See #563 Add ValidUntil and cacheDuration support on Metadata generat…

…e method
SAML-Toolkits · Jan 26, 2021 · 92d6caf · 92d6caf
1 parent 4fe698c
commit 92d6caf
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -765,6 +765,14 @@ class SamlController < ApplicationController
 end
 ```
 
+You can add ValidUntil and CacheDuration to the XML Metadata using instead
+```ruby
+  # Valid until => 2 days from now
+  # Cache duration = 604800s = 1 week
+  valid_until = Time.now + 172800
+  cache_duration = 604800
+  meta.generate(settings, false, valid_until, cache_duration)
+```
 
 ## Clock Drift
 

diff --git a/lib/onelogin/ruby-saml/metadata.rb b/lib/onelogin/ruby-saml/metadata.rb
@@ -15,9 +15,11 @@ class Metadata
       # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
       # @param pretty_print [Boolean] Pretty print or not the response
       #                               (No pretty print if you gonna validate the signature)
+      # @param valid_until [DateTime] Metadata's valid time
+      # @param cache_duration [Integer] Duration of the cache in seconds
       # @return [String] XML Metadata of the Service Provider
       #
-      def generate(settings, pretty_print=false)
+      def generate(settings, pretty_print=false, valid_until=nil, cache_duration=nil)
         meta_doc = XMLSecurity::Document.new
         namespaces = {
             "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
@@ -60,6 +62,12 @@ def generate(settings, pretty_print=false)
         if settings.sp_entity_id
           root.attributes["entityID"] = settings.sp_entity_id
         end
+        if valid_until
+          root.attributes["validUntil"] = valid_until.strftime('%Y-%m-%dT%H:%M:%S%z')
+        end
+        if cache_duration
+          root.attributes["cacheDuration"] = "PT" + cache_duration.to_s + "S"
+        end
         if settings.single_logout_service_url
           sp_sso.add_element "md:SingleLogoutService", {
               "Binding" => settings.single_logout_service_binding,

diff --git a/test/metadata_test.rb b/test/metadata_test.rb
@@ -75,6 +75,18 @@ class MetadataTest < Minitest::Test
       assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
     end
 
+    it "generates Service Provider Metadata with ValidUntil and CacheDuration" do
+      valid_until = Time.now + 172800
+      cache_duration = 604800
+      xml_metadata = OneLogin::RubySaml::Metadata.new.generate(settings, false, valid_until, cache_duration)
+      start = "<?xml version='1.0' encoding='UTF-8'?><md:EntityDescriptor"
+      assert_equal xml_metadata[0..start.length-1],start
+
+      doc_metadata = REXML::Document.new(xml_metadata)
+      assert_equal valid_until.strftime('%Y-%m-%dT%H:%M:%S%z'), REXML::XPath.first(doc_metadata, "//md:EntityDescriptor").attribute("validUntil").value
+      assert_equal "PT604800S", REXML::XPath.first(doc_metadata, "//md:EntityDescriptor").attribute("cacheDuration").value
+    end
+
     describe "WantAssertionsSigned" do
       it "generates Service Provider Metadata with WantAssertionsSigned = false" do
         settings.security[:want_assertions_signed] = false