Class: XmlProcessResponse

Inherits:

Object

• Object
• XmlProcessResponse

Defined in:

lib/processresponse.rb

Instance Attribute Summary

• #acs ⇒ Object readonly

  Returns the value of attribute acs.

• #acs_form ⇒ Object readonly

  Returns the value of attribute acs_form.

• #signed_response ⇒ Object readonly

  Returns the value of attribute signed_response.

Instance Method Summary

• #initialize(certificate_path, private_key_path) ⇒ XmlProcessResponse constructor

  Create an XmlProcessResponse object.

• #process_response(raw_saml_request, relay_state, username) ⇒ Object

  Builds a response SAML document to send back to Google.

Constructor Details

#initialize(certificate_path, private_key_path) ⇒ XmlProcessResponse

Create an XmlProcessResponse object

certificate_path: path to the site certificate, previously uploaded to Google using the SSO admin panel private_key_path: path to the private key that will be used to sign the SAML Response

# File 'lib/processresponse.rb', line 22

def initialize(certificate_path, private_key_path)
  @certificate_path = certificate_path
  @private_key_path = private_key_path

  libpath = "#{Gem.dir}/gems/google-sso-#{GoogleSSO::VERSION::STRING}/lib" # FIXME: uses hardcoded gemname. Bad bad bad.
  @signature_template_path	=	"#{libpath}/SignatureTemplate.xml"
  @response_template_path		=	"#{libpath}/SamlResponseTemplate.xml"
  
  @issue_instant		=	""
  @provider_name		=	""
  
  @acs							=	""
  @acs_form					=	""

  @signed_response	=	""

  @logger = Logger.new("response.log")
  @logger.level = Logger::DEBUG
end

Instance Attribute Details

#acs ⇒ Object (readonly)

Returns the value of attribute acs.

# File 'lib/processresponse.rb', line 16

def acs
  @acs
end

#acs_form ⇒ Object (readonly)

Returns the value of attribute acs_form.

# File 'lib/processresponse.rb', line 16

def acs_form
  @acs_form
end

#signed_response ⇒ Object (readonly)

Returns the value of attribute signed_response.

# File 'lib/processresponse.rb', line 16

def signed_response
  @signed_response
end

Instance Method Details

#process_response(raw_saml_request, relay_state, username) ⇒ Object

Builds a response SAML document to send back to Google.

Takes three parameters: a SAMLRequest-document, the RelayState variable and the username to authenticate. samlRequest: a string containing the SAML request Google sends out when a user tries to login to a SSO enabled domain. relayState: a string containing various state parameters regarding the Google domain and the service required. username: a string with the username that needs to be authenticated.

The method returns an HTML snippet containing a form with two <textarea> elements with the SAML response signed using the key, and the RelayState and the form action set to the Google Assertion Consumer Service URL. Both the SAMLResponse and the RelayState parameters has to be Base64 encoded when submited to Google; this is automatically handled for text inserted into textarea elements.

The form should be inserted in the resulting page and submit()-ed by a onload javascript function such as: window.onload = function(){ var f = document.getElementById(‘acsForm’); if(f.nodeName==‘FORM’){ f.submit(); } }

# File 'lib/processresponse.rb', line 64

def process_response(raw_saml_request, relay_state, username)
  saml_request = decode_authn_request(raw_saml_request)
  get_request_attributes(saml_request)
  
  saml_response = create_saml_response(username)   
  
  @logger.debug("\nSAML Response\n" + saml_response.to_s()) if @logger
  
  @signed_response = sign_XML(saml_response)

  @logger.debug("\nSigned Response\n" + signed_response.to_s()) if @logger
  
  @acs_form	=	<<-ACSFORM
						<form name="acsForm" id="acsForm" action="#{@acs}" method="post">
							<textarea name="SAMLResponse">#{signed_response}</textarea>
							<textarea name="RelayState">#{relay_state}</textarea>
						</form>
				ACSFORM
end