kl-ruby-saml 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +3 -0
- data/README.md +24 -24
- data/Rakefile +1 -1
- data/changelog.md +3 -3
- data/kl-ruby-saml.gemspec +4 -4
- data/lib/kl-ruby-saml.rb +1 -0
- data/lib/onelogin/kl-ruby-saml.rb +17 -0
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/attribute_service.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/attributes.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/authrequest.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/http_error.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/idp_metadata_parser.rb +3 -3
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logging.rb +3 -3
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logoutrequest.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/logoutresponse.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/metadata.rb +3 -3
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/response.rb +9 -9
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/saml_message.rb +2 -2
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/settings.rb +6 -6
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/slo_logoutrequest.rb +6 -6
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/slo_logoutresponse.rb +7 -7
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/utils.rb +1 -1
- data/lib/onelogin/{ruby-saml → kl-ruby-saml}/validation_error.rb +1 -1
- data/lib/onelogin/kl-ruby-saml/version.rb +5 -0
- data/lib/xml_security.rb +5 -5
- data/test/idp_metadata_parser_test.rb +7 -7
- data/test/logging_test.rb +11 -11
- data/test/logout_responses/logoutresponse_fixtures.rb +1 -1
- data/test/logoutrequest_test.rb +17 -17
- data/test/logoutresponse_test.rb +39 -39
- data/test/metadata_test.rb +5 -5
- data/test/request_test.rb +26 -26
- data/test/response_test.rb +116 -116
- data/test/saml_message_test.rb +4 -4
- data/test/settings_test.rb +19 -19
- data/test/slo_logoutrequest_test.rb +26 -26
- data/test/slo_logoutresponse_test.rb +16 -16
- data/test/test_helper.rb +3 -3
- data/test/utils_test.rb +23 -23
- data/test/xml_security_test.rb +17 -17
- metadata +23 -23
- data/lib/onelogin/ruby-saml.rb +0 -17
- data/lib/onelogin/ruby-saml/version.rb +0 -5
- data/lib/ruby-saml.rb +0 -1
data/test/response_test.rb
CHANGED
|
@@ -1,52 +1,52 @@
|
|
|
1
1
|
require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
|
|
2
2
|
|
|
3
|
-
require 'onelogin/ruby-saml/response'
|
|
3
|
+
require 'onelogin/kl-ruby-saml/response'
|
|
4
4
|
|
|
5
|
-
class
|
|
5
|
+
class KlRubySamlTest < Minitest::Test
|
|
6
6
|
|
|
7
7
|
describe "Response" do
|
|
8
8
|
|
|
9
|
-
let(:settings) { OneLogin::
|
|
10
|
-
let(:response) { OneLogin::
|
|
11
|
-
let(:response_without_attributes) { OneLogin::
|
|
12
|
-
let(:response_without_reference_uri) { OneLogin::
|
|
13
|
-
let(:response_with_signed_assertion) { OneLogin::
|
|
14
|
-
let(:response_unsigned) { OneLogin::
|
|
15
|
-
let(:response_wrapped) { OneLogin::
|
|
16
|
-
let(:response_multiple_attr_values) { OneLogin::
|
|
17
|
-
let(:response_valid_signed) { OneLogin::
|
|
18
|
-
let(:response_no_id) { OneLogin::
|
|
19
|
-
let(:response_no_version) { OneLogin::
|
|
20
|
-
let(:response_multi_assertion) { OneLogin::
|
|
21
|
-
let(:response_no_status) { OneLogin::
|
|
22
|
-
let(:response_no_statuscode) { OneLogin::
|
|
23
|
-
let(:response_statuscode_responder) { OneLogin::
|
|
24
|
-
let(:response_statuscode_responder_and_msg) { OneLogin::
|
|
25
|
-
let(:response_encrypted_attrs) { OneLogin::
|
|
26
|
-
let(:response_no_signed_elements) { OneLogin::
|
|
27
|
-
let(:response_multiple_signed) { OneLogin::
|
|
28
|
-
let(:response_invalid_audience) { OneLogin::
|
|
29
|
-
let(:response_invalid_signed_element) { OneLogin::
|
|
30
|
-
let(:response_invalid_issuer_assertion) { OneLogin::
|
|
31
|
-
let(:response_invalid_issuer_message) { OneLogin::
|
|
32
|
-
let(:response_no_subjectconfirmation_data) { OneLogin::
|
|
33
|
-
let(:response_no_subjectconfirmation_method) { OneLogin::
|
|
34
|
-
let(:response_invalid_subjectconfirmation_inresponse) { OneLogin::
|
|
35
|
-
let(:response_invalid_subjectconfirmation_recipient) { OneLogin::
|
|
36
|
-
let(:response_invalid_subjectconfirmation_nb) { OneLogin::
|
|
37
|
-
let(:response_invalid_subjectconfirmation_noa) { OneLogin::
|
|
38
|
-
let(:response_invalid_signature_position) { OneLogin::
|
|
39
|
-
let(:response_encrypted_nameid) { OneLogin::
|
|
9
|
+
let(:settings) { OneLogin::KlRubySaml::Settings.new }
|
|
10
|
+
let(:response) { OneLogin::KlRubySaml::Response.new(response_document_without_recipient) }
|
|
11
|
+
let(:response_without_attributes) { OneLogin::KlRubySaml::Response.new(response_document_without_attributes) }
|
|
12
|
+
let(:response_without_reference_uri) { OneLogin::KlRubySaml::Response.new(response_document_without_reference_uri) }
|
|
13
|
+
let(:response_with_signed_assertion) { OneLogin::KlRubySaml::Response.new(response_document_with_signed_assertion) }
|
|
14
|
+
let(:response_unsigned) { OneLogin::KlRubySaml::Response.new(response_document_unsigned) }
|
|
15
|
+
let(:response_wrapped) { OneLogin::KlRubySaml::Response.new(response_document_wrapped) }
|
|
16
|
+
let(:response_multiple_attr_values) { OneLogin::KlRubySaml::Response.new(fixture(:response_with_multiple_attribute_values)) }
|
|
17
|
+
let(:response_valid_signed) { OneLogin::KlRubySaml::Response.new(response_document_valid_signed) }
|
|
18
|
+
let(:response_no_id) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_id.xml.base64")) }
