Class: SamlIdpRails::SamlConfig

Inherits:

Object

• Object
• SamlIdpRails::SamlConfig

Defined in:

lib/saml_idp_rails/saml_config.rb

Instance Attribute Summary

• #config ⇒ Object

  Returns the value of attribute config.

Instance Method Summary

• #append_request_config(saml_request) ⇒ Object
• #configure_saml_idp ⇒ Object
• #idp_metadata ⇒ Object
• #initialize(sp_config, saml_user) ⇒ SamlConfig constructor

  A new instance of SamlConfig.

• #name_id_value(attribute_name = nil) ⇒ Object
• #saml_request ⇒ Object

Constructor Details

#initialize(sp_config, saml_user) ⇒ SamlConfig

Returns a new instance of SamlConfig.

# File 'lib/saml_idp_rails/saml_config.rb', line 9

def initialize(sp_config, saml_user)
  @config = {}
  @config[:base_url] = SamlIdpRails.config.base_url
  @config[:saml_config] = sp_config
  @config[:saml_user] = saml_user
end

Instance Attribute Details

#config ⇒ Object

Returns the value of attribute config.

# File 'lib/saml_idp_rails/saml_config.rb', line 7

def config
  @config
end

Instance Method Details

#append_request_config(saml_request) ⇒ Object

# File 'lib/saml_idp_rails/saml_config.rb', line 41

def append_request_config(saml_request)
  config = {}
  if saml_config.encryption_certificate.present?
    config = {
      encryption: {
        cert: saml_config.encryption_certificate,
        block_encryption: "aes256-cbc",
        key_transport: "rsa-oaep-mgf1p"
      }
    }
  end

  config[:signed_assertion] = saml_config.sign_assertions
  config[:signed_message] = true

  # SP initiated SAML
  if saml_request.present? && !saml_request.try(:idp_initiated?)
    config[:acs_url] = saml_request.request["AssertionConsumerServiceURL"] if saml_request.authn_request?
    return config
  end

  config.merge!(audience_uri: saml_config.entity_id)
end

#configure_saml_idp ⇒ Object

# File 'lib/saml_idp_rails/saml_config.rb', line 16

def configure_saml_idp
  ::SamlIdp.configure do |config|
    config.x509_certificate = saml_config.certificate
    config.secret_key = saml_config.private_key
    config.password = saml_config.pv_key_password
    config.algorithm = :sha256
    config.organization_name = base_url
    config.organization_url = base_url
    # URL configuration
    config.base_saml_location = base_url # TODO: Read from gem configuration
    config.single_logout_service_post_location = slo_post_endpoint
    config.single_logout_service_redirect_location = slo_redirect_endpoint
    config.attribute_service_location = attribute_endpoint
    config.single_service_post_location = sso_post_endpoint
    config.single_service_redirect_location = sso_redirect_endpoint
    # Name ID format
    config.name_id.formats = name_id_format
    config.attributes = saml_attributes_as_hash
    config.service_provider.metadata_persister = metadata_persister
    config.service_provider.persisted_metadata_getter = persisted_matadata
    config.service_provider.finder = service_providers
    config.logger = Rails.logger
  end
end

#idp_metadata ⇒ Object

# File 'lib/saml_idp_rails/saml_config.rb', line 65

def idp_metadata
  SamlIdp.metadata.signed
end

#name_id_value(attribute_name = nil) ⇒ Object

# File 'lib/saml_idp_rails/saml_config.rb', line 91

def name_id_value(attribute_name = nil)
  attr = attribute_name.presence || saml_user.name_id_attribute
  val =  saml_user.public_send(attr) if saml_user.respond_to?(attr)
  raise("SamlIdpRails: Name ID attribute #{attr} is not set") if val.blank?
  val
end

#saml_request ⇒ Object

# File 'lib/saml_idp_rails/saml_config.rb', line 69

def saml_request
  @saml_request ||= Struct.new(
    :request_id,
    :issue_url,
    :acs_url
  ) do
    def authn_request?
      true
    end

    def idp_initiated?
      true
    end

    def issuer
      url = URI(issue_url)
      url.query = nil
      url.to_s
    end
  end.new(nil, base_url, default_acs_config[:location])
end