kl-ruby-saml 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +3 -0
- data/README.md +24 -24
- data/Rakefile +1 -1
- data/changelog.md +3 -3
- data/kl-ruby-saml.gemspec +4 -4
- data/lib/kl-ruby-saml.rb +1 -0
- data/lib/onelogin/kl-ruby-saml.rb +17 -0
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/attribute_service.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/attributes.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/authrequest.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/http_error.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/idp_metadata_parser.rb +3 -3
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logging.rb +3 -3
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logoutrequest.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logoutresponse.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/metadata.rb +3 -3
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/response.rb +9 -9
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/saml_message.rb +2 -2
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/settings.rb +6 -6
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/slo_logoutrequest.rb +6 -6
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/slo_logoutresponse.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/utils.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/validation_error.rb +1 -1
- data/lib/onelogin/kl-ruby-saml/version.rb +5 -0
- data/lib/xml_security.rb +5 -5
- data/test/idp_metadata_parser_test.rb +7 -7
- data/test/logging_test.rb +11 -11
- data/test/logout_responses/logoutresponse_fixtures.rb +1 -1
- data/test/logoutrequest_test.rb +17 -17
- data/test/logoutresponse_test.rb +39 -39
- data/test/metadata_test.rb +5 -5
- data/test/request_test.rb +26 -26
- data/test/response_test.rb +116 -116
- data/test/saml_message_test.rb +4 -4
- data/test/settings_test.rb +19 -19
- data/test/slo_logoutrequest_test.rb +26 -26
- data/test/slo_logoutresponse_test.rb +16 -16
- data/test/test_helper.rb +3 -3
- data/test/utils_test.rb +23 -23
- data/test/xml_security_test.rb +17 -17
- metadata +23 -23
- data/lib/onelogin/ruby-saml.rb +0 -17
- data/lib/onelogin/ruby-saml/version.rb +0 -5
- data/lib/ruby-saml.rb +0 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4884c1dba78f622165653342c8a88d480cdcaf31
|
4
|
+
data.tar.gz: 9d464006e257f4fc8d2a33b7cac07e07cef67782
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac0bf85d00dcd02969bb8e1fe31a6888eb6c662b23999482bccb930f6323f1a7c21fa9243347cd71259bad702468e77359cd95cd1cdb27574baa677d20f5d4d8
|
7
|
+
data.tar.gz: 181f794dc678fad271057c6bc7738f7d58a747876a037b8548c1034d984080b33b02843c74004c8400bc5b1e0f4538953cf42cbbda13fc855285a42c5b3f089a
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -16,7 +16,7 @@ Please note the `get_idp_metadata` method raises an exception when it is not abl
|
|
16
16
|
Version `0.9` adds many new features and improvements.
|
17
17
|
|
18
18
|
## Updating from 0.7.x to 0.8.x
|
19
|
-
Version `0.8.x` changes the namespace of the gem from `OneLogin::Saml` to `OneLogin::
|
19
|
+
Version `0.8.x` changes the namespace of the gem from `OneLogin::Saml` to `OneLogin::KlRubySaml`. Please update your implementations of the gem accordingly.
|
20
20
|
|
21
21
|
## Overview
|
22
22
|
|
@@ -96,7 +96,7 @@ To override the default behavior and control the destination of log messages, pr
|
|
96
96
|
a ruby Logger object to the gem's logging singleton:
|
97
97
|
|
98
98
|
```ruby
|
99
|
-
OneLogin::
|
99
|
+
OneLogin::KlRubySaml::Logging.logger = Logger.new(File.open('/var/log/ruby-saml.log', 'w')
|
100
100
|
```
|
101
101
|
|
102
102
|
## The Initialization Phase
|
@@ -105,7 +105,7 @@ This is the first request you will get from the identity provider. It will hit y
|
|
105
105
|
|
106
106
|
```ruby
|
107
107
|
def init
|
108
|
-
request = OneLogin::
|
108
|
+
request = OneLogin::KlRubySaml::Authrequest.new
|
109
109
|
redirect_to(request.create(saml_settings))
|
110
110
|
end
|
111
111
|
```
|
@@ -114,7 +114,7 @@ Once you've redirected back to the identity provider, it will ensure that the us
|
|
114
114
|
|
115
115
|
```ruby
|
116
116
|
def consume
|
117
|
-
response = OneLogin::
|
117
|
+
response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
|
118
118
|
|
119
119
|
# We validate the SAML Response and check if the user already exists in the system
|
120
120
|
if response.is_valid?