|
|
19
|
+
let(:response_no_version) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_saml2.xml.base64")) }
|
|
20
|
+
let(:response_multi_assertion) { OneLogin::KlRubySaml::Response.new(read_invalid_response("multiple_assertions.xml.base64")) }
|
|
21
|
+
let(:response_no_status) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_status.xml.base64")) }
|
|
22
|
+
let(:response_no_statuscode) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_status_code.xml.base64")) }
|
|
23
|
+
let(:response_statuscode_responder) { OneLogin::KlRubySaml::Response.new(read_invalid_response("status_code_responder.xml.base64")) }
|
|
24
|
+
let(:response_statuscode_responder_and_msg) { OneLogin::KlRubySaml::Response.new(read_invalid_response("status_code_responer_and_msg.xml.base64")) }
|
|
25
|
+
let(:response_encrypted_attrs) { OneLogin::KlRubySaml::Response.new(read_invalid_response("response_encrypted_attrs.xml.base64")) }
|
|
26
|
+
let(:response_no_signed_elements) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_signature.xml.base64")) }
|
|
27
|
+
let(:response_multiple_signed) { OneLogin::KlRubySaml::Response.new(read_invalid_response("multiple_signed.xml.base64")) }
|
|
28
|
+
let(:response_invalid_audience) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_audience.xml.base64")) }
|
|
29
|
+
let(:response_invalid_signed_element) { OneLogin::KlRubySaml::Response.new(read_invalid_response("response_invalid_signed_element.xml.base64")) }
|
|
30
|
+
let(:response_invalid_issuer_assertion) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_issuer_assertion.xml.base64")) }
|
|
31
|
+
let(:response_invalid_issuer_message) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_issuer_message.xml.base64")) }
|
|
32
|
+
let(:response_no_subjectconfirmation_data) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_subjectconfirmation_data.xml.base64")) }
|
|
33
|
+
let(:response_no_subjectconfirmation_method) { OneLogin::KlRubySaml::Response.new(read_invalid_response("no_subjectconfirmation_method.xml.base64")) }
|
|
34
|
+
let(:response_invalid_subjectconfirmation_inresponse) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_subjectconfirmation_inresponse.xml.base64")) }
|
|
35
|
+
let(:response_invalid_subjectconfirmation_recipient) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_subjectconfirmation_recipient.xml.base64")) }
|
|
36
|
+
let(:response_invalid_subjectconfirmation_nb) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_subjectconfirmation_nb.xml.base64")) }
|
|
37
|
+
let(:response_invalid_subjectconfirmation_noa) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_subjectconfirmation_noa.xml.base64")) }
|
|
38
|
+
let(:response_invalid_signature_position) { OneLogin::KlRubySaml::Response.new(read_invalid_response("invalid_signature_position.xml.base64")) }
|
|
39
|
+
let(:response_encrypted_nameid) { OneLogin::KlRubySaml::Response.new(response_document_encrypted_nameid) }
|
|
40
40
|
|
|
41
41
|
it "raise an exception when response is initialized with nil" do
|
|
42
|
-
assert_raises(ArgumentError) { OneLogin::
|
|
42
|
+
assert_raises(ArgumentError) { OneLogin::KlRubySaml::Response.new(nil) }
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
it "be able to parse a document which contains ampersands" do
|
|
46
46
|
XMLSecurity::SignedDocument.any_instance.stubs(:digests_match?).returns(true)
|
|
47
|
-
OneLogin::
|
|
47
|
+
OneLogin::KlRubySaml::Response.any_instance.stubs(:validate_conditions).returns(true)
|
|
48
48
|
|
|
49
|
-
ampersands_response = OneLogin::
|
|
49
|
+
ampersands_response = OneLogin::KlRubySaml::Response.new(ampersands_document)
|
|
50
50
|
ampersands_response.settings = settings
|
|
51
51
|
ampersands_response.settings.idp_cert_fingerprint = 'c51985d947f1be57082025050846eb27f6cab783'
|
|
52
52
|
|
|
@@ -56,7 +56,7 @@ class RubySamlTest < Minitest::Test
|
|
|
56
56
|
|
|
57
57
|
describe "Prevent XEE attack" do
|
|
58
58
|
before do
|
|
59
|
-
@response = OneLogin::
|
|
59
|
+
@response = OneLogin::KlRubySaml::Response.new(fixture(:attackxee))
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
it "false when evil attack vector is present, soft = true" do
|
|
@@ -68,7 +68,7 @@ class RubySamlTest < Minitest::Test
|
|
|
68
68
|
it "raise when evil attack vector is present, soft = false " do
|
|
69
69
|
@response.soft = false
|
|
70
70
|
|
|
71
|
-
assert_raises(OneLogin::
|
|
71
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError) do
|
|
72
72
|
@response.send(:validate_structure)
|
|
73
73
|
end
|
|
74
74
|
end
|
|
@@ -82,7 +82,7 @@ class RubySamlTest < Minitest::Test
|
|
|
82
82
|
|
|
83
83
|
it "default to raw input when a response is not Base64 encoded" do
|
|
84
84
|
decoded = Base64.decode64(response_document_without_attributes)
|
|
85
|
-
response_from_raw = OneLogin::
|
|
85
|
+
response_from_raw = OneLogin::KlRubySaml::Response.new(decoded)
|
|
86
86
|
assert response_from_raw.document
|
|
87
87
|
end
|
|
88
88
|
|
|
@@ -104,10 +104,10 @@ class RubySamlTest < Minitest::Test
|
|
|
104
104
|
end
|
|
105
105
|
|
|
106
106
|
it "raise when response is initialized with blank data" do
|
|
107
|
-
blank_response = OneLogin::
|
|
107
|
+
blank_response = OneLogin::KlRubySaml::Response.new('')
|
|
108
108
|
blank_response.soft = false
|
|
109
109
|
error_msg = "Blank response"
|
|
110
|
-
assert_raises(OneLogin::
|
|
110
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
111
111
|
blank_response.is_valid?
