ExSaml.Core.Sp (ex_saml v1.0.2)

Copy Markdown View Source

SAML Service Provider (SP) operations.

Pure Elixir port of the Erlang esaml_sp module. Provides functions for generating and validating SAML AuthnRequests, LogoutRequests, LogoutResponses, Assertions, and SP metadata.

Summary

Types

dupe_fun()
xml()

Functions

generate_authn_request(idp_url, sp)

Generates an AuthnRequest XML element.

generate_authn_request(idp_url, sp, format)

Generates an AuthnRequest XML element with an optional NameID format.

generate_logout_request(idp_url, name_id, sp)

Generates a LogoutRequest XML element.

generate_logout_request(idp_url, session_index, subject, sp)

Generates a LogoutRequest XML element with a session index and Subject.

generate_logout_response(idp_url, status, sp)

Generates a LogoutResponse XML element.

generate_metadata(sp)

Generates SP metadata as an XML element.

setup(sp)

Initializes and validates an SP configuration.

validate_assertion(xml, sp)

Validates and decodes a SAML Response XML element.

validate_assertion(xml, duplicate_fun, sp)

Validates and decodes a SAML Response XML element.

validate_logout_request(xml, sp)

Validates and decodes a LogoutRequest XML element.

validate_logout_response(xml, sp)

Validates and decodes a LogoutResponse XML element.

xmlAttribute(args \\ [])
xmlAttribute(record, args)
xmlElement(args \\ [])
xmlElement(record, args)
xmlNamespace(args \\ [])
xmlNamespace(record, args)
xmlText(args \\ [])
xmlText(record, args)

Types

dupe_fun()

@type dupe_fun() :: (ExSaml.Core.Assertion.t(), binary() -> :ok | term())

xml()

@type xml() ::
  {:xmlElement, name :: term(), expanded_name :: term(), nsinfo :: term(),
   namespace :: term(), parents :: term(), pos :: term(), attributes :: term(),
   content :: term(), language :: term(), xmlbase :: term(),
   elementdef :: term()}

Functions

generate_authn_request(idp_url, sp)

@spec generate_authn_request(String.t(), ExSaml.Core.SpConfig.t()) :: xml()

Generates an AuthnRequest XML element.

Delegates to generate_authn_request/3 with nil name ID format.

generate_authn_request(idp_url, sp, format)

@spec generate_authn_request(String.t(), ExSaml.Core.SpConfig.t(), String.t() | nil) ::
  xml()

Generates an AuthnRequest XML element with an optional NameID format.

Returns a signed XML element when SP signing is enabled, otherwise an unsigned element with a generated ID attribute.

generate_logout_request(idp_url, name_id, sp)

@spec generate_logout_request(String.t(), String.t(), ExSaml.Core.SpConfig.t()) ::
  xml()

Generates a LogoutRequest XML element.

Delegates to generate_logout_request/4 with an empty session index and a Subject built from the given name ID string.

generate_logout_request(idp_url, session_index, subject, sp)

@spec generate_logout_request(
  String.t(),
  String.t(),
  ExSaml.Core.Subject.t(),
  ExSaml.Core.SpConfig.t()
) ::
  xml()

Generates a LogoutRequest XML element with a session index and Subject.

generate_logout_response(idp_url, status, sp)

@spec generate_logout_response(String.t(), atom(), ExSaml.Core.SpConfig.t()) :: xml()

Generates a LogoutResponse XML element.

generate_metadata(sp)

@spec generate_metadata(ExSaml.Core.SpConfig.t()) :: xml()

Generates SP metadata as an XML element.

setup(sp)

@spec setup(ExSaml.Core.SpConfig.t()) :: ExSaml.Core.SpConfig.t()

Initializes and validates an SP configuration.

Validates that metadata_uri and consume_uri are set. Converts trusted fingerprints to normalised binaries. Enables request and metadata signing when both key and certificate are present.

Raises on invalid configuration.

validate_assertion(xml, sp)

@spec validate_assertion(xml(), ExSaml.Core.SpConfig.t()) ::
  {:ok, ExSaml.Core.Assertion.t()} | {:error, term()}

Validates and decodes a SAML Response XML element.

Uses a no-op duplicate detection function.

validate_assertion(xml, duplicate_fun, sp)

@spec validate_assertion(xml(), dupe_fun(), ExSaml.Core.SpConfig.t()) ::
  {:ok, ExSaml.Core.Assertion.t()} | {:error, term()}

Validates and decodes a SAML Response XML element.

The duplicate_fun callback receives the decoded assertion and the XML digest, and should return :ok or an error term to reject duplicates.

validate_logout_request(xml, sp)

@spec validate_logout_request(xml(), ExSaml.Core.SpConfig.t()) ::
  {:ok, ExSaml.Core.LogoutRequest.t()} | {:error, term()}

Validates and decodes a LogoutRequest XML element.

validate_logout_response(xml, sp)

@spec validate_logout_response(xml(), ExSaml.Core.SpConfig.t()) ::
  {:ok, ExSaml.Core.LogoutResponse.t()} | {:error, term()}

Validates and decodes a LogoutResponse XML element.

xmlAttribute(args \\ [])

(macro)

xmlAttribute(record, args)

(macro)

xmlElement(args \\ [])

(macro)

xmlElement(record, args)

(macro)

xmlNamespace(args \\ [])

(macro)

xmlNamespace(record, args)

(macro)

xmlText(args \\ [])

(macro)

xmlText(record, args)

(macro)