Class: OneLogin::RubySaml::SloLogoutresponse
- Inherits:
-
SamlMessage
- Object
- SamlMessage
- OneLogin::RubySaml::SloLogoutresponse
- Defined in:
- lib/onelogin/ruby-saml/slo_logoutresponse.rb
Overview
SAML2 Logout Response (SLO SP initiated, Parser)
Constant Summary
Constants inherited from SamlMessage
OneLogin::RubySaml::SamlMessage::ASSERTION, OneLogin::RubySaml::SamlMessage::BASE64_FORMAT, OneLogin::RubySaml::SamlMessage::PROTOCOL
Instance Attribute Summary collapse
-
#uuid ⇒ Object
readonly
Logout Response ID.
Instance Method Summary collapse
-
#create(settings, request_id = nil, logout_message = nil, params = {}) ⇒ String
Creates the Logout Response string.
-
#create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil) ⇒ String
Creates the SAMLResponse String.
-
#create_params(settings, request_id = nil, logout_message = nil, params = {}) ⇒ Hash
Creates the Get parameters for the logout response.
- #create_xml_document(settings, request_id = nil, logout_message = nil) ⇒ Object
-
#initialize ⇒ SloLogoutresponse
constructor
Initializes the Logout Response.
- #sign_document(document, settings) ⇒ Object
Methods inherited from SamlMessage
#id, schema, #valid_saml?, #version
Constructor Details
#initialize ⇒ SloLogoutresponse
Initializes the Logout Response. A SloLogoutresponse Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.
20 21 22 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 20 def initialize @uuid = OneLogin::RubySaml::Utils.uuid end |
Instance Attribute Details
#uuid ⇒ Object (readonly)
Logout Response ID
15 16 17 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 15 def uuid @uuid end |
Instance Method Details
#create(settings, request_id = nil, logout_message = nil, params = {}) ⇒ String
Creates the Logout Response string.
31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 31 def create(settings, request_id = nil, = nil, params = {}) params = create_params(settings, request_id, , params) params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?' saml_response = CGI.escape(params.delete("SAMLResponse")) response_params = "#{params_prefix}SAMLResponse=#{saml_response}" params.each_pair do |key, value| response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}" end @logout_url = settings.idp_slo_target_url + response_params end |
#create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil) ⇒ String
Creates the SAMLResponse String.
99 100 101 102 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 99 def create_logout_response_xml_doc(settings, request_id = nil, = nil) document = create_xml_document(settings, request_id, ) sign_document(document, settings) end |
#create_params(settings, request_id = nil, logout_message = nil, params = {}) ⇒ Hash
Creates the Get parameters for the logout response.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 50 def create_params(settings, request_id = nil, = nil, params = {}) # The method expects :RelayState but sometimes we get 'RelayState' instead. # Based on the HashWithIndifferentAccess value in Rails we could experience # conflicts so this line will solve them. relay_state = params[:RelayState] || params['RelayState'] if relay_state.nil? params.delete(:RelayState) params.delete('RelayState') end response_doc = create_logout_response_xml_doc(settings, request_id, ) response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values response = "" response_doc.write(response) Logging.debug "Created SLO Logout Response: #{response}" response = deflate(response) if settings.compress_response base64_response = encode(response) response_params = {"SAMLResponse" => base64_response} if settings.security[:logout_responses_signed] && !settings.security[:embed_sign] && settings.private_key params['SigAlg'] = settings.security[:signature_method] url_string = OneLogin::RubySaml::Utils.build_query( :type => 'SAMLResponse', :data => base64_response, :relay_state => relay_state, :sig_alg => params['SigAlg'] ) sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method]) signature = settings.get_sp_key.sign(sign_algorithm.new, url_string) params['Signature'] = encode(signature) end params.each_pair do |key, value| response_params[key] = value.to_s end response_params end |
#create_xml_document(settings, request_id = nil, logout_message = nil) ⇒ Object
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 104 def create_xml_document(settings, request_id = nil, = nil) time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ') response_doc = XMLSecurity::Document.new response_doc.uuid = uuid root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" } root.attributes['ID'] = uuid root.attributes['IssueInstant'] = time root.attributes['Version'] = '2.0' root.attributes['InResponseTo'] = request_id unless request_id.nil? root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil? if settings.issuer != nil issuer = root.add_element "saml:Issuer" issuer.text = settings.issuer end # add success message status = root.add_element 'samlp:Status' # success status code status_code = status.add_element 'samlp:StatusCode' status_code.attributes['Value'] = 'urn:oasis:names:tc:SAML:2.0:status:Success' # success status message ||= 'Successfully Signed Out' = status.add_element 'samlp:StatusMessage' .text = response_doc end |
#sign_document(document, settings) ⇒ Object
137 138 139 140 141 142 143 144 145 146 |
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 137 def sign_document(document, settings) # embed signature if settings.security[:logout_responses_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign] private_key = settings.get_sp_key cert = settings.get_sp_cert document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method]) end document end |