class Saml::IdpMetadataParser

Overview

Auxiliary class to retrieve and parse the Identity Provider Metadata

This class does not validate in any way the URL that is introduced, make sure to validate it properly before use it in a parse_remote method. Read the Security warning section of the README.md file to get more info

Included Modules

Defined in:

saml/idp_metadata_parser.cr

Class Method Summary

Instance Method Summary

Class Method Detail

def self.get_idps(metadata_document : XML::Node, only_entity_id : String | Nil = nil) #

fetch IdP descriptors from a metadata document


[View source]

Instance Method Detail

def document : XML::Node #

[View source]
def options : Hash(Symbol, String)? #

[View source]
def parse(idp_metadata, options = {} of Symbol => String) #

Parse the Identity Provider metadata and update the settings with the IdP values

@param idp_metadata [String]

@param options [Hash] :settings to provide the Saml::Settings object or an hash for Settings overrides @option options [Saml::Settings, Hash] :settings the Saml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides. @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When omitted, the first entity descriptor is used. @option options [String, Array, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.

@return [Saml::Settings]


[View source]
def parse_remote(url, validate_cert = true, options = {} of Symbol => String) #

Parse the Identity Provider metadata and update the settings with the IdP values

@param url [String] Url where the XML of the Identity Provider Metadata is published. @param validate_cert [Boolean] If true and the URL is HTTPs, the cert of the domain is checked.

@param options [Hash] options used for parsing the metadata and the returned Settings instance @option options [Saml::Settings, Hash] :settings the Saml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides. @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When omitted, the first entity descriptor is used. @option options [String, Array, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.

@return [Saml::Settings]

@raise [HttpError] Failure to fetch remote IdP metadata


[View source]
def parse_remote_to_array(url, validate_cert = true, options = {} of Symbol => String) #

Parse all Identity Provider metadata and return the results as Array

@param url [String] Url where the XML of the Identity Provider Metadata is published. @param validate_cert [Boolean] If true and the URL is HTTPs, the cert of the domain is checked.

@param options [Hash] options used for parsing the metadata @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When omitted, all found IdPs are returned. @option options [String, Array, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.

@return [Array]

@raise [HttpError] Failure to fetch remote IdP metadata


[View source]
def parse_remote_to_hash(url : STring, validate_cert = true, options = {} of Symbol => String) #

Parse the Identity Provider metadata and return the results as Hash

@param url [String] Url where the XML of the Identity Provider Metadata is published. @param validate_cert [Boolean] If true and the URL is HTTPs, the cert of the domain is checked.

@param options [Hash] options used for parsing the metadata @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When omitted, the first entity descriptor is used. @option options [String, Array, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.

@return [Hash]

@raise [HttpError] Failure to fetch remote IdP metadata


[View source]
def parse_to_array(idp_metadata, options = {} of Symbol => String) #

Parse all Identity Provider metadata and return the results as Array

@param idp_metadata [String]

@param options [Hash] options used for parsing the metadata and the returned Settings instance @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When omitted, all found IdPs are returned. @option options [String, Array, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.

@return [Array]


[View source]
def parse_to_hash(idp_metadata, options = {} of Symbol => String) #

Parse the Identity Provider metadata and return the results as Hash

@param idp_metadata [String]

@param options [Hash] options used for parsing the metadata and the returned Settings instance @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When omitted, the first entity descriptor is used. @option options [String, Array, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, Array, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.

@return [Hash]


[View source]
def parse_to_idp_metadata_array(idp_metadata, options : Nil | Hash(Symbol, String) = {} of Symbol => String) #

[View source]
def response #

[View source]