Skip to content

Commit 709b4c0

Browse files
pitbulkpitbulk
authored
Merge pull request SAML-Toolkits#345 from pkarman/multiple-authn-context
Support multiple settings.auth_context
2 parents 7d48ca8 + 9c10696 commit 709b4c0

File tree

3 files changed

+17
-2
lines changed

3 files changed

+17
-2
lines changed

README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,11 @@ def saml_settings
175175
176176
# Optional for most SAML IdPs
177177
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
178+
# or as an array
179+
settings.authn_context = [
180+
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
181+
"urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
182+
]
178183
179184
# Optional bindings (defaults to Redirect for logout POST for acs)
180185
settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

lib/onelogin/ruby-saml/authrequest.rb

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,8 +136,11 @@ def create_xml_document(settings)
136136
}
137137

138138
if settings.authn_context != nil
139-
class_ref = requested_context.add_element "saml:AuthnContextClassRef"
140-
class_ref.text = settings.authn_context
139+
authn_contexts = settings.authn_context.is_a?(Array) ? settings.authn_context : [settings.authn_context]
140+
authn_contexts.each do |authn_context|
141+
class_ref = requested_context.add_element "saml:AuthnContextClassRef"
142+
class_ref.text = authn_context
143+
end
141144
end
142145
# add saml:AuthnContextDeclRef element
143146
if settings.authn_context_decl_ref != nil

test/request_test.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,13 @@ class RequestTest < Minitest::Test
152152
assert_match /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/, auth_doc.to_s
153153
end
154154

155+
it "create multiple saml:AuthnContextClassRef elements correctly" do
156+
settings.authn_context = ['secure/name/password/uri', 'secure/email/password/uri']
157+
auth_doc = OneLogin::RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
158+
assert_match /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/, auth_doc.to_s
159+
assert_match /<saml:AuthnContextClassRef>secure\/email\/password\/uri<\/saml:AuthnContextClassRef>/, auth_doc.to_s
160+
end
161+
155162
it "create the saml:AuthnContextClassRef with comparison exact" do
156163
settings.authn_context = 'secure/name/password/uri'
157164
auth_doc = OneLogin::RubySaml::Authrequest.new.create_authentication_xml_doc(settings)

0 commit comments

Comments
 (0)