|
|
112
112
|
end
|
|
113
113
|
assert_includes blank_response.errors, error_msg
|
|
@@ -115,7 +115,7 @@ class RubySamlTest < Minitest::Test
|
|
|
115
115
|
|
|
116
116
|
it "raise when settings have not been set" do
|
|
117
117
|
error_msg = "No settings on response"
|
|
118
|
-
assert_raises(OneLogin::
|
|
118
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
119
119
|
response.is_valid?
|
|
120
120
|
end
|
|
121
121
|
assert_includes response.errors, error_msg
|
|
@@ -126,7 +126,7 @@ class RubySamlTest < Minitest::Test
|
|
|
126
126
|
settings.idp_cert = nil
|
|
127
127
|
response.settings = settings
|
|
128
128
|
error_msg = "No fingerprint or certificate on settings"
|
|
129
|
-
assert_raises(OneLogin::
|
|
129
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
130
130
|
response.is_valid?
|
|
131
131
|
end
|
|
132
132
|
assert_includes response.errors, error_msg
|
|
@@ -142,12 +142,12 @@ class RubySamlTest < Minitest::Test
|
|
|
142
142
|
|
|
143
143
|
it "validate SAML 2.0 XML structure" do
|
|
144
144
|
resp_xml = Base64.decode64(response_document_unsigned).gsub(/emailAddress/,'test')
|
|
145
|
-
response_unsigned_mod = OneLogin::
|
|
145
|
+
response_unsigned_mod = OneLogin::KlRubySaml::Response.new(Base64.encode64(resp_xml))
|
|
146
146
|
response_unsigned_mod.stubs(:conditions).returns(nil)
|
|
147
147
|
settings.idp_cert_fingerprint = signature_fingerprint_1
|
|
148
148
|
response_unsigned_mod.settings = settings
|
|
149
149
|
response_unsigned_mod.soft = false
|
|
150
|
-
assert_raises(OneLogin::
|
|
150
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, 'Digest mismatch') do
|
|
151
151
|
response_unsigned_mod.is_valid?
|
|
152
152
|
end
|
|
153
153
|
end
|
|
@@ -157,7 +157,7 @@ class RubySamlTest < Minitest::Test
|
|
|
157
157
|
response.settings = settings
|
|
158
158
|
response.soft = false
|
|
159
159
|
error_msg = "Current time is on or after NotOnOrAfter condition"
|
|
160
|
-
assert_raises(OneLogin::
|
|
160
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
161
161
|
response.is_valid?
|
|
162
162
|
end
|
|
163
163
|
assert_includes response.errors[0], error_msg
|
|
@@ -167,7 +167,7 @@ class RubySamlTest < Minitest::Test
|
|
|
167
167
|
settings.idp_cert_fingerprint = signature_fingerprint_1
|
|
168
168
|
response_without_attributes.settings = settings
|
|
169
169
|
response_without_attributes.soft = false
|
|
170
|
-
assert_raises(OneLogin::
|
|
170
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError) do
|
|
171
171
|
response_without_attributes.is_valid?
|
|
172
172
|
end
|
|
173
173
|
end
|
|
@@ -178,9 +178,9 @@ class RubySamlTest < Minitest::Test
|
|
|
178
178
|
opts = {}
|
|
179
179
|
opts[:settings] = settings
|
|
180
180
|
opts[:matches_request_id] = "invalid_request_id"
|
|
181
|
-
response_valid_signed = OneLogin::
|
|
181
|
+
response_valid_signed = OneLogin::KlRubySaml::Response.new(response_document_valid_signed, opts)
|
|
182
182
|
error_msg = "The InResponseTo of the Response: _fc4a34b0-7efb-012e-caae-782bcb13bb38, does not match the ID of the AuthNRequest sent by the SP: invalid_request_id"
|
|
183
|
-
assert_raises(OneLogin::
|
|
183
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
184
184
|
response_valid_signed.is_valid?
|
|
185
185
|
end
|
|
186
186
|
assert_includes response_valid_signed.errors, error_msg
|
|
@@ -191,7 +191,7 @@ class RubySamlTest < Minitest::Test
|
|
|
191
191
|
response_encrypted_attrs.settings = settings
|
|
192
192
|
response_encrypted_attrs.soft = false
|
|
193
193
|
error_msg = "There is an EncryptedAttribute in the Response and this SP not support them"
|
|
194
|
-
assert_raises(OneLogin::
|
|
194
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
195
195
|
response_encrypted_attrs.is_valid?
