Class: Osso::Models::IdentityProvider

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
lib/osso/models/identity_provider.rb

Overview

Base class for SAML Providers

Constant Summary collapse

PEM_HEADER = 
"-----BEGIN CERTIFICATE-----\n"

"\n-----END CERTIFICATE-----"
ENTITY_ID_URI_REQUIRED = 
[
  'PING',
].freeze

Instance Method Summary collapse

Instance Method Details

#acs_url_validatorObject 



49
50
51
 
# File 'lib/osso/models/identity_provider.rb', line 49

def acs_url_validator
  Regexp.escape(acs_url)
end

#active!Object 



65
66
67
 
# File 'lib/osso/models/identity_provider.rb', line 65

def active!
  update(status: 'active')
end

#assertion_consumer_service_urlObject Also known as: acs_url 



37
38
39
40
41
42
43
44
45
 
# File 'lib/osso/models/identity_provider.rb', line 37

def assertion_consumer_service_url
  [
    root_url,
    'auth',
    'saml',
    id,
    'callback',
  ].join('/')
end

#error!Object 



69
70
71
 
# File 'lib/osso/models/identity_provider.rb', line 69

def error!
  update(status: 'error')
end

#nameObject 



23
24
25
 
# File 'lib/osso/models/identity_provider.rb', line 23

def name
  service.titlecase
end

#root_urlObject 



73
74
75
76
77
 
# File 'lib/osso/models/identity_provider.rb', line 73

def root_url
  return "https://#{ENV['HEROKU_APP_NAME']}.herokuapp.com" if ENV['HEROKU_APP_NAME']

  ENV.fetch('BASE_URL')
end

#saml_optionsObject 



27
28
29
30
31
32
33
34
35
 
# File 'lib/osso/models/identity_provider.rb', line 27

def saml_options
  {
    domain: domain,
    idp_sso_target_url: sso_url,
    idp_cert: sso_cert,
    issuer: sso_issuer,
    name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
  }
end

#set_sso_issuerObject 



57
58
59
60
61
62
63
 
# File 'lib/osso/models/identity_provider.rb', line 57

def set_sso_issuer
  parts = [domain, oauth_client_id]

  parts.unshift('https:/') if ENTITY_ID_URI_REQUIRED.any?(service)

  self.sso_issuer = parts.join('/')
end

#set_statusObject 



53
54
55
 
# File 'lib/osso/models/identity_provider.rb', line 53

def set_status
  self.status = 'configured' if sso_url && sso_cert && pending?
end

#sso_cert_validObject 



79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/osso/models/identity_provider.rb', line 79

def sso_cert_valid
  return if sso_cert.blank?

  has_header_and_footer = sso_cert.match(/#{PEM_HEADER}(?<cert>.*)#{PEM_FOOTER}/m)

  if has_header_and_footer
    OpenSSL::X509::Certificate.new(sso_cert)
    self.sso_cert = has_header_and_footer[:cert]
  else
    OpenSSL::X509::Certificate.new([PEM_HEADER, sso_cert, PEM_FOOTER].join)
  end
rescue OpenSSL::X509::CertificateError
  errors.add(:sso_cert, 'x509 Certificate is malformed')
end