Class: Saml::Kit::IdentityProviderMetadata

Inherits:

Metadata

• Object
• Metadata
• Saml::Kit::IdentityProviderMetadata

Defined in:

lib/saml/kit/identity_provider_metadata.rb

Overview

This class is used to parse the IDPSSODescriptor from a SAML metadata document.

raw_xml = <<-XML
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cfa24e2f-0ec0-4ee3-abb8-b2fcfe394c1c" entityID="">
  <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/logout"/>
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/login"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/login"/>
    <saml:Attribute Name="id"/>
  </IDPSSODescriptor>
</EntityDescriptor>
XML

metadata = Saml::Kit::IdentityProviderMetadata.new(raw_xml)
puts metadata.entity_id

It can also be used to generate IDP metadata.

metadata = Saml::Kit::IdentityProviderMetadata.build do |builder|
  builder.entity_id = "my-entity-id"
end
puts metadata.to_xml

For more details on generating metadata see Metadata.

Example:

Constant Summary

Builder =

Deprecated.

Use Builders::IdentityProviderMetadata instead of this.

ActiveSupport::Deprecation::DeprecatedConstantProxy.new('Saml::Kit::IdentityProviderMetadata::Builder', 'Saml::Kit::Builders::IdentityProviderMetadata')

Constants inherited from Metadata

Metadata::METADATA_XSD, Metadata::NAMESPACES

Instance Attribute Summary

Attributes inherited from Metadata

#name

Instance Method Summary

• #attributes ⇒ Object

  Returns each of the Attributes in the metadata.

• #initialize(xml) ⇒ IdentityProviderMetadata constructor

  A new instance of IdentityProviderMetadata.

• #login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration) ⇒ Array

  Creates a AuthnRequest document for the specified binding.

• #single_sign_on_service_for(binding:) ⇒ Object

  Returns a SingleSignOnService elements with the specified binding.

• #single_sign_on_services ⇒ Object

  Returns each of the SingleSignOnService elements.

• #want_authn_requests_signed ⇒ Object

  Returns the IDPSSODescriptor/@WantAuthnRequestsSigned attribute.

Methods inherited from Metadata

#certificates, #contact_person_company, #encryption_certificates, #entity_id, from, #logout_request_for, #matches?, #name_id_formats, #organization_name, #organization_url, #service_for, #services, #signing_certificates, #single_logout_service_for, #single_logout_services, #to_h, #to_s, #to_xml, #verify

Constructor Details

#initialize(xml) ⇒ IdentityProviderMetadata

Returns a new instance of IdentityProviderMetadata.

# File 'lib/saml/kit/identity_provider_metadata.rb', line 34

def initialize(xml)
  super("IDPSSODescriptor", xml)
end

Instance Method Details

#attributes ⇒ Object

Returns each of the Attributes in the metadata.

# File 'lib/saml/kit/identity_provider_metadata.rb', line 59

def attributes
  document.find_all("/md:EntityDescriptor/md:#{name}/saml:Attribute").map do |item|
    {
      format: item.attribute("NameFormat").try(:value),
      name: item.attribute("Name").value,
    }
  end
end

#login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration) ⇒ Array

Creates a AuthnRequest document for the specified binding.

Parameters:

• binding (Symbol) —

  ‘:http_post` or `:http_redirect`.

• relay_state (Object) (defaults to: nil) —

  The RelayState to include the returned SAML params.

• configuration (Saml::Kit::Configuration) (defaults to: Saml::Kit.configuration) —

  the configuration to use for generating the request.

Returns:

• (Array) —

  The url and saml params encoded using the rules for the specified binding.

# File 'lib/saml/kit/identity_provider_metadata.rb', line 74

def login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration) # :yields builder
  builder = Saml::Kit::AuthenticationRequest.builder(configuration: configuration) do |x|
    x.embed_signature = want_authn_requests_signed
    yield x if block_given?
  end
  request_binding = single_sign_on_service_for(binding: binding)
  request_binding.serialize(builder, relay_state: relay_state)
end

#single_sign_on_service_for(binding:) ⇒ Object

Returns a SingleSignOnService elements with the specified binding.

Parameters:

• binding (Symbol) —

  ‘:http_post` or `:http_redirect`.

# File 'lib/saml/kit/identity_provider_metadata.rb', line 54

def single_sign_on_service_for(binding:)
  service_for(binding: binding, type: 'SingleSignOnService')
end

#single_sign_on_services ⇒ Object

Returns each of the SingleSignOnService elements.

# File 'lib/saml/kit/identity_provider_metadata.rb', line 47

def single_sign_on_services
  services('SingleSignOnService')
end

#want_authn_requests_signed ⇒ Object

Returns the IDPSSODescriptor/@WantAuthnRequestsSigned attribute.

# File 'lib/saml/kit/identity_provider_metadata.rb', line 39

def want_authn_requests_signed
  xpath = "/md:EntityDescriptor/md:#{name}"
  attribute = document.find_by(xpath).attribute("WantAuthnRequestsSigned")
  return true if attribute.nil?
  attribute.text.downcase == "true"
end