|
|
196
196
|
end
|
|
197
197
|
assert_includes response_encrypted_attrs.errors, error_msg
|
|
@@ -203,7 +203,7 @@ class RubySamlTest < Minitest::Test
|
|
|
203
203
|
response_valid_signed.settings = settings
|
|
204
204
|
response_valid_signed.soft = false
|
|
205
205
|
error_msg = "#{response_valid_signed.settings.issuer} is not a valid audience for this Response"
|
|
206
|
-
assert_raises(OneLogin::
|
|
206
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
207
207
|
response_valid_signed.is_valid?
|
|
208
208
|
end
|
|
209
209
|
assert_includes response_valid_signed.errors, error_msg
|
|
@@ -214,7 +214,7 @@ class RubySamlTest < Minitest::Test
|
|
|
214
214
|
response_no_id.settings = settings
|
|
215
215
|
response_no_id.soft = false
|
|
216
216
|
error_msg = "Missing ID attribute on SAML Response"
|
|
217
|
-
assert_raises(OneLogin::
|
|
217
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
218
218
|
response_no_id.is_valid?
|
|
219
219
|
end
|
|
220
220
|
assert_includes response_no_id.errors, error_msg
|
|
@@ -225,7 +225,7 @@ class RubySamlTest < Minitest::Test
|
|
|
225
225
|
response_no_version.settings = settings
|
|
226
226
|
response_no_version.soft = false
|
|
227
227
|
error_msg = "Unsupported SAML version"
|
|
228
|
-
assert_raises(OneLogin::
|
|
228
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
229
229
|
response_no_version.is_valid?
|
|
230
230
|
end
|
|
231
231
|
assert_includes response_no_version.errors, error_msg
|
|
@@ -255,7 +255,7 @@ class RubySamlTest < Minitest::Test
|
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
it "return false when response is initialized with blank data" do
|
|
258
|
-
blank_response = OneLogin::
|
|
258
|
+
blank_response = OneLogin::KlRubySaml::Response.new('')
|
|
259
259
|
blank_response.soft = true
|
|
260
260
|
assert !blank_response.is_valid?
|
|
261
261
|
assert_includes blank_response.errors, "Blank response"
|
|
@@ -296,7 +296,7 @@ class RubySamlTest < Minitest::Test
|
|
|
296
296
|
end
|
|
297
297
|
|
|
298
298
|
it "support dynamic namespace resolution on signature elements" do
|
|
299
|
-
no_signature_response = OneLogin::
|
|
299
|
+
no_signature_response = OneLogin::KlRubySaml::Response.new(fixture("no_signature_ns.xml"))
|
|
300
300
|
no_signature_response.stubs(:conditions).returns(nil)
|
|
301
301
|
no_signature_response.stubs(:validate_subject_confirmation).returns(true)
|
|
302
302
|
no_signature_response.settings = settings
|
|
@@ -306,7 +306,7 @@ class RubySamlTest < Minitest::Test
|
|
|
306
306
|
end
|
|
307
307
|
|
|
308
308
|
it "validate ADFS assertions" do
|
|
309
|
-
adfs_response = OneLogin::
|
|
309
|
+
adfs_response = OneLogin::KlRubySaml::Response.new(fixture(:adfs_response_sha256))
|
|
310
310
|
adfs_response.stubs(:conditions).returns(nil)
|
|
311
311
|
adfs_response.stubs(:validate_subject_confirmation).returns(true)
|
|
312
312
|
settings.idp_cert_fingerprint = "28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA"
|
|
@@ -317,7 +317,7 @@ class RubySamlTest < Minitest::Test
|
|
|
317
317
|
|
|
318
318
|
it "validate SAML 2.0 XML structure" do
|
|
319
319
|
resp_xml = Base64.decode64(response_document_unsigned).gsub(/emailAddress/,'test')
|
|
320
|
-
response_unsigned_mod = OneLogin::
|
|
320
|
+
response_unsigned_mod = OneLogin::KlRubySaml::Response.new(Base64.encode64(resp_xml))
|
|
321
321
|
response_unsigned_mod.stubs(:conditions).returns(nil)
|
|
322
322
|
settings.idp_cert_fingerprint = signature_fingerprint_1
|
|
323
323
|
response_unsigned_mod.settings = settings
|
|
@@ -348,7 +348,7 @@ class RubySamlTest < Minitest::Test
|
|
|
348
348
|
opts = {}
|
|
349
349
|
opts[:settings] = settings
|
|
350
350
|
opts[:matches_request_id] = "invalid_request_id"
|
|
351
|
-
response_valid_signed = OneLogin::
|
|
351
|
+
response_valid_signed = OneLogin::KlRubySaml::Response.new(response_document_valid_signed, opts)
|
|
352
352
|
response_valid_signed.is_valid?
