Skip to content

Commit 57791f0

Browse files
pitbulkbcgraham
pitbulk
authored and
bcgraham
committed
Add support to retrieve from SAMLResponse the AuthnInstant and AuthnContextClassRef values. See SAML-Toolkits#718 
1 parent ec8937a commit 57791f0

3 files changed

Lines changed: 45 additions & 2 deletions

File tree

CHANGELOG.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
# Ruby SAML Changelog
22

33
### 2.0.0
4+
* [#718](https://github.com/SAML-Toolkits/ruby-saml/pull/718/) Add support to retrieve from SAMLResponse the AuthnInstant and AuthnContextClassRef values
45
* [#685](https://github.com/SAML-Toolkits/ruby-saml/pull/685) Remove `OneLogin` namespace. The root namespace of the gem is now `RubySaml`.
56
* [#685](https://github.com/SAML-Toolkits/ruby-saml/pull/685) Create namespace alias `OneLogin = Object` for backward compatibility, to be removed in version `2.1.0`.
67
* [#685](https://github.com/SAML-Toolkits/ruby-saml/pull/685) Change directly structure from `lib/onelogin/ruby-saml` to `lib/ruby_saml`.
@@ -256,9 +257,9 @@
256257
### 1.0.0 (June 30, 2015)
257258
* [#247](https://github.com/SAML-Toolkits/ruby-saml/pull/247) Avoid entity expansion (XEE attacks)
258259
* [#246](https://github.com/SAML-Toolkits/ruby-saml/pull/246) Fix bug generating Logout Response (issuer was at wrong order)
259-
* [#243](https://github.com/SAML-Toolkits/ruby-saml/issues/243) and [#244](https://github.com/onelogin/ruby-saml/issues/244) Fix metadata builder errors. Fix metadata xsd.
260+
* [#243](https://github.com/SAML-Toolkits/ruby-saml/issues/243) and [#244](https://github.com/SAML-Toolkits/ruby-saml/issues/244) Fix metadata builder errors. Fix metadata xsd.
260261
* [#241](https://github.com/SAML-Toolkits/ruby-saml/pull/241) Add decrypt support (EncryptID and EncryptedAssertion). Improve compatibility with namespaces.
261-
* [#240](https://github.com/SAML-Toolkits/ruby-saml/pull/240) and [#238](https://github.com/onelogin/ruby-saml/pull/238) Improve test coverage and refactor.
262+
* [#240](https://github.com/SAML-Toolkits/ruby-saml/pull/240) and [#238](https://github.com/SAML-Toolkits/ruby-saml/pull/238) Improve test coverage and refactor.
262263
* [#239](https://github.com/SAML-Toolkits/ruby-saml/pull/239) Improve security: Add more validations to SAMLResponse, LogoutRequest and LogoutResponse. Refactor code and improve tests coverage.
263264
* [#237](https://github.com/SAML-Toolkits/ruby-saml/pull/237) Don't pretty print metadata by default.
264265
* [#235](https://github.com/SAML-Toolkits/ruby-saml/pull/235) Remove the soft parameter from validation methods. Now can be configured on the settings and each class read it and store as an attribute of the class. Adding some validations and refactor old ones.

lib/ruby_saml/response.rb

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,27 @@ def session_expires_at
201201
end
202202
end
203203

204+
# Gets the AuthnInstant from the AuthnStatement.
205+
# Could be used to require re-authentication if a long time has passed
206+
# since the last user authentication.
207+
# @return [String] AuthnInstant value
208+
#
209+
def authn_instant
210+
@authn_instant ||= begin
211+
node = xpath_first_from_signed_assertion('/a:AuthnStatement')
212+
node.nil? ? nil : node.attributes['AuthnInstant']
213+
end
214+
end
215+
216+
# Gets the AuthnContextClassRef from the AuthnStatement
217+
# Could be used to require re-authentication if the assertion
218+
# did not met the requested authentication context class.
219+
# @return [String] AuthnContextClassRef value
220+
#
221+
def authn_context_class_ref
222+
@authn_context_class_ref ||= Utils.element_text(xpath_first_from_signed_assertion('/a:AuthnStatement/a:AuthnContext/a:AuthnContextClassRef'))
223+
end
224+
204225
# Checks if the Status has the "Success" code
205226
# @return [Boolean] True if the StatusCode is Sucess
206227
#

test/response_test.rb

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1357,6 +1357,27 @@ def generate_audience_error(expected, actual)
13571357
end
13581358
end
13591359

1360+
# Gets the AuthnInstant from the AuthnStatement.
1361+
# Could be used to require re-authentication if a long time has passed
1362+
# since the last user authentication.
1363+
# @return [String] AuthnInstant value
1364+
#
1365+
def authn_instant
1366+
@authn_instant ||= begin
1367+
node = xpath_first_from_signed_assertion('/a:AuthnStatement')
1368+
node.nil? ? nil : node.attributes['AuthnInstant']
1369+
end
1370+
end
1371+
1372+
# Gets the AuthnContextClassRef from the AuthnStatement
1373+
# Could be used to require re-authentication if the assertion
1374+
# did not met the requested authentication context class.
1375+
# @return [String] AuthnContextClassRef value
1376+
#
1377+
def authn_context_class_ref
1378+
@authn_context_class_ref ||= Utils.element_text(xpath_first_from_signed_assertion('/a:AuthnStatement/a:AuthnContext/a:AuthnContextClassRef'))
1379+
end
1380+
13601381
describe "#success" do
13611382
it "find a status code that says success" do
13621383
response.success?

0 commit comments

Comments
 (0)