class Saml::Response

Overview

SAML2 Authentication Response. SAML Response

Included Modules

Defined in:

saml/response.cr

Constant Summary

ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
AVAILABLE_OPTIONS = [:allowed_clock_drift, :check_duplicated_attributes, :matches_request_id, :settings, :skip_audience, :skip_authnstatement, :skip_conditions, :skip_destination, :skip_recipient_check, :skip_subject_confirmation]

Response available options This is not a whitelist to allow people extending Saml:Response and pass custom options

DSIG = "http://www.w3.org/2000/09/xmldsig#"
PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
XENC = "http://www.w3.org/2001/04/xmlenc#"

Constructors

Instance Method Summary

Instance methods inherited from module Saml::ErrorHandling

append_error(error_msg : String, soft_override : Bool | Nil = nil) append_error, errors errors, errors_messages errors_messages, errors_messages=(errors_messages) errors_messages=, reset_errors! reset_errors!

Instance methods inherited from class Saml::SamlMessage

id(document) id, valid_saml?(document, soft = true) valid_saml?, version(document) version

Constructor Detail

def self.new(response : String | Nil, options = {} of Symbol => OptionValue) #

Constructs the SAML Response. A Response Object that is an extension of the SamlMessage class. @param response [String] A UUEncoded SAML response from the IdP. @param options [Hash] :settings to provide the Saml::Settings object Or some options for the response validation process like skip the conditions validation with the :skip_conditions, or allow a clock_drift when checking dates with :allowed_clock_drift or :matches_request_id that will validate that the response matches the ID of the request, or skip the subject confirmation validation with the :skip_subject_confirmation option or skip the recipient validation of the subject confirmation element with :skip_recipient_check option or skip the audience validation with :skip_audience option


[View source]

Instance Method Detail

def allowed_clock_drift #

returns the allowed clock drift on timing validation @return [Float]


[View source]
def assertion_encrypted? #

Checks if the SAML Response contains or not an EncryptedAssertion element @return [Boolean] True if the SAML Response contains an EncryptedAssertion element


[View source]
def assertion_id #

[View source]
def attributes #

Gets the Attributes from the AttributeStatement element.

All attributes can be iterated over +attributes.each+ or returned as array by +attributes.all+ For backwards compatibility ruby-saml returns by default only the first value for a given attribute with attributes['name'] To get all of the attributes, use: attributes.multi('name') Or turn off the compatibility: Saml::Attributes.single_value_compatibility = false Now this will return an array: attributes['name']

@return [Attributes] Saml::Attributes enumerable collection. @raise [ValidationError] if there are 2+ Attribute with the same Name


[View source]
def audiences #

@return [Array] The Audience elements from the Contitions of the SAML Response.


[View source]
def conditions #

Gets the Condition Element of the SAML Response if exists. (returns the first node that matches the supplied xpath) @return [XML::Node] Conditions Element if exists


[View source]
def decrypted_document : XMLSecurity::SignedDocument | Nil #

[View source]
def destination #

@return [String|nil] Destination attribute from the SAML Response.


[View source]
def document : XMLSecurity::SignedDocument #

[View source]
def errors : Array(String) #

[View source]
def in_response_to #

@return [String|nil] The InResponseTo attribute from the SAML Response.


[View source]
def is_valid?(collect_errors = false) #

Validates the SAML Response with the default values (soft = true) @param collect_errors [Boolean] Stop validation when first error appears or keep validating. (if soft=true) @return [Boolean] TRUE if the SAML Response is valid


[View source]
def issuers #

Gets the Issuers (from Response and Assertion). (returns the first node that matches the supplied xpath from the Response and from the Assertion) @return [Array] Array with the Issuers (XML::Node)


[View source]
def name_id #

@return [String] the NameID provided by the SAML response from the IdP.


[View source]
def name_id_format #

@return [String] the NameID Format provided by the SAML response from the IdP.


[View source]
def name_id_namequalifier #

@return [String] the NameID NameQualifier provided by the SAML response from the IdP.


[View source]
def name_id_spnamequalifier #

@return [String] the NameID SPNameQualifier provided by the SAML response from the IdP.


[View source]
def nameid #

[View source]
def nameid_format #

[View source]
def not_before #

Gets the NotBefore Condition Element value. @return [Time] The NotBefore value in Time format


[View source]
def not_on_or_after #

Gets the NotOnOrAfter Condition Element value. @return [Time] The NotOnOrAfter value in Time format


[View source]
def options : Hash(Symbol, OptionValue) #

[View source]
def options=(options : Hash(Symbol, OptionValue)) #

[View source]
def response : String #

[View source]
def response_id #

[View source]
def session_expires_at #

Gets the SessionNotOnOrAfter from the AuthnStatement. Could be used to set the local session expiration (expire at latest) @return [String] The SessionNotOnOrAfter value


[View source]
def sessionindex #

Gets the SessionIndex from the AuthnStatement. Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the IdP, to set what specific session must be deleted @return [String] SessionIndex Value


[View source]
def settings : Saml::Settings #

Saml::Settings Toolkit settings


[View source]
def settings=(settings : Saml::Settings) #

Saml::Settings Toolkit settings


[View source]
def soft : Bool #

[View source]
def soft=(soft : Bool) #

[View source]
def status_code #

@return [String] StatusCode value from a SAML Response.


[View source]
def status_message #

@return [String] the StatusMessage value from a SAML Response.


[View source]
def success? #

Checks if the Status has the "Success" code @return [Boolean] True if the StatusCode is Sucess


[View source]