From 1a820b6027fc48337f0eb8eb1bb35b0acfaec130 Mon Sep 17 00:00:00 2001
From: Ralf Kistner <ralf@journeyapps.com>
Date: Wed, 5 Sep 2018 14:13:28 +0200
Subject: [PATCH] Add support for the wfresh option.

---
 README.md                                           | 1 +
 lib/omniauth/strategies/wsfed/auth_request.rb       | 7 ++++++-
 spec/omniauth/strategies/wsfed/auth_request_spec.rb | 9 +++++++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 0c177e9..9c824fb 100644
--- a/README.md
+++ b/README.md
@@ -96,6 +96,7 @@ posted. Defaults to the OmniAuth callback URL. **Optional**
 
 * `:saml_version` - The version of SAML tokens. **Defaults to 2**.
 
+* `:wfresh` - Indicates the freshness requirements (the maximum authentication age in minutes). **Optional**.
 
 ## Authors and Credits ##
 
diff --git a/lib/omniauth/strategies/wsfed/auth_request.rb b/lib/omniauth/strategies/wsfed/auth_request.rb
index d834a15..d2ea197 100644
--- a/lib/omniauth/strategies/wsfed/auth_request.rb
+++ b/lib/omniauth/strategies/wsfed/auth_request.rb
@@ -32,6 +32,7 @@ def wsfed_signin_request
           wreply  = url_encode(strategy_settings[:reply])
           wct     = url_encode(Time.now.utc)
           whr     = url_encode(args[:whr])
+          wfresh  = url_encode(strategy_settings[:wfresh])
 
           query_string = "?wa=#{wa}&wtrealm=#{wtrealm}&wreply=#{wreply}&wctx=#{}&wct=#{wct}"
 
@@ -39,6 +40,10 @@ def wsfed_signin_request
             query_string = "#{query_string}&whr=#{whr}"
           end
 
+          unless wfresh.nil? or wfresh.empty?
+            query_string = "#{query_string}&wfresh=#{wfresh}"
+          end
+
           strategy_settings[:issuer] + query_string
         end
 
@@ -46,4 +51,4 @@ def wsfed_signin_request
 
     end
   end
-end
\ No newline at end of file
+end
diff --git a/spec/omniauth/strategies/wsfed/auth_request_spec.rb b/spec/omniauth/strategies/wsfed/auth_request_spec.rb
index a09d70c..811ad22 100644
--- a/spec/omniauth/strategies/wsfed/auth_request_spec.rb
+++ b/spec/omniauth/strategies/wsfed/auth_request_spec.rb
@@ -8,7 +8,8 @@
         :issuer                     => 'https://c4sc.accesscontrol.windows.net.com/v2/wsfederation',
         :realm                      => 'http://c4sc.com/security_realm',
         :reply                      => 'http://rp.c4sc.com/auth/wsfed',
-        :home_realm_discovery_path  => 'auth/home_realm_discovery'
+        :home_realm_discovery_path  => 'auth/home_realm_discovery',
+        :wfresh                     => 0
     }
   end
 
@@ -85,6 +86,10 @@
       request.wsfed_signin_request.should include "wct=#{ERB::Util.url_encode(time)}"
     end
 
+    it 'should include the freshness param [wfresh]' do
+      request.wsfed_signin_request.should include "wfresh=0"
+    end
+
     describe 'Url-Encoded Home Realm Parameter [whr]' do
 
       let(:home_realm) { 'http://identity.c4sc.com/trust' }
@@ -104,4 +109,4 @@
 
   end
 
-end
\ No newline at end of file
+end