Sha256: a25447cd4b51da45eb09d3a80ec0624819ddf24866219f39ca1df35c034d71c7
Contents?: true
Size: 1.88 KB
Versions: 2
Compression:
Stored size: 1.88 KB
Contents
module Saml module Kit module Bindings class HttpRedirect < Binding include Serializable def initialize(location:) super(binding: Saml::Kit::Bindings::HTTP_REDIRECT, location: location) end def serialize(builder, relay_state: nil) builder.sign = false builder.destination = location document = builder.build [UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}] end def deserialize(params) document = deserialize_document_from!(params) ensure_valid_signature!(params, document) document.signature_verified! document end private def deserialize_document_from!(params) xml = inflate(decode(unescape(saml_param_from(params)))) Saml::Kit.logger.debug(xml) Saml::Kit::Document.to_saml_document(xml) end def ensure_valid_signature!(params, document) return if params['Signature'].blank? || params['SigAlg'].blank? signature = decode(params['Signature']) canonical_form = ['SAMLRequest', 'SAMLResponse', 'RelayState', 'SigAlg'].map do |key| value = params[key] value.present? ? "#{key}=#{value}" : nil end.compact.join('&') valid = document.provider.verify(algorithm_for(params['SigAlg']), signature, canonical_form) raise ArgumentError.new("Invalid Signature") unless valid end def algorithm_for(algorithm) case algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i when 256 OpenSSL::Digest::SHA256.new when 384 OpenSSL::Digest::SHA384.new when 512 OpenSSL::Digest::SHA512.new else OpenSSL::Digest::SHA1.new end end end end end end
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
saml-kit-0.2.5 | lib/saml/kit/bindings/http_redirect.rb |
saml-kit-0.2.4 | lib/saml/kit/bindings/http_redirect.rb |