Class: SSO::RequestSecurityToken

Inherits:
SoapInvocable show all
Defined in:
lib/sso.rb

Overview

Encapsulates an issue operation that requests a security token from the SSO service.

Instance Attribute Summary collapse

Attributes inherited from SoapInvocable

#client, #operation, #response

Instance Method Summary collapse

Methods inherited from SoapInvocable

#has_header?, #invoke, #request_xml, #response_hash, #response_xml

Constructor Details

#initialize(client, username, password, hours = 2) ⇒ RequestSecurityToken

Constructs a new instance.



151
152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/sso.rb', line 151

def initialize(client, username, password, hours=2)
    super(:issue, client)

    @username = username
    @password = password
    @hours = hours

    #TODO: these things should be configurable, so we can get
    #non-delegatable tokens, HoK tokens, etc.
    @request_type = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
    @delegatable = true
end

Instance Attribute Details

#delegatableObject

Returns the value of attribute delegatable.



148
149
150
 
# File 'lib/sso.rb', line 148

def delegatable
  @delegatable
end

#request_typeObject

Returns the value of attribute request_type.



148
149
150
 
# File 'lib/sso.rb', line 148

def request_type
  @request_type
end

Instance Method Details

#body_xml(body) ⇒ Object

Builds the body XML for the SOAP request.



206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'lib/sso.rb', line 206

def body_xml(body)
    body.tag!("wst:RequestSecurityToken") do |rst|
        rst.tag!("wst:RequestType") do |element|
            element << request_type
        end
        rst.tag!("wst:Delegatable") do |element|
            element << delegatable.to_s
        end
=begin
        #TODO: we don't seem to need this, but I'm leaving this
        #here for now as a reminder.
        rst.tag!("wst:Lifetime") do |lifetime|
            lifetime.tag!("u:Created") do |element|
                element << created
            end
            lifetime.tag!("u:Expires") do |element|
                element << expires
            end
        end
=end

    end
end

#createdObject 



168
169
170
 
# File 'lib/sso.rb', line 168

def created
    @created ||= now.strftime(DATE_FORMAT)
end

#expiresObject 



176
177
178
 
# File 'lib/sso.rb', line 176

def expires
    @expires ||= future.strftime(DATE_FORMAT)
end

#futureObject 



172
173
174
 
# File 'lib/sso.rb', line 172

def future
    @future ||= now + (2/24.0) #days (for DateTime math)
end

#header_xml(header) ⇒ Object

Builds the header XML for the SOAP request.



181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
 
# File 'lib/sso.rb', line 181

def header_xml(header)
    id = "uuid-" + SecureRandom.uuid

    #header.tag!("x:Security", "x:mustUnderstand" => "1") do |security|
    header.tag!("x:Security") do |security|
        security.tag!("u:Timestamp", "u:Id" => "_0") do |timestamp|
            timestamp.tag!("u:Created") do |element|
                element << created
            end
            timestamp.tag!("u:Expires") do |element|
                element << expires
            end
        end
        security.tag!("x:UsernameToken", "u:Id" => id) do |utoken|
            utoken.tag!("x:Username") do |element|
                element << @username
            end
            utoken.tag!("x:Password") do |element|
                element << @password
            end
        end
    end
end

#nowObject 



164
165
166
 
# File 'lib/sso.rb', line 164

def now
    @now ||= Time.now.utc.to_datetime
end

#saml_tokenSamlToken

Gets the saml_token from the SOAP response body.

Returns:



231
232
233
234
235
 
# File 'lib/sso.rb', line 231

def saml_token
    assertion = response_xml.at_xpath('//saml2:Assertion',
            'saml2' => 'urn:oasis:names:tc:SAML:2.0:assertion')
    SamlToken.new(assertion)
end