dynamics_crm 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b36fe4188ed46fabe0f74049683a5ba9498e1842
-  data.tar.gz: 616ab5e8a0d26d6a91b99f7dfeb8033852c80edf
+  metadata.gz: dbd8933df47587a12b12a2115afbb57d2e8d2b1c
+  data.tar.gz: 8343d6d884713b0956e71a9ffcde12c6364302b3
 SHA512:
-  metadata.gz: 43a30dd93693e0a8b4fe60ae61046560d0ec2c9ce50e158e297e6000e4e311579518df3f6ff0eddd07a40f2bd85488c72328d0cd12ec36536388f51f2f3a5f11
-  data.tar.gz: d3055f511ad34189d3451e9b81f71584e7d3ee4e3be73e577c7d220ff98d4777a18a1416feb7d13430df65946c1ba8b7a04f3d3359b6800b9dc00c2000510270
+  metadata.gz: dec2cf3cd88e6bfbba5ec88fb0d7cf237539de43c2b1102ed3e736df9e20d41dab7713e519ffba54299e8e2c2cb3bd259794f49d37c0f5fbf62d8681cb86f5d0
+  data.tar.gz: 9cc80f8452b8dd72280ef9ac1ca5900bd96f77676ae2f905923e1ea18cc04fed3c338a4a4ce8bf16b7c3e520cf66af7e60d67a0f43733ce1b2fd1265c41e6690

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.5.0 (December 19, 2014)
+
+* Adds On-Premise Authenticate support with specified hostname. PR #18
+
+## 0.4.1 (November 23)
+
+* Switch to TLS. SSLv3 has been disabled. PR #19
+
 ## 0.4.0 (October 11, 2014)
 
 * Adds FetchXml module (Builder, Entity, LinkEntity) for building Xml document. (New dependency on builder)

data/lib/dynamics_crm/client.rb

@@ -8,6 +8,9 @@
 # https://community.dynamics.com/crm/b/crmgirishraja/archive/2012/09/04/authentication-with-dynamics-crm-online-on-ocp-office-365.aspx
 
 require 'forwardable'
+require 'digest/sha1'
+require 'openssl'
+require 'open-uri'
 
 module DynamicsCRM
 
@@ -16,26 +19,28 @@ module DynamicsCRM
     include XML::MessageBuilder
 
     attr_accessor :logger, :caller_id
+    attr_reader :hostname, :region, :organization_endpoint, :login_url
+
+    OCP_LOGIN_URL = 'https://login.microsoftonline.com/RST2.srf'
 
     # Initializes Client instance.
     # Requires: organization_name
     # Optional: hostname
     def initialize(config={organization_name: nil, hostname: nil, caller_id: nil, login_url: nil, region: nil})
-      raise RuntimeError.new("organization_name is required") if config[:organization_name].nil?
+      raise RuntimeError.new("organization_name or hostname is required") if config[:organization_name].nil? && config[:hostname].nil?
 
       @organization_name = config[:organization_name]
       @hostname = config[:hostname] || "#{@organization_name}.api.crm.dynamics.com"
       @organization_endpoint = "https://#{@hostname}/XRMServices/2011/Organization.svc"
       @caller_id = config[:caller_id]
 
-
       # The Login URL and Region are located in the client's Organization WSDL.
       # https://tinderboxdev.api.crm.dynamics.com/XRMServices/2011/Organization.svc?wsdl=wsdl0
       #
       # Login URL: Policy -> Issuer -> Address
       # Region: SecureTokenService -> AppliesTo
-      @login_url = config[:login_url] || 'https://login.microsoftonline.com/RST2.srf'
-      @region = config[:region] || 'urn:crmna:dynamics.com'
+      @login_url = config[:login_url]
+      @region = config[:region] || determine_region
     end
 
     # Public: Authenticate User
@@ -51,24 +56,47 @@ module DynamicsCRM
       @username = username
       @password = password
 
-      soap_response = post(@login_url, build_ocp_request(username, password, @login_url, @region))
+      auth_request = if on_premise?
+        build_on_premise_request(username, password, region, login_url)
+      else
+        build_ocp_request(username, password, region, login_url)
+      end
+
+      soap_response = post(login_url, auth_request)
 
       document = REXML::Document.new(soap_response)
       # Check for Fault
       fault_xml = document.get_elements("//[local-name() = 'Fault']")
       raise XML::Fault.new(fault_xml) if fault_xml.any?
 