|
|
353
353
|
assert_includes response_valid_signed.errors, "The InResponseTo of the Response: _fc4a34b0-7efb-012e-caae-782bcb13bb38, does not match the ID of the AuthNRequest sent by the SP: invalid_request_id"
|
|
354
354
|
end
|
|
@@ -490,7 +490,7 @@ class RubySamlTest < Minitest::Test
|
|
|
490
490
|
|
|
491
491
|
it "raise when encountering a mailformed element that prevents the document from being valid" do
|
|
492
492
|
response_without_attributes.soft = false
|
|
493
|
-
assert_raises(OneLogin::
|
|
493
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError) {
|
|
494
494
|
response_without_attributes.send(:validate_structure)
|
|
495
495
|
}
|
|
496
496
|
end
|
|
@@ -498,19 +498,19 @@ class RubySamlTest < Minitest::Test
|
|
|
498
498
|
|
|
499
499
|
describe "#validate_in_response_to" do
|
|
500
500
|
it "return true when the inResponseTo value matches the Request ID" do
|
|
501
|
-
response = OneLogin::
|
|
501
|
+
response = OneLogin::KlRubySaml::Response.new(response_document_valid_signed, :settings => settings, :matches_request_id => "_fc4a34b0-7efb-012e-caae-782bcb13bb38")
|
|
502
502
|
assert response.send(:validate_in_response_to)
|
|
503
503
|
assert_empty response.errors
|
|
504
504
|
end
|
|
505
505
|
|
|
506
506
|
it "return true when no Request ID is provided for checking" do
|
|
507
|
-
response = OneLogin::
|
|
507
|
+
response = OneLogin::KlRubySaml::Response.new(response_document_valid_signed, :settings => settings)
|
|
508
508
|
assert response.send(:validate_in_response_to)
|
|
509
509
|
assert_empty response.errors
|
|
510
510
|
end
|
|
511
511
|
|
|
512
512
|
it "return false when the inResponseTo value does not match the Request ID" do
|
|
513
|
-
response = OneLogin::
|
|
513
|
+
response = OneLogin::KlRubySaml::Response.new(response_document_valid_signed, :settings => settings, :matches_request_id => "invalid_request_id")
|
|
514
514
|
assert !response.send(:validate_in_response_to)
|
|
515
515
|
assert_includes response.errors, "The InResponseTo of the Response: _fc4a34b0-7efb-012e-caae-782bcb13bb38, does not match the ID of the AuthNRequest sent by the SP: invalid_request_id"
|
|
516
516
|
end
|
|
@@ -663,19 +663,19 @@ class RubySamlTest < Minitest::Test
|
|
|
663
663
|
end
|
|
664
664
|
|
|
665
665
|
it "be extractable from an OpenSAML response" do
|
|
666
|
-
response_open_saml = OneLogin::
|
|
666
|
+
response_open_saml = OneLogin::KlRubySaml::Response.new(fixture(:open_saml))
|
|
667
667
|
assert_equal "someone@example.org", response_open_saml.nameid
|
|
668
668
|
end
|
|
669
669
|
|
|
670
670
|
it "be extractable from a Simple SAML PHP response" do
|
|
671
|
-
response_ssp = OneLogin::
|
|
671
|
+
response_ssp = OneLogin::KlRubySaml::Response.new(fixture(:simple_saml_php))
|
|
672
672
|
assert_equal "someone@example.com", response_ssp.nameid
|
|
673
673
|
end
|
|
674
674
|
end
|
|
675
675
|
|
|
676
676
|
describe "#sessionindex" do
|
|
677
677
|
it "extract the value of the sessionindex element" do
|
|
678
|
-
response = OneLogin::
|
|
678
|
+
response = OneLogin::KlRubySaml::Response.new(fixture(:simple_saml_php))
|
|
679
679
|
assert_equal "_51be37965feb5579d803141076936dc2e9d1d98ebf", response.sessionindex
|
|
680
680
|
end
|
|
681
681
|
end
|
|
@@ -684,11 +684,11 @@ class RubySamlTest < Minitest::Test
|
|
|
684
684
|
it "check time conditions" do
|
|
685
685
|
response.soft = true
|
|
686
686
|
assert !response.send(:validate_conditions)
|
|
687
|
-
response_time_updated = OneLogin::
|
|
687
|
+
response_time_updated = OneLogin::KlRubySaml::Response.new(response_document_without_recipient_with_time_updated)
|
|
688
688
|
response_time_updated.soft = true
|
|
689
689
|
assert response_time_updated.send(:validate_conditions)
|
|
690
690
|
Timecop.freeze(Time.parse("2011-06-14T18:25:01.516Z")) do
|
|
691
|
-
response_with_saml2_namespace = OneLogin::
|
|
691
|
+
response_with_saml2_namespace = OneLogin::KlRubySaml::Response.new(response_document_with_saml2_namespace)
|
|
692
692
|
response_with_saml2_namespace.soft = true
|
|
693
693
|
assert response_with_saml2_namespace.send(:validate_conditions)
|
|
694
694
|
end
|
|
@@ -698,7 +698,7 @@ class RubySamlTest < Minitest::Test
|
|
|
698
698
|
# The NotBefore condition in the document is 2011-06-14T18:21:01.516Z
|
|
699
699
|
Timecop.freeze(Time.parse("2011-06-14T18:21:01Z")) do
|
|
700
700
|
settings.soft = true
|
|
701
|
-
special_response_with_saml2_namespace = OneLogin::
|
|
701
|
+
special_response_with_saml2_namespace = OneLogin::KlRubySaml::Response.new(
|
|
702
702
|
response_document_with_saml2_namespace,
|
|
703
703
|
:allowed_clock_drift => 0.515,
|
|
704
704
|
:settings => settings
|
|
@@ -707,7 +707,7 @@ class RubySamlTest < Minitest::Test
|
|
|
707
707
|
end
|
|
708
708
|
|
|
709
709
|
Timecop.freeze(Time.parse("2011-06-14T18:21:01Z")) do
|
|
710
|
-
special_response_with_saml2_namespace = OneLogin::
|
|
710
|
+
special_response_with_saml2_namespace = OneLogin::KlRubySaml::Response.new(
|
|
711
711
|
response_document_with_saml2_namespace,
|
|
712
712
|
:allowed_clock_drift => 0.516
|
|
713
713
|
)
|
|
@@ -735,12 +735,12 @@ class RubySamlTest < Minitest::Test
|
|
|
735
735
|
end
|
|
736
736
|
|
|
737
737
|
it "not raise errors about nil/empty attributes for EncryptedAttributes" do
|
|
738
|
-
response_no_cert_and_encrypted_attrs = OneLogin::
|
|
738
|
+
