Class: OmniAuth::Strategies::MPASSid

Inherits:

SAML

• Object
• SAML
• OmniAuth::Strategies::MPASSid

Defined in:

lib/omniauth/strategies/mpassid.rb

Instance Attribute Summary

• #mpassid_thread ⇒ Object readonly

  Returns the value of attribute mpassid_thread.

• #options ⇒ Object

  Returns the value of attribute options.

Instance Method Summary

• #callback_url ⇒ Object

  Override the callback URL so that it always matches the one expected by MPASSid.

• #initialize(app, *args, &block) ⇒ MPASSid constructor

  A new instance of MPASSid.

• #request_phase ⇒ Object

  Override the request phase to be able to pass the lang parameter to the redirect URL.

• #response_object ⇒ Object

  This method can be used externally to fetch information about the response, e.g.

Constructor Details

#initialize(app, *args, &block) ⇒ MPASSid

Returns a new instance of MPASSid.

# File 'lib/omniauth/strategies/mpassid.rb', line 246

def initialize(app, *args, &block)
  super

  # Add the MPASSid options to the local options, most of which are
  # fetched from the metadata. The options array is the one that gets
  # priority in case it overrides some of the metadata or locally defined
  # option values.
  @mpassid_thread = Thread.new do
    @options = OmniAuth::Strategy::Options.new(
      mpassid_options.merge(options)
    )
    options[:security][:authn_requests_signed] = false unless options[:certificate] && options[:private_key]
  end
end

Instance Attribute Details

#mpassid_thread ⇒ Object (readonly)

Returns the value of attribute mpassid_thread.

# File 'lib/omniauth/strategies/mpassid.rb', line 244

def mpassid_thread
  @mpassid_thread
end

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/omniauth/strategies/mpassid.rb', line 243

def options
  @options
end

Instance Method Details

#callback_url ⇒ Object

Override the callback URL so that it always matches the one expected by MPASSid. No additional query string parameters can be included in the string.

# File 'lib/omniauth/strategies/mpassid.rb', line 296

def callback_url
  full_host + script_name + callback_path
end

#request_phase ⇒ Object

Override the request phase to be able to pass the lang parameter to the redirect URL. Note that this needs to be the last parameter to be passed to the redirect URL.

# File 'lib/omniauth/strategies/mpassid.rb', line 264

def request_phase
  mpassid_thread.join if mpassid_thread.alive?
  authn_request = OneLogin::RubySaml::Authrequest.new
  lang = lang_for_authn_request

  session['saml_redirect_url'] = request.params['redirect_url']

  with_settings do |settings|
    url = authn_request.create(settings, additional_params_for_authn_request)
    url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
    redirect(url)
  end
end

#response_object ⇒ Object

This method can be used externally to fetch information about the response, e.g. in case of failures.

# File 'lib/omniauth/strategies/mpassid.rb', line 280

def response_object
  return nil unless request.params['SAMLResponse']

  with_settings do |settings|
    response = OneLogin::RubySaml::Response.new(
      request.params['SAMLResponse'],
      options_for_response_object.merge(settings: settings)
    )
    response.attributes['fingerprint'] = settings.idp_cert_fingerprint
    response
  end
end