-      cipher_values = document.get_elements("//CipherValue")
-
-      if cipher_values && cipher_values.length > 0
-        @security_token0 = cipher_values[0].text
-        @security_token1 = cipher_values[1].text
-        # Use local-name() to ignore namespace.
-        @key_identifier = document.get_elements("//[local-name() = 'KeyIdentifier']").first.text
+      if on_premise?
+        @security_token0 = document.get_elements("//e:CipherValue").first.text.to_s
+        @security_token1 = document.get_elements("//xenc:CipherValue").last.text.to_s
+        @key_identifier = document.get_elements("//o:KeyIdentifier").first.text
+        @cert_issuer_name = document.get_elements("//X509IssuerName").first.text
+        @cert_serial_number = document.get_elements("//X509SerialNumber").first.text
+        @server_secret = document.get_elements("//trust:BinarySecret").first.text
+
+        @header_current_time = get_current_time
+        @header_expires_time = get_current_time_plus_hour
+        @timestamp = '<u:Timestamp xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" u:Id="_0"><u:Created>' + @header_current_time + '</u:Created><u:Expires>' + @header_expires_time + '</u:Expires></u:Timestamp>'
+        @digest_value = Digest::SHA1.base64digest @timestamp
+        @signature = '<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></SignatureMethod><Reference URI="#_0"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>' + @digest_value + '</DigestValue></Reference></SignedInfo>'
+        @signature_value = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), Base64.decode64(@server_secret), @signature)).chomp
       else
-        raise RuntimeError.new(soap_response)
+        cipher_values = document.get_elements("//CipherValue")
+
+        if cipher_values && cipher_values.length > 0
+          @security_token0 = cipher_values[0].text
+          @security_token1 = cipher_values[1].text
+          # Use local-name() to ignore namespace.
+          @key_identifier = document.get_elements("//[local-name() = 'KeyIdentifier']").first.text
+        else
+          raise RuntimeError.new(soap_response)
+        end
       end
 
+
       true
     end
 
@@ -79,7 +107,7 @@ module DynamicsCRM
       entity = XML::Entity.new(entity_name)
       entity.attributes = XML::Attributes.new(attributes)
 
-      xml_response = post(@organization_endpoint, create_request(entity))
+      xml_response = post(organization_endpoint, create_request(entity))
       return Response::CreateResult.new(xml_response)
     end
 
@@ -89,7 +117,7 @@ module DynamicsCRM
       column_set = XML::ColumnSet.new(columns)
       request = retrieve_request(entity_name, guid, column_set)
 
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
       return Response::RetrieveResult.new(xml_response)
     end
 
@@ -108,7 +136,7 @@ module DynamicsCRM
       query.criteria = XML::Criteria.new(criteria)
 
       request = retrieve_multiple_request(query)
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
       return Response::RetrieveMultipleResult.new(xml_response)
     end
 
@@ -127,20 +155,20 @@ module DynamicsCRM
       entity.attributes = XML::Attributes.new(attributes)
 
       request = update_request(entity)
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
       return Response::UpdateResponse.new(xml_response)
     end
 
     def delete(entity_name, guid)
       request = delete_request(entity_name, guid)
 
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
       return Response::DeleteResponse.new(xml_response)
     end
 
     def execute(action, parameters={}, response_class=nil)
       request = execute_request(action, parameters)
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
 
       response_class ||= Response::ExecuteResult
       return response_class.new(xml_response)
@@ -148,13 +176,13 @@ module DynamicsCRM
 
     def associate(entity_name, guid, relationship, related_entities)
       request = associate_request(entity_name, guid, relationship, related_entities)
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
       return Response::AssociateResponse.new(xml_response)
     end
 
     def disassociate(entity_name, guid, relationship, related_entities)
       request = disassociate_request(entity_name, guid, relationship, related_entities)
-      xml_response = post(@organization_endpoint, request)
+      xml_response = post(organization_endpoint, request)
       return Response::DisassociateResponse.new(xml_response)
     end
 
