@@ -18,17 +18,19 @@ def sso
18
18
end
19
19
20
20
def acs
21
- response = OneLogin :: RubySaml :: Response . new ( params [ :SAMLResponse ] )
22
- response . settings = Account . get_saml_settings
21
+ settings = Account . get_saml_settings
22
+ response = OneLogin :: RubySaml :: Response . new ( params [ :SAMLResponse ] , : settings => settings )
23
23
24
24
if response . is_valid?
25
- session [ :user_id ] = response . name_id
25
+ session [ :nameid ] = response . nameid
26
26
session [ :attributes ] = response . attributes
27
27
@attrs = session [ :attributes ]
28
28
logger . info "Sucessfully logged"
29
- logger . info "NAMEID: #{ response . name_id } "
29
+ logger . info "NAMEID: #{ response . nameid } "
30
30
render :action => :index
31
31
else
32
+ logger . info "Response Invalid. Errors: #{ response . errors } "
33
+ @errors = response . errors
32
34
render :action => :fail
33
35
end
34
36
end
@@ -69,13 +71,13 @@ def sp_logout_request
69
71
# to compare it with the response we get back
70
72
logout_request = OneLogin ::RubySaml ::Logoutrequest . new ( )
71
73
session [ :transaction_id ] = logout_request . uuid
72
- logger . info "New SP SLO for User ID: '#{ session [ :user_id ] } ', Transaction ID: '#{ session [ :transaction_id ] } '"
74
+ logger . info "New SP SLO for User ID: '#{ session [ :nameid ] } ', Transaction ID: '#{ session [ :transaction_id ] } '"
73
75
74
76
if settings . name_identifier_value . nil?
75
- settings . name_identifier_value = session [ :user_id ]
77
+ settings . name_identifier_value = session [ :nameid ]
76
78
end
77
79
78
- relayState = url_for controller : 'saml' , action : 'index'
80
+ relayState = url_for controller : 'saml' , action : 'index'
79
81
redirect_to ( logout_request . create ( settings , :RelayState => relayState ) )
80
82
end
81
83
end
@@ -84,55 +86,39 @@ def sp_logout_request
84
86
# the LogoutResponse, verify it, then actually delete our session.
85
87
def process_logout_response
86
88
settings = Account . get_saml_settings
87
-
88
- if session . has_key? :transation_id
89
- logout_response = OneLogin ::RubySaml ::Logoutresponse . new ( params [ :SAMLResponse ] , settings , :matches_request_id => session [ :transation_id ] )
90
- else
91
- logout_response = OneLogin ::RubySaml ::Logoutresponse . new ( params [ :SAMLResponse ] , settings )
92
- end
93
-
94
- logger . info "LogoutResponse is: #{ logout_response . to_s } "
89
+ request_id = session [ :transaction_id ]
90
+ logout_response = OneLogin ::RubySaml ::Logoutresponse . new ( params [ :SAMLResponse ] , settings , :matches_request_id => request_id , :get_params => params )
91
+ logger . info "LogoutResponse is: #{ logout_response . response . to_s } "
95
92
96
93
# Validate the SAML Logout Response
97
94
if not logout_response . validate
98
- logger . error "The SAML Logout Response is invalid"
95
+ error_msg = "The SAML Logout Response is invalid. Errors: #{ logout_response . errors } "
96
+ logger . error error_msg
97
+ render :inline => error_msg
99
98
else
100
99
# Actually log out this session
101
100
if logout_response . success?
102
- logger . info "Delete session for '#{ session [ :user_id ] } '"
101
+ logger . info "Delete session for '#{ session [ :nameid ] } '"
103
102
reset_session
104
103
end
105
104
end
106
105
end
107
106
108
- # Method to handle IdP initiated logouts
107
+ # Method to handle IdP initiated logouts
109
108
def idp_logout_request
110
109
settings = Account . get_saml_settings
111
- logout_request = OneLogin ::RubySaml ::SloLogoutrequest . new ( params [ :SAMLRequest ] )
112
- if !logout_request . is_valid?
113
- logger . error "IdP initiated LogoutRequest was not valid!"
114
- render :inline => logger . error
110
+ logout_request = OneLogin ::RubySaml ::SloLogoutrequest . new ( params [ :SAMLRequest ] , :settings => settings )
111
+ if not logout_request . is_valid?
112
+ error_msg = "IdP initiated LogoutRequest was not valid!. Errors: #{ logout_request . errors } "
113
+ logger . error error_msg
114
+ render :inline => error_msg
115
115
end
116
- logger . info "IdP initiated Logout for #{ logout_request . name_id } "
116
+ logger . info "IdP initiated Logout for #{ logout_request . nameid } "
117
117
118
118
# Actually log out this session
119
119
reset_session
120
120
121
- # Generate a response to the IdP. :transaction_id sets the InResponseTo
122
- # SAML message to create a reply to the IdP in the LogoutResponse.
123
- #action, content = logout_response = OneLogin::RubySaml::Logoutresponse.new(nil, settings).
124
- # create(:transaction_id => logout_request.transaction_id)
125
-
126
- #case action
127
- # when "GET"
128
- # # for GET requests, do a redirect on the content
129
- # redirect_to content
130
- # when "POST"
131
- # # for POST requests (form) render the content as HTML
132
- # render :inline => content
133
- #end logout_request_id = logout_request.id
134
-
135
- logout_response = OneLogin ::RubySaml ::SloLogoutresponse . new . create ( settings , logout_request_id , nil , :RelayState => params [ :RelayState ] )
121
+ logout_response = OneLogin ::RubySaml ::SloLogoutresponse . new . create ( settings , logout_request . id , nil , :RelayState => params [ :RelayState ] )
136
122
redirect_to logout_response
137
123
end
138
124
0 commit comments