ciam-es 0.0.4 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2c95972cdf7b32821388e97e603ea364dc931f90cda2486a5abf1194321c122c
4
- data.tar.gz: c4d30ceb0b06f5821bd8b3aebf918633cfcd1e8a1e121cf9e16922be08f8c3a8
3
+ metadata.gz: 61fa7e58944e649c13d8c872011c0a430802cb41e2c5916ef6318d9cbcf79eee
4
+ data.tar.gz: bffd2ddb51a8a3a2b4b1c1846c737ec1b6ff481ee8e526e58521a805e78b1e4f
5
5
  SHA512:
6
- metadata.gz: 9a417f946d748ddff58a0bd68d12863d3b5e1e76acca57575d5103d78dc40f5fccf5cf251bbd38144a194fc3c0f887684606622351527778b767e9d53693998b
7
- data.tar.gz: 00164d85b86389012330941c6d317ab2fdf18b85e9a75b3881f718fc71714832feb65c40c055824d99c26f657362aa79ca49cc7bc0895507bc32e55652d206c6
6
+ metadata.gz: 49f4eee88f81279ffc7281b7d0e432111c4c828f83b3c10ca1c66e61a64c3ed9cd7fec22ae9d6d7896a6e4145c3d1b0e45f58144ba5b8ffb9ec4f4dd6d919251
7
+ data.tar.gz: 5c68801db14538ba766d5d0bf437c42c6ea5385ba529524604938f51646445879beeb2e689d09af178199728df5d684f67d9be13b1ebb976aec3486bcaf94df1
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'ciam-es'
5
- s.version = '0.0.4'
5
+ s.version = '0.0.9'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
@@ -41,26 +41,24 @@ module Ciam::Saml
41
41
  request_doc.context[:attribute_quote] = :quote
42
42
 
43
43
 
44
- root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL }
44
+ root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL, "xmlns:saml" => ASSERTION }
45
45
  root.attributes['ID'] = @transaction_id
46
46
  root.attributes['IssueInstant'] = @issue_instant
47
47
  root.attributes['Version'] = "2.0"
48
48
  root.attributes['Destination'] = @settings.single_logout_destination
49
49
 
50
- issuer = root.add_element "saml2:Issuer", { "xmlns:saml2" => ASSERTION }
51
- issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
52
- #issuer.text = @settings.issuer
53
- #per la federazione trentina qui ci vanno i metadati...
54
- issuer.text = @settings.idp_metadata
50
+ issuer = root.add_element "saml:Issuer"#, { "xmlns:saml2" => ASSERTION }
51
+ #issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
52
+ issuer.text = @settings.issuer
55
53
 
56
- name_id = root.add_element "saml2:NameID", { "xmlns:saml2" => ASSERTION }
54
+ name_id = root.add_element "saml:NameID"#, { "xmlns:saml2" => ASSERTION }
57
55
  name_id.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
58
56
  name_id.attributes['NameQualifier'] = @settings.idp_name_qualifier
59
57
  name_id.text = opt[:name_id]
60
58
  # I believe the rest of these are optional
61
- if @settings && @settings.sp_name_qualifier
62
- name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
63
- end
59
+ # if @settings && @settings.sp_name_qualifier
60
+ # name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
61
+ # end
64
62
  if opt[:session_index]
65
63
  session_index = root.add_element "samlp:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
66
64
  session_index.text = opt[:session_index]
@@ -5,13 +5,15 @@ require "rexml/document"
5
5
  module Ciam
6
6
  module Saml
7
7
  class LogoutResponse
8
- include Coding
8
+ include Coding
9
9
  include Request
10
10
  ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
11
11
  PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
12
12
  DSIG = "http://www.w3.org/2000/09/xmldsig#"
13
13
 
14
- def initialize( options = { } )
14
+ attr_accessor :settings
15
+
16
+ def initialize( options = { } )
15
17
  opt = { :response => nil, :settings => nil }.merge(options)
16
18
  # We've recieved a LogoutResponse from the IdP
17
19
  if opt[:response]
@@ -32,7 +34,7 @@ module Ciam
32
34
  if opt[:settings]
33
35
  @settings = opt[:settings]
34
36
  end
35
- end
37
+ end
36
38
 