|
@@ -132,7 +132,7 @@ In the above there are a few assumptions in place, one being that the response.n
|
|
132
132
|
If the assertion of the SAMLResponse is not encrypted, you can initialize the Response without the :settings parameter and set it later,
|
133
133
|
|
134
134
|
```
|
135
|
-
response = OneLogin::
|
135
|
+
response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse])
|
136
136
|
response.settings = saml_settings
|
137
137
|
```
|
138
138
|
but if the SAMLResponse contains an encrypted assertion, you need to provide the settings in the
|
@@ -141,7 +141,7 @@ If you don't know what expect, use always the first proposed way (always set the
|
|
141
141
|
|
142
142
|
```ruby
|
143
143
|
def saml_settings
|
144
|
-
settings = OneLogin::
|
144
|
+
settings = OneLogin::KlRubySaml::Settings.new
|
145
145
|
|
146
146
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
147
147
|
settings.issuer = "http://#{request.host}/saml/metadata"
|
@@ -170,12 +170,12 @@ What's left at this point, is to wrap it all up in a controller and point the in
|
|
170
170
|
# This controller expects you to use the URLs /saml/init and /saml/consume in your OneLogin application.
|
171
171
|
class SamlController < ApplicationController
|
172
172
|
def init
|
173
|
-
request = OneLogin::
|
173
|
+
request = OneLogin::KlRubySaml::Authrequest.new
|
174
174
|
redirect_to(request.create(saml_settings))
|
175
175
|
end
|
176
176
|
|
177
177
|
def consume
|
178
|
-
response = OneLogin::
|
178
|
+
response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse])
|
179
179
|
response.settings = saml_settings
|
180
180
|
|
181
181
|
# We validate the SAML Response and check if the user already exists in the system
|
@@ -191,7 +191,7 @@ class SamlController < ApplicationController
|
|
191
191
|
private
|
192
192
|
|
193
193
|
def saml_settings
|
194
|
-
settings = OneLogin::
|
194
|
+
settings = OneLogin::KlRubySaml::Settings.new
|
195
195
|
|
196
196
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
197
197
|
settings.issuer = "http://#{request.host}/saml/metadata"
|
@@ -225,8 +225,8 @@ Using ```idp_metadata_parser.parse_remote``` IdP metadata will be added to the s
|
|
225
225
|
```ruby
|
226
226
|
def saml_settings
|
227
227
|
|
228
|
-
idp_metadata_parser = OneLogin::
|
229
|
-
# Returns OneLogin::
|
228
|
+
idp_metadata_parser = OneLogin::KlRubySaml::IdpMetadataParser.new
|
229
|
+
# Returns OneLogin::KlRubySaml::Settings prepopulated with idp metadata
|
230
230
|
settings = idp_metadata_parser.parse_remote("https://example.com/auth/saml2/idp/metadata")
|
231
231
|
|
232
232
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
@@ -247,7 +247,7 @@ If you are using saml:AttributeStatement to transfer metadata, like the user nam
|
|
247
247
|
`single_value_compatibility` (when activate, only one value returned, the first one)
|
248
248
|
|
249
249
|
```ruby
|
250
|
-
response = OneLogin::
|
250
|
+
response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse])
|
251
251
|
response.settings = saml_settings
|
252
252
|
|
253
253
|
response.attributes[:username]
|
@@ -284,7 +284,7 @@ Imagine this saml:AttributeStatement
|
|
284
284
|
```
|
285
285
|
|
286
286
|
```ruby
|
287
|
-
pp(response.attributes) # is an OneLogin::
|
287
|
+
pp(response.attributes) # is an OneLogin::KlRubySaml::Attributes object
|
288
288
|
# => @attributes=
|
289
289
|
{"uid"=>["demo"],
|
290
290
|
"another_value"=>["value1", "value2"],
|
@@ -293,7 +293,7 @@ pp(response.attributes) # is an OneLogin::RubySaml::Attributes object
|
|
293
293
|
"attribute_with_nils_and_empty_strings"=>["", "valuePresent", nil, nil]}>
|
294
294
|
|
295
295
|
# Active single_value_compatibility
|
296
|
-
OneLogin::
|
296
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
297
297
|
|
298
298
|
pp(response.attributes[:uid])
|
299
299
|
# => "demo"
|
@@ -323,7 +323,7 @@ pp(response.attributes.multi(:not_exists))
|
|
323
323
|
# => nil
|
324
324
|
|
325
325
|
# Deactive single_value_compatibility
|
326
|
-
OneLogin::
|
326
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
