Class: SamlCamel::SamlController

Inherits:
ApplicationController show all
Includes:
SamlHelpers
Defined in:
app/controllers/saml_camel/saml_controller.rb

Constant Summary

Constants included from SamlHelpers

SamlCamel::SamlHelpers::SP_SETTINGS

Instance Method Summary collapse

Methods included from SamlHelpers

#assign_permit_key, #cache_available?, #duplicate_response_id?, #expired_session?, #saml_protect, #saml_request, #set_saml_session_lifetime, #valid_ip?, #verify_sha_type

Instance Method Details

#attr_checkObject 



93
94
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 93

def attr_check
end

#consumeObject

consumes the saml response from the IDP



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 18

def consume
  permit_key = session[:saml_session_id].to_sym
  user_cache =  Rails.cache.fetch(permit_key)
  raise "Unable to access cache. Ensure cache is configrued according to documentation." unless cache_available?(user_cache)

  redirect_path = user_cache[:redirect_url]
  response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
  response.settings = saml_settings

  if response.is_valid? # validate the SAML Response

    #verify not sha1
    verify_sha_type(response)

    response_id = response.id(response.document)

    #confirm that IP address from response matches that of original request
    valid_ip?(request.remote_ip)

    #check that response id has not already been used
    duplicate_response_id?(response_id)

    # authorize_success, log the user
    session[:saml_response_success] = true
    set_saml_session_lifetime(permit_key)
    session[:sp_session] = Time.now

    session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
    SamlCamel::Logging.successfull_auth(session[:saml_attributes])

    redirect_to redirect_path
  else # otherwise list out the errors in the response
    if  session[:saml_session_id]
      permit_key = session[:saml_session_id].to_sym
      Rails.cache.delete(permit_key)
      session[:saml_session_id] = nil
    end
    session[:sp_session] = nil
    session[:saml_response_success] = false
    response.errors
    SamlCamel::Logging.auth_failure(response.errors)

    redirect_to action: "failure", locals:{errors: response.errors}
  end
rescue => e
  if  session[:saml_session_id]
    permit_key = session[:saml_session_id].to_sym
    Rails.cache.delete(permit_key)
  end
  session[:saml_response_success] = false
  session[:saml_session_id] = nil
  session[:sp_session] = nil

  SamlCamel::Logging.auth_failure(e)
  redirect_to action: "failure", locals:{errors: e}
end

#failureObject

route to show saml failures



77
78
79
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 77

def failure
  @error = params[:locals][:errors]
end

#indexObject

convinence route to see attributes that are coming through



12
13
14
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 12

def index
  @attributes = session[:saml_attributes]
end

#logoutObject

kills SP session and redirects to IDP to kill idp session



83
84
85
86
87
88
89
90
 
# File 'app/controllers/saml_camel/saml_controller.rb', line 83

def logout
  SamlCamel::Logging.logout(session[:saml_attributes])
  session[:saml_attributes] = nil
  session[:sp_session] = nil

  # return_url = SamlCamel::Transaction.logout #this methods logs the user out of the IDP, and returns a url to be redirected to
  redirect_to "https://shib.oit.duke.edu/cgi-bin/logout.pl"
end