# frozen_string_literal: true
module Saml
module Kit
# This class can be used to parse a SAML AuthnRequest or generate one.
#
# To generate an AuthnRequest use the builder API.
#
# request = AuthenticationRequest.build do |builder|
# builder.name_id_format = [Saml::Kit::Namespaces::EMAIL_ADDRESS]
# end
#
#
#
# Day of the Dangerous Cousins
#
#
#
# Example:
#
# {include:file:spec/examples/authentication_request_spec.rb}
class AuthenticationRequest < Document
include Requestable
# Create an instance of an AuthnRequest document.
#
# @param xml [String] the raw xml.
# @param configuration [Saml::Kit::Configuration] defaults to the global
# configuration.
def initialize(xml, configuration: Saml::Kit.configuration)
super(xml, name: 'AuthnRequest', configuration: configuration)
end
# Extract the AssertionConsumerServiceURL from the AuthnRequest
#
#
def assertion_consumer_service_url
at_xpath('./*/@AssertionConsumerServiceURL').try(:value)
end
def name_id_format
name_id_policy
end
# Extract the NameIDPolicy from the AuthnRequest
#
#
#
def name_id_policy
at_xpath('./*/samlp:NameIDPolicy/@Format').try(:value)
end
# Generate a Response for a specific user.
# @param user [Object] this is a custom user object that can be used for
# generating a nameid and assertion attributes.
# @param binding [Symbol] the SAML binding to use
# `:http_post` or `:http_redirect`.
# @param configuration [Saml::Kit::Configuration] the configuration to
# use to build the response.
def response_for(
user, binding:, relay_state: nil, configuration: Saml::Kit.configuration
)
response =
Response.builder(user, self, configuration: configuration) do |x|
x.embed_signature = provider.want_assertions_signed
yield x if block_given?
end
provider
.assertion_consumer_service_for(binding: binding)
.serialize(response, relay_state: relay_state)
end
end
end
end