327
327
|
|
328
328
|
pp(response.attributes[:uid])
|
329
329
|
# => ["demo"]
|
@@ -431,7 +431,7 @@ def sp_logout_request
|
|
431
431
|
|
432
432
|
# Since we created a new SAML request, save the transaction_id
|
433
433
|
# to compare it with the response we get back
|
434
|
-
logout_request = OneLogin::
|
434
|
+
logout_request = OneLogin::KlRubySaml::Logoutrequest.new()
|
435
435
|
session[:transaction_id] = logout_request.uuid
|
436
436
|
logger.info "New SP SLO for userid '#{session[:userid]}' transactionid '#{session[:transaction_id]}'"
|
437
437
|
|
@@ -454,9 +454,9 @@ def process_logout_response
|
|
454
454
|
settings = Account.get_saml_settings
|
455
455
|
|
456
456
|
if session.has_key? :transation_id
|
457
|
-
logout_response = OneLogin::
|
457
|
+
logout_response = OneLogin::KlRubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => session[:transation_id])
|
458
458
|
else
|
459
|
-
logout_response = OneLogin::
|
459
|
+
logout_response = OneLogin::KlRubySaml::Logoutresponse.new(params[:SAMLResponse], settings)
|
460
460
|
end
|
461
461
|
|
462
462
|
logger.info "LogoutResponse is: #{logout_response.to_s}"
|
@@ -486,7 +486,7 @@ Here is an example that we could add to our previous controller to process a SAM
|
|
486
486
|
# Method to handle IdP initiated logouts
|
487
487
|
def idp_logout_request
|
488
488
|
settings = Account.get_saml_settings
|
489
|
-
logout_request = OneLogin::
|
489
|
+
logout_request = OneLogin::KlRubySaml::SloLogoutrequest.new(params[:SAMLRequest])
|
490
490
|
if !logout_request.is_valid?
|
491
491
|
logger.error "IdP initiated LogoutRequest was not valid!"
|
492
492
|
render :inline => logger.error
|
@@ -498,7 +498,7 @@ def idp_logout_request
|
|
498
498
|
|
499
499
|
# Generate a response to the IdP.
|
500
500
|
logout_request_id = logout_request.id
|
501
|
-
logout_response = OneLogin::
|
501
|
+
logout_response = OneLogin::KlRubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, :RelayState => params[:RelayState])
|
502
502
|
redirect_to logout_response
|
503
503
|
end
|
504
504
|
```
|
@@ -528,7 +528,7 @@ end
|
|
528
528
|
To form a trusted pair relationship with the IdP, the SP (you) need to provide metadata XML
|
529
529
|
to the IdP for various good reasons. (Caching, certificate lookups, relaying party permissions, etc)
|
530
530
|
|
531
|
-
The class `OneLogin::
|
531
|
+
The class `OneLogin::KlRubySaml::Metadata` takes care of this by reading the Settings and returning XML. All you have to do is add a controller to return the data, then give this URL to the IdP administrator.
|
532
532
|
|
533
533
|
The metdata will be polled by the IdP every few minutes, so updating your settings should propagate
|
534
534
|
to the IdP settings.
|
@@ -538,7 +538,7 @@ class SamlController < ApplicationController
|
|
538
538
|
# ... the rest of your controller definitions ...
|
539
539
|
def metadata
|
540
540
|
settings = Account.get_saml_settings
|
541
|
-
meta = OneLogin::
|
541
|
+
meta = OneLogin::KlRubySaml::Metadata.new
|
542
542
|
render :xml => meta.generate(settings), :content_type => "application/samlmetadata+xml"
|
543
543
|
end
|
544
544
|
end
|
@@ -553,7 +553,7 @@ First, ensure that both systems synchronize their clocks, using for example the
|
|
553
553
|
Even then you may experience intermittent issues though, because the clock of the Identity Provider may drift slightly ahead of your system clocks. To allow for a small amount of clock drift you can initialize the response passing in an option named `:allowed_clock_drift`. Its value must be given in a number (and/or fraction) of seconds. The value given is added to the current time at which the response is validated before it's tested against the `NotBefore` assertion. For example:
|
554
554
|
|
555
555
|
```ruby
|
556
|
-
response = OneLogin::
|
556
|
+
response = OneLogin::KlRubySaml::Response.new(params[:SAMLResponse], :allowed_clock_drift => 1.second)
|
557
557
|
```
|
558
558
|
|
559
559
|
Make sure to keep the value as comfortably small as possible to keep security risks to a minimum.
