31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# File 'lib/onelogin/saml/response.rb', line 31
def process(settings, as_of: Time.now)
@settings = settings
@logger = settings.logger
return unless @response
@in_response_to = untrusted_find_first("/samlp:Response")['InResponseTo'] rescue nil
@destination = untrusted_find_first("/samlp:Response")['Destination'] rescue nil
@status_message = untrusted_find_first("/samlp:Response/samlp:Status/samlp:StatusCode").content rescue nil
@name_id = trusted_find_first("saml:Assertion/saml:Subject/saml:NameID").content rescue nil
@name_identifier_format = trusted_find_first("saml:Assertion/saml:Subject/saml:NameID")["Format"] rescue nil
@name_qualifier = trusted_find_first("saml:Assertion/saml:Subject/saml:NameID")["NameQualifier"] rescue nil
@sp_name_qualifier = trusted_find_first("saml:Assertion/saml:Subject/saml:NameID")["SPNameQualifier"] rescue nil
@session_index = trusted_find_first("saml:Assertion/saml:AuthnStatement")["SessionIndex"] rescue nil
@issue_instant = trusted_find_first("saml:Assertion")["IssueInstant"] rescue nil
@saml_attributes = {}
trusted_find("saml:Attribute").each do |attr|
attrname = attr['FriendlyName'] || Onelogin::ATTRIBUTES[attr['Name']] || attr['Name']
@saml_attributes[attrname] = attr.content.strip rescue nil
end
if @is_valid
@issue_instant = Time.parse(@issue_instant) if @issue_instant
if !@issue_instant
@is_valid = false
@validation_error = "No timestamp in message"
elsif @issue_instant + 5 * 60 < as_of
@is_valid = false
@validation_error = "Assertion expired"
elsif @issue_instant - 5 * 60 > as_of
@is_valid = false
@validation_error = "Assertion not yet valid"
end
end
end
|