Module: Saml::Provider

Extended by:
ActiveSupport::Concern
Included in:
BasicProvider, NullProvider
Defined in:
lib/saml/provider.rb

Instance Method Summary collapse

Instance Method Details

#artifact_resolution_service_url(index = nil, type = :descriptor) ⇒ Object

Parameters:

  • type (Symbol) (defaults to: :descriptor)

    (see #descriptor)



10
11
12
 
# File 'lib/saml/provider.rb', line 10

def artifact_resolution_service_url(index = nil, type = :descriptor)
  find_indexed_service_url(descriptor(type).artifact_resolution_services, index)
end

#assertion_consumer_service(index = nil) ⇒ Object 



18
19
20
 
# File 'lib/saml/provider.rb', line 18

def assertion_consumer_service(index = nil)
  find_indexed_service(sp_descriptor.assertion_consumer_services, index)
end

#assertion_consumer_service_indicesObject 



22
23
24
25
26
27
28
 
# File 'lib/saml/provider.rb', line 22

def assertion_consumer_service_indices
  if sp_descriptor.assertion_consumer_services.present?
    sp_descriptor.assertion_consumer_services.map(&:index)
  else
    []
  end
end

#assertion_consumer_service_url(index = nil) ⇒ Object 



5
6
7
 
# File 'lib/saml/provider.rb', line 5

def assertion_consumer_service_url(index = nil)
  find_indexed_service_url(sp_descriptor.assertion_consumer_services, index)
end

#attribute_consuming_service(index = nil) ⇒ Object 



14
15
16
 
# File 'lib/saml/provider.rb', line 14

def attribute_consuming_service(index = nil)
  find_indexed_service(sp_descriptor.attribute_consuming_services, index)
end

#attribute_service_url(binding) ⇒ Object 



78
79
80
 
# File 'lib/saml/provider.rb', line 78

def attribute_service_url(binding)
  find_binding_service(aa_descriptor.attribute_service, binding)
end

#authn_requests_signed?Boolean

Returns:

  • (Boolean) 


110
111
112
 
# File 'lib/saml/provider.rb', line 110

def authn_requests_signed?
  sp_descriptor(false).try(:authn_requests_signed)
end

#certificate(key_name = nil, use = "signing", type = :descriptor) ⇒ Object

Parameters:

  • type (Symbol) (defaults to: :descriptor)

    (see #descriptor)



39
40
41
42
 
# File 'lib/saml/provider.rb', line 39

def certificate(key_name = nil, use = "signing", type = :descriptor)
  key_descriptor = find_key_descriptor(key_name, use, type)
  key_descriptor.certificate if key_descriptor
end

#encryption_keyObject 



61
62
63
 
# File 'lib/saml/provider.rb', line 61

def encryption_key
  @encryption_key
end

#entity_descriptorObject 



30
31
32
 
# File 'lib/saml/provider.rb', line 30

def entity_descriptor
  @entity_descriptor
end

#entity_idObject 



34
35
36
 
# File 'lib/saml/provider.rb', line 34

def entity_id
  entity_descriptor.entity_id
end

#find_key_descriptor(key_name = nil, use = "signing", type = :descriptor) ⇒ Object

Parameters:

  • type (Symbol) (defaults to: :descriptor)

    (see #descriptor)



45
46
47
 
# File 'lib/saml/provider.rb', line 45

def find_key_descriptor(key_name = nil, use = "signing", type = :descriptor)
  descriptor(type).find_key_descriptor(key_name, use)
end

#find_key_descriptors_by_use(use, type = :descriptor) ⇒ Object 



49
50
51
 
# File 'lib/saml/provider.rb', line 49

def find_key_descriptors_by_use(use, type = :descriptor)
  descriptor(type).find_key_descriptors_by_use(use)
end

#find_key_descriptors_by_use_or_without(use, type = :descriptor) ⇒ Object 



53
54
55
 
# File 'lib/saml/provider.rb', line 53

def find_key_descriptors_by_use_or_without(use, type = :descriptor)
  descriptor(type).find_key_descriptors_by_use_or_without(use)
end

#iterate_certificates_until_verified?Boolean

Returns:

  • (Boolean) 


114
115
116
 
# File 'lib/saml/provider.rb', line 114

def iterate_certificates_until_verified?
  false
end

#sign(signature_algorithm, data) ⇒ Object 



65
66
67
 
# File 'lib/saml/provider.rb', line 65

def sign(signature_algorithm, data)
  signing_key.sign(digest_method(signature_algorithm).new, data)
end

#signing_keyObject 



57
58
59
 
# File 'lib/saml/provider.rb', line 57

def signing_key
  @signing_key || encryption_key
end

#single_logout_service_url(binding, type = :descriptor) ⇒ Object

Parameters:

  • type (Symbol) (defaults to: :descriptor)

    (see #descriptor)



74
75
76
 
# File 'lib/saml/provider.rb', line 74

def single_logout_service_url(binding, type = :descriptor)
  find_binding_service(descriptor(type).single_logout_services, binding)
end

#single_sign_on_service_url(binding) ⇒ Object 



69
70
71
 
# File 'lib/saml/provider.rb', line 69

def single_sign_on_service_url(binding)
  find_binding_service(idp_descriptor.single_sign_on_services, binding)
end

#typeObject 



82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/saml/provider.rb', line 82

def type
  if idp_descriptor(false)
    if sp_descriptor(false)
      "identity_and_service_provider"
    else
      "identity_provider"
    end
  else
    "service_provider"
  end
end

#verify(signature_algorithm, signature, data, key_name = nil) ⇒ Object 



94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/saml/provider.rb', line 94

def verify(signature_algorithm, signature, data, key_name = nil)
  certificates = if key_name.blank? && iterate_certificates_until_verified?
    find_key_descriptors_by_use_or_without('signing').collect(&:certificate)
  else
    Array(certificate(key_name))
  end
  valid = certificates.any? do |cert|
    cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
  end

  # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
  OpenSSL.errors if !valid

  valid
end