|
@@ -563,7 +563,7 @@ Make sure to keep the value as comfortably small as possible to keep security ri
|
|
563
563
|
To request attributes from the IdP the SP needs to provide an attribute service within it's metadata and reference the index in the assertion.
|
564
564
|
|
565
565
|
```ruby
|
566
|
-
settings = OneLogin::
|
566
|
+
settings = OneLogin::KlRubySaml::Settings.new
|
567
567
|
|
568
568
|
settings.attributes_index = 5
|
569
569
|
settings.attribute_consuming_service.configure do
|
data/Rakefile
CHANGED
data/changelog.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
#
|
1
|
+
# KlRubySaml Changelog
|
2
2
|
|
3
3
|
### 1.0.0 (June 30, 2015)
|
4
4
|
* [#247](https://github.com/onelogin/ruby-saml/pull/247) Avoid entity expansion (XEE attacks)
|
@@ -14,7 +14,7 @@
|
|
14
14
|
* [#226](https://github.com/onelogin/ruby-saml/pull/226) Ensure IdP certificate is formatted properly
|
15
15
|
* [#225](https://github.com/onelogin/ruby-saml/pull/225) Add documentation to several methods. Fix xpath injection on xml_security.rb
|
16
16
|
* [#223](https://github.com/onelogin/ruby-saml/pull/223) Allow logging to be delegated to an arbitrary Logger
|
17
|
-
* [#222](https://github.com/onelogin/ruby-saml/pull/222) No more silent failure fetching idp metadata (OneLogin::
|
17
|
+
* [#222](https://github.com/onelogin/ruby-saml/pull/222) No more silent failure fetching idp metadata (OneLogin::KlRubySaml::HttpError raised).
|
18
18
|
|
19
19
|
### 0.9.2 (Apr 28, 2015)
|
20
20
|
* [#216](https://github.com/onelogin/ruby-saml/pull/216) Add fingerprint algorithm support
|
@@ -62,7 +62,7 @@
|
|
62
62
|
* [#183](https://github.com/onelogin/ruby-saml/pull/183) Resolved a security vulnerability where string interpolation in a `REXML::XPath.first()` method call allowed for arbitrary code execution.
|
63
63
|
|
64
64
|
### 0.8.0 (Feb 21, 2014)
|
65
|
-
**IMPORTANT**: This release changed namespace of the gem from `OneLogin::Saml` to `OneLogin::
|
65
|
+
**IMPORTANT**: This release changed namespace of the gem from `OneLogin::Saml` to `OneLogin::KlRubySaml`. Please update your implementations of the gem accordingly.
|
66
66
|
|
67
67
|
* [#111](https://github.com/onelogin/ruby-saml/pull/111) `Onelogin::` is `OneLogin::`
|
68
68
|
* [#108](https://github.com/onelogin/ruby-saml/pull/108) Change namespacing from `Onelogin::Saml` to `Onelogin::Rubysaml`
|
data/kl-ruby-saml.gemspec
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
$LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
2
|
-
require 'onelogin/ruby-saml/version'
|
2
|
+
require 'onelogin/kl-ruby-saml/version'
|
3
3
|
|
4
4
|
Gem::Specification.new do |s|
|
5
5
|
s.name = 'kl-ruby-saml'
|
6
|
-
s.version = OneLogin::
|
6
|
+
s.version = OneLogin::KlRubySaml::VERSION
|
7
7
|
|
8
8
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
9
|
-
s.authors = ["OneLogin LLC", "Knightlabs
|
9
|
+
s.authors = ["OneLogin LLC", "Knightlabs LLC"]
|
10
10
|
