Class: OmniAuth::Strategies::WSFed

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth/strategies/wsfed.rb,
lib/omniauth/strategies/wsfed/auth_request.rb,
lib/omniauth/strategies/wsfed/saml_1_token.rb,
lib/omniauth/strategies/wsfed/saml_2_token.rb,
lib/omniauth/strategies/wsfed/xml_security.rb,
lib/omniauth/strategies/wsfed/auth_callback.rb,
lib/omniauth/strategies/wsfed/validation_error.rb,
lib/omniauth/strategies/wsfed/auth_callback_validator.rb

Defined Under Namespace

Modules: XMLSecurity Classes: AuthCallback, AuthCallbackValidator, AuthRequest, SAML1Token, SAML2Token, ValidationError

Constant Summary collapse

WS_TRUST = 
'http://schemas.xmlsoap.org/ws/2005/02/trust'
WS_POLICY = 
'http://schemas.xmlsoap.org/ws/2004/09/policy'

Instance Method Summary collapse

Instance Method Details

#callback_phaseObject

Parse SAML token…



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/omniauth/strategies/wsfed.rb', line 29

def callback_phase
  begin
    validate_callback_params(@request)

    wsfed_callback = request.params['wresult']

    signed_document = OmniAuth::Strategies::WSFed::XMLSecurity::SignedDocument.new(wsfed_callback, options)
    signed_document.validate(get_fingerprint, false)

    auth_callback   = OmniAuth::Strategies::WSFed::AuthCallback.new(wsfed_callback, options)
    validator       = OmniAuth::Strategies::WSFed::AuthCallbackValidator.new(auth_callback, options)

    validator.validate!

    @name_id  = auth_callback.name_id
    @claims   = auth_callback.attributes

    super

  rescue ArgumentError => e
    fail!(:invalid_response, e)
  rescue OmniAuth::Strategies::WSFed::ValidationError => e
    fail!(:invalid_authn_token, e)
  end

end

#request_phaseObject

Issues passive WS-Federation redirect for authentication…



21
22
23
24
25
26
 
# File 'lib/omniauth/strategies/wsfed.rb', line 21

def request_phase
  settings = options.dup
  settings[:reply] ||= callback_url
  auth_request = OmniAuth::Strategies::WSFed::AuthRequest.new(settings, :whr => @request.params['whr'])
  redirect(auth_request.redirect_url)
end