Class: Saml::Kit::AuthenticationRequest

Inherits:

Document

• Object
• Document
• Saml::Kit::AuthenticationRequest

Includes:

Requestable

Defined in:

lib/saml/kit/authentication_request.rb

Overview

This class can be used to parse a SAML AuthnRequest or generate one.

To generate an AuthnRequest use the builder API.

request = AuthenticationRequest.build do |builder|
  builder.name_id_format = [Saml::Kit::Namespaces::EMAIL_ADDRESS]
end

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  ID="_ca3a0e72-9530-41f1-9518-c53716de88b2"
  Version="2.0"
  IssueInstant="2017-12-19T16:27:44Z"
  Destination="http://hartmann.info"
  AssertionConsumerServiceURL="https://carroll.com/acs">
  <saml:Issuer>Day of the Dangerous Cousins</saml:Issuer>
  <samlp:NameIDPolicy
    Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

Example:

Constant Summary

Constants inherited from Document

Document::CONSTRUCTORS, Document::XPATH

Constants included from XsdValidatable

XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary

Attributes inherited from Document

#name, #registry

Instance Method Summary

• #assertion_consumer_service_url ⇒ Object

  Extract the AssertionConsumerServiceURL from the AuthnRequest <samlp:AuthnRequest AssertionConsumerServiceURL=“carroll.com/acs”> </samlp:AuthnRequest>.

• #force_authn ⇒ Object

  Returns the ForceAuthn attribute as a boolean.

• #initialize(xml, configuration: Saml::Kit.configuration) ⇒ AuthenticationRequest constructor

  Create an instance of an AuthnRequest document.

• #name_id_format ⇒ Object
• #name_id_policy ⇒ Object

  Extract the NameIDPolicy from the AuthnRequest <samlp:AuthnRequest> <samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”/> </samlp:AuthnRequest>.

• #response_for(user, binding:, relay_state: nil, configuration: Saml::Kit.configuration) ⇒ Object

  Generate a Response for a specific user.

Methods inherited from Document

#destination, #id, #issue_instant, #issuer, to_saml_document, #version

Methods included from XmlParseable

#present?, #to_h, #to_s, #to_xhtml, #to_xml

Methods included from Trustable

#signed?, #trusted?

Constructor Details

#initialize(xml, configuration: Saml::Kit.configuration) ⇒ AuthenticationRequest

Create an instance of an AuthnRequest document.

configuration.

Parameters:

• xml (String) —

  the raw xml.

• configuration (Saml::Kit::Configuration) (defaults to: Saml::Kit.configuration) —

  defaults to the global

# File 'lib/saml/kit/authentication_request.rb', line 38

def initialize(xml, configuration: Saml::Kit.configuration)
  super(xml, name: 'AuthnRequest', configuration: configuration)
end

Instance Method Details

#assertion_consumer_service_url ⇒ Object

Extract the AssertionConsumerServiceURL from the AuthnRequest

<samlp:AuthnRequest
  AssertionConsumerServiceURL="https://carroll.com/acs">
</samlp:AuthnRequest>

# File 'lib/saml/kit/authentication_request.rb', line 46

def assertion_consumer_service_url
  at_xpath('./*/@AssertionConsumerServiceURL').try(:value)
end

#force_authn ⇒ Object

Returns the ForceAuthn attribute as a boolean.

# File 'lib/saml/kit/authentication_request.rb', line 51

def force_authn
  at_xpath('./*/@ForceAuthn').try(:value) == 'true'
end

#name_id_format ⇒ Object

# File 'lib/saml/kit/authentication_request.rb', line 55

def name_id_format
  name_id_policy
end

#name_id_policy ⇒ Object

Extract the NameIDPolicy from the AuthnRequest

<samlp:AuthnRequest>
  <samlp:NameIDPolicy
    Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

# File 'lib/saml/kit/authentication_request.rb', line 64

def name_id_policy
  at_xpath('./*/samlp:NameIDPolicy/@Format').try(:value)
end

#response_for(user, binding:, relay_state: nil, configuration: Saml::Kit.configuration) ⇒ Object

Generate a Response for a specific user. generating a nameid and assertion attributes. ‘:http_post` or `:http_redirect`. use to build the response.

Parameters:

• user (Object) —

  this is a custom user object that can be used for

• binding (Symbol) —

  the SAML binding to use

• configuration (Saml::Kit::Configuration) (defaults to: Saml::Kit.configuration) —

  the configuration to

# File 'lib/saml/kit/authentication_request.rb', line 75

def response_for(
  user, binding:, relay_state: nil, configuration: Saml::Kit.configuration
)
  response =
    Response.builder(user, self, configuration: configuration) do |x|
      x.embed_signature = provider.want_assertions_signed
      yield x if block_given?
    end
  provider
    .assertion_consumer_service_for(binding: binding)
    .serialize(response, relay_state: relay_state)
end