Class: SAML2::Entity

Inherits:
Base
  • Object
show all
Includes:
OrganizationAndContacts, Signable
Defined in:
lib/saml2/entity.rb

Defined Under Namespace

Classes: Group

Instance Attribute Summary collapse

Attributes included from OrganizationAndContacts

#contacts, #organization

Attributes inherited from Base

#xml

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Signable

#sign, #signature, #signed?, #signing_key, #valid_signature?, #validate_signature

Methods inherited from Base

#decrypt, from_xml, #inspect, load_object_array, load_string_array, lookup_qname, #to_s, #to_xml

Constructor Details

#initialize(entity_id = nil) ⇒ Entity

Returns a new instance of Entity.

Parameters:

  • id (String)

    The Entity ID



88
89
90
91
92
93
94
# File 'lib/saml2/entity.rb', line 88

def initialize(entity_id = nil)
  super()
  @valid_until = nil
  @entity_id = entity_id
  @roles = []
  @id = "_#{SecureRandom.uuid}"
end

Instance Attribute Details

#entity_idString

Returns:

  • (String)


110
111
112
# File 'lib/saml2/entity.rb', line 110

def entity_id
  @entity_id || (xml && xml["entityID"])
end

Class Method Details

.parse(xml) ⇒ Entity, ...

Parse a metadata file, and return an appropriate object.

Parameters:

  • xml (String, IO)

    Anything that can be passed to Nokogiri::XML

Returns:



23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/saml2/entity.rb', line 23

def self.parse(xml)
  document = Nokogiri::XML(xml)

  # Root can be an array (EntitiesDescriptor), or a single Entity (EntityDescriptor)
  entities = document.at_xpath("/md:EntitiesDescriptor", Namespaces::ALL)
  entity = document.at_xpath("/md:EntityDescriptor", Namespaces::ALL)
  if entities
    Group.from_xml(entities)
  elsif entity
    from_xml(entity)
  else
    nil
  end
end

Instance Method Details

#build(builder) ⇒ void

This method returns an undefined value.

Serialize this object to XML, as part of a larger document

Parameters:

  • builder (Nokogiri::XML::Builder)

    The builder helper object to serialize to.



142
143
144
145
146
147
148
149
150
151
152
153
154
155
# File 'lib/saml2/entity.rb', line 142

def build(builder)
  builder["md"].EntityDescriptor("entityID" => entity_id,
                                 "xmlns:md" => Namespaces::METADATA,
                                 "xmlns:dsig" => Namespaces::DSIG,
                                 "xmlns:xenc" => Namespaces::XENC) do |entity_descriptor|
    entity_descriptor.parent["ID"] = id if id

    roles.each do |role|
      role.build(entity_descriptor)
    end

    super
  end
end

#from_xml(node) ⇒ void

This method returns an undefined value.

Parse an XML element into this object.

Parameters:

  • node (Nokogiri::XML::Element)


97
98
99
100
101
102
# File 'lib/saml2/entity.rb', line 97

def from_xml(node)
  super
  @id = nil
  remove_instance_variable(:@valid_until)
  @roles = nil
end

#idString

Returns:

  • (String)


115
116
117
# File 'lib/saml2/entity.rb', line 115

def id
  @id ||= xml["ID"]
end

#identity_providersArray<IdentityProvider>

Returns:



126
127
128
# File 'lib/saml2/entity.rb', line 126

def identity_providers
  roles.select { |r| r.is_a?(IdentityProvider) }
end

#initiate_authn_request(identity_provider) ⇒ Object

Generates an AuthnRequest

Parameters:

  • identity_provider (Entity)

    The metadata of the IdP to send the message to.



159
160
161
162
163
# File 'lib/saml2/entity.rb', line 159

def initiate_authn_request(identity_provider)
  AuthnRequest.initiate(SAML2::NameID.new(entity_id),
                        identity_provider.identity_providers.first,
                        service_provider: service_providers.first)
end

#rolesArray<Role>

Returns:



136
137
138
139
# File 'lib/saml2/entity.rb', line 136

def roles
  @roles ||= load_object_array(xml, "md:IDPSSODescriptor", IdentityProvider) +
             load_object_array(xml, "md:SPSSODescriptor", ServiceProvider)
end

#service_providersArray<ServiceProvider>

Returns:



131
132
133
# File 'lib/saml2/entity.rb', line 131

def service_providers
  roles.select { |r| r.is_a?(ServiceProvider) }
end

#valid_response?(message, identity_provider, **opts) ⇒ Boolean

Validate a message is a valid response.

Parameters:

Returns:

  • (Boolean)


169
170
171
172
173
174
175
176
177
178
179
180
# File 'lib/saml2/entity.rb', line 169

def valid_response?(message,
                    identity_provider,
                    **opts)
  unless message.is_a?(Response)
    message.errors << "not a Response object"
    return false
  end

  message.validate(service_provider: self,
                   identity_provider: identity_provider,
                   **opts).empty?
end

#valid_schema?Boolean

If the XML is valid according to SAML XSDs.

Returns:

  • (Boolean)


105
106
107
# File 'lib/saml2/entity.rb', line 105

def valid_schema?
  Schemas..valid?(xml.document)
end

#valid_untilTime?

Returns:

  • (Time, nil)


120
121
122
123
# File 'lib/saml2/entity.rb', line 120

def valid_until
  @valid_until = xml["validUntil"] && Time.parse(xml["validUntil"]) unless instance_variable_defined?(:@valid_until)
  @valid_until
end