+ attribute names to IdP data

alex-wood · alex-wood · commit c1fbac66fca7 · 2016-04-14T18:50:02.000-07:00
diff --git a/lib/onelogin/ruby-saml/idp_metadata_parser.rb b/lib/onelogin/ruby-saml/idp_metadata_parser.rb
@@ -16,8 +16,10 @@ module RubySaml
     #
     class IdpMetadataParser
 
-      METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
-      DSIG     = "http://www.w3.org/2000/09/xmldsig#"
+      METADATA       = "urn:oasis:names:tc:SAML:2.0:metadata"
+      DSIG           = "http://www.w3.org/2000/09/xmldsig#"
+      NAME_FORMAT    = "urn:oasis:names:tc:SAML:2.0:attrname-format:*"
+      SAML_ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
 
       attr_reader :document
       attr_reader :response
@@ -46,6 +48,7 @@ def parse(idp_metadata)
           settings.idp_slo_target_url = single_logout_service_url
           settings.idp_cert = certificate_base64
           settings.idp_cert_fingerprint = fingerprint
+          settings.idp_attribute_names = attribute_names
         end
       end
 
@@ -166,6 +169,17 @@ def fingerprint
           end
         end
       end
+
+      # @return [Array] the names of all SAML attributes if any exist
+      #
+      def attribute_names
+        nodes = REXML::XPath.match(
+          document,
+          "/md:EntityDescriptor/md:IDPSSODescriptor/saml:Attribute/@Name",
+          { "md" => METADATA, "NameFormat" => NAME_FORMAT, "saml" => SAML_ASSERTION }
+        )
+        nodes.map(&:value)
+      end
     end
   end
 end
diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb
@@ -28,6 +28,7 @@ def initialize(overrides = {})
       attr_accessor :idp_cert
       attr_accessor :idp_cert_fingerprint
       attr_accessor :idp_cert_fingerprint_algorithm
+      attr_accessor :idp_attribute_names
       # SP Data
       attr_accessor :issuer
       attr_accessor :assertion_consumer_service_url