@@ -250,8 +278,37 @@ module DynamicsCRM
 
     protected
 
-    def post(url, request)
+    def on_premise?
+      @on_premise ||= !(hostname =~ /\.dynamics\.com/i)
+    end
+
+    def organization_wsdl
+      wsdl = open(organization_endpoint + "?wsdl=wsdl0").read
+      @organization_wsdl ||= REXML::Document.new(wsdl)
+    end
 
+    def login_url
+      @login_url ||= if on_premise?
+        (organization_wsdl.document.get_elements("//ms-xrm:Identifier").first.text + "/13/usernamemixed").gsub("http://", "https://")
+      else
+        OCP_LOGIN_URL
+      end
+    end
+
+    def determine_region
+      case hostname
+      when /crm5\.dynamics\.com/
+        "urn:crmapac:dynamics.com"
+      when /crm4\.dynamics\.com/
+        "urn:crmemea:dynamics.com"
+      when /\.dynamics\.com/
+        "urn:crmna:dynamics.com"
+      else
+        organization_endpoint
+      end
+    end
+
+    def post(url, request)
       log_xml("REQUEST", request)
 
       c = Curl::Easy.new(url) do |http|
@@ -261,7 +318,7 @@ module DynamicsCRM
         http.headers["Content-length"] = request.length
 
         http.ssl_verify_peer = false
-        http.timeout = 60
+        http.timeout = 120
         http.follow_location = true
         http.ssl_version = 1
         # http.verbose = 1
@@ -270,8 +327,9 @@ module DynamicsCRM
       if c.http_post(request)
         response = c.body_str
       else
-
+        # Do something here on error.
       end
+      c.close
 
       log_xml("RESPONSE", response)
 

data/lib/dynamics_crm/version.rb

@@ -1,3 +1,3 @@
 module DynamicsCRM
-  VERSION = "0.4.1"
+  VERSION = "0.5.0"
 end

data/lib/dynamics_crm/xml/message_builder.rb

@@ -6,8 +6,14 @@ module DynamicsCRM
         SecureRandom.uuid
       end
 
+      # have a bit of flexiblity in the create time to handle when system clocks are out of sync
       def get_current_time
-        Time.now.utc.strftime '%Y-%m-%dT%H:%M:%SZ'
+        # 5.minutes = 5 * 60
+        (Time.now - (5 * 60)).utc.strftime '%Y-%m-%dT%H:%M:%SZ'
+      end
+
+      def get_current_time_plus_hour
+        (Time.now.utc + (60*60)).strftime '%Y-%m-%dT%H:%M:%SZ'
       end
 
       def get_tomorrow_time
@@ -20,7 +26,7 @@ module DynamicsCRM
       # urn:crmna:dynamics.com - North America
       # urn:crmemea:dynamics.com - Europe, the Middle East and Africa
       # urn:crmapac:dynamics.com - Asia Pacific
-      def build_ocp_request(username, password, login_url, region)
+      def build_ocp_request(username, password, region = "urn:crmna:dynamics.com", login_url = Client::OCP_LOGIN_URL)
         %Q{
           <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
             xmlns:a="http://www.w3.org/2005/08/addressing"
@@ -59,6 +65,41 @@ module DynamicsCRM
         }
       end
 
+      def build_on_premise_request(username, password, region = "", login_url = nil)
+        %Q{
+          <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
+            xmlns:a="http://www.w3.org/2005/08/addressing">
+            <s:Header>
+              <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
+              <a:MessageID>urn:uuid:#{uuid()}</a:MessageID>
+              <a:ReplyTo>
+                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
+              </a:ReplyTo>
+              <Security s:mustUnderstand="1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                <u:Timestamp u:Id="#{uuid()}">
+                  <u:Created>#{get_current_time}</u:Created>
+                  <u:Expires>#{get_current_time_plus_hour}</u:Expires>
+                </u:Timestamp>
+                <UsernameToken u:Id="#{uuid()}">
+                  <Username>#{REXML::Text.new(username).to_s}</Username>
+                  <Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">#{REXML::Text.new(password).to_s}</Password>
+                </UsernameToken>
+              </Security>
+              <a:To s:mustUnderstand="1">#{login_url}</a:To>
+            </s:Header>
+            <s:Body>
+              <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+                <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+                  <a:EndpointReference>
+                    <a:Address>#{region}</a:Address>
+                  </a:EndpointReference>
+                </wsp:AppliesTo>
+                <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
+              </trust:RequestSecurityToken>
+            </s:Body>
+          </s:Envelope>
+        }
+      end
 
       def build_envelope(action, &block)
         %Q{
@@ -72,9 +113,66 @@ module DynamicsCRM
       end
 
       def build_header(action)
+        if @on_premise
+          build_on_premise_header(action)
+        else
+          build_ocp_header(action)
+        end
+      end
 
