Class: Saml::Kit::AuthenticationRequest

Inherits:
Document
  • Object
show all
Includes:
Requestable
Defined in:
lib/saml/kit/authentication_request.rb

Overview

This class can be used to parse a SAML AuthnRequest or generate one.

To generate an AuthnRequest use the builder API.

request = AuthenticationRequest.build do |builder|
  builder.name_id_format = [Saml::Kit::Namespaces::EMAIL_ADDRESS]
end

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_ca3a0e72-9530-41f1-9518-c53716de88b2" Version="2.0" IssueInstant="2017-12-19T16:27:44Z" Destination="http://hartmann.info" AssertionConsumerServiceURL="https://carroll.com/acs">
  <saml:Issuer>Day of the Dangerous Cousins</saml:Issuer>
  <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

Example:

Constant Summary

Constants inherited from Document

Document::NAMESPACES, Document::PROTOCOL_XSD, Document::XPATH

Instance Attribute Summary

Attributes inherited from Document

#registry

Instance Method Summary collapse

Methods inherited from Document

#destination, #id, #issue_instant, #issuer, #to_h, #to_s, to_saml_document, #to_xhtml, #to_xml, #version

Methods included from Trustable

#signed?, #trusted?

Constructor Details

#initialize(xml, configuration: Saml::Kit.configuration) ⇒ AuthenticationRequest

Create an instance of an AuthnRequest document.

Parameters:

  • xml (String)

    the raw xml.

  • configuration (Saml::Kit::Configuration) (defaults to: Saml::Kit.configuration)

    defaults to the global configuration.



29
30
31
 
# File 'lib/saml/kit/authentication_request.rb', line 29

def initialize(xml, configuration: Saml::Kit.configuration)
  super(xml, name: 'AuthnRequest', configuration: configuration)
end

Instance Method Details

#assertion_consumer_service_urlObject

Extract the AssertionConsumerServiceURL from the AuthnRequest

<samlp:AuthnRequest AssertionConsumerServiceURL="https://carroll.com/acs"></samlp:AuthnRequest>



35
36
37
 
# File 'lib/saml/kit/authentication_request.rb', line 35

def assertion_consumer_service_url
  at_xpath('./*/@AssertionConsumerServiceURL').try(:value)
end

#name_id_formatObject 



39
40
41
 
# File 'lib/saml/kit/authentication_request.rb', line 39

def name_id_format
  name_id_policy
end

#name_id_policyObject

Extract the NameIDPolicy from the AuthnRequest

<samlp:AuthnRequest>
  <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>



47
48
49
 
# File 'lib/saml/kit/authentication_request.rb', line 47

def name_id_policy
  at_xpath('./*/samlp:NameIDPolicy/@Format').try(:value)
end

#response_for(user, binding:, relay_state: nil, configuration: Saml::Kit.configuration) ⇒ Object

Generate a Response for a specific user.

Parameters:

  • user (Object)

    this is a custom user object that can be used for generating a nameid and assertion attributes.

  • binding (Symbol)

    the SAML binding to use ‘:http_post` or `:http_redirect`.

  • configuration (Saml::Kit::Configuration) (defaults to: Saml::Kit.configuration)

    the configuration to use to build the response.



55
56
57
58
59
60
61
62
 
# File 'lib/saml/kit/authentication_request.rb', line 55

def response_for(user, binding:, relay_state: nil, configuration: Saml::Kit.configuration)
  response_binding = provider.assertion_consumer_service_for(binding: binding)
  builder = Saml::Kit::Response.builder(user, self, configuration: configuration) do |x|
    x.embed_signature = provider.want_assertions_signed
    yield x if block_given?
  end
  response_binding.serialize(builder, relay_state: relay_state)
end