class OneLogin::RubySaml::IdpMetadataParser

Auxiliary class to retrieve and parse the Identity Provider Metadata

Constants

DSIG
METADATA
NAME_FORMAT
SAML_ASSERTION

Attributes

document[R]

options[R]

response[R]

Public Instance Methods

parse(idp_metadata, options = {}) click to toggle source

Parse the Identity Provider metadata and update the settings with the IdP values

@param idp_metadata [String]

@param options [Hash] :settings to provide the OneLogin::RubySaml::Settings object or an hash for Settings overrides @option options [OneLogin::RubySaml::Settings, Hash] :settings the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides. @option options [Array<String>, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [Array<String>, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

@return [OneLogin::RubySaml::Settings]

# File lib/onelogin/ruby-saml/idp_metadata_parser.rb, line 76
def parse(idp_metadata, options = {})
  parsed_metadata = parse_to_hash(idp_metadata, options)

  settings = options[:settings]

  if settings.nil?
    OneLogin::RubySaml::Settings.new(parsed_metadata)
  elsif settings.is_a?(Hash)
    OneLogin::RubySaml::Settings.new(settings.merge(parsed_metadata))
  else
    merge_parsed_metadata_into(settings, parsed_metadata)
  end
end

parse_remote(url, validate_cert = true, options = {}) click to toggle source

Parse the Identity Provider metadata and update the settings with the IdP values

@param url [String] Url where the XML of the Identity Provider Metadata is published. @param validate_cert [Boolean] If true and the URL is HTTPs, the cert of the domain is checked.

@param options [Hash] options used for parsing the metadata and the returned Settings instance @option options [OneLogin::RubySaml::Settings, Hash] :settings the OneLogin::RubySaml::Settings object which gets the parsed metadata merged into or an hash for Settings overrides. @option options [Array<String>, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [Array<String>, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

@return [OneLogin::RubySaml::Settings]

@raise [HttpError] Failure to fetch remote IdP metadata

# File lib/onelogin/ruby-saml/idp_metadata_parser.rb, line 42
def parse_remote(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse(idp_metadata, options)
end

parse_remote_to_hash(url, validate_cert = true, options = {}) click to toggle source

Parse the Identity Provider metadata and return the results as Hash

@param url [String] Url where the XML of the Identity Provider Metadata is published. @param validate_cert [Boolean] If true and the URL is HTTPs, the cert of the domain is checked.

@param options [Hash] options used for parsing the metadata @option options [Array<String>, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [Array<String>, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

@return [Hash]

@raise [HttpError] Failure to fetch remote IdP metadata

# File lib/onelogin/ruby-saml/idp_metadata_parser.rb, line 60
def parse_remote_to_hash(url, validate_cert = true, options = {})
  idp_metadata = get_idp_metadata(url, validate_cert)
  parse_to_hash(idp_metadata, options)
end

parse_to_hash(idp_metadata, options = {}) click to toggle source

Parse the Identity Provider metadata and return the results as Hash

@param idp_metadata [String]

@param options [Hash] options used for parsing the metadata and the returned Settings instance @option options [Array<String>, nil] :sso_binding an ordered list of bindings to detect the single signon URL. The first binding in the list that is included in the metadata will be used. @option options [Array<String>, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used. @option options [String, nil] :entity_id when this is given, the entity descriptor for this ID is used. When ommitted, the first entity descriptor is used.

@return [Hash]

# File lib/onelogin/ruby-saml/idp_metadata_parser.rb, line 100
def parse_to_hash(idp_metadata, options = {})
  @document = REXML::Document.new(idp_metadata)
  @options = options
  @entity_descriptor = nil

  {
    :idp_entity_id => idp_entity_id,
    :name_identifier_format => idp_name_id_format,
    :idp_sso_target_url => single_signon_service_url(options),
    :idp_slo_target_url => single_logout_service_url(options),
    :idp_attribute_names => attribute_names,
    :idp_cert => nil,
    :idp_cert_fingerprint => nil,
    :idp_cert_multi => nil
  }.tap do |response_hash|
    merge_certificates_into(response_hash) unless certificates.nil?
  end
end