-        caller_id = @caller_id ? %Q{<CallerId xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">#{@caller_id}</CallerId>} : ""
+      def build_on_premise_header(action)
+        %Q{
+          <s:Header>
+            <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/xrm/2011/Contracts/Services/IOrganizationService/#{action}</a:Action>
+            <a:MessageID>urn:uuid:#{uuid()}</a:MessageID>
+            <a:ReplyTo>
+              <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
+            </a:ReplyTo>
+            <a:To s:mustUnderstand="1">#{@organization_endpoint}</a:To>
+            <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+              #{@timestamp}
+              <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                  <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
+                    <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+                      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+                    </e:EncryptionMethod>
+                    <KeyInfo>
+                      <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                        <X509Data>
+                          <X509IssuerSerial>
+                            <X509IssuerName>#{@cert_issuer_name}</X509IssuerName>
+                            <X509SerialNumber>#{@cert_serial_number}</X509SerialNumber>
+                          </X509IssuerSerial>
+                        </X509Data>
+                      </o:SecurityTokenReference>
+                    </KeyInfo>
+                    <e:CipherData>
+                      <e:CipherValue>#{@security_token0}</e:CipherValue>
+                    </e:CipherData>
+                  </e:EncryptedKey>
+                </KeyInfo>
+                <xenc:CipherData>
+                  <xenc:CipherValue>#{@security_token1}</xenc:CipherValue>
+                </xenc:CipherData>
+              </xenc:EncryptedData>
+              <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+                #{@signature}
+                <SignatureValue>#{@signature_value}</SignatureValue>
+                <KeyInfo>
+                  <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                    <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#{@key_identifier}</o:KeyIdentifier>
+                  </o:SecurityTokenReference>
+                </KeyInfo>
+              </Signature>
+            </o:Security>
+          </s:Header>
+        }
+      end
 
+      def build_ocp_header(action)
+        caller_id = @caller_id ? %Q{<CallerId xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">#{@caller_id}</CallerId>} : ""
         %Q{
           <s:Header>
            <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/xrm/2011/Contracts/Services/IOrganizationService/#{action}</a:Action>

