Class: SAML2::AuthnRequest
- Defined in:
- lib/saml2/authn_request.rb
Instance Attribute Summary collapse
-
#assertion_consumer_service ⇒ AssertionConsumerService?
readonly
Must call #resolve before accessing.
- #assertion_consumer_service_index ⇒ Integer?
- #assertion_consumer_service_url ⇒ String?
-
#attribute_consuming_service ⇒ AttributeConsumingService?
readonly
Must call #resolve before accessing.
- #attribute_consuming_service_index ⇒ Integer?
- #force_authn ⇒ Boolean? writeonly
- #name_id_policy ⇒ NameID::Policy?
- #passive ⇒ Boolean? writeonly
- #protocol_binding ⇒ String?
- #requested_authn_context ⇒ RequestedAuthnContext?
Attributes inherited from Message
#destination, #errors, #issuer
Attributes inherited from Base
Class Method Summary collapse
-
.initiate(issuer, identity_provider = nil, assertion_consumer_service: nil, service_provider: nil) ⇒ AuthnRequest
Initiate a SAML SSO flow, from a service provider to an identity provider.
Instance Method Summary collapse
-
#build(builder) ⇒ void
Serialize this object to XML, as part of a larger document.
- #force_authn? ⇒ true, ...
- #passive? ⇒ true, ...
-
#resolve(service_provider) ⇒ Boolean
Populate #assertion_consumer_service and #attribute_consuming_service attributes.
- #subject ⇒ Subject?
- #valid_interoperable_profile? ⇒ Boolean
- #valid_web_browser_sso_profile? ⇒ Boolean
Methods inherited from Message
from_xml, #from_xml, #id, #initialize, #issue_instant, parse, #sign, #valid_schema?, #validate
Methods included from Signable
#sign, #signature, #signed?, #signing_key, #valid_signature?, #validate_signature
Methods inherited from Base
#decrypt, #from_xml, from_xml, #initialize, #inspect, load_object_array, load_string_array, lookup_qname, #to_s, #to_xml
Constructor Details
This class inherits a constructor from SAML2::Message
Instance Attribute Details
#assertion_consumer_service ⇒ AssertionConsumerService? (readonly)
Must call #resolve before accessing.
106 107 108 |
# File 'lib/saml2/authn_request.rb', line 106 def assertion_consumer_service @assertion_consumer_service end |
#assertion_consumer_service_index ⇒ Integer?
112 113 114 115 116 117 |
# File 'lib/saml2/authn_request.rb', line 112 def assertion_consumer_service_index if xml && !instance_variable_defined?(:@assertion_consumer_service_index) @assertion_consumer_service_index = xml['AssertionConsumerServiceIndex']&.to_i end @assertion_consumer_service_index end |
#assertion_consumer_service_url ⇒ String?
120 121 122 123 124 125 |
# File 'lib/saml2/authn_request.rb', line 120 def assertion_consumer_service_url if xml && !instance_variable_defined?(:@assertion_consumer_service_url) @assertion_consumer_service_url = xml['AssertionConsumerServiceURL'] end @assertion_consumer_service_url end |
#attribute_consuming_service ⇒ AttributeConsumingService? (readonly)
Must call #resolve before accessing.
109 110 111 |
# File 'lib/saml2/authn_request.rb', line 109 def attribute_consuming_service @attribute_consuming_service end |
#attribute_consuming_service_index ⇒ Integer?
128 129 130 131 132 133 |
# File 'lib/saml2/authn_request.rb', line 128 def attribute_consuming_service_index if xml && !instance_variable_defined?(:@attribute_consuming_service_index) @attribute_consuming_service_index = xml['AttributeConsumingServiceIndex']&.to_i end @attribute_consuming_service_index end |
#force_authn=(value) ⇒ Boolean? (writeonly)
24 25 26 |
# File 'lib/saml2/authn_request.rb', line 24 def force_authn=(value) @force_authn = value end |
#name_id_policy ⇒ NameID::Policy?
97 98 99 100 101 102 |
# File 'lib/saml2/authn_request.rb', line 97 def name_id_policy if xml && !instance_variable_defined?(:@name_id_policy) @name_id_policy = NameID::Policy.from_xml(xml.at_xpath('samlp:NameIDPolicy', Namespaces::ALL)) end @name_id_policy end |
#passive=(value) ⇒ Boolean? (writeonly)
24 25 26 |
# File 'lib/saml2/authn_request.rb', line 24 def passive=(value) @passive = value end |
#protocol_binding ⇒ String?
