Class: Onelogin::Saml::Response

Inherits:

Object

• Object
• Onelogin::Saml::Response

Defined in:

lib/onelogin/ruby-saml/response.rb

Constant Summary

ASSERTION =

"urn:oasis:names:tc:SAML:2.0:assertion"

PROTOCOL =

"urn:oasis:names:tc:SAML:2.0:protocol"

DSIG =

"http://www.w3.org/2000/09/xmldsig#"

Instance Attribute Summary

• #document ⇒ Object

  Returns the value of attribute document.

• #options ⇒ Object

  Returns the value of attribute options.

• #response ⇒ Object

  Returns the value of attribute response.

• #settings ⇒ Object

  Returns the value of attribute settings.

Instance Method Summary

• #attributes ⇒ Object

  A hash of alle the attributes with the response.

• #conditions ⇒ Object

  Conditions (if any) for the assertion to run.

• #initialize(response, options = {}) ⇒ Response constructor

  A new instance of Response.

• #is_valid? ⇒ Boolean
• #issuer ⇒ Object
• #name_id ⇒ Object

  The value of the user identifier as designated by the initialization request response.

• #session_expires_at ⇒ Object

  When this user session should expire at latest.

• #success? ⇒ Boolean

  Checks the status of the response for a “Success” code.

• #validate! ⇒ Object

Constructor Details

#initialize(response, options = {}) ⇒ Response

Returns a new instance of Response.

Raises:

• (ArgumentError)

# File 'lib/onelogin/ruby-saml/response.rb', line 20

def initialize(response, options = {})
  raise ArgumentError.new("Response cannot be nil") if response.nil?
  self.options  = options
  self.response = response
  begin
    self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
  rescue REXML::ParseException => e
    if response =~ /</
      self.document = XMLSecurity::SignedDocument.new(response)
    else
      raise e
    end
  end
  
end

Instance Attribute Details

#document ⇒ Object

Returns the value of attribute document.

# File 'lib/onelogin/ruby-saml/response.rb', line 18

def document
  @document
end

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/onelogin/ruby-saml/response.rb', line 18

def options
  @options
end

#response ⇒ Object

Returns the value of attribute response.

# File 'lib/onelogin/ruby-saml/response.rb', line 18

def response
  @response
end

#settings ⇒ Object

Returns the value of attribute settings.

# File 'lib/onelogin/ruby-saml/response.rb', line 18

def settings
  @settings
end

Instance Method Details

#attributes ⇒ Object

A hash of alle the attributes with the response. Assuming there is only one value for each key

# File 'lib/onelogin/ruby-saml/response.rb', line 56

def attributes
  @attr_statements ||= begin
    result = {}

    stmt_element = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AttributeStatement", { "p" => PROTOCOL, "a" => ASSERTION })
    return {} if stmt_element.nil?

    stmt_element.elements.each do |attr_element|
      name  = attr_element.attributes["Name"]
      value = attr_element.elements.first.text

      result[name] = value
    end

    result.keys.each do |key|
      result[key.intern] = result[key]
    end

    result
  end
end

#conditions ⇒ Object

Conditions (if any) for the assertion to run

# File 'lib/onelogin/ruby-saml/response.rb', line 95

def conditions
  @conditions ||= begin
    REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
  end
end

#is_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/onelogin/ruby-saml/response.rb', line 36

def is_valid?
  validate
end

#issuer ⇒ Object

# File 'lib/onelogin/ruby-saml/response.rb', line 101

def issuer
  @issuer ||= begin
    node = REXML::XPath.first(document, "/p:Response/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
    node ||= REXML::XPath.first(document, "/p:Response/a:Assertion/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
    node.nil? ? nil : node.text
  end
end

#name_id ⇒ Object

The value of the user identifier as designated by the initialization request response

# File 'lib/onelogin/ruby-saml/response.rb', line 45

def name_id
  @name_id ||= begin
    # non va..  node = REXML::XPath.first(document, "/saml2p:Response/saml2:Assertion[@ID='#{document.signed_element_id}']/saml2:Subject/saml2:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
    node = REXML::XPath.first(document, "/saml2p:Response/saml2:Assertion[@ID='#{document.signed_element_id}']/saml2:Subject/saml2:NameID")
    #node ||=  REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id}']/a:Assertion/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
    node ||=  REXML::XPath.first(document, "/saml2p:Response[@ID='#{document.signed_element_id}']/saml2:Assertion/saml2:Subject/saml2:NameID")
    node.nil? ? nil : node.text
  end
end

#session_expires_at ⇒ Object

When this user session should expire at latest

# File 'lib/onelogin/ruby-saml/response.rb', line 79

def session_expires_at
  @expires_at ||= begin
    node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
    parse_time(node, "SessionNotOnOrAfter")
  end
end

#success? ⇒ Boolean

Checks the status of the response for a “Success” code

Returns:

• (Boolean)

# File 'lib/onelogin/ruby-saml/response.rb', line 87

def success?
  @status_code ||= begin
    node = REXML::XPath.first(document, "/p:Response/p:Status/p:StatusCode", { "p" => PROTOCOL, "a" => ASSERTION })
    node.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
  end
end

#validate! ⇒ Object

# File 'lib/onelogin/ruby-saml/response.rb', line 40

def validate!
  validate(false)
end