Class: OneLogin::RubySaml::Logoutrequest
- Inherits:
-
SamlMessage
- Object
- SamlMessage
- OneLogin::RubySaml::Logoutrequest
- Defined in:
- lib/onelogin/ruby-saml/logoutrequest.rb
Overview
SAML2 Logout Request (SLO SP initiated, Builder)
Constant Summary
Constants inherited from SamlMessage
SamlMessage::ASSERTION, SamlMessage::BASE64_FORMAT, SamlMessage::PROTOCOL
Instance Attribute Summary collapse
-
#uuid ⇒ Object
readonly
Logout Request ID.
Instance Method Summary collapse
-
#create(settings, params = {}) ⇒ String
Creates the Logout Request string.
-
#create_logout_request_xml_doc(settings) ⇒ String
Creates the SAMLRequest String.
-
#create_params(settings, params = {}) ⇒ Hash
Creates the Get parameters for the logout request.
- #create_xml_document(settings) ⇒ Object
-
#initialize ⇒ Logoutrequest
constructor
Initializes the Logout Request.
- #sign_document(document, settings) ⇒ Object
Methods inherited from SamlMessage
#id, schema, #valid_saml?, #version
Constructor Details
#initialize ⇒ Logoutrequest
Initializes the Logout Request. A Logoutrequest Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.
19 20 21 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 19 def initialize @uuid = OneLogin::RubySaml::Utils.uuid end |
Instance Attribute Details
#uuid ⇒ Object (readonly)
Logout Request ID
14 15 16 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 14 def uuid @uuid end |
Instance Method Details
#create(settings, params = {}) ⇒ String
Creates the Logout Request string.
28 29 30 31 32 33 34 35 36 37 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 28 def create(settings, params={}) params = create_params(settings, params) params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?' saml_request = CGI.escape(params.delete("SAMLRequest")) request_params = "#{params_prefix}SAMLRequest=#{saml_request}" params.each_pair do |key, value| request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" end @logout_url = settings.idp_slo_target_url + request_params end |
#create_logout_request_xml_doc(settings) ⇒ String
Creates the SAMLRequest String.
91 92 93 94 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 91 def create_logout_request_xml_doc(settings) document = create_xml_document(settings) sign_document(document, settings) end |
#create_params(settings, params = {}) ⇒ Hash
Creates the Get parameters for the logout request.
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 44 def create_params(settings, params={}) # The method expects :RelayState but sometimes we get 'RelayState' instead. # Based on the HashWithIndifferentAccess value in Rails we could experience # conflicts so this line will solve them. relay_state = params[:RelayState] || params['RelayState'] if relay_state.nil? params.delete(:RelayState) params.delete('RelayState') end request_doc = create_logout_request_xml_doc(settings) request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values request = "" request_doc.write(request) Logging.debug "Created SLO Logout Request: #{request}" request = deflate(request) if settings.compress_request base64_request = encode(request) request_params = {"SAMLRequest" => base64_request} if settings.security[:logout_requests_signed] && !settings.security[:embed_sign] && settings.private_key params['SigAlg'] = settings.security[:signature_method] url_string = OneLogin::RubySaml::Utils.build_query( :type => 'SAMLRequest', :data => base64_request, :relay_state => relay_state, :sig_alg => params['SigAlg'] ) sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method]) signature = settings.get_sp_key.sign(sign_algorithm.new, url_string) params['Signature'] = encode(signature) end params.each_pair do |key, value| request_params[key] = value.to_s end request_params end |
#create_xml_document(settings) ⇒ Object
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 96 def create_xml_document(settings) time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ") request_doc = XMLSecurity::Document.new request_doc.uuid = uuid root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" } root.attributes['ID'] = uuid root.attributes['IssueInstant'] = time root.attributes['Version'] = "2.0" root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil? if settings.issuer issuer = root.add_element "saml:Issuer" issuer.text = settings.issuer end nameid = root.add_element "saml:NameID" if settings.name_identifier_value nameid.attributes['NameQualifier'] = settings.idp_name_qualifier if settings.idp_name_qualifier nameid.attributes['SPNameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format nameid.text = settings.name_identifier_value else # If no NameID is present in the settings we generate one nameid.text = OneLogin::RubySaml::Utils.uuid nameid.attributes['Format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' end if settings.sessionindex sessionindex = root.add_element "samlp:SessionIndex" sessionindex.text = settings.sessionindex end request_doc end |
#sign_document(document, settings) ⇒ Object
133 134 135 136 137 138 139 140 141 142 |
# File 'lib/onelogin/ruby-saml/logoutrequest.rb', line 133 def sign_document(document, settings) # embed signature if settings.security[:logout_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign] private_key = settings.get_sp_key cert = settings.get_sp_cert document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method]) end document end |