response_no_cert_and_encrypted_attrs = OneLogin::KlRubySaml::Response.new(response_document_no_cert_and_encrypted_attrs)
|
|
739
739
|
assert_equal 'Demo', response_no_cert_and_encrypted_attrs.attributes["first_name"]
|
|
740
740
|
end
|
|
741
741
|
|
|
742
742
|
it "not raise on responses without attributes" do
|
|
743
|
-
assert_equal OneLogin::
|
|
743
|
+
assert_equal OneLogin::KlRubySaml::Attributes.new, response_unsigned.attributes
|
|
744
744
|
end
|
|
745
745
|
|
|
746
746
|
describe "#multiple values" do
|
|
@@ -749,10 +749,10 @@ class RubySamlTest < Minitest::Test
|
|
|
749
749
|
end
|
|
750
750
|
|
|
751
751
|
it "extract single value as string in compatibility mode off" do
|
|
752
|
-
OneLogin::
|
|
752
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
753
753
|
assert_equal ["demo"], response_multiple_attr_values.attributes[:uid]
|
|
754
754
|
# classes are not reloaded between tests so restore default
|
|
755
|
-
OneLogin::
|
|
755
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
756
756
|
end
|
|
757
757
|
|
|
758
758
|
it "extract first of multiple values as string for b/w compatibility" do
|
|
@@ -760,9 +760,9 @@ class RubySamlTest < Minitest::Test
|
|
|
760
760
|
end
|
|
761
761
|
|
|
762
762
|
it "extract first of multiple values as string for b/w compatibility in compatibility mode off" do
|
|
763
|
-
OneLogin::
|
|
763
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
764
764
|
assert_equal ['value1', 'value2'], response_multiple_attr_values.attributes[:another_value]
|
|
765
|
-
OneLogin::
|
|
765
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
766
766
|
end
|
|
767
767
|
|
|
768
768
|
it "return array with all attributes when asked in XML order" do
|
|
@@ -770,9 +770,9 @@ class RubySamlTest < Minitest::Test
|
|
|
770
770
|
end
|
|
771
771
|
|
|
772
772
|
it "return array with all attributes when asked in XML order in compatibility mode off" do
|
|
773
|
-
OneLogin::
|
|
773
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
774
774
|
assert_equal ['value1', 'value2'], response_multiple_attr_values.attributes.multi(:another_value)
|
|
775
|
-
OneLogin::
|
|
775
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
776
776
|
end
|
|
777
777
|
|
|
778
778
|
it "return first of multiple values when multiple Attribute tags in XML" do
|
|
@@ -780,9 +780,9 @@ class RubySamlTest < Minitest::Test
|
|
|
780
780
|
end
|
|
781
781
|
|
|
782
782
|
it "return first of multiple values when multiple Attribute tags in XML in compatibility mode off" do
|
|
783
|
-
OneLogin::
|
|
783
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
784
784
|
assert_equal ['role1', 'role2', 'role3'], response_multiple_attr_values.attributes[:role]
|
|
785
|
-
OneLogin::
|
|
785
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
786
786
|
end
|
|
787
787
|
|
|
788
788
|
it "return all of multiple values in reverse order when multiple Attribute tags in XML" do
|
|
@@ -790,9 +790,9 @@ class RubySamlTest < Minitest::Test
|
|
|
790
790
|
end
|
|
791
791
|
|
|
792
792
|
it "return all of multiple values in reverse order when multiple Attribute tags in XML in compatibility mode off" do
|
|
793
|
-
OneLogin::
|
|
793
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
794
794
|
assert_equal ['role1', 'role2', 'role3'], response_multiple_attr_values.attributes.multi(:role)
|
|
795
|
-
OneLogin::
|
|
795
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
796
796
|
end
|
|
797
797
|
|
|
798
798
|
it "return nil value correctly" do
|
|
@@ -800,20 +800,20 @@ class RubySamlTest < Minitest::Test
|
|
|
800
800
|
end
|
|
801
801
|
|
|
802
802
|
it "return nil value correctly when not in compatibility mode off" do
|
|
803
|
-
OneLogin::
|
|
803
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
804
804
|
assert_equal [nil], response_multiple_attr_values.attributes[:attribute_with_nil_value]
|
|
805
|
-
OneLogin::
|
|
805
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
806
806
|
end
|
|
807
807
|
|
|
808
808
|
it "return multiple values including nil and empty string" do
|
|
809
|
-
response = OneLogin::
|
|
809
|
+
response = OneLogin::KlRubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
|
810
810
|
assert_equal ["", "valuePresent", nil, nil], response.attributes.multi(:attribute_with_nils_and_empty_strings)
|
|
811
811
|
end
|
|
812
812
|
|
|
813
813
|
it "return multiple values from [] when not in compatibility mode off" do
|
|
814
|
-
OneLogin::
|
|
814
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
815
815
|
assert_equal ["", "valuePresent", nil, nil], response_multiple_attr_values.attributes[:attribute_with_nils_and_empty_strings]
|
|
816
|
-
OneLogin::
|
|
816
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
817
817
|
end
|
|
818
818
|
|
|
819
819
|
it "check what happens when trying retrieve attribute that does not exists" do
|
|
@@ -821,11 +821,11 @@ class RubySamlTest < Minitest::Test
|
|
|
821
821
|
assert_equal nil, response_multiple_attr_values.attributes.single(:attribute_not_exists)
|
|
822
822
|
assert_equal nil, response_multiple_attr_values.attributes.multi(:attribute_not_exists)
|
|
823
823
|
|
|
824
|
-
OneLogin::
|
|
824
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = false
|
|
825
825
|
assert_equal nil, response_multiple_attr_values.attributes[:attribute_not_exists]
|
|
826
826
|
