Class: SamlIdpRails::SamlIdpController

Inherits:
ApplicationController show all
Includes:
SamlIdp::Controller
Defined in:
app/controllers/saml_idp_rails/saml_idp_controller.rb

Instance Method Summary collapse

Instance Method Details

#attributeObject 



73
74
75
76
 
# File 'app/controllers/saml_idp_rails/saml_idp_controller.rb', line 73

def attribute
  # TODO: Remove this endpoint from the saml_idp gem
  render json: @saml_config.saml_attributes
end

#initiate_sloObject 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'app/controllers/saml_idp_rails/saml_idp_controller.rb', line 40

def initiate_slo
  # TODO: move it out to "saml_idp" gem
  slo_endpoint = current_sp_config.single_logout_services
  binding = slo_endpoint&.keys&.first == "HTTP-Redirect" ? :get : :post
  slo_location = slo_endpoint&.values&.first

  logout_request = SamlIdp::LogoutRequestBuilder.new(
    response_id: SecureRandom.uuid,
    issuer_uri: SamlIdpRails.config.base_url,
    saml_slo_url: slo_location,
    name_id: @saml_config.name_id_value,
    algorithm: OpenSSL::Digest::SHA256, # TODO: Update this to use the SP's digest method
    public_cert: current_sp_config.certificate,
    private_key: current_sp_config.private_key,
    pv_key_password: current_sp_config.pv_key_password
  ).signed

  @slo_request_params = {
    name: current_sp_config.name,
    location: slo_location,
    params: {
      SAMLRequest: binding == :get ? Base64.encode64(logout_request) : logout_request,
      RelayState: SamlIdpRails.config.relay_state_url
    },
    method: binding
  }
  render :slo_request
end

#metadataObject 



69
70
71
 
# File 'app/controllers/saml_idp_rails/saml_idp_controller.rb', line 69

def metadata
  render xml: @saml_config.idp_metadata
end

#slo_requestObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'app/controllers/saml_idp_rails/saml_idp_controller.rb', line 18

def slo_request
  return redirect_to SamlIdpRails.config.relay_state_url, allow_other_host: true unless sp_initiated_request?

  saml_slo_response = encode_logout_response(
    current_saml_user,
    @saml_config.append_request_config(saml_request).merge!(
      public_cert: current_sp_config.certificate,
      private_key: current_sp_config.private_key,
      pv_key_password: current_sp_config.pv_key_password
    )
  )

  # TODO: move this part to gem
  # If SLO request doesn't contain the SLO endpoint then use SP config default SLO url
  @sp_slo_endpoint = saml_request&.logout_url || current_sp_config.single_logout_services&.values&.first
  @sp_slo_binding = current_sp_config.single_logout_services&.keys&.first == "HTTP-Redirect" ? :redirect : :post
  saml_slo_response = Zlib::Deflate.deflate(saml_slo_response, 9)[2..-5] if @sp_slo_binding == :redirect
  @saml_slo_response = Base64.strict_encode64(saml_slo_response)
  @sp_slo_url = generate_url(host: @sp_slo_endpoint, SAMLResponse: @saml_slo_response, RelayState: SamlIdpRails.config.relay_state_url)
  render :slo_response
end

#sso_requestObject 



13
14
15
16
 
# File 'app/controllers/saml_idp_rails/saml_idp_controller.rb', line 13

def sso_request
  saml_response
  render :sso_response
end