152 153 154 155 156 157 |
# File 'lib/saml2/authn_request.rb', line 152 def protocol_binding if xml && !instance_variable_defined?(:@protocol_binding) @protocol_binding = xml['ProtocolBinding'] end @protocol_binding end |
#requested_authn_context ⇒ RequestedAuthnContext?
26 27 28 |
# File 'lib/saml2/authn_request.rb', line 26 def requested_authn_context @requested_authn_context end |
Class Method Details
.initiate(issuer, identity_provider = nil, assertion_consumer_service: nil, service_provider: nil) ⇒ AuthnRequest
go over these params, and use kwargs. Maybe pass Entity instead of ServiceProvider.
Initiate a SAML SSO flow, from a service provider to an identity provider.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/saml2/authn_request.rb', line 37 def self.initiate(issuer, identity_provider = nil, assertion_consumer_service: nil, service_provider: nil) authn_request = new authn_request.issuer = issuer authn_request.destination = identity_provider.single_sign_on_services.first.location if identity_provider authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED) assertion_consumer_service ||= service_provider.assertion_consumer_services.default if service_provider if assertion_consumer_service authn_request.protocol_binding = assertion_consumer_service.binding authn_request.assertion_consumer_service_url = assertion_consumer_service.location end authn_request end |
Instance Method Details
#build(builder) ⇒ void
This method returns an undefined value.
Serialize this object to XML, as part of a larger document
168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/saml2/authn_request.rb', line 168 def build(builder) builder['samlp'].AuthnRequest( 'xmlns:samlp' => Namespaces::SAMLP, 'xmlns:saml' => Namespaces::SAML ) do |authn_request| super(authn_request) authn_request.parent['AssertionConsumerServiceIndex'] = assertion_consumer_service_index if assertion_consumer_service_index authn_request.parent['AssertionConsumerServiceURL'] = assertion_consumer_service_url if assertion_consumer_service_url authn_request.parent['AttributeConsumingServiceIndex'] = attribute_consuming_service_index if attribute_consuming_service_index authn_request.parent['ForceAuthn'] = force_authn? unless force_authn?.nil? authn_request.parent['IsPassive'] = passive? unless passive?.nil? authn_request.parent['ProtocolBinding'] = protocol_binding if protocol_binding subject.build(authn_request) if subject name_id_policy.build(authn_request) if name_id_policy requested_authn_context.build(authn_request) if requested_authn_context end end |
#force_authn? ⇒ true, ...
136 137 138 139 140 141 |
# File 'lib/saml2/authn_request.rb', line 136 def force_authn? if xml && !instance_variable_defined?(:@force_authn) @force_authn = xml['ForceAuthn']&.== 'true' end @force_authn end |
#passive? ⇒ true, ...
144 145 146 147 148 149 |
# File 'lib/saml2/authn_request.rb', line 144 def passive? if xml && !instance_variable_defined?(:@passive) @passive = xml['IsPassive']&.== 'true' end @passive end |
#resolve(service_provider) ⇒ Boolean
Populate #assertion_consumer_service and #attribute_consuming_service attributes.
Given ServiceProvider metadata, resolve the index/urls in this object to actual objects.
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/saml2/authn_request.rb', line 80 def resolve(service_provider) # TODO: check signature if present if assertion_consumer_service_url @assertion_consumer_service = service_provider.assertion_consumer_services.find { |acs| acs.location == assertion_consumer_service_url } else @assertion_consumer_service = service_provider.assertion_consumer_services.resolve(assertion_consumer_service_index) end @attribute_consuming_service = service_provider.attribute_consuming_services.resolve(attribute_consuming_service_index) return false unless @assertion_consumer_service return false if attribute_consuming_service_index && !@attribute_consuming_service true end |
#subject ⇒ Subject?
160 161 162 163 164 165 |
# File 'lib/saml2/authn_request.rb', line 160 def subject if xml && !instance_variable_defined?(:@subject) @subject = Subject.from_xml(xml.at_xpath('saml:Subject', Namespaces::ALL)) end @subject end |
#valid_interoperable_profile? ⇒ Boolean
61 62 63 64 65 66 67 68 69 70 |
# File 'lib/saml2/authn_request.rb', line 61 def valid_interoperable_profile? # It's a subset of Web Browser SSO profile return false unless valid_web_browser_sso_profile? return false unless assertion_consumer_service_url return false if protocol_binding && protocol_binding != Bindings::HTTP_POST::URN return false if subject true end |