Class: SAML2::AuthnRequest

Inherits:

Object

• Object
• SAML2::AuthnRequest

Defined in:

lib/saml2/authn_request.rb

Instance Attribute Summary

• #assertion_consumer_service ⇒ Object readonly

  Returns the value of attribute assertion_consumer_service.

• #attribute_consuming_service ⇒ Object readonly

  Returns the value of attribute attribute_consuming_service.

Class Method Summary

• .decode(authnrequest) ⇒ Object
• .parse(authnrequest) ⇒ Object

Instance Method Summary

• #assertion_consumer_service_index ⇒ Object
• #assertion_consumer_service_url ⇒ Object
• #attribute_consuming_service_index ⇒ Object
• #force_authn? ⇒ Boolean
• #id ⇒ Object
• #initialize(document) ⇒ AuthnRequest constructor

  A new instance of AuthnRequest.

• #issuer ⇒ Object
• #name_id_policy ⇒ Object
• #passive? ⇒ Boolean
• #protocol_binding ⇒ Object
• #resolve(service_provider) ⇒ Object
• #subject ⇒ Object
• #valid_interoperable_profile? ⇒ Boolean
• #valid_schema? ⇒ Boolean
• #valid_web_browser_sso_profile? ⇒ Boolean

Constructor Details

#initialize(document) ⇒ AuthnRequest

Returns a new instance of AuthnRequest.

# File 'lib/saml2/authn_request.rb', line 40

def initialize(document)
  @document = document
end

Instance Attribute Details

#assertion_consumer_service ⇒ Object (readonly)

Returns the value of attribute assertion_consumer_service.

# File 'lib/saml2/authn_request.rb', line 98

def assertion_consumer_service
  @assertion_consumer_service
end

#attribute_consuming_service ⇒ Object (readonly)

Returns the value of attribute attribute_consuming_service.

# File 'lib/saml2/authn_request.rb', line 98

def attribute_consuming_service
  @attribute_consuming_service
end

Class Method Details

.decode(authnrequest) ⇒ Object

# File 'lib/saml2/authn_request.rb', line 16

def self.decode(authnrequest)
  begin
    raise MessageTooLarge if authnrequest.bytesize > SAML2.config[:max_message_size]
    authnrequest = Base64.decode64(authnrequest)
    zstream = Zlib::Inflate.new
    xml = ''
    # do it in 1K slices, so we can protect against bombs
    (0..authnrequest.bytesize / 1024).each do |i|
      xml.concat(zstream.inflate(authnrequest.byteslice(i * 1024, 1024)))
      raise MessageTooLarge if xml.bytesize > SAML2.config[:max_message_size]
    end
    xml.concat(zstream.finish)
    raise MessageTooLarge if xml.bytesize > SAML2.config[:max_message_size]

    zstream.close
  rescue Zlib::DataError, Zlib::BufError
  end
  parse(xml)
end

.parse(authnrequest) ⇒ Object

# File 'lib/saml2/authn_request.rb', line 36

def self.parse(authnrequest)
  new(Nokogiri::XML(authnrequest))
end

Instance Method Details

#assertion_consumer_service_index ⇒ Object

# File 'lib/saml2/authn_request.rb', line 104

def assertion_consumer_service_index
  @document.root['AssertionConsumerServiceIndex'] && @document.root['AssertionConsumerServiceIndex'].to_i
end

#assertion_consumer_service_url ⇒ Object

# File 'lib/saml2/authn_request.rb', line 100

def assertion_consumer_service_url
  @document.root['AssertionConsumerServiceURL']
end

#attribute_consuming_service_index ⇒ Object

# File 'lib/saml2/authn_request.rb', line 108

def attribute_consuming_service_index
  @document.root['AttributeConsumerServiceIndex'] && @document.root['AttributeConsumerServiceIndex'].to_i
end

#force_authn? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml2/authn_request.rb', line 112

def force_authn?
  @document.root['ForceAuthn']
end

#id ⇒ Object

# File 'lib/saml2/authn_request.rb', line 94

def id
  @document.root['ID']
end

#issuer ⇒ Object

# File 'lib/saml2/authn_request.rb', line 86

def issuer
  @issuer ||= NameID.from_xml(@document.root.at_xpath('saml:Issuer', Namespaces::ALL))
end

#name_id_policy ⇒ Object

# File 'lib/saml2/authn_request.rb', line 90

def name_id_policy
  @name_id_policy ||= NameID::Policy.from_xml(@document.root.at_xpath('samlp:NameIDPolicy', Namespaces::ALL))
end

#passive? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml2/authn_request.rb', line 116

def passive?
  @document.root['IsPassive']
end

#protocol_binding ⇒ Object

# File 'lib/saml2/authn_request.rb', line 120

def protocol_binding
  @document.root['ProtocolBinding']
end

#resolve(service_provider) ⇒ Object

# File 'lib/saml2/authn_request.rb', line 70

def resolve(service_provider)
  # TODO: check signature if present

  if assertion_consumer_service_url
    @assertion_consumer_service = service_provider.assertion_consumer_services.find { |acs| acs.location == assertion_consumer_service_url }
  else
    @assertion_consumer_service  = service_provider.assertion_consumer_services.resolve(assertion_consumer_service_index)
  end
  @attribute_consuming_service = service_provider.attribute_consuming_services.resolve(attribute_consuming_service_index)

  return false unless @assertion_consumer_service
  return false if attribute_consuming_service_index && !@attribute_consuming_service

  true
end

#subject ⇒ Object

# File 'lib/saml2/authn_request.rb', line 124

def subject
  @subject ||= Subject.from_xml(@document.at_xpath('saml:Subject', Namespaces::ALL))
end

#valid_interoperable_profile? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml2/authn_request.rb', line 59

def valid_interoperable_profile?
  # It's a subset of Web Browser SSO profile
  return false unless valid_web_browser_sso_profile?

  return false unless assertion_consumer_service_url
  return false if protocol_binding && protocol_binding != Endpoint::Bindings::HTTP_POST
  return false if subject

  true
end

#valid_schema? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml2/authn_request.rb', line 44

def valid_schema?
  return false unless Schemas.protocol.valid?(@document)
  # Check for the correct root element
  return false unless @document.at_xpath('/samlp:AuthnRequest', Namespaces::ALL)

  true
end

#valid_web_browser_sso_profile? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml2/authn_request.rb', line 52

def valid_web_browser_sso_profile?
  return false unless issuer
  return false if issuer.format && issuer.format != NameID::Format::ENTITY

  true
end