37
39
  # Create a LogoutResponse to to the IdP's LogoutRequest
38
40
  # (For IdP initiated SLO)
@@ -42,70 +44,85 @@ module Ciam
42
44
  :status => "urn:oasis:names:tc:SAML:2.0:status:Success",
43
45
  :extra_parameters => nil }.merge(options)
44
46
  return nil if opt[:transaction_id].nil?
45
- @response = REXML::Document.new
46
- @response.context[:attribute_quote] = :quote
47
+ response_doc = Ciam::XMLSecurityNew::Document.new
48
+ response_doc.context[:attribute_quote] = :quote
49
+
47
50
  uuid = "_" + UUID.new.generate
48
51
  time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
49
- root = @response.add_element "saml2p:LogoutResponse", { "xmlns:saml2p" => PROTOCOL }
52
+ root = response_doc.add_element "saml2p:LogoutResponse", { "xmlns:saml2p" => PROTOCOL }
50
53
  root.attributes['ID'] = uuid
51
54
  root.attributes['IssueInstant'] = time
52
55
  root.attributes['Version'] = "2.0"
56
+ root.attributes['Destination'] = @settings.single_logout_destination
53
57
  # Just convenient naming to accept both names as InResponseTo
54
58
  if opt[:transaction_id]
55
59
  root.attributes['InResponseTo'] = opt[:transaction_id]
56
60
  elsif opt[:in_response_to]
57
61
  root.attributes['InResponseTo'] = opt[:in_response_to]
58
62
  end
59
- if opt[:status]
60
- status = root.add_element "saml2p:Status"
61
- status_code = status.add_element "saml2p:StatusCode", {
62
- "Value" => opt[:status]
63
- }
64
- end
65
63
  if @settings && @settings.issuer
66
64
  issuer = root.add_element "saml:Issuer", {
67
65
  "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion"
68
66
  }
69
67
  issuer.text = @settings.issuer
70
68
  end
71
- meta = Metadata.new( @settings )
72
- Logging.debug "Created LogoutResponse:\n#{@response}"
73
- return meta.create_slo_response( to_s, opt[:extra_parameters] )
69
+
70
+ response_doc << REXML::XMLDecl.new("1.0", "UTF-8")
71
+ #sign logout_response
72
+ cert = @settings.get_cert(@settings.sp_cert)
73
+
74
+ # embed signature
75
+ if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
76
+ private_key = @settings.get_sp_key
77
+ response_doc.sign_document(private_key, cert)
78
+ end
74
79
 
75
- #root.attributes['Destination'] = action
80
+ if opt[:status]
81
+ status = root.add_element "saml2p:Status"
82
+ status_code = status.add_element "saml2p:StatusCode", {
83
+ "Value" => opt[:status]
84
+ }
85
+ end
86
+
87
+ Logging.debug "Created LogoutResponse:\n #{response_doc}"
76
88
 
89
+ return response_doc.to_s
90
+
77
91
  end
92
+
78
93
  # function to return the created request as an XML document
79
94
  def to_xml
80
95
  text = ""
81
96
  @response.write(text, 1)
82
97
  return text
83
98
  end
99
+
84
100
  def to_s
85
101
  @response.to_s
86
102
  end
87
103
 
88
- def issuer
89
- element = REXML::XPath.first(@response, "/p:LogoutResponse/a:Issuer", {
90
- "p" => PROTOCOL, "a" => ASSERTION} )
91
- return nil if element.nil?
92
- element.text
93
- end
104
+ def issuer
105
+ element = REXML::XPath.first(@response, "/p:LogoutResponse/a:Issuer", {
106
+ "p" => PROTOCOL, "a" => ASSERTION} )
107
+ return nil if element.nil?
108
+ element.text
109
+ end
94
110
 
95
- def in_response_to
111
+ def in_response_to
96
112
  element = REXML::XPath.first(@response, "/p:LogoutResponse", {
97
113
  "p" => PROTOCOL })
98
114
  return nil if element.nil?
99
- element.attributes["InResponseTo"]
100
- end
115
+ element.attributes["InResponseTo"]
116
+ end
101
117
 
102
- def success?
118
+ def success?
103
119
  element = REXML::XPath.first(@response, "/p:LogoutResponse/p:Status/p:StatusCode", {
104
120
  "p" => PROTOCOL })
105
121
  return false if element.nil?
106
- element.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
107
-
108
- end
122
+ element.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
123
+
124
+ end
125
+
109
126
  def is_valid?
110
127
  validate(soft = true)
111
128
  end
@@ -113,6 +130,7 @@ module Ciam
113
130
  def validate!
114
131
  validate( soft = false )
115
132
  end
133
+
116
134
  def validate( soft = true )
117
135
  return false if @response.nil?
118
136
  # Skip validation with a failed response if we don't have settings
@@ -123,10 +141,12 @@ module Ciam
123
141
 
124
142
  end
125
143
 
126
- protected
144
+ protected
145
+
127
146
  def document
128
147
  REXML::Document.new(@response)
129
148
  end
130
- end
149
+
150
+ end
131
151
  end
132
152
  end
@@ -98,8 +98,13 @@ module Ciam
98
98
  parse_time(node, "SessionNotOnOrAfter")
99
99
  end
100
100
  end
101
-
102
101
 
102
+ def session_index
103
+ @session_index ||= begin
104
+ node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
105
+ node.attributes["SessionIndex"] unless node.blank?
106
+ end
107
+ end
103
108
 
104
109
  # Checks the status of the response for a "Success" code
105
110
  def success?
@@ -166,12 +171,6 @@ module Ciam
166
171
 
167
172
  }
168
173
 
169
- issuer_assertion_nodes.each{ |iss|
170
- #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
171
- return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
172
-
173
- }
174
-
175
174
  nodes = issuer_response_nodes + issuer_assertion_nodes
176
175
 
177
176
  nodes.map { |node| Utils.element_text(node) }.compact.uniq
@@ -1,5 +1,5 @@
1
1
  module Ciam
2
2
  module Saml
3
- VERSION = '0.6.0'
3
+ VERSION = '0.7.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ciam-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-06 00:00:00.000000000 Z
11
+ date: 2020-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix