Class: SamlCamel::SamlController

Inherits:
ApplicationController show all
Includes:
SamlHelpers
Defined in:
app/controllers/saml_camel/saml_controller.rb

Constant Summary

Constants included from SamlHelpers

SamlCamel::SamlHelpers::SP_SETTINGS

Instance Method Summary collapse

Methods included from SamlHelpers

#assign_permit_key, #expired_session?, #saml_protect, #saml_request, #valid_state

Instance Method Details

#attr_checkObject 



76
77
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 76

def attr_check
end

#consumeObject

consumes the saml response from the IDP



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 17

def consume
  raise "Invalid RelayState" unless valid_state(params[:RelayState], request.remote_ip)
  permit_key = session[:saml_session_id].to_sym
  redirect_path = Rails.cache.fetch(permit_key)[:redirect_url]
  Rails.cache.delete(permit_key) #we no longer need cache at this stage
  session[:saml_session_id] = nil

  response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
  response.settings = saml_settings
  if response.is_valid? # validate the SAML Response
    # authorize_success, log the user
    session[:saml_success] = true
    session[:sp_session] = Time.now

    session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
    SamlCamel::Logging.successfull_auth(session[:saml_attributes])

    redirect_to redirect_path
  else # otherwise list out the errors in the response
    if  session[:saml_session_id]
      permit_key = session[:saml_session_id].to_sym
      Rails.cache.delete(permit_key)
      session[:saml_session_id] = nil
    end

    session[:saml_success] = false
    response.errors
    SamlCamel::Logging.auth_failure(response.errors)

    redirect_to action: "failure", locals:{errors: response.errors}
  end
rescue => e
  permit_key = session[:saml_session_id].to_sym
  Rails.cache.delete(permit_key)
  session[:saml_success] = false
  session[:saml_session_id] = nil

  SamlCamel::Logging.auth_failure(e)
  redirect_to action: "failure", locals:{errors: e}
end

#failureObject

route to show saml failures



60
61
62
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 60

def failure
  @error = params[:locals][:errors]
end

#indexObject

convinence route to see attributes that are coming through



11
12
13
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 11

def index
  @attributes = session[:saml_attributes]
end

#logoutObject

kills SP session and redirects to IDP to kill idp session



66
67
68
69
70
71
72
73
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 66

def logout
  SamlCamel::Logging.logout(session[:saml_attributes])
  session[:saml_attributes] = nil
  session[:sp_session] = nil

  # return_url = SamlCamel::Transaction.logout #this methods logs the user out of the IDP, and returns a url to be redirected to
  redirect_to "https://shib.oit.duke.edu/cgi-bin/logout.pl"
end