Add support for the wfresh option

README.md

@@ -96,6 +96,7 @@ posted. Defaults to the OmniAuth callback URL. **Optional**
 
 * `:saml_version` - The version of SAML tokens. **Defaults to 2**.
 
+* `:wfresh` - Indicates the freshness requirements (the maximum authentication age in minutes). **Optional**.
 
 ## Authors and Credits ##
 

lib/omniauth/strategies/wsfed/auth_request.rb

@@ -32,18 +32,23 @@ def wsfed_signin_request
           wreply  = url_encode(strategy_settings[:reply])
           wct     = url_encode(Time.now.utc)
           whr     = url_encode(args[:whr])
+          wfresh  = url_encode(strategy_settings[:wfresh])
 
           query_string = "?wa=#{wa}&wtrealm=#{wtrealm}&wreply=#{wreply}&wctx=#{}&wct=#{wct}"
 
           unless whr.nil? or whr.empty?
             query_string = "#{query_string}&whr=#{whr}"
           end
 
+          unless wfresh.nil? or wfresh.empty?
+            query_string = "#{query_string}&wfresh=#{wfresh}"
+          end
+
           strategy_settings[:issuer] + query_string
         end
 
       end
 
     end
   end
-end
+end

spec/omniauth/strategies/wsfed/auth_request_spec.rb

@@ -8,7 +8,8 @@
         :issuer                     => 'https://c4sc.accesscontrol.windows.net.com/v2/wsfederation',
         :realm                      => 'http://c4sc.com/security_realm',
         :reply                      => 'http://rp.c4sc.com/auth/wsfed',
-        :home_realm_discovery_path  => 'auth/home_realm_discovery'
+        :home_realm_discovery_path  => 'auth/home_realm_discovery',
+        :wfresh                     => 0
     }
   end
 
@@ -85,6 +86,10 @@
       request.wsfed_signin_request.should include "wct=#{ERB::Util.url_encode(time)}"
     end
 
+    it 'should include the freshness param [wfresh]' do
+      request.wsfed_signin_request.should include "wfresh=0"
+    end
+
     describe 'Url-Encoded Home Realm Parameter [whr]' do
 
       let(:home_realm) { 'http://identity.c4sc.com/trust' }
@@ -104,4 +109,4 @@
 
   end
 
-end
+end