Class: OmniAuth::Strategies::SAML

Inherits:

Object

• Object
• OmniAuth::Strategies::SAML

Includes:

OmniAuth::Strategy

Defined in:

lib/omni_auth/strategies/saml.rb,
lib/omni_auth/strategies/saml/logout_request.rb,
lib/omni_auth/strategies/saml/service_ticket_validator.rb

Defined Under Namespace

Classes: InvalidCASTicket, LogoutRequest, MissingCASTicket, ServiceTicketValidator

Constant Summary

SAML_NS =

{
  samla: "urn:oasis:names:tc:SAML:1.0:assertion",
  sprot: "urn:oasis:names:tc:SAML:1.0:protocol",
}

AuthHashSchemaKeys =

As required by github.com/intridea/omniauth/wiki/Auth-Hash-Schema

%w{name email nickname first_name last_name location}

Instance Attribute Summary

• #raw_info ⇒ Object (also: #user_info)

  Returns the value of attribute raw_info.

Instance Method Summary

• #append_params(base, params) ⇒ Object
• #callback_phase ⇒ Object
• #cas_url ⇒ Object

  Build a CAS host with protocol and port.

• #extract_url ⇒ Object
• #login_url(service) ⇒ Object
• #logout_url(service) ⇒ Object
• #on_sso_path? ⇒ Boolean
• #request_phase ⇒ Object
• #service_validate_url(service_url, ticket) ⇒ Object
• #single_sign_out_phase ⇒ Object
• #validate_cas_setup ⇒ Object
• #validate_service_ticket(ticket) ⇒ Object

  Validate the Service Ticket.

Instance Attribute Details

#raw_info ⇒ Object Also known as: user_info

Returns the value of attribute raw_info.

# File 'lib/omni_auth/strategies/saml.rb', line 18

def raw_info
  @raw_info
end

Instance Method Details

#append_params(base, params) ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 165

def append_params(base, params)
  params = params.each { |k,v| v = Rack::Utils.escape(v) }
  Addressable::URI.parse(base).tap do |base_uri|
    base_uri.query_values = (base_uri.query_values || {}).merge(params)
  end.to_s
end

#callback_phase ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 133

def callback_phase
  if on_sso_path?
    single_sign_out_phase
  else
    @ticket = request.params['SAMLart']
    return fail!(:no_ticket, MissingCASTicket.new('No CAS Ticket')) unless @ticket
    fetch_raw_info(@ticket)
    return fail!(:invalid_ticket, InvalidCASTicket.new('Invalid CAS Ticket')) if raw_info.empty?
    super
  end
end

#cas_url ⇒ Object

Build a CAS host with protocol and port

# File 'lib/omni_auth/strategies/saml.rb', line 92

def cas_url
  extract_url if options['url']
  validate_cas_setup
  @cas_url ||= begin
    uri = Addressable::URI.new
    uri.host = options.host
    uri.scheme = options.ssl ? 'https' : 'http'
    uri.port = options.port
    uri.path = options.path
    uri.to_s
  end
end

#extract_url ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 105

def extract_url
  url = Addressable::URI.parse(options.delete('url'))
  options.merge!(
    'host' => url.host,
    'port' => url.port,
    'path' => url.path,
    'ssl' => url.scheme == 'https'
  )
end

#login_url(service) ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 81

def login_url(service)
  target_url = service.split('?').first
  parms = { TARGET: target_url }
  cas_url + append_params(options.login_url, parms)
end

#logout_url(service) ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 86

def logout_url(service)
  cas_url + append_params(options.logout_url, { service: service})
end

#on_sso_path? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omni_auth/strategies/saml.rb', line 157

def on_sso_path?
  request.post? && request.params.has_key?('logoutRequest')
end

#request_phase ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 144

def request_phase
  service_url = append_params(callback_url, return_url)

  [
    302,
    {
      'Location' => login_url(service_url),
      'Content-Type' => 'text/plain'
    },
    ["You are being redirected to CAS for sign-in."]
  ]
end

#service_validate_url(service_url, ticket) ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 121

def service_validate_url(service_url, ticket)
  target_url = service_url.split('?').first

  parms = {
    TARGET: target_url
#          service: service_url,
#          ticket: ticket
  }
  r = cas_url + append_params(options.service_validate_url, parms)
  r
end

#single_sign_out_phase ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 161

def single_sign_out_phase
  logout_request_service.new(self, request).call(options)
end

#validate_cas_setup ⇒ Object

# File 'lib/omni_auth/strategies/saml.rb', line 115

def validate_cas_setup
  if options.host.nil? || options.login_url.nil?
    raise ArgumentError.new(":host and :login_url MUST be provided")
  end
end

#validate_service_ticket(ticket) ⇒ Object

Validate the Service Ticket

Returns:

• (Object) —

  the validated Service Ticket

# File 'lib/omni_auth/strategies/saml.rb', line 174

def validate_service_ticket(ticket)
  OmniAuth::Strategies::SAML::ServiceTicketValidator.new(self, options, callback_url, ticket).call
end