Class: OneLogin::RubySaml::SloLogoutresponse

Inherits:

SamlMessage

• Object
• SamlMessage
• OneLogin::RubySaml::SloLogoutresponse

Defined in:

lib/onelogin/ruby-saml/slo_logoutresponse.rb

Overview

SAML2 Logout Response (SLO SP initiated, Parser)

Constant Summary

Constants inherited from SamlMessage

OneLogin::RubySaml::SamlMessage::ASSERTION, OneLogin::RubySaml::SamlMessage::BASE64_FORMAT, OneLogin::RubySaml::SamlMessage::PROTOCOL

Instance Attribute Summary

• #uuid ⇒ Object

  Logout Response ID.

Instance Method Summary

• #create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil) ⇒ String

  Creates the Logout Response string.

• #create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil) ⇒ String

  Creates the SAMLResponse String.

• #create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil) ⇒ Hash

  Creates the Get parameters for the logout response.

• #create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil) ⇒ Object
• #initialize ⇒ SloLogoutresponse constructor

  Initializes the Logout Response.

• #response_id ⇒ Object
• #sign_document(document, settings) ⇒ Object

Methods inherited from SamlMessage

#id, schema, #valid_saml?, #version

Constructor Details

#initialize ⇒ SloLogoutresponse

Initializes the Logout Response. A SloLogoutresponse Object that is an extension of the SamlMessage class. Asigns an ID, a random uuid.

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 21

def initialize
  @uuid = OneLogin::RubySaml::Utils.uuid
end

Instance Attribute Details

#uuid ⇒ Object

Logout Response ID

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 16

def uuid
  @uuid
end

Instance Method Details

#create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil) ⇒ String

Creates the Logout Response string.

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 37

def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
  params = create_params(settings, request_id, logout_message, params, logout_status_code)
  params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
  url = settings.idp_slo_response_service_url || settings.idp_slo_service_url
  saml_response = CGI.escape(params.delete("SAMLResponse"))
  response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
  params.each_pair do |key, value|
    response_params << "&#{key}=#{CGI.escape(value.to_s)}"
  end

  raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if url.nil? or url.empty?
  @logout_url = url + response_params
end

#create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil) ⇒ String

Creates the SAMLResponse String.

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 109

def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil)
  document = create_xml_document(settings, request_id, logout_message, logout_status_code)
  sign_document(document, settings)
end

#create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil) ⇒ Hash

Creates the Get parameters for the logout response.

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 59

def create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
  # The method expects :RelayState but sometimes we get 'RelayState' instead.
  # Based on the HashWithIndifferentAccess value in Rails we could experience
  # conflicts so this line will solve them.
  relay_state = params[:RelayState] || params['RelayState']

  if relay_state.nil?
    params.delete(:RelayState)
    params.delete('RelayState')
  end

  response_doc = create_logout_response_xml_doc(settings, request_id, logout_message, logout_status_code)
  response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values

  response = ""
  response_doc.write(response)

  Logging.debug "Created SLO Logout Response: #{response}"

  response = deflate(response) if settings.compress_response
  base64_response = encode(response)
  response_params = {"SAMLResponse" => base64_response}

  if settings.idp_slo_service_binding == Utils::BINDINGS[:redirect] && settings.security[:logout_responses_signed] && settings.private_key
    params['SigAlg']    = settings.security[:signature_method]
    url_string = OneLogin::RubySaml::Utils.build_query(
      :type => 'SAMLResponse',
      :data => base64_response,
      :relay_state => relay_state,
      :sig_alg => params['SigAlg']
    )
    sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
    signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
    params['Signature'] = encode(signature)
  end

  params.each_pair do |key, value|
    response_params[key] = value.to_s
  end

  response_params
end

#create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil) ⇒ Object

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 114

def create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil)
  time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')

  response_doc = XMLSecurity::Document.new
  response_doc.uuid = uuid

  destination = settings.idp_slo_response_service_url || settings.idp_slo_service_url


  root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
  root.attributes['ID'] = uuid
  root.attributes['IssueInstant'] = time
  root.attributes['Version'] = '2.0'
  root.attributes['InResponseTo'] = request_id unless request_id.nil?
  root.attributes['Destination'] = destination unless destination.nil? or destination.empty?

  if settings.sp_entity_id != nil
    issuer = root.add_element "saml:Issuer"
    issuer.text = settings.sp_entity_id
  end

  # add status
  status = root.add_element 'samlp:Status'

  # status code
  status_code ||= 'urn:oasis:names:tc:SAML:2.0:status:Success'
  status_code_elem = status.add_element 'samlp:StatusCode'
  status_code_elem.attributes['Value'] = status_code

  # status message
  logout_message ||= 'Successfully Signed Out'
  status_message = status.add_element 'samlp:StatusMessage'
  status_message.text = logout_message

  response_doc
end

#response_id ⇒ Object

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 25

def response_id
  @uuid
end

#sign_document(document, settings) ⇒ Object

# File 'lib/onelogin/ruby-saml/slo_logoutresponse.rb', line 151

def sign_document(document, settings)
  # embed signature
  if settings.idp_slo_service_binding == Utils::BINDINGS[:post] && settings.private_key && settings.certificate
    private_key = settings.get_sp_key
    cert = settings.get_sp_cert
    document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
  end

  document
end