s.date = Time.now.strftime("%Y-%m-%d")
|
11
11
|
s.description = %q{SAML toolkit for Ruby on Rails}
|
12
12
|
s.email = %q{support@onelogin.com}
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
|
|
22
22
|
s.require_paths = ["lib"]
|
23
23
|
s.rubygems_version = %q{1.3.7}
|
24
24
|
s.required_ruby_version = '>= 1.8.7'
|
25
|
-
s.summary = %q{
|
25
|
+
s.summary = %q{SAML Ruby Tookit}
|
26
26
|
s.test_files = `git ls-files test/*`.split("\n")
|
27
27
|
|
28
28
|
s.add_runtime_dependency('uuid', '~> 2.3')
|
data/lib/kl-ruby-saml.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'onelogin/kl-ruby-saml'
|
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'onelogin/kl-ruby-saml/logging'
|
2
|
+
require 'onelogin/kl-ruby-saml/saml_message'
|
3
|
+
require 'onelogin/kl-ruby-saml/authrequest'
|
4
|
+
require 'onelogin/kl-ruby-saml/logoutrequest'
|
5
|
+
require 'onelogin/kl-ruby-saml/logoutresponse'
|
6
|
+
require 'onelogin/kl-ruby-saml/attributes'
|
7
|
+
require 'onelogin/kl-ruby-saml/slo_logoutrequest'
|
8
|
+
require 'onelogin/kl-ruby-saml/slo_logoutresponse'
|
9
|
+
require 'onelogin/kl-ruby-saml/response'
|
10
|
+
require 'onelogin/kl-ruby-saml/settings'
|
11
|
+
require 'onelogin/kl-ruby-saml/attribute_service'
|
12
|
+
require 'onelogin/kl-ruby-saml/http_error'
|
13
|
+
require 'onelogin/kl-ruby-saml/validation_error'
|
14
|
+
require 'onelogin/kl-ruby-saml/metadata'
|
15
|
+
require 'onelogin/kl-ruby-saml/idp_metadata_parser'
|
16
|
+
require 'onelogin/kl-ruby-saml/utils'
|
17
|
+
require 'onelogin/kl-ruby-saml/version'
|
@@ -1,12 +1,12 @@
|
|
1
1
|
require "uuid"
|
2
2
|
require "rexml/document"
|
3
3
|
|
4
|
-
require "onelogin/ruby-saml/logging"
|
5
|
-
require "onelogin/ruby-saml/saml_message"
|
4
|
+
require "onelogin/kl-ruby-saml/logging"
|
5
|
+
require "onelogin/kl-ruby-saml/saml_message"
|
6
6
|
|
7
7
|
# Only supports SAML 2.0
|
8
8
|
module OneLogin
|
9
|
-
module
|
9
|
+
module KlRubySaml
|
10
10
|
include REXML
|
11
11
|
|
12
12
|
# SAML2 Authentication. AuthNRequest (SSO SP initiated, Builder)
|
@@ -24,7 +24,7 @@ module OneLogin
|
|
24
24
|
end
|
25
25
|
|
26
26
|
# Creates the AuthNRequest string.
|
27
|
-
# @param settings [OneLogin::
|
27
|
+
# @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
|
28
28
|
# @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
|
29
29
|
# @return [String] AuthNRequest string that includes the SAMLRequest
|
30
30
|
#
|
@@ -40,7 +40,7 @@ module OneLogin
|
|
40
40
|
end
|
41
41
|
|
42
42
|
# Creates the Get parameters for the request.
|
43
|
-
# @param settings [OneLogin::
|
43
|
+
# @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
|
44
44
|
# @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
|
45
45
|
# @return [Hash] Parameters
|
46
46
|
#
|
@@ -64,7 +64,7 @@ module OneLogin
|
|
64
64
|
|
65
65
|
if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
|
66
66
|
params['SigAlg'] = settings.security[:signature_method]
|
67
|
-
url_string = OneLogin::
