Class: Saml::Kit::IdentityProviderMetadata

Inherits:
Metadata
  • Object
show all
Defined in:
lib/saml/kit/identity_provider_metadata.rb

Overview

This class parses the IDPSSODescriptor from a SAML metadata document.

raw_xml = <<-XML
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor
  xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  ID="_cfa24e2f-0ec0-4ee3-abb8-b2fcfe394c1c"
  entityID="my-entity-id">
  <IDPSSODescriptor
    WantAuthnRequestsSigned="true"
    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <SingleLogoutService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://www.example.com/logout" />
    <NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    </NameIDFormat>
    <SingleSignOnService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://www.example.com/login" />
    <SingleSignOnService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      Location="https://www.example.com/login" />
    <saml:Attribute Name="id"/>
  </IDPSSODescriptor>
</EntityDescriptor>
XML

 = Saml::Kit::IdentityProviderMetadata.new(raw_xml)
puts .entity_id

It can also be used to generate IDP metadata.

 = Saml::Kit::IdentityProviderMetadata.build do |builder|
  builder.entity_id = "my-entity-id"
end
puts .to_xml

For more details on generating metadata see Metadata.

Example:

Constant Summary

Constants included from XsdValidatable

XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary

Attributes inherited from Metadata

#content, #name

Instance Method Summary collapse

Methods inherited from Metadata

#certificates, #contact_person_company, #encryption_certificates, #entity_id, from, #logout_request_for, #matches?, #name_id_formats, #organization, #organization_name, #organization_url, #service_for, #services, #signature, #signing_certificates, #single_logout_service_for, #single_logout_services, #verify

Methods included from XmlParseable

#present?, #to_h, #to_s, #to_xhtml, #to_xml

Constructor Details

#initialize(xml) ⇒ IdentityProviderMetadata

Returns a new instance of IdentityProviderMetadata


51
52
53
# File 'lib/saml/kit/identity_provider_metadata.rb', line 51

def initialize(xml)
  super('IDPSSODescriptor', xml)
end

Instance Method Details

#attributesObject

Returns each of the Attributes in the metadata.


77
78
79
80
81
82
83
84
# File 'lib/saml/kit/identity_provider_metadata.rb', line 77

def attributes
  search("/md:EntityDescriptor/md:#{name}/saml:Attribute").map do |item|
    {
      format: item.attribute('NameFormat').try(:value),
      name: item.attribute('Name').value,
    }
  end
end

#login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration) ⇒ Array

Creates a AuthnRequest document for the specified binding.

use for generating the request.

Parameters:

  • binding (Symbol)

    `:http_post` or `:http_redirect`.

  • relay_state (Object)

    RelayState to include the returned params.

  • configuration (Saml::Kit::Configuration)

    the configuration to

Returns:

  • (Array)

    Url and params encoded using rules for binding.


93
94
95
96
97
98
99
100
101
102
103
# File 'lib/saml/kit/identity_provider_metadata.rb', line 93

def (
  binding:, relay_state: nil, configuration: Saml::Kit.configuration
)
  builder =
    AuthenticationRequest.builder(configuration: configuration) do |x|
      x.embed_signature = want_authn_requests_signed
      yield x if block_given?
    end
  request_binding = single_sign_on_service_for(binding: binding)
  request_binding.serialize(builder, relay_state: relay_state)
end

#single_sign_on_service_for(binding:) ⇒ Object

Returns a SingleSignOnService elements with the specified binding.

Parameters:

  • binding (Symbol)

    `:http_post` or `:http_redirect`.


72
73
74
# File 'lib/saml/kit/identity_provider_metadata.rb', line 72

def single_sign_on_service_for(binding:)
  service_for(binding: binding, type: 'SingleSignOnService')
end

#single_sign_on_servicesObject

Returns each of the SingleSignOnService elements.


65
66
67
# File 'lib/saml/kit/identity_provider_metadata.rb', line 65

def single_sign_on_services
  services('SingleSignOnService')
end

#want_authn_requests_signedObject

Returns the IDPSSODescriptor/@WantAuthnRequestsSigned attribute.


56
57
58
59
60
61
62
# File 'lib/saml/kit/identity_provider_metadata.rb', line 56

def want_authn_requests_signed
  xpath = "/md:EntityDescriptor/md:#{name}"
  attribute = at_xpath(xpath).attribute('WantAuthnRequestsSigned')
  return true if attribute.nil?

  attribute.text.casecmp('true').zero?
end