Class: OneLogin::RubySaml::Authrequest
- Inherits:
-
SamlMessage
- Object
- SamlMessage
- OneLogin::RubySaml::Authrequest
- Defined in:
- lib/onelogin/ruby-saml/authrequest.rb
Overview
SAML2 Authentication. AuthNRequest (SSO SP initiated, Builder)
Constant Summary
Constants inherited from SamlMessage
SamlMessage::ASSERTION, SamlMessage::BASE64_FORMAT, SamlMessage::PROTOCOL
Instance Attribute Summary collapse
-
#uuid ⇒ Object
readonly
AuthNRequest ID.
Instance Method Summary collapse
-
#create(settings, params = {}) ⇒ String
Creates the AuthNRequest string.
-
#create_authentication_xml_doc(settings) ⇒ String
Creates the SAMLRequest String.
-
#create_params(settings, params = {}) ⇒ Hash
Creates the Get parameters for the request.
- #create_xml_document(settings) ⇒ Object
-
#initialize ⇒ Authrequest
constructor
Initializes the AuthNRequest.
- #sign_document(document, settings) ⇒ Object
Methods inherited from SamlMessage
#id, schema, #valid_saml?, #version
Constructor Details
#initialize ⇒ Authrequest
Initializes the AuthNRequest. An Authrequest Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.
22 23 24 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 22 def initialize @uuid = OneLogin::RubySaml::Utils.uuid end |
Instance Attribute Details
#uuid ⇒ Object (readonly)
AuthNRequest ID
17 18 19 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 17 def uuid @uuid end |
Instance Method Details
#create(settings, params = {}) ⇒ String
Creates the AuthNRequest string.
31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 31 def create(settings, params = {}) params = create_params(settings, params) params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?' saml_request = CGI.escape(params.delete("SAMLRequest")) request_params = "#{params_prefix}SAMLRequest=#{saml_request}" params.each_pair do |key, value| request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" end raise "Invalid settings, idp_sso_target_url is not set!" if settings.idp_sso_target_url.nil? @login_url = settings.idp_sso_target_url + request_params end |
#create_authentication_xml_doc(settings) ⇒ String
Creates the SAMLRequest String.
95 96 97 98 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 95 def create_authentication_xml_doc(settings) document = create_xml_document(settings) sign_document(document, settings) end |
#create_params(settings, params = {}) ⇒ Hash
Creates the Get parameters for the request.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 48 def create_params(settings, params={}) # The method expects :RelayState but sometimes we get 'RelayState' instead. # Based on the HashWithIndifferentAccess value in Rails we could experience # conflicts so this line will solve them. relay_state = params[:RelayState] || params['RelayState'] if relay_state.nil? params.delete(:RelayState) params.delete('RelayState') end request_doc = create_authentication_xml_doc(settings) request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values request = "" request_doc.write(request) Logging.debug "Created AuthnRequest: #{request}" request = deflate(request) if settings.compress_request base64_request = encode(request) request_params = {"SAMLRequest" => base64_request} if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key params['SigAlg'] = settings.security[:signature_method] url_string = OneLogin::RubySaml::Utils.build_query( :type => 'SAMLRequest', :data => base64_request, :relay_state => relay_state, :sig_alg => params['SigAlg'] ) sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method]) signature = settings.get_sp_key.sign(sign_algorithm.new, url_string) params['Signature'] = encode(signature) end params.each_pair do |key, value| request_params[key] = value.to_s end request_params end |
#create_xml_document(settings) ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 100 def create_xml_document(settings) time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ") request_doc = XMLSecurity::Document.new request_doc.uuid = uuid root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" } root.attributes['ID'] = uuid root.attributes['IssueInstant'] = time root.attributes['Version'] = "2.0" root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? root.attributes['IsPassive'] = settings.passive unless settings.passive.nil? root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil? root.attributes["AttributeConsumingServiceIndex"] = settings.attributes_index unless settings.attributes_index.nil? root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil? # Conditionally defined elements based on settings if settings.assertion_consumer_service_url != nil root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url end if settings.issuer != nil issuer = root.add_element "saml:Issuer" issuer.text = settings.issuer end if settings.name_identifier_value_requested != nil subject = root.add_element "saml:Subject" nameid = subject.add_element "saml:NameID" nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format nameid.text = settings.name_identifier_value_requested subject_confirmation = subject.add_element "saml:SubjectConfirmation" subject_confirmation.attributes['Method'] = "urn:oasis:names:tc:SAML:2.0:cm:bearer" end if settings.name_identifier_format != nil root.add_element "samlp:NameIDPolicy", { # Might want to make AllowCreate a setting? "AllowCreate" => "true", "Format" => settings.name_identifier_format } end if settings.authn_context || settings.authn_context_decl_ref if settings.authn_context_comparison != nil comparison = settings.authn_context_comparison else comparison = 'exact' end requested_context = root.add_element "samlp:RequestedAuthnContext", { "Comparison" => comparison, } if settings.authn_context != nil authn_contexts_class_ref = settings.authn_context.is_a?(Array) ? settings.authn_context : [settings.authn_context] authn_contexts_class_ref.each do |authn_context_class_ref| class_ref = requested_context.add_element "saml:AuthnContextClassRef" class_ref.text = authn_context_class_ref end end if settings.authn_context_decl_ref != nil authn_contexts_decl_refs = settings.authn_context_decl_ref.is_a?(Array) ? settings.authn_context_decl_ref : [settings.authn_context_decl_ref] authn_contexts_decl_refs.each do |authn_context_decl_ref| decl_ref = requested_context.add_element "saml:AuthnContextDeclRef" decl_ref.text = authn_context_decl_ref end end end request_doc end |
#sign_document(document, settings) ⇒ Object
176 177 178 179 180 181 182 183 184 185 |
# File 'lib/onelogin/ruby-saml/authrequest.rb', line 176 def sign_document(document, settings) # embed signature if settings.security[:authn_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign] private_key = settings.get_sp_key cert = settings.get_sp_cert document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method]) end document end |