kl-ruby-saml 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 256bec88d67fda23537316e9c0e742b0e16fbe6a
-  data.tar.gz: 55ee07285e9e8a9e8e5e2b63d1a18b3263cc5776
+  metadata.gz: 4884c1dba78f622165653342c8a88d480cdcaf31
+  data.tar.gz: 9d464006e257f4fc8d2a33b7cac07e07cef67782
 SHA512:
-  metadata.gz: 2aad3b58a12fba5f9f7d5fff6c50b5455afdbd45b6d9f76ddf40f72be25cabe6ea66214622ee3417e9350915d70af24c0a902f6c3d77d8534131d32904715e73
-  data.tar.gz: 0f986c00a48bbbf05b39817e867959e42299dfcde2ba986d0155dd2b25d8525f82c02f8769e05b11258ff6efa849dd853eebb595ce141a43bb9f8301bccfc8d3
+  metadata.gz: ac0bf85d00dcd02969bb8e1fe31a6888eb6c662b23999482bccb930f6323f1a7c21fa9243347cd71259bad702468e77359cd95cd1cdb27574baa677d20f5d4d8
+  data.tar.gz: 181f794dc678fad271057c6bc7738f7d58a747876a037b8548c1034d984080b33b02843c74004c8400bc5b1e0f4538953cf42cbbda13fc855285a42c5b3f089a

data/Gemfile

@@ -5,3 +5,6 @@ source 'https://rubygems.org'
 
 gemspec
 
+gem 'timecop'
+gem 'json'
+

data/README.md

@@ -16,7 +16,7 @@ Please note the `get_idp_metadata` method raises an exception when it is not abl
 Version `0.9` adds many new features and improvements.
 
 ## Updating from 0.7.x to 0.8.x
-Version `0.8.x` changes the namespace of the gem from `OneLogin::Saml` to `OneLogin::RubySaml`.  Please update your implementations of the gem accordingly.
+Version `0.8.x` changes the namespace of the gem from `OneLogin::Saml` to `OneLogin::KlRubySaml`.  Please update your implementations of the gem accordingly.
 
 ## Overview
 
@@ -96,7 +96,7 @@ To override the default behavior and control the destination of log messages, pr
 a ruby Logger object to the gem's logging singleton:
 
 ```ruby
-OneLogin::RubySaml::Logging.logger = Logger.new(File.open('/var/log/ruby-saml.log', 'w')
+OneLogin::KlRubySaml::Logging.logger = Logger.new(File.open('/var/log/ruby-saml.log', 'w')
 ```
 
 ## The Initialization Phase
@@ -105,7 +105,7 @@ This is the first request you will get from the identity provider. It will hit y
 
 ```ruby
 def init
-  request = OneLogin::RubySaml::Authrequest.new
+  request = OneLogin::KlRubySaml::Authrequest.new
   redirect_to(request.create(saml_settings))
 end
 ```
@@ -114,7 +114,7 @@ Once you've redirected back to the identity provider, it will ensure that the us
 
 ```ruby
 def consume
-  response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
+  response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
 
   # We validate the SAML Response and check if the user already exists in the system
   if response.is_valid?
@@ -132,7 +132,7 @@ In the above there are a few assumptions in place, one being that the response.n
 If the assertion of the SAMLResponse is not encrypted, you can initialize the Response without the :settings parameter and set it later,
 
 ```
-response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
+response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse])
 response.settings = saml_settings
 ```
 but if the SAMLResponse contains an encrypted assertion, you need to provide the settings in the
@@ -141,7 +141,7 @@ If you don't know what expect, use always the first proposed way (always set the
 
 ```ruby
 def saml_settings
-  settings = OneLogin::RubySaml::Settings.new
+  settings = OneLogin::KlRubySaml::Settings.new
 
   settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
   settings.issuer                         = "http://#{request.host}/saml/metadata"
@@ -170,12 +170,12 @@ What's left at this point, is to wrap it all up in a controller and point the in
 # This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application.
 class SamlController < ApplicationController
   def init
-    request = OneLogin::RubySaml::Authrequest.new
+    request = OneLogin::KlRubySaml::Authrequest.new
     redirect_to(request.create(saml_settings))
   end
 
   def consume
-    response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
+    response          = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse])
     response.settings = saml_settings
 
