001 (ns ring.ring-okta.saml
002 (:require [clojure.data.codec.base64 :as b64]
003 [clojure.string :as string])
004 (:import (com.okta.saml SAMLValidator)))
005
006 (defn- get-saml-response [saml-response okta-config validator]
007 (let [config (.getConfiguration validator okta-config)
008 decoded-saml-response (String. (b64/decode (.getBytes saml-response "UTF-8")))]
009 (.getSAMLResponse validator decoded-saml-response config)))
010
011 (defn- get-valid-user-id [saml-response okta-config validator]
012 (let [valid-saml-response (get-saml-response saml-response okta-config validator)]
013 (.getUserID valid-saml-response)))
014
015 (defn respond-to-okta-post [okta-config params]
016 {:redirect-url (:RelayState params)
017 :authenticated-user-email (string/lower-case
018 (get-valid-user-id (:SAMLResponse params) okta-config (SAMLValidator.)))})