Class: SSO::RequestSecurityToken

Inherits:
SoapInvocable show all
Defined in:
lib/sso.rb

Overview

Encapsulates an issue operation that requests a security token from the SSO service.

Instance Attribute Summary collapse

Attributes inherited from SoapInvocable

#client, #operation, #response

Instance Method Summary collapse

Methods inherited from SoapInvocable

#has_header?, #invoke, #request_xml, #response_hash, #response_xml

Constructor Details

#initialize(client, username, password, hours = 2) ⇒ RequestSecurityToken

Constructs a new instance.



149
150
151
152
153
154
155
156
157
158
159
160
 
# File 'lib/sso.rb', line 149

def initialize(client, username, password, hours = 2)
  super(:issue, client)

  @username = username
  @password = password
  @hours = hours

  # TODO: these things should be configurable, so we can get
  # non-delegatable tokens, HoK tokens, etc.
  @request_type = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
  @delegatable = true
end

Instance Attribute Details

#delegatableObject

Returns the value of attribute delegatable.



146
147
148
 
# File 'lib/sso.rb', line 146

def delegatable
  @delegatable
end

#request_typeObject

Returns the value of attribute request_type.



146
147
148
 
# File 'lib/sso.rb', line 146

def request_type
  @request_type
end

Instance Method Details

#body_xml(body) ⇒ Object

Builds the body XML for the SOAP request.



205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/sso.rb', line 205

def body_xml(body)
  body.tag!("wst:RequestSecurityToken") do |rst|
    rst.tag!("wst:RequestType") do |element|
      element << request_type
    end
    rst.tag!("wst:Delegatable") do |element|
      element << delegatable.to_s
    end
=begin
      #TODO: we don't seem to need this, but I'm leaving this
      #here for now as a reminder.
      rst.tag!("wst:Lifetime") do |lifetime|
          lifetime.tag!("u:Created") do |element|
              element << created
          end
          lifetime.tag!("u:Expires") do |element|
              element << expires
          end
      end
=end
  end
end

#createdObject 



166
167
168
 
# File 'lib/sso.rb', line 166

def created
  @created ||= now.strftime(DATE_FORMAT)
end

#expiresObject 



174
175
176
 
# File 'lib/sso.rb', line 174

def expires
  @expires ||= future.strftime(DATE_FORMAT)
end

#futureObject 



170
171
172
 
# File 'lib/sso.rb', line 170

def future
  @future ||= now + (2 / 24.0) # days (for DateTime math)
end

#header_xml(header) ⇒ Object

Builds the header XML for the SOAP request.



179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
 
# File 'lib/sso.rb', line 179

def header_xml(header)
  id = "uuid-" + SecureRandom.uuid

  # header.tag!("x:Security", "x:mustUnderstand" => "1") do |security|
  header.tag!("x:Security") do |security|
    security.tag!("u:Timestamp", "u:Id" => "_0") do |timestamp|
      timestamp.tag!("u:Created") do |element|
        element << created
      end
      timestamp.tag!("u:Expires") do |element|
        element << expires
      end
    end

    security.tag!("x:UsernameToken", "u:Id" => id) do |utoken|
      utoken.tag!("x:Username") do |element|
        element << @username
      end
      utoken.tag!("x:Password") do |element|
        element << @password
      end
    end
  end
end

#nowObject 



162
163
164
 
# File 'lib/sso.rb', line 162

def now
  @now ||= Time.now.utc.to_datetime
end

#saml_tokenSamlToken

Gets the saml_token from the SOAP response body.

Returns:



230
231
232
233
234
 
# File 'lib/sso.rb', line 230

def saml_token
  assertion = response_xml.at_xpath("//saml2:Assertion",
          "saml2" => "urn:oasis:names:tc:SAML:2.0:assertion")
  SamlToken.new(assertion)
end