     # We validate the SAML Response and check if the user already exists in the system
@@ -191,7 +191,7 @@ class SamlController < ApplicationController
   private
 
   def saml_settings
-    settings = OneLogin::RubySaml::Settings.new
+    settings = OneLogin::KlRubySaml::Settings.new
 
     settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
     settings.issuer                         = "http://#{request.host}/saml/metadata"
@@ -225,8 +225,8 @@ Using ```idp_metadata_parser.parse_remote``` IdP metadata will be added to the s
 ```ruby
 def saml_settings
 
-  idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
-  # Returns OneLogin::RubySaml::Settings prepopulated with idp metadata
+  idp_metadata_parser = OneLogin::KlRubySaml::IdpMetadataParser.new
+  # Returns OneLogin::KlRubySaml::Settings prepopulated with idp metadata
   settings = idp_metadata_parser.parse_remote("https://example.com/auth/saml2/idp/metadata")
 
   settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
@@ -247,7 +247,7 @@ If you are using saml:AttributeStatement to transfer metadata, like the user nam
 `single_value_compatibility` (when activate, only one value returned, the first one)
 
 ```ruby
-response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
+response          = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse])
 response.settings = saml_settings
 
 response.attributes[:username]
@@ -284,7 +284,7 @@ Imagine this saml:AttributeStatement
 ```
 
 ```ruby
-pp(response.attributes)   # is an OneLogin::RubySaml::Attributes object
+pp(response.attributes)   # is an OneLogin::KlRubySaml::Attributes object
 # => @attributes=
   {"uid"=>["demo"],
    "another_value"=>["value1", "value2"],
@@ -293,7 +293,7 @@ pp(response.attributes)   # is an OneLogin::RubySaml::Attributes object
    "attribute_with_nils_and_empty_strings"=>["", "valuePresent", nil, nil]}>
 
 # Active single_value_compatibility
-OneLogin::RubySaml::Attributes.single_value_compatibility = true
+OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
 
 pp(response.attributes[:uid])
 # => "demo"
@@ -323,7 +323,7 @@ pp(response.attributes.multi(:not_exists))
 # => nil
 
 # Deactive single_value_compatibility
-OneLogin::RubySaml::Attributes.single_value_compatibility = false
+OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
 
 pp(response.attributes[:uid])
 # => ["demo"]
@@ -431,7 +431,7 @@ def sp_logout_request
 
     # Since we created a new SAML request, save the transaction_id
     # to compare it with the response we get back
-    logout_request = OneLogin::RubySaml::Logoutrequest.new()
+    logout_request = OneLogin::KlRubySaml::Logoutrequest.new()
     session[:transaction_id] = logout_request.uuid
     logger.info "New SP SLO for userid '#{session[:userid]}' transactionid '#{session[:transaction_id]}'"
 
@@ -454,9 +454,9 @@ def process_logout_response
   settings = Account.get_saml_settings
 
   if session.has_key? :transation_id
-    logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => session[:transation_id])
+    logout_response = OneLogin::KlRubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => session[:transation_id])
   else
-    logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings)
+    logout_response = OneLogin::KlRubySaml::Logoutresponse.new(params[:SAMLResponse], settings)
   end
 
   logger.info "LogoutResponse is: #{logout_response.to_s}"
@@ -486,7 +486,7 @@ Here is an example that we could add to our previous controller to process a SAM
 # Method to handle IdP initiated logouts
 def idp_logout_request
   settings = Account.get_saml_settings
-  logout_request = OneLogin::RubySaml::SloLogoutrequest.new(params[:SAMLRequest])
+  logout_request = OneLogin::KlRubySaml::SloLogoutrequest.new(params[:SAMLRequest])
   if !logout_request.is_valid?
     logger.error "IdP initiated LogoutRequest was not valid!"
     render :inline => logger.error
@@ -498,7 +498,7 @@ def idp_logout_request
 
