Class: OneLogin::RubySaml::IdpMetadataParser

Inherits:

Object

• Object
• OneLogin::RubySaml::IdpMetadataParser

Includes:

SamlMetadata::Vocabulary

Defined in:

lib/onelogin/ruby-saml/idp_metadata_parser.rb

Overview

Auxiliary class to retrieve and parse the Identity Provider Metadata

Defined Under Namespace

Modules: SamlMetadata Classes: IdpMetadata

Constant Summary

Constants included from SamlMetadata::Vocabulary

SamlMetadata::Vocabulary::DSIG, SamlMetadata::Vocabulary::METADATA, SamlMetadata::Vocabulary::NAME_FORMAT, SamlMetadata::Vocabulary::SAML_ASSERTION

Instance Attribute Summary

• #document ⇒ Object readonly

  Returns the value of attribute document.

• #options ⇒ Object readonly

  Returns the value of attribute options.

• #response ⇒ Object readonly

  Returns the value of attribute response.

Class Method Summary

• .get_idps(metadata_document, only_entity_id = nil) ⇒ Object

  fetch IdP descriptors from a metadata document.

Instance Method Summary

• #parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

  Parse the Identity Provider metadata and update the settings with the IdP values.

• #parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

  Parse the Identity Provider metadata and update the settings with the IdP values.

• #parse_remote_to_array(url, validate_cert = true, options = {}) ⇒ Array<Hash>

  Parse all Identity Provider metadata and return the results as Array.

• #parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

  Parse the Identity Provider metadata and return the results as Hash.

• #parse_to_array(idp_metadata, options = {}) ⇒ Array<Hash>

  Parse all Identity Provider metadata and return the results as Array.

• #parse_to_hash(idp_metadata, options = {}) ⇒ Hash

  Parse the Identity Provider metadata and return the results as Hash.

• #parse_to_idp_metadata_array(idp_metadata, options = {}) ⇒ Object

Instance Attribute Details

#document ⇒ Object (readonly)

Returns the value of attribute document.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 33

def document
  @document
end

#options ⇒ Object (readonly)

Returns the value of attribute options.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 35

def options
  @options
end

#response ⇒ Object (readonly)

Returns the value of attribute response.

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 34

def response
  @response
end

Class Method Details

.get_idps(metadata_document, only_entity_id = nil) ⇒ Object

fetch IdP descriptors from a metadata document

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 38

def self.get_idps(metadata_document, only_entity_id=nil)
  path = "//md:EntityDescriptor#{only_entity_id && '[@entityID="' + only_entity_id + '"]'}/md:IDPSSODescriptor"
  REXML::XPath.match(
    metadata_document,
    path,
    SamlMetadata::NAMESPACE
  )
end

Instance Method Details

#parse(idp_metadata, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  :settings to provide the OneLogin::RubySaml::Settings object or an hash for Settings overrides

Options Hash (options):

• :settings (OneLogin::RubySaml::Settings, Hash) —

  the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (OneLogin::RubySaml::Settings)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 113

def parse(idp_metadata, options = {})
  parsed_metadata = parse_to_hash(idp_metadata, options)

  unless parsed_metadata[:cache_duration].nil?
    cache_valid_until_timestamp = OneLogin::RubySaml::Utils.parse_duration(parsed_metadata[:cache_duration])
    if parsed_metadata[:valid_until].nil? || cache_valid_until_timestamp < Time.parse(parsed_metadata[:valid_until], Time.now.utc).to_i
      parsed_metadata[:valid_until] = Time.at(cache_valid_until_timestamp).utc.strftime("%Y-%m-%dT%H:%M:%SZ")
    end
  end
  # Remove the cache_duration because on the settings
  # we only gonna suppot valid_until 
  parsed_metadata.delete(:cache_duration)

  settings = options[:settings]

  if settings.nil?
    OneLogin::RubySaml::Settings.new(parsed_metadata)
  elsif settings.is_a?(Hash)
    OneLogin::RubySaml::Settings.new(settings.merge(parsed_metadata))
  else
    merge_parsed_metadata_into(settings, parsed_metadata)
  end
end

#parse_remote(url, validate_cert = true, options = {}) ⇒ OneLogin::RubySaml::Settings

Parse the Identity Provider metadata and update the settings with the IdP values

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :settings (OneLogin::RubySaml::Settings, Hash) —

  the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides.

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (OneLogin::RubySaml::Settings)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 62

def parse_remote(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse(idp_metadata, options)
end

#parse_remote_to_array(url, validate_cert = true, options = {}) ⇒ Array<Hash>

Parse all Identity Provider metadata and return the results as Array

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, all found IdPs are returned.

Returns:

• (Array<Hash>)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 97

def parse_remote_to_array(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse_to_array(idp_metadata, options)
end

#parse_remote_to_hash(url, validate_cert = true, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

• url (String) —

  Url where the XML of the Identity Provider Metadata is published.

• validate_cert (Boolean) (defaults to: true) —

  If true and the URL is HTTPs, the cert of the domain is checked.

• options (Hash) (defaults to: {}) —

  options used for parsing the metadata

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (Hash)

Raises:

• (HttpError) —

  Failure to fetch remote IdP metadata

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 80

def parse_remote_to_hash(url, validate_cert = true, options = {})
  parse_remote_to_array(url, validate_cert, options)[0]
end

#parse_to_array(idp_metadata, options = {}) ⇒ Array<Hash>

Parse all Identity Provider metadata and return the results as Array

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, all found IdPs are returned.

Returns:

• (Array<Hash>)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 161

def parse_to_array(idp_metadata, options = {})
  parse_to_idp_metadata_array(idp_metadata, options).map{|idp_md| idp_md.to_hash(options)}
end

#parse_to_hash(idp_metadata, options = {}) ⇒ Hash

Parse the Identity Provider metadata and return the results as Hash

Parameters:

• idp_metadata (String)
• options (Hash) (defaults to: {}) —

  options used for parsing the metadata and the returned Settings instance

Options Hash (options):

• :sso_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used.

• :slo_binding (Array<String>, nil) —

  an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.

• :entity_id (String, nil) —

  when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

Returns:

• (Hash)

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 147

def parse_to_hash(idp_metadata, options = {})
  parse_to_array(idp_metadata, options)[0]
end

#parse_to_idp_metadata_array(idp_metadata, options = {}) ⇒ Object

# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 165

def parse_to_idp_metadata_array(idp_metadata, options = {})
  @document = REXML::Document.new(idp_metadata)
  @options = options

  idpsso_descriptors = self.class.get_idps(@document, options[:entity_id])
  if !idpsso_descriptors.any?
    raise ArgumentError.new("idp_metadata must contain an IDPSSODescriptor element")
  end

  return idpsso_descriptors.map{|id| IdpMetadata.new(id, id.parent.attributes["entityID"])}
end