Merge pull request #13 from zendesk/amartinez/name_id_options

Ana Martinez · Ana Martinez · commit 1642bd11575c · 2014-09-02T11:48:31.000-07:00
Add support to get an array of name_id_options
diff --git a/lib/samlr/assertion.rb b/lib/samlr/assertion.rb
@@ -48,7 +48,11 @@ def attributes
     end
 
     def name_id
-      @name_id ||= assertion.at("./saml:Subject/saml:NameID", NS_MAP).text
+      @name_id ||= name_id_node.text
+    end
+
+    def name_id_options
+      @name_id_options ||= Hash[name_id_node.attributes.map{|k,v| [k, v.value]}]
     end
 
     def conditions
@@ -57,6 +61,10 @@ def conditions
 
     private
 
+    def name_id_node
+      @name_id_node ||= assertion.at("./saml:Subject/saml:NameID", NS_MAP)
+    end
+
     def assertion
       @assertion ||= document.at(location, NS_MAP)
     end
diff --git a/lib/samlr/response.rb b/lib/samlr/response.rb
@@ -7,7 +7,7 @@ module Samlr
   class Response
     extend Forwardable
 
-    def_delegators :assertion, :name_id, :attributes
+    def_delegators :assertion, :name_id, :attributes, :name_id_options
     attr_reader :document, :options
 
     def initialize(data, options)
diff --git a/lib/samlr/tools/response_builder.rb b/lib/samlr/tools/response_builder.rb
@@ -9,16 +9,18 @@ module Tools
     module ResponseBuilder
 
       def self.build(options = {})
-        issue_instant   = options[:issue_instant]  || Samlr::Tools::Timestamp.stamp
-        response_id     = options[:response_id]    || Samlr::Tools.uuid
-        assertion_id    = options[:assertion_id]   || Samlr::Tools.uuid
-        status_code     = options[:status_code]    || "urn:oasis:names:tc:SAML:2.0:status:Success"
-        name_id_format  = options[:name_id_format] || EMAIL_FORMAT
-        subject_conf_m  = options[:subject_conf_m] || "urn:oasis:names:tc:SAML:2.0:cm:bearer"
-        version         = options[:version]        || "2.0"
-        auth_context    = options[:auth_context]   || "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
-        issuer          = options[:issuer]         || "ResponseBuilder IdP"
-        attributes      = options[:attributes]     || {}
+        issue_instant     = options[:issue_instant]  || Samlr::Tools::Timestamp.stamp
+        response_id       = options[:response_id]    || Samlr::Tools.uuid
+        assertion_id      = options[:assertion_id]   || Samlr::Tools.uuid
+        status_code       = options[:status_code]    || "urn:oasis:names:tc:SAML:2.0:status:Success"
+        name_id_format    = options[:name_id_format] || EMAIL_FORMAT
+        subject_conf_m    = options[:subject_conf_m] || "urn:oasis:names:tc:SAML:2.0:cm:bearer"
+        version           = options[:version]        || "2.0"
+        auth_context      = options[:auth_context]   || "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+        issuer            = options[:issuer]         || "ResponseBuilder IdP"
+        attributes        = options[:attributes]     || {}
+        name_qualifier    = options[:name_qualifier]
+        sp_name_qualifier = options[:sp_name_qualifier]
 
         # Mandatory for responses
         destination     = options.fetch(:destination)
@@ -49,7 +51,11 @@ def self.build(options = {})
                 xml["saml"].Issuer(issuer)
 
                 xml["saml"].Subject do
-                  xml["saml"].NameID(name_id, "Format" => name_id_format)
+                  name_id_options = { "Format" => name_id_format}
+                  name_id_options.merge!("NameQualifier" => name_qualifier) unless name_qualifier.nil?
+                  name_id_options.merge!("SPNameQualifier" => sp_name_qualifier) unless sp_name_qualifier.nil?
+
+                  xml["saml"].NameID(name_id, name_id_options)
 
                   xml["saml"].SubjectConfirmation("Method" => subject_conf_m) do
                     xml["saml"].SubjectConfirmationData("InResponseTo" => in_response_to, "NotOnOrAfter" => not_on_or_after, "Recipient" => destination)
diff --git a/test/unit/test_assertion.rb b/test/unit/test_assertion.rb
@@ -28,6 +28,15 @@
     end
   end
 
+  describe "#name_id_options" do
+    subject { fixed_saml_response(:name_qualifier => 'portal-happyservice-idp', :sp_name_qualifier => 'happyservice.zendesk.com').assertion }
+
+    it "returns the options for the NameID element" do
+      expected = {"Format"=>"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "NameQualifier"=>"portal-happyservice-idp", "SPNameQualifier"=>"happyservice.zendesk.com"}
+      assert_equal expected, subject.name_id_options
+    end
+  end
+
   describe "#verify!" do
     let(:condition) do
       Class.new do