   # Generate a response to the IdP.
   logout_request_id = logout_request.id
-  logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, :RelayState => params[:RelayState])
+  logout_response = OneLogin::KlRubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, :RelayState => params[:RelayState])
   redirect_to logout_response
 end
 ```
@@ -528,7 +528,7 @@ end
 To form a trusted pair relationship with the IdP, the SP (you) need to provide metadata XML
 to the IdP for various good reasons.  (Caching, certificate lookups, relaying party permissions, etc)
 
-The class `OneLogin::RubySaml::Metadata` takes care of this by reading the Settings and returning XML.  All you have to do is add a controller to return the data, then give this URL to the IdP administrator.
+The class `OneLogin::KlRubySaml::Metadata` takes care of this by reading the Settings and returning XML.  All you have to do is add a controller to return the data, then give this URL to the IdP administrator.
 
 The metdata will be polled by the IdP every few minutes, so updating your settings should propagate
 to the IdP settings.
@@ -538,7 +538,7 @@ class SamlController < ApplicationController
   # ... the rest of your controller definitions ...
   def metadata
     settings = Account.get_saml_settings
-    meta = OneLogin::RubySaml::Metadata.new
+    meta = OneLogin::KlRubySaml::Metadata.new
     render :xml => meta.generate(settings), :content_type => "application/samlmetadata+xml"
   end
 end
@@ -553,7 +553,7 @@ First, ensure that both systems synchronize their clocks, using for example the
 Even then you may experience intermittent issues though, because the clock of the Identity Provider may drift slightly ahead of your system clocks. To allow for a small amount of clock drift you can initialize the response passing in an option named `:allowed_clock_drift`. Its value must be given in a number (and/or fraction) of seconds. The value given is added to the current time at which the response is validated before it's tested against the `NotBefore` assertion. For example:
 
 ```ruby
-response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :allowed_clock_drift => 1.second)
+response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse], :allowed_clock_drift => 1.second)
 ```
 
 Make sure to keep the value as comfortably small as possible to keep security risks to a minimum.
@@ -563,7 +563,7 @@ Make sure to keep the value as comfortably small as possible to keep security ri
 To request attributes from the IdP the SP needs to provide an attribute service within it's metadata and reference the index in the assertion.
 
 ```ruby
-settings = OneLogin::RubySaml::Settings.new
+settings = OneLogin::KlRubySaml::Settings.new
 
 settings.attributes_index = 5
 settings.attribute_consuming_service.configure do

data/Rakefile

@@ -35,7 +35,7 @@ task :default => :test
 #   end
 
 #   rdoc.rdoc_dir = 'rdoc'
-#   rdoc.title = "ruby-saml #{version}"
+#   rdoc.title = "kl-ruby-saml #{version}"
 #   rdoc.rdoc_files.include('README*')
 #   rdoc.rdoc_files.include('lib/**/*.rb')
 #end

data/changelog.md

@@ -1,4 +1,4 @@
-# RubySaml Changelog
+# KlRubySaml Changelog
 
 ### 1.0.0 (June 30, 2015)
 * [#247](https://github.com/onelogin/ruby-saml/pull/247) Avoid entity expansion (XEE attacks)
@@ -14,7 +14,7 @@
 * [#226](https://github.com/onelogin/ruby-saml/pull/226) Ensure IdP certificate is formatted properly
 * [#225](https://github.com/onelogin/ruby-saml/pull/225) Add documentation to several methods. Fix xpath injection on xml_security.rb
 * [#223](https://github.com/onelogin/ruby-saml/pull/223) Allow logging to be delegated to an arbitrary Logger
-* [#222](https://github.com/onelogin/ruby-saml/pull/222) No more silent failure fetching idp metadata (OneLogin::RubySaml::HttpError raised).
+* [#222](https://github.com/onelogin/ruby-saml/pull/222) No more silent failure fetching idp metadata (OneLogin::KlRubySaml::HttpError raised).
 
 ### 0.9.2 (Apr 28, 2015)
 * [#216](https://github.com/onelogin/ruby-saml/pull/216) Add fingerprint algorithm support
@@ -62,7 +62,7 @@
 * [#183](https://github.com/onelogin/ruby-saml/pull/183) Resolved a security vulnerability where string interpolation in a `REXML::XPath.first()` method call allowed for arbitrary code execution.
 
