module Saml module Kit # This class is used to parse the IDPSSODescriptor from a SAML metadata document. # # raw_xml = <<-XML # # # # # urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress # # # # # # XML # # metadata = Saml::Kit::IdentityProviderMetadata.new(raw_xml) # puts metadata.entity_id # # It can also be used to generate IDP metadata. # # metadata = Saml::Kit::IdentityProviderMetadata.build do |builder| # builder.entity_id = "my-entity-id" # end # puts metadata.to_xml # # For more details on generating metadata see {Saml::Kit::Metadata}. # # Example: # # {include:file:spec/examples/identity_provider_metadata_spec.rb} class IdentityProviderMetadata < Metadata def initialize(xml) super("IDPSSODescriptor", xml) end # Returns the IDPSSODescriptor/@WantAuthnRequestsSigned attribute. def want_authn_requests_signed xpath = "/md:EntityDescriptor/md:#{name}" attribute = document.find_by(xpath).attribute("WantAuthnRequestsSigned") return true if attribute.nil? attribute.text.downcase == "true" end # Returns each of the SingleSignOnService elements. def single_sign_on_services services('SingleSignOnService') end # Returns a SingleSignOnService elements with the specified binding. # # @param binding [Symbol] `:http_post` or `:http_redirect`. def single_sign_on_service_for(binding:) service_for(binding: binding, type: 'SingleSignOnService') end # Returns each of the Attributes in the metadata. def attributes document.find_all("/md:EntityDescriptor/md:#{name}/saml:Attribute").map do |item| { format: item.attribute("NameFormat").try(:value), name: item.attribute("Name").value, } end end # Creates a AuthnRequest document for the specified binding. # # @param binding [Symbol] `:http_post` or `:http_redirect`. # @param relay_state [Object] The RelayState to include the returned SAML params. # @param configuration [Saml::Kit::Configuration] the configuration to use for generating the request. # @return [Array] The url and saml params encoded using the rules for the specified binding. def login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration) # :yields builder builder = Saml::Kit::AuthenticationRequest.builder(configuration: configuration) do |x| x.embed_signature = want_authn_requests_signed yield x if block_given? end request_binding = single_sign_on_service_for(binding: binding) request_binding.serialize(builder, relay_state: relay_state) end # @!visibility private def self.builder_class Saml::Kit::Builders::IdentityProviderMetadata end end end end