data/spec/fixtures/request_security_token_response_onpremise.xml

@@ -0,0 +1,78 @@
+<s:Envelope xmlns:s='http://www.w3.org/2003/05/soap-envelope' xmlns:a='http://www.w3.org/2005/08/addressing' xmlns:u='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
+  <s:Header>
+    <a:Action s:mustUnderstand='1'>http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>
+    <a:RelatesTo>urn:uuid:f07eb8c1-cda5-4998-a38d-94f95be07204</a:RelatesTo>
+    <o:Security s:mustUnderstand='1' xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
+      <u:Timestamp u:Id='_0'>
+        <u:Created>2014-11-18T19:46:16.557Z</u:Created>
+        <u:Expires>2014-11-18T19:51:16.557Z</u:Expires>
+      </u:Timestamp>
+    </o:Security>
+  </s:Header>
+  <s:Body>
+    <trust:RequestSecurityTokenResponseCollection xmlns:trust='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+      <trust:RequestSecurityTokenResponse>
+        <trust:Lifetime>
+          <wsu:Created xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>2014-11-18T19:46:16.542Z</wsu:Created>
+          <wsu:Expires xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>2014-11-25T19:46:16.542Z</wsu:Expires>
+        </trust:Lifetime>
+        <wsp:AppliesTo xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
+          <wsa:EndpointReference xmlns:wsa='http://www.w3.org/2005/08/addressing'>
+            <wsa:Address>https://psavtest.crm.powerobjects.net/</wsa:Address>
+          </wsa:EndpointReference>
+        </wsp:AppliesTo>
+        <trust:RequestedSecurityToken>
+          <xenc:EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>
+            <xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc'/>
+            <KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
+              <e:EncryptedKey xmlns:e='http://www.w3.org/2001/04/xmlenc#'>
+                <e:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'>
+                  <DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>
+                </e:EncryptionMethod>
+                <KeyInfo>
+                  <o:SecurityTokenReference xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
+                    <X509Data>
+                      <X509IssuerSerial>
+                        <X509IssuerName>
+                          SERIALNUMBER=12369287, CN=Go Daddy Secure
+                          Certification Authority,
+                          OU=http://certificates.godaddy.com/repository,
+                          O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
+                        </X509IssuerName>
+                        <X509SerialNumber>112094107365XXXXX</X509SerialNumber>
+                      </X509IssuerSerial>
+                    </X509Data>
+                  </o:SecurityTokenReference>
+                </KeyInfo>
+                <e:CipherData>
+                  <e:CipherValue>ydfdQsDU9ow4XhoBi+0+n+/9Z7DvfivMKlKR8wpPnMeY5fgfmmHPAWfnGhYNYPAXCaGleY7mCqqzLe2BlDQjMKUJ5f4jI3zfoy/3vSZwoJLxIOkklFbtku1ammaKAp+Om6PTqOySbpVWcaI3herX56EzF
+                  </e:CipherValue>
+                </e:CipherData>
+              </e:EncryptedKey>
+            </KeyInfo>
+            <xenc:CipherData>
+              <xenc:CipherValue>GcCk8ivhLAAPEbQI8qScynWLReTWE0AC5NGXVGMdaoHTBSSyRUgSPpgZnCNWIqb+8rRI7l7aQNXn6L2ysxTZp+DvxontZc1uarKQWtKDskpfctdrRLfGhcfOb4NtyP9QbKQcdxYSCoQDVCQqrpYLIDHoV+0WLbI4hBQ1u+UzUxr99z+pNMKW6Z2uui+EY21dVX33HZpMWgB7bkzim8KjRulB7/WD1wBarVSIzYuxJdxXP1HcKiz7j/
+              </xenc:CipherValue>
+            </xenc:CipherData>
+          </xenc:EncryptedData>
+        </trust:RequestedSecurityToken>
+        <trust:RequestedProofToken>
+          <trust:BinarySecret>XZwQpJKfAy00NNWU1RwdtDpVyW/nfabuCq4H38GgKrM=</trust:BinarySecret>
+        </trust:RequestedProofToken>
+        <trust:RequestedAttachedReference>
+          <o:SecurityTokenReference k:TokenType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1' xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:k='http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd'>
+            <o:KeyIdentifier ValueType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID'>_ed121435-64ea-45b0-9b15-e5769afdb746</o:KeyIdentifier>
+          </o:SecurityTokenReference>
+        </trust:RequestedAttachedReference>
+        <trust:RequestedUnattachedReference>
+          <o:SecurityTokenReference k:TokenType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1' xmlns:o='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:k='http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd'>
+            <o:KeyIdentifier ValueType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID'>_ed121435-64ea-45b0-9b15-e5769afdb746</o:KeyIdentifier>
+          </o:SecurityTokenReference>
+        </trust:RequestedUnattachedReference>
+        <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
+        <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
+        <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
+      </trust:RequestSecurityTokenResponse>
+    </trust:RequestSecurityTokenResponseCollection>
+  </s:Body>
+</s:Envelope>

data/spec/lib/client_spec.rb

@@ -5,33 +5,55 @@ describe DynamicsCRM::Client do
   let(:subject) { DynamicsCRM::Client.new(organization_name: "tinderboxdev")}
 
   describe "#authenticate" do
-    it "authenticates with username and password" do
+    it "raises arugment error when no parameters are passed" do
+      expect { subject.authenticate() }.to raise_error(ArgumentError)
+    end
 
-      subject.stub(:post).and_return(fixture("request_security_token_response"))
+    context "Online" do
+      it "authenticates with username and password" do
 
-      subject.authenticate('testing', 'password')
+        subject.stub(:post).and_return(fixture("request_security_token_response"))
 
-      subject.instance_variable_get("@security_token0").should start_with("tMFpDJbJHcZnRVuby5cYmRbCJo2OgOFLEOrUHj+wz")
-      subject.instance_variable_get("@security_token1").should start_with("CX7BFgRnW75tE6GiuRICjeVDV+6q4KDMKLyKmKe9A8U")
-      subject.instance_variable_get("@key_identifier").should == "D3xjUG3HGaQuKyuGdTWuf6547Lo="
-    end
+        subject.authenticate('testing', 'password')
 