 ### 0.8.0 (Feb 21, 2014)
-**IMPORTANT**: This release changed namespace of the gem from `OneLogin::Saml` to `OneLogin::RubySaml`.  Please update your implementations of the gem accordingly.
+**IMPORTANT**: This release changed namespace of the gem from `OneLogin::Saml` to `OneLogin::KlRubySaml`.  Please update your implementations of the gem accordingly.
 
 * [#111](https://github.com/onelogin/ruby-saml/pull/111) `Onelogin::` is `OneLogin::`
 * [#108](https://github.com/onelogin/ruby-saml/pull/108) Change namespacing from `Onelogin::Saml` to `Onelogin::Rubysaml`

data/kl-ruby-saml.gemspec

@@ -1,12 +1,12 @@
 $LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'onelogin/ruby-saml/version'
+require 'onelogin/kl-ruby-saml/version'
 
 Gem::Specification.new do |s|
   s.name = 'kl-ruby-saml'
-  s.version = OneLogin::RubySaml::VERSION
+  s.version = OneLogin::KlRubySaml::VERSION
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["OneLogin LLC", "Knightlabs, LLC"]
+  s.authors = ["OneLogin LLC", "Knightlabs LLC"]
   s.date = Time.now.strftime("%Y-%m-%d")
   s.description = %q{SAML toolkit for Ruby on Rails}
   s.email = %q{support@onelogin.com}
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.3.7}
   s.required_ruby_version = '>= 1.8.7'
-  s.summary = %q{KL SAML Ruby Tookit}
+  s.summary = %q{SAML Ruby Tookit}
   s.test_files = `git ls-files test/*`.split("\n")
 
   s.add_runtime_dependency('uuid', '~> 2.3')

data/lib/kl-ruby-saml.rb

@@ -0,0 +1 @@
+require 'onelogin/kl-ruby-saml'

data/lib/onelogin/kl-ruby-saml.rb

@@ -0,0 +1,17 @@
+require 'onelogin/kl-ruby-saml/logging'
+require 'onelogin/kl-ruby-saml/saml_message'
+require 'onelogin/kl-ruby-saml/authrequest'
+require 'onelogin/kl-ruby-saml/logoutrequest'
+require 'onelogin/kl-ruby-saml/logoutresponse'
+require 'onelogin/kl-ruby-saml/attributes'
+require 'onelogin/kl-ruby-saml/slo_logoutrequest'
+require 'onelogin/kl-ruby-saml/slo_logoutresponse'
+require 'onelogin/kl-ruby-saml/response'
+require 'onelogin/kl-ruby-saml/settings'
+require 'onelogin/kl-ruby-saml/attribute_service'
+require 'onelogin/kl-ruby-saml/http_error'
+require 'onelogin/kl-ruby-saml/validation_error'
+require 'onelogin/kl-ruby-saml/metadata'
+require 'onelogin/kl-ruby-saml/idp_metadata_parser'
+require 'onelogin/kl-ruby-saml/utils'
+require 'onelogin/kl-ruby-saml/version'

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/attribute_service.rb

@@ -1,5 +1,5 @@
 module OneLogin
-  module RubySaml
+  module KlRubySaml
 
     # SAML2 AttributeService. Auxiliary class to build the AttributeService of the SP Metadata
     #

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/attributes.rb

@@ -1,5 +1,5 @@
 module OneLogin
-  module RubySaml
+  module KlRubySaml
 
     # SAML2 Attributes. Parse the Attributes from the AttributeStatement of the SAML Response. 
     #

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/authrequest.rb

@@ -1,12 +1,12 @@
 require "uuid"
 require "rexml/document"
 
-require "onelogin/ruby-saml/logging"
-require "onelogin/ruby-saml/saml_message"
+require "onelogin/kl-ruby-saml/logging"
+require "onelogin/kl-ruby-saml/saml_message"
 
 # Only supports SAML 2.0
 module OneLogin
-  module RubySaml
+  module KlRubySaml
   include REXML
 
     # SAML2 Authentication. AuthNRequest (SSO SP initiated, Builder)
@@ -24,7 +24,7 @@ module OneLogin
       end
 
       # Creates the AuthNRequest string.
-      # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
+      # @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
       # @return [String] AuthNRequest string that includes the SAMLRequest
       #
@@ -40,7 +40,7 @@ module OneLogin
       end
 
