp_id
  @sp_id
end

Instance Method Details

#authenticator ⇒ Object

# File 'lib/saml2/artifact_resolver.rb', line 60

def authenticator
  return nil unless basic_auth_user_id

  if basic_auth_realm
    Resourceful::BasicAuthenticator.new(basic_auth_realm, basic_auth_user_id, basic_auth_password)
  else
    Resourceful::PromiscuousBasicAuthenticator.new(basic_auth_user_id, basic_auth_password)
  end
end

#basic_auth_credentials(user_id, password, realm = nil) ⇒ Object

Set HTTP basic authentication credentials

# File 'lib/saml2/artifact_resolver.rb', line 46

def basic_auth_credentials(user_id, password, realm = nil)
  @basic_auth_realm = realm
  @basic_auth_user_id = user_id
  @basic_auth_password = password
end

#http ⇒ Object

# File 'lib/saml2/artifact_resolver.rb', line 56

def http
  @http ||= Resourceful::HttpAccessor.new(:authenticators => authenticator, :logger => logger)
end

#logger ⇒ Object

# File 'lib/saml2/artifact_resolver.rb', line 52

def logger
  SamlSp.logger
end

#resolve(artifact) ⇒ Saml2::Assertion

Resolve ‘artifact` into an Assertion.

Parameters:

• The (Saml2::Type4Artifact) —

  artifact to resolve.

Returns:

• (Saml2::Assertion)

Raises:

• (RequestDeniedError) —

  When the resolution service refuses to resolve the artifact.

• (AnomalousResponseIssuerError) —

  When the issuer of the response do not match the idp_id for this source.

# File 'lib/saml2/artifact_resolver.rb', line 81

def resolve(artifact)
  soap_body = request_document_for(artifact)
  logger.debug{"ArtifactResolve request body:\n#{soap_body.gsub(/^/, "\t")}"}
  resp = http.resource(resolution_service_uri).post(soap_body,
                                                    'Accept' => 'application/soap+xml', 
                                                    'Content-Type' => 'application/soap+xml')

  doc = Nokogiri::XML.parse(resp.body)
  assert_successful_response(doc)

  assertion = Assertion.new_from_xml(doc)

  raise AnomalousResponseIssuerError.new_from_issuers(idp_id, assertion.issuer) unless 
    assertion.issuer == idp_id

  assertion

rescue Resourceful::UnsuccessfulHttpRequestError => e

  logger.debug { 
    body = e.http_request.body
    body.rewind
    "Artifact resolution request:\n" + body.read.gsub(/^/, '    ')}
  logger.debug {"Artifact resolution response:\n" + e.http_response.body.gsub(/^/, '    ')}
  raise
end

#to_s ⇒ Object

# File 'lib/saml2/artifact_resolver.rb', line 108

def to_s
  "Resolver for <#{idp_id}> (#{Base64.encode64(source_id).strip})"
end