-    it "raises arugment error when no parameters are passed" do
-      expect { subject.authenticate() }.to raise_error(ArgumentError)
+        subject.instance_variable_get("@security_token0").should start_with("tMFpDJbJHcZnRVuby5cYmRbCJo2OgOFLEOrUHj+wz")
+        subject.instance_variable_get("@security_token1").should start_with("CX7BFgRnW75tE6GiuRICjeVDV+6q4KDMKLyKmKe9A8U")
+        subject.instance_variable_get("@key_identifier").should == "D3xjUG3HGaQuKyuGdTWuf6547Lo="
+      end
+
+      # This is only method in this suite that actually sends a POST message to Dynamics.
+      # This covers the post() and fault parsing logic.
+      it "fails to authenticate with invalid credentials" do
+        begin
+          subject.authenticate('testuser@orgnam.onmicrosoft.com', 'qwerty')
+          fail("Expected Fault to be raised")
+        rescue DynamicsCRM::XML::Fault => f
+          f.code.should == "S:Sender"
+          f.subcode.should == "wst:FailedAuthentication"
+          f.reason.should == "Authentication Failure"
+        end
+      end
     end
 
-    # This is only method in this suite that actually sends a POST message to Dynamics.
-    # This covers the post() and fault parsing logic.
-    it "fails to authenticate with invalid credentials" do
-      begin
-        subject.authenticate('testuser@orgnam.onmicrosoft.com', 'qwerty')
-        fail("Expected Fault to be raised")
-      rescue DynamicsCRM::XML::Fault => f
-        f.code.should == "S:Sender"
-        f.subcode.should == "wst:FailedAuthentication"
-        f.reason.should == "Authentication Failure"
+    context "On-Premise" do
+      let(:subject) { DynamicsCRM::Client.new(organization_name: "psavtest", hostname: "psavtest.crm.powerobjects.net")}
+
+      it "authenticates with username and password" do
+
+        subject.stub(:post).and_return(fixture("request_security_token_response_onpremise"))
+
+        subject.authenticate('testing', 'password')
+
+        subject.instance_variable_get("@security_token0").should start_with("ydfdQsDU9ow4XhoBi+0+n+/9Z7Dvfi")
+        subject.instance_variable_get("@security_token1").should start_with("GcCk8ivhLAAPEbQI8qScynWLReTWE0AC5")
+        subject.instance_variable_get("@key_identifier").should == "_ed121435-64ea-45b0-9b15-e5769afdb746"
+
+        subject.instance_variable_get("@cert_issuer_name").strip.should start_with("SERIALNUMBER=12369287, CN=Go Daddy Secure")
+        subject.instance_variable_get("@cert_serial_number").should == "112094107365XXXXX"
+        subject.instance_variable_get("@server_secret").should == "XZwQpJKfAy00NNWU1RwdtDpVyW/nfabuCq4H38GgKrM="
       end
     end
+
   end
 
   describe "#retrieve" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dynamics_crm
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Joe Heth
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-24 00:00:00.000000000 Z
+date: 2014-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: curb
@@ -182,6 +182,7 @@ files:
 - spec/fixtures/lose_opportunity_response.xml
 - spec/fixtures/receiver_fault.xml
 - spec/fixtures/request_security_token_response.xml
+- spec/fixtures/request_security_token_response_onpremise.xml
 - spec/fixtures/retrieve_account_all_columns.xml
 - spec/fixtures/retrieve_all_entities.xml
 - spec/fixtures/retrieve_attribute_identifier_response.xml
@@ -232,7 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.1
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Ruby gem for integrating with MS Dynamics 2011/2013 SOAP API
@@ -245,6 +246,7 @@ test_files:
 - spec/fixtures/lose_opportunity_response.xml
 - spec/fixtures/receiver_fault.xml
 - spec/fixtures/request_security_token_response.xml
+- spec/fixtures/request_security_token_response_onpremise.xml
 - spec/fixtures/retrieve_account_all_columns.xml
 - spec/fixtures/retrieve_all_entities.xml
 - spec/fixtures/retrieve_attribute_identifier_response.xml