Commit 2e57485

mo <mo@mokhan.ca>
2017-11-17 00:19:33
delegate to binding to deserialize.
main
1 parent 9be3846
Changed files (3)
app
controllers
metadata_controller.rb
sessions_controller.rb
models
idp.rb
app/controllers/metadata_controller.rb
@@ -7,23 +7,7 @@ class MetadataController < ApplicationController
 
   def to_xml
     Rails.cache.fetch(metadata_url, expires_in: 1.hour) do
-      builder = Saml::Kit::IdentityProviderMetadata::Builder.new
-      builder.sign = false
-      builder.contact_email = 'hi@example.com'
-      builder.organization_name = "Acme, Inc"
-      builder.organization_url = root_url
-      builder.add_single_sign_on_service(new_session_url, binding: :post)
-      builder.add_single_sign_on_service(new_session_url, binding: :http_redirect)
-      builder.add_single_logout_service(logout_url, binding: :post)
-      builder.name_id_formats = [
-        Saml::Kit::Namespaces::EMAIL_ADDRESS,
-        Saml::Kit::Namespaces::PERSISTENT,
-        Saml::Kit::Namespaces::TRANSIENT,
-      ]
-      builder.attributes << :id
-      builder.attributes << :email
-      builder.attributes << :created_at
-      builder.build.to_xml
+      Idp.default(request).to_xml
     end
   end
 end
app/controllers/sessions_controller.rb
@@ -34,9 +34,22 @@ class SessionsController < ApplicationController
   end
 
   def load_saml_request(raw_saml_request = session[:SAMLRequest] || params[:SAMLRequest])
-    @saml_request = Saml::Kit::Request.deserialize(raw_saml_request)
+    @saml_request = binding_for(request).deserialize(params)
+    #@saml_request = Saml::Kit::Request.deserialize(raw_saml_request)
     if @saml_request.invalid?
       render_error(:forbidden, model: @saml_request)
     end
   end
+
+  def idp
+    Idp.default(request)
+  end
+
+  def binding_for(request)
+    if request.post?
+      idp.single_sign_on_service_for(binding: :post)
+    else
+      idp.single_sign_on_service_for(binding: :http_redirect)
+    end
+  end
 end
app/models/idp.rb
@@ -0,0 +1,28 @@
+class Idp
+  class << self
+
+    def default(request)
+      @idp ||= begin
+        host = "#{request.protocol}#{request.host}:#{request.port}"
+        url_helpers = Rails.application.routes.url_helpers
+        builder = Saml::Kit::IdentityProviderMetadata::Builder.new
+        builder.sign = false
+        builder.contact_email = 'hi@example.com'
+        builder.organization_name = "Acme, Inc"
+        builder.organization_url = url_helpers.root_url(host: host)
+        builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :post)
+        builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_redirect)
+        builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :post)
+        builder.name_id_formats = [
+          Saml::Kit::Namespaces::EMAIL_ADDRESS,
+          Saml::Kit::Namespaces::PERSISTENT,
+          Saml::Kit::Namespaces::TRANSIENT,
+        ]
+        builder.attributes << :id
+        builder.attributes << :email
+        builder.attributes << :created_at
+        builder.build
+        end
+    end
+  end
+end