assert_equal nil, response_multiple_attr_values.attributes.single(:attribute_not_exists)
|
|
827
827
|
assert_equal nil, response_multiple_attr_values.attributes.multi(:attribute_not_exists)
|
|
828
|
-
OneLogin::
|
|
828
|
+
OneLogin::KlRubySaml::Attributes.single_value_compatibility = true
|
|
829
829
|
end
|
|
830
830
|
|
|
831
831
|
end
|
|
@@ -860,7 +860,7 @@ class RubySamlTest < Minitest::Test
|
|
|
860
860
|
describe '#xpath_first_from_signed_assertion' do
|
|
861
861
|
it 'not allow arbitrary code execution' do
|
|
862
862
|
malicious_response_document = fixture('response_eval', false)
|
|
863
|
-
malicious_response = OneLogin::
|
|
863
|
+
malicious_response = OneLogin::KlRubySaml::Response.new(malicious_response_document)
|
|
864
864
|
malicious_response.send(:xpath_first_from_signed_assertion)
|
|
865
865
|
assert_nil $evalled
|
|
866
866
|
end
|
|
@@ -872,14 +872,14 @@ class RubySamlTest < Minitest::Test
|
|
|
872
872
|
|
|
873
873
|
document = XMLSecurity::Document.new(xml)
|
|
874
874
|
|
|
875
|
-
formated_cert = OneLogin::
|
|
875
|
+
formated_cert = OneLogin::KlRubySaml::Utils.format_cert(ruby_saml_cert_text)
|
|
876
876
|
cert = OpenSSL::X509::Certificate.new(formated_cert)
|
|
877
877
|
|
|
878
|
-
formated_private_key = OneLogin::
|
|
878
|
+
formated_private_key = OneLogin::KlRubySaml::Utils.format_private_key(ruby_saml_key_text)
|
|
879
879
|
private_key = OpenSSL::PKey::RSA.new(formated_private_key)
|
|
880
880
|
document.sign_document(private_key, cert)
|
|
881
881
|
|
|
882
|
-
signed_response = OneLogin::
|
|
882
|
+
signed_response = OneLogin::KlRubySaml::Response.new(document.to_s)
|
|
883
883
|
settings.idp_cert = ruby_saml_cert_text
|
|
884
884
|
signed_response.settings = settings
|
|
885
885
|
Timecop.freeze(Time.parse("2015-03-18T04:50:24Z")) do
|
|
@@ -897,7 +897,7 @@ class RubySamlTest < Minitest::Test
|
|
|
897
897
|
|
|
898
898
|
it 'is not possible when encryptID inside the assertion but no private key' do
|
|
899
899
|
response_encrypted_nameid.settings = settings
|
|
900
|
-
assert_raises(OneLogin::
|
|
900
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, "An EncryptedID found and no SP private key found on the settings to decrypt it") do
|
|
901
901
|
assert_equal "test@onelogin.com", response_encrypted_nameid.nameid
|
|
902
902
|
end
|
|
903
903
|
end
|
|
@@ -916,18 +916,18 @@ class RubySamlTest < Minitest::Test
|
|
|
916
916
|
it 'raise if an encrypted assertion is found and no sp private key to decrypt it' do
|
|
917
917
|
error_msg = "An EncryptedAssertion found and no SP private key found on the settings to decrypt it. Be sure you provided the :settings parameter at the initialize method"
|
|
918
918
|
|
|
919
|
-
assert_raises(OneLogin::
|
|
920
|
-
response = OneLogin::
|
|
919
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
920
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion)
|
|
921
921
|
end
|
|
922
922
|
|
|
923
|
-
assert_raises(OneLogin::
|
|
924
|
-
response2 = OneLogin::
|
|
923
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
924
|
+
response2 = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
|
|
925
925
|
end
|
|
926
926
|
|
|
927
927
|
settings.certificate = ruby_saml_cert_text
|
|
928
928
|
settings.private_key = ruby_saml_key_text
|
|
929
|
-
assert_raises(OneLogin::
|
|
930
|
-
response3 = OneLogin::
|
|
929
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
930
|
+
response3 = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion)
|
|
931
931
|
response3.settings
|
|
932
932
|
end
|
|
933
933
|
end
|
|
@@ -939,23 +939,23 @@ class RubySamlTest < Minitest::Test
|
|
|
939
939
|
|
|
940
940
|
error_msg = "Neither PUB key nor PRIV key: nested asn1 error"
|
|
941
941
|
assert_raises(OpenSSL::PKey::RSAError, error_msg) do
|
|
942
|
-
response = OneLogin::
|
|
942
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
|
|
943
943
|
end
|
|
944
944
|
end
|
|
945
945
|
|
|
946
946
|
it 'return true if an encrypted assertion is found and settings initialized with private_key' do
|
|
947
947
|
settings.certificate = ruby_saml_cert_text
|
|
948
948
|
settings.private_key = ruby_saml_key_text
|
|
949
|
-
response = OneLogin::
|
|
949
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
|
|
950
950
|
assert response.decrypted_document
|
|
951
951
|
|
|
952
|
-
response2 = OneLogin::
|
|
952
|
+
response2 = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_signed_assertion, :settings => settings)
|
|
953
953
|
assert response2.decrypted_document
|
|
954
954
|
|
|
955
|
-
response3 = OneLogin::
|
|
955
|
+
response3 = OneLogin::KlRubySaml::Response.new(unsigned_message_encrypted_signed_assertion, :settings => settings)
|
|
956
956
|
assert response3.decrypted_document
|
|
957
957
|
|
|
958
|
-
response4 = OneLogin::
|
|
958
|
+
response4 = OneLogin::KlRubySaml::Response.new(unsigned_message_encrypted_unsigned_assertion, :settings => settings)
|
|
959
959
|
assert response4.decrypted_document
|
|
960
960
|
end
|
|
961
961
|
end
|
|
@@ -971,7 +971,7 @@ class RubySamlTest < Minitest::Test
|
|
|
971
971
|
end
|
|
972
972
|
|
|
973
973
|
it 'is possible when signed_message_encrypted_unsigned_assertion' do
|
|
974
|
-
response = OneLogin::
|
|
974
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
|
|
975
975
|
Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
|
|
976
976
|
assert response.is_valid?
