class OneLogin::RubySaml::Logoutresponse

SAML2 Logout Response (SLO IdP initiated, Parser)

Attributes

document[R]
options[R]
response[R]
settings[RW]

OneLogin::RubySaml::Settings Toolkit settings

soft[RW]

Public Instance Methods

in_response_to() click to toggle source

@return [String|nil] Gets the InResponseTo attribute from the Logout Response if exists.

# File lib/onelogin/ruby-saml/logoutresponse.rb, line 63
def in_response_to
  @in_response_to ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutResponse",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    node.nil? ? nil : node.attributes['InResponseTo']
  end
end
issuer() click to toggle source

@return [String] Gets the Issuer from the Logout Response.

# File lib/onelogin/ruby-saml/logoutresponse.rb, line 76
def issuer
  @issuer ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutResponse/a:Issuer",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    node.nil? ? nil : node.text
  end
end
status_code() click to toggle source

@return [String] Gets the StatusCode from a Logout Response.

# File lib/onelogin/ruby-saml/logoutresponse.rb, line 89
def status_code
  @status_code ||= begin
    node = REXML::XPath.first(document, "/p:LogoutResponse/p:Status/p:StatusCode", { "p" => PROTOCOL, "a" => ASSERTION })
    node.nil? ? nil : node.attributes["Value"]
  end
end
status_message() click to toggle source 
# File lib/onelogin/ruby-saml/logoutresponse.rb, line 96
def status_message
  @status_message ||= begin
    node = REXML::XPath.first(
      document,
      "/p:LogoutResponse/p:Status/p:StatusMessage",
      { "p" => PROTOCOL, "a" => ASSERTION }
    )
    node.text if node
  end
end
success?() click to toggle source

Checks if the Status has the “Success” code @return [Boolean] True if the StatusCode is Sucess @raise [ValidationError] if soft == false and validation fails

# File lib/onelogin/ruby-saml/logoutresponse.rb, line 54
def success?
  unless status_code == "urn:oasis:names:tc:SAML:2.0:status:Success"
    return append_error("Bad status code. Expected <urn:oasis:names:tc:SAML:2.0:status:Success>, but was: <#@status_code>")
  end
  true
end
validate(collect_errors = false) click to toggle source

Aux function to validate the Logout Response @param collect_errors [Boolean] Stop validation when first error appears or keep validating. (if soft=true) @return [Boolean] TRUE if the SAML Response is valid @raise [ValidationError] if soft == false and validation fails

# File lib/onelogin/ruby-saml/logoutresponse.rb, line 112
def validate(collect_errors = false)
  reset_errors!

  validations = [
    :valid_state?,
    :validate_success_status,
    :validate_structure,
    :valid_in_response_to?,
    :valid_issuer?,
    :validate_signature
  ]

  if collect_errors
    validations.each { |validation| send(validation) }
    @errors.empty?
  else
    validations.all? { |validation| send(validation) }
  end
end

Public Class Methods

new(response, settings = nil, options = {}) click to toggle source

Constructs the Logout Response. A Logout Response Object that is an extension of the SamlMessage class. @param response [String] A UUEncoded logout response from the IdP. @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings @param options [Hash] Extra parameters.

:matches_request_id It will validate that the logout response matches the ID of the request.
:get_params GET Parameters, including the SAMLResponse
:relax_signature_validation to accept signatures if no idp certificate registered on settings

@raise [ArgumentError] if response is nil

# File lib/onelogin/ruby-saml/logoutresponse.rb, line 34
def initialize(response, settings = nil, options = {})
  @errors = []
  raise ArgumentError.new("Logoutresponse cannot be nil") if response.nil?
  @settings = settings

  if settings.nil? || settings.soft.nil?
    @soft = true
  else
    @soft = settings.soft
  end

  @options = options
  @response = decode_raw_saml(response)
  @document = XMLSecurity::SignedDocument.new(@response)
end