Class: OneLogin::RubySaml::SloLogoutresponse

Inherits:
SamlMessage
  • Object
show all
Defined in:
lib/onelogin/ruby-saml/slo_logoutresponse.rb

Overview

SAML2 Logout Response (SLO SP initiated, Parser)

Constant Summary

Constants inherited from SamlMessage

OneLogin::RubySaml::SamlMessage::ASSERTION, OneLogin::RubySaml::SamlMessage::BASE64_FORMAT, OneLogin::RubySaml::SamlMessage::PROTOCOL

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from SamlMessage

#id, schema, #valid_saml?, #version

Constructor Details

#initializeSloLogoutresponse

Initializes the Logout Response. A SloLogoutresponse Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.



21
22
23
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 21

def initialize
  @uuid = OneLogin::RubySaml::Utils.uuid
end

Instance Attribute Details

#uuidObject

Logout Response ID



16
17
18
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 16

def uuid
  @uuid
end

Instance Method Details

#create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil) ⇒ String

Creates the Logout Response string.

Parameters:

  • settings (OneLogin::RubySaml::Settings|nil)

    Toolkit settings

  • request_id (String) (defaults to: nil)

    The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response

  • logout_message (String) (defaults to: nil)

    The Message to be placed as StatusMessage in the logout response

  • params (Hash) (defaults to: {})

    Some extra parameters to be added in the GET for example the RelayState

  • logout_status_code (String) (defaults to: nil)

    The StatusCode to be placed as StatusMessage in the logout response

Returns:

  • (String)

    Logout Request string that includes the SAMLRequest



37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 37

def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
  params = create_params(settings, request_id, logout_message, params, logout_status_code)
  params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
  url = settings.idp_slo_response_service_url || settings.idp_slo_service_url
  saml_response = CGI.escape(params.delete("SAMLResponse"))
  response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
  params.each_pair do |key, value|
    response_params << "&#{key}=#{CGI.escape(value.to_s)}"
  end

  raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if url.nil? or url.empty?
  @logout_url = url + response_params
end

#create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil) ⇒ String

Creates the SAMLResponse String.

Parameters:

  • settings (OneLogin::RubySaml::Settings|nil)

    Toolkit settings

  • request_id (String) (defaults to: nil)

    The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response

  • logout_message (String) (defaults to: nil)

    The Message to be placed as StatusMessage in the logout response

  • logout_status_code (String) (defaults to: nil)

    The StatusCode to be placed as StatusMessage in the logout response

Returns:

  • (String)

    The SAMLResponse String.



109
110
111
112
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 109

def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil)
  document = create_xml_document(settings, request_id, logout_message, logout_status_code)
  sign_document(document, settings)
end

#create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil) ⇒ Hash

Creates the Get parameters for the logout response.

Parameters:

  • settings (OneLogin::RubySaml::Settings|nil)

    Toolkit settings

  • request_id (String) (defaults to: nil)

    The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response

  • logout_message (String) (defaults to: nil)

    The Message to be placed as StatusMessage in the logout response

  • params (Hash) (defaults to: {})

    Some extra parameters to be added in the GET for example the RelayState

  • logout_status_code (String) (defaults to: nil)

    The StatusCode to be placed as StatusMessage in the logout response

Returns:

  • (Hash)

    Parameters



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 59

def create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
  # The method expects :RelayState but sometimes we get 'RelayState' instead.
  # Based on the HashWithIndifferentAccess value in Rails we could experience
  # conflicts so this line will solve them.
  relay_state = params[:RelayState] || params['RelayState']

  if relay_state.nil?
    params.delete(:RelayState)
    params.delete('RelayState')
  end

  response_doc = create_logout_response_xml_doc(settings, request_id, logout_message, logout_status_code)
  response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values

  response = ""
  response_doc.write(response)

  Logging.debug "Created SLO Logout Response: #{response}"

  response = deflate(response) if settings.compress_response
  base64_response = encode(response)
  response_params = {"SAMLResponse" => base64_response}

  if settings.idp_slo_service_binding == Utils::BINDINGS[:redirect] && settings.security[:logout_responses_signed] && settings.private_key
    params['SigAlg']    = settings.security[:signature_method]
    url_string = OneLogin::RubySaml::Utils.build_query(
      :type => 'SAMLResponse',
      :data => base64_response,
      :relay_state => relay_state,
      :sig_alg => params['SigAlg']
    )
    sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
    signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
    params['Signature'] = encode(signature)
  end

  params.each_pair do |key, value|
    response_params[key] = value.to_s
  end

  response_params
end

#create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil) ⇒ Object



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 114

def create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil)
  time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')

  response_doc = XMLSecurity::Document.new
  response_doc.uuid = uuid

  destination = settings.idp_slo_response_service_url || settings.idp_slo_service_url


  root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
  root.attributes['ID'] = uuid
  root.attributes['IssueInstant'] = time
  root.attributes['Version'] = '2.0'
  root.attributes['InResponseTo'] = request_id unless request_id.nil?
  root.attributes['Destination'] = destination unless destination.nil? or destination.empty?

  if settings.sp_entity_id != nil
    issuer = root.add_element "saml:Issuer"
    issuer.text = settings.sp_entity_id
  end

  # add status
  status = root.add_element 'samlp:Status'

  # status code
  status_code ||= 'urn:oasis:names:tc:SAML:2.0:status:Success'
  status_code_elem = status.add_element 'samlp:StatusCode'
  status_code_elem.attributes['Value'] = status_code

  # status message
  logout_message ||= 'Successfully Signed Out'
  status_message = status.add_element 'samlp:StatusMessage'
  status_message.text = logout_message

  response_doc
end

#response_idObject



25
26
27
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 25

def response_id
  @uuid
end

#sign_document(document, settings) ⇒ Object



151
152
153
154
155
156
157
158
159
160
# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 151

def sign_document(document, settings)
  # embed signature
  if settings.idp_slo_service_binding == Utils::BINDINGS[:post] && settings.private_key && settings.certificate
    private_key = settings.get_sp_key
    cert = settings.get_sp_cert
    document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
  end

  document
end