Module: SAML::Responses::Base

Included in:
Login, Logout
Defined in:
lib/saml/responses/base.rb

Constant Summary collapse

CLICKED_DENY_ERROR_CODE = 
'001'
AUTH_TOO_EARLY_ERROR_CODE = 
'003'
AUTH_TOO_LATE_ERROR_CODE = 
'005'
UNKNOWN_OR_BLANK_ERROR_CODE = 
'007'
ERRORS = 
{ clicked_deny: { code: CLICKED_DENY_ERROR_CODE,
     tag: :clicked_deny,
     short_message: 'Subject did not consent to attribute release',
     level: :warn },
                 auth_too_late: { code: AUTH_TOO_LATE_ERROR_CODE,
      tag: :auth_too_late,
      short_message: 'Current time is on or after NotOnOrAfter condition',
      level: :warn },
                 auth_too_early: { code: AUTH_TOO_EARLY_ERROR_CODE,
       tag: :auth_too_early,
       short_message: 'Current time is earlier than NotBefore condition',
       level: :error },
                 blank: { code: UNKNOWN_OR_BLANK_ERROR_CODE,
                          tag: :blank,
                          short_message: 'Blank response',
                          level: :error },
                 unknown: { code: UNKNOWN_OR_BLANK_ERROR_CODE,
tag: :unknown,
short_message: 'Other SAML Response Error(s)',
level: :error } }.freeze

Instance Method Summary collapse

Instance Method Details

#authn_contextObject 



80
81
82
 
# File 'lib/saml/responses/base.rb', line 80

def authn_context
  authn_context_text || SAML::User::UNKNOWN_AUTHN_CONTEXT
end

#authn_context_textObject 



73
74
75
76
77
78
 
# File 'lib/saml/responses/base.rb', line 73

def authn_context_text
  response_doc = assertion_encrypted? ? decrypted_document : document
  return nil if response_doc.blank?

  REXML::XPath.first(response_doc, '//saml:AuthnContextClassRef')&.text
end

#error_codeObject 



43
44
45
 
# File 'lib/saml/responses/base.rb', line 43

def error_code
  errors_hash[:code] if errors.any?
end

#error_instrumentation_codeObject 



47
48
49
 
# File 'lib/saml/responses/base.rb', line 47

def error_instrumentation_code
  "error:#{errors_hash[:tag]}" if errors.any?
end

#errors_contextObject 



39
40
41
 
# File 'lib/saml/responses/base.rb', line 39

def errors_context
  normalized_errors
end

#errors_hashObject 



35
36
37
 
# File 'lib/saml/responses/base.rb', line 35

def errors_hash
  normalized_errors.first
end

#issuer_textObject 



68
69
70
71
 
# File 'lib/saml/responses/base.rb', line 68

def issuer_text
  response_doc = assertion_encrypted? ? decrypted_document : document
  REXML::XPath.first(response_doc, '//saml:Issuer')&.text
end

#map_message_to_error(error_message) ⇒ Object 



61
62
63
64
65
66
 
# File 'lib/saml/responses/base.rb', line 61

def map_message_to_error(error_message)
  ERRORS.each_key do |key|
    return ERRORS[key] if error_message.include?(ERRORS[key][:short_message])
  end
  ERRORS[:unknown]
end

#normalized_errorsObject 



31
32
33
 
# File 'lib/saml/responses/base.rb', line 31

def normalized_errors
  @normalized_errors ||= []
end

#valid?Boolean

Returns:

  • (Boolean) 


51
52
53
54
55
56
57
58
59
 
# File 'lib/saml/responses/base.rb', line 51

def valid?
  @normalized_errors = []
  # passing true collects all validation errors
  is_valid_result = validate(true)
  errors.each do |error_message|
    normalized_errors << map_message_to_error(error_message).merge(full_message: error_message)
  end
  is_valid_result
end