|
67
|
+
url_string = OneLogin::KlRubySaml::Utils.build_query(
|
68
68
|
:type => 'SAMLRequest',
|
69
69
|
:data => base64_request,
|
70
70
|
:relay_state => relay_state,
|
@@ -83,7 +83,7 @@ module OneLogin
|
|
83
83
|
end
|
84
84
|
|
85
85
|
# Creates the SAMLRequest String.
|
86
|
-
# @param settings [OneLogin::
|
86
|
+
# @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
|
87
87
|
# @return [String] The SAMLRequest String.
|
88
88
|
#
|
89
89
|
def create_authentication_xml_doc(settings)
|
@@ -9,7 +9,7 @@ require "rexml/xpath"
|
|
9
9
|
|
10
10
|
# Only supports SAML 2.0
|
11
11
|
module OneLogin
|
12
|
-
module
|
12
|
+
module KlRubySaml
|
13
13
|
include REXML
|
14
14
|
|
15
15
|
# Auxiliary class to retrieve and parse the Identity Provider Metadata
|
@@ -39,7 +39,7 @@ module OneLogin
|
|
39
39
|
def parse(idp_metadata)
|
40
40
|
@document = REXML::Document.new(idp_metadata)
|
41
41
|
|
42
|
-
OneLogin::
|
42
|
+
OneLogin::KlRubySaml::Settings.new.tap do |settings|
|
43
43
|
settings.idp_entity_id = idp_entity_id
|
44
44
|
settings.name_identifier_format = idp_name_id_format
|
45
45
|
settings.idp_sso_target_url = single_signon_service_url
|
@@ -83,7 +83,7 @@ module OneLogin
|
|
83
83
|
end
|
84
84
|
|
85
85
|
unless response.is_a? Net::HTTPSuccess
|
86
|
-
raise OneLogin::
|
86
|
+
raise OneLogin::KlRubySaml::HttpError.new("Failed to fetch idp metadata")
|
87
87
|
end
|
88
88
|
|
89
89
|
meta_text
|
@@ -2,7 +2,7 @@ require 'logger'
|
|
2
2
|
|
3
3
|
# Simplistic log class when we're running in Rails
|
4
4
|
module OneLogin
|
5
|
-
module
|
5
|
+
module KlRubySaml
|
6
6
|
class Logging
|
7
7
|
DEFAULT_LOGGER = ::Logger.new(STDOUT)
|
8
8
|
|
@@ -15,13 +15,13 @@ module OneLogin
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def self.debug(message)
|
18
|
-
return if !!ENV["ruby-saml/testing"]
|
18
|
+
return if !!ENV["kl-ruby-saml/testing"]
|
19
19
|
|
20
20
|
logger.debug message
|
21
21
|
end
|
22
22
|
|
23
23
|
def self.info(message)
|
24
|
-
return if !!ENV["ruby-saml/testing"]
|
24
|
+
return if !!ENV["kl-ruby-saml/testing"]
|
25
25
|
|
26
26
|
logger.info message
|
27
27
|
end
|
@@ -1,11 +1,11 @@
|
|
1
1
|
require "uuid"
|
2
2
|
|
3
|
-
require "onelogin/ruby-saml/logging"
|
4
|
-
require "onelogin/ruby-saml/saml_message"
|
3
|
+
require "onelogin/kl-ruby-saml/logging"
|
4
|
+
require "onelogin/kl-ruby-saml/saml_message"
|
5
5
|
|
6
6
|
# Only supports SAML 2.0
|
7
7
|
module OneLogin
|
8
|
-
module
|
8
|
+
module KlRubySaml
|
9
9
|
|
10
10
|
# SAML2 Logout Request (SLO SP initiated, Builder)
|
11
11
|
#
|
@@ -22,7 +22,7 @@ module OneLogin
|
|
22
22
|
end
|
23
23
|
|
24
24
|
# Creates the Logout Request string.
|
25
|
-
# @param settings [OneLogin::
|
25
|
+
# @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
|
26
26
|
# @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
|
27
27
|
# @return [String] Logout Request string that includes the SAMLRequest
|
28
28
|
#
|
@@ -38,7 +38,7 @@ module OneLogin
|
|
38
38
|
end
|
39
39
|
|
40
40
|
# Creates the Get parameters for the logout request.
|
41
|
-
# @param settings [OneLogin::
|
41
|
+
# @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
|
42
42
|
# @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
|
43
43
|
# @return [Hash] Parameters
|
44
44
|
#
|
@@ -62,7 +62,7 @@ module OneLogin
|
|
62
62
|
|
63
63
|
if settings.security[:logout_requests_signed] && !settings.security[:embed_sign] && settings.private_key
|
64
64
|
params['SigAlg'] = settings.security[:signature_method]
|
65
|
-
url_string = OneLogin::
|
65
|
+
url_string = OneLogin::KlRubySaml::Utils.build_query(
|
66
66
|
:type => 'SAMLRequest',
|
67
67
|
:data => base64_request,
|
68
68
|
:relay_state => relay_state,
|
@@ -81,7 +81,7 @@ module OneLogin
|
|
81
81
|
end
|
82
82
|
|
83
83
|
# Creates the SAMLRequest String.
|
84
|
-
# @param settings [OneLogin::
|
84
|
+
# @param settings [OneLogin::KlRubySaml::Settings|nil] Toolkit settings
|
85
85
|
# @return [String] The SAMLRequest String.
|
86
86
|
#
|
87
87
|
def create_logout_request_xml_doc(settings)
|