Class: SamlCamel::SamlController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• SamlCamel::SamlController

Includes:

SamlHelpers

Defined in:

app/controllers/saml_camel/saml_controller.rb

Constant Summary

Constants included from SamlHelpers

SamlCamel::SamlHelpers::SP_SETTINGS

Instance Method Summary

• #attr_check ⇒ Object
• #consume ⇒ Object

  consumes the saml response from the IDP.

• #failure ⇒ Object

  route to show saml failures.

• #index ⇒ Object

  convinence route to see attributes that are coming through.

• #logout ⇒ Object

  kills SP session and redirects to IDP to kill idp session.

Methods included from SamlHelpers

#expired_session?, #saml_protect, #saml_request, #valid_state

Instance Method Details

#attr_check ⇒ Object

# File 'app/controllers/saml_camel/saml_controller.rb', line 72

def attr_check
end

#consume ⇒ Object

consumes the saml response from the IDP

# File 'app/controllers/saml_camel/saml_controller.rb', line 17

def consume
  raise "Invalid RelayState" unless valid_state(params[:RelayState], request.remote_ip)
  permit_key = session[:session_id].to_sym
  redirect_path = Rails.cache.fetch(permit_key)[:redirect_url]
  Rails.cache.delete(permit_key) #we no longer need cache at this stage
  response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
  response.settings = saml_settings
  if response.is_valid? # validate the SAML Response
    # authorize_success, log the user
    session[:saml_success] = true
    session[:sp_session] = Time.now

    session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
    SamlCamel::Logging.successfull_auth(session[:saml_attributes])

    #TODO account for nil redirect
    redirect_to redirect_path
  else # otherwise list out the errors in the response
    permit_key = session[:session_id].to_sym
    Rails.cache.delete(permit_key)

    session[:saml_success] = false
    response.errors
    SamlCamel::Logging.auth_failure(response.errors)

    redirect_to main_app.try('root_path')
  end
rescue => e
  permit_key = session[:session_id].to_sym
  Rails.cache.delete(permit_key)
  session[:saml_success] = false

  SamlCamel::Logging.auth_failure(e)
  redirect_to action: "failure", locals:{errors: e}
end

#failure ⇒ Object

route to show saml failures

# File 'app/controllers/saml_camel/saml_controller.rb', line 55

def failure
  @error = params[:locals][:errors]
end

#index ⇒ Object

convinence route to see attributes that are coming through

# File 'app/controllers/saml_camel/saml_controller.rb', line 11

def index
  @attributes = session[:saml_attributes]
end

#logout ⇒ Object

kills SP session and redirects to IDP to kill idp session

# File 'app/controllers/saml_camel/saml_controller.rb', line 61

def logout
  SamlCamel::Logging.logout(session[:saml_attributes])
  session[:saml_attributes] = nil
  session[:sp_session] = nil
  cookies.delete :saml_camel_timestamp

  # return_url = SamlCamel::Transaction.logout #this methods logs the user out of the IDP, and returns a url to be redirected to
  redirect_to "https://shib.oit.duke.edu/cgi-bin/logout.pl"
end