       # Creates the Get parameters for the request.
-      # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
+      # @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
       # @return [Hash] Parameters
       #
@@ -64,7 +64,7 @@ module OneLogin
 
         if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
           params['SigAlg']    = settings.security[:signature_method]
-          url_string = OneLogin::RubySaml::Utils.build_query(
+          url_string = OneLogin::KlRubySaml::Utils.build_query(
             :type => 'SAMLRequest',
             :data => base64_request,
             :relay_state => relay_state,
@@ -83,7 +83,7 @@ module OneLogin
       end
 
       # Creates the SAMLRequest String.
-      # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
+      # @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
       # @return [String] The SAMLRequest String.
       #
       def create_authentication_xml_doc(settings)

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/http_error.rb

@@ -1,5 +1,5 @@
 module OneLogin
-  module RubySaml
+  module KlRubySaml
     class HttpError < StandardError
     end
   end

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/idp_metadata_parser.rb

@@ -9,7 +9,7 @@ require "rexml/xpath"
 
 # Only supports SAML 2.0
 module OneLogin
-  module RubySaml
+  module KlRubySaml
     include REXML
 
     # Auxiliary class to retrieve and parse the Identity Provider Metadata
@@ -39,7 +39,7 @@ module OneLogin
       def parse(idp_metadata)
         @document = REXML::Document.new(idp_metadata)
 
-        OneLogin::RubySaml::Settings.new.tap do |settings|
+        OneLogin::KlRubySaml::Settings.new.tap do |settings|
           settings.idp_entity_id = idp_entity_id
           settings.name_identifier_format = idp_name_id_format
           settings.idp_sso_target_url = single_signon_service_url
@@ -83,7 +83,7 @@ module OneLogin
         end
 
         unless response.is_a? Net::HTTPSuccess
-          raise OneLogin::RubySaml::HttpError.new("Failed to fetch idp metadata")
+          raise OneLogin::KlRubySaml::HttpError.new("Failed to fetch idp metadata")
         end
 
         meta_text

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logging.rb

@@ -2,7 +2,7 @@ require 'logger'
 
 # Simplistic log class when we're running in Rails
 module OneLogin
-  module RubySaml
+  module KlRubySaml
     class Logging
       DEFAULT_LOGGER = ::Logger.new(STDOUT)
 
@@ -15,13 +15,13 @@ module OneLogin
       end
 
       def self.debug(message)
-        return if !!ENV["ruby-saml/testing"]
+        return if !!ENV["kl-ruby-saml/testing"]
 
         logger.debug message
       end
 
       def self.info(message)
-        return if !!ENV["ruby-saml/testing"]
+        return if !!ENV["kl-ruby-saml/testing"]
 
         logger.info message
       end

data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logoutrequest.rb

@@ -1,11 +1,11 @@
 require "uuid"
 
-require "onelogin/ruby-saml/logging"
-require "onelogin/ruby-saml/saml_message"
+require "onelogin/kl-ruby-saml/logging"
+require "onelogin/kl-ruby-saml/saml_message"
 
 # Only supports SAML 2.0
 module OneLogin
-  module RubySaml
+  module KlRubySaml
 
     # SAML2 Logout Request (SLO SP initiated, Builder)
     #
@@ -22,7 +22,7 @@ module OneLogin
       end
 
       # Creates the Logout Request string.
-      # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
+      # @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
       # @return [String] Logout Request string that includes the SAMLRequest
       #
@@ -38,7 +38,7 @@ module OneLogin
       end
 
       # Creates the Get parameters for the logout request.
-      # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
+      # @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
       # @return [Hash] Parameters
       #
@@ -62,7 +62,7 @@ module OneLogin
 
         if settings.security[:logout_requests_signed] && !settings.security[:embed_sign] && settings.private_key
           params['SigAlg']    = settings.security[:signature_method]
-          url_string = OneLogin::RubySaml::Utils.build_query(
+          url_string = OneLogin::KlRubySaml::Utils.build_query(
             :type => 'SAMLRequest',
             :data => base64_request,
             :relay_state => relay_state,
@@ -81,7 +81,7 @@ module OneLogin
       end
 
       # Creates the SAMLRequest String.
-      # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
+      # @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
       # @return [String] The SAMLRequest String.
       #
       def create_logout_request_xml_doc(settings)