Class: OneLogin::RubySaml::IdpMetadataParser

Inherits:

Object

• Object
• OneLogin::RubySaml::IdpMetadataParser

Includes:

SamlMetadata::Vocabulary

Defined in:

lib/onelogin/ruby-saml/idp_metadata_parser.rb

Overview

Auxiliary class to retrieve and parse the Identity Provider Metadata

Constant Summary

Constants included from SamlMetadata::Vocabulary

SamlMetadata::Vocabulary::DSIG, SamlMetadata::Vocabulary::METADATA, SamlMetadata::Vocabulary::NAME_FORMAT, SamlMetadata::Vocabulary::SAML_ASSERTION

Instance Attribute Summary

• #document ⇒ Object readonly

  Returns the value of attribute document.

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #response ⇒ Object readonly

  Returns the value of attribute response.

Instance Method Summary

• #parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

  Parse the Identity Provider metadata and update the settings with the IdP values.

• #parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

  Parse the Identity Provider metadata and update the settings with the IdP values.

• #parse_remote_to_array(url, validate_cert = true, options = {}) ⇒ Array<Hash>

  Parse all Identity Provider metadata and return the results as Array.

• #parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

  Parse the Identity Provider metadata and return the results as Hash.

• #parse_to_array(idp_metadata, options = {}) ⇒ Array<Hash>

  Parse all Identity Provider metadata and return the results as Array.

• #parse_to_hash(idp_metadata, options = {}) ⇒ Hash

  Parse the Identity Provider metadata and return the results as Hash.

Instance Attribute Details

#document ⇒ Object (readonly)

Returns the value of attribute document.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 33

def document
  @document
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 35

def options
  @options
end

#response ⇒ Object (readonly)

Returns the value of attribute response.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 34

def response
  @response
end

Instance Method Details

#parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  :settings to provide the OneLogin::RubySaml::Settings object or an hash for Settings overrides

Options Hash (options):

• :settings (OneLogin::RubySaml::Settings, Hash) —

  the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (OneLogin::RubySaml::Settings)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 103

def parse(idp_metadata, options = {})
  parsed_metadata = parse_to_hash(idp_metadata, options)

  settings = options[:settings]

  if settings.nil?
    OneLogin::RubySaml::Settings.new(parsed_metadata)
  elsif settings.is_a?(Hash)
    OneLogin::RubySaml::Settings.new(settings.merge(parsed_metadata))
  else
    merge_parsed_metadata_into(settings, parsed_metadata)
  end
end

#parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :settings (OneLogin::RubySaml::Settings, Hash) —

  the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (OneLogin::RubySaml::Settings)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 52

def parse_remote(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse(idp_metadata, options)
end

#parse_remote_to_array(url, validate_cert = true, options = {}) ⇒ Array<Hash>

Parse all Identity Provider metadata and return the results as Array

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, all found IdPs are returned.

Returns:

• (Array<Hash>)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 87

def parse_remote_to_array(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse_to_array(idp_metadata, options)
end

#parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (Hash)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 70

def parse_remote_to_hash(url, validate_cert = true, options = {})
  parse_remote_to_array(url, validate_cert, options)[0]
end

#parse_to_array(idp_metadata, options = {}) ⇒ Array<Hash>

Parse all Identity Provider metadata and return the results as Array

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, all found IdPs are returned.

Returns:

• (Array<Hash>)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 141

def parse_to_array(idp_metadata, options = {})
  @document = REXML::Document.new(idp_metadata)
  @options = options

  idpsso_descriptors = IdpMetadata::get_idps(@document, options[:entity_id])
  if !idpsso_descriptors.any?
    raise ArgumentError.new("idp_metadata must contain an IDPSSODescriptor element")
  end

  return idpsso_descriptors.map{|id| IdpMetadata.new(id, id.parent.attributes["entityID"]).to_hash(options)}
end

#parse_to_hash(idp_metadata, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (Hash)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 127

def parse_to_hash(idp_metadata, options = {})
  parse_to_array(idp_metadata, options)[0]
end