|
|
977
977
|
assert_empty response.errors
|
|
@@ -981,7 +981,7 @@ class RubySamlTest < Minitest::Test
|
|
|
981
981
|
end
|
|
982
982
|
|
|
983
983
|
it 'is possible when signed_message_encrypted_signed_assertion' do
|
|
984
|
-
response = OneLogin::
|
|
984
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_signed_assertion, :settings => settings)
|
|
985
985
|
Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
|
|
986
986
|
assert response.is_valid?
|
|
987
987
|
assert_empty response.errors
|
|
@@ -991,7 +991,7 @@ class RubySamlTest < Minitest::Test
|
|
|
991
991
|
end
|
|
992
992
|
|
|
993
993
|
it 'is possible when unsigned_message_encrypted_signed_assertion' do
|
|
994
|
-
response = OneLogin::
|
|
994
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_encrypted_signed_assertion, :settings => settings)
|
|
995
995
|
Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
|
|
996
996
|
assert response.is_valid?
|
|
997
997
|
assert_empty response.errors
|
|
@@ -1001,7 +1001,7 @@ class RubySamlTest < Minitest::Test
|
|
|
1001
1001
|
end
|
|
1002
1002
|
|
|
1003
1003
|
it 'is not possible when unsigned_message_encrypted_unsigned_assertion' do
|
|
1004
|
-
response = OneLogin::
|
|
1004
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_encrypted_unsigned_assertion, :settings => settings)
|
|
1005
1005
|
Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
|
|
1006
1006
|
assert !response.is_valid?
|
|
1007
1007
|
assert_includes response.errors, "Found an unexpected number of Signature Element. SAML Response rejected"
|
|
@@ -1017,7 +1017,7 @@ class RubySamlTest < Minitest::Test
|
|
|
1017
1017
|
describe "check right settings" do
|
|
1018
1018
|
|
|
1019
1019
|
it "is not possible to decrypt the assertion if no private key" do
|
|
1020
|
-
response = OneLogin::
|
|
1020
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
|
|
1021
1021
|
|
|
1022
1022
|
encrypted_assertion_node = REXML::XPath.first(
|
|
1023
1023
|
response.document,
|
|
@@ -1027,13 +1027,13 @@ class RubySamlTest < Minitest::Test
|
|
|
1027
1027
|
response.settings.private_key = nil
|
|
1028
1028
|
|
|
1029
1029
|
error_msg = "An EncryptedAssertion found and no SP private key found on the settings to decrypt it"
|
|
1030
|
-
assert_raises(OneLogin::
|
|
1030
|
+
assert_raises(OneLogin::KlRubySaml::ValidationError, error_msg) do
|
|
1031
1031
|
decrypted = response.send(:decrypt_assertion, encrypted_assertion_node)
|
|
1032
1032
|
end
|
|
1033
1033
|
end
|
|
1034
1034
|
|
|
1035
1035
|
it "is possible to decrypt the assertion if private key" do
|
|
1036
|
-
response = OneLogin::
|
|
1036
|
+
response = OneLogin::KlRubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
|
|
1037
1037
|
|
|
1038
1038
|
encrypted_assertion_node = REXML::XPath.first(
|
|
1039
1039
|
response.document,
|
|
@@ -1053,7 +1053,7 @@ class RubySamlTest < Minitest::Test
|
|
|
1053
1053
|
|
|
1054
1054
|
it "is possible to decrypt the assertion if private key but no saml namespace on the Assertion Element that is inside the EncryptedAssertion" do
|
|
1055
1055
|
unsigned_message_encrypted_assertion_without_saml_namespace = read_response('unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64')
|
|
1056
|
-
response = OneLogin::
|
|
1056
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_encrypted_assertion_without_saml_namespace, :settings => settings)
|
|
1057
1057
|
encrypted_assertion_node = REXML::XPath.first(
|
|
1058
1058
|
response.document,
|
|
1059
1059
|
"(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
|
|
@@ -1074,28 +1074,28 @@ class RubySamlTest < Minitest::Test
|
|
|
1074
1074
|
describe "check different encrypt methods supported" do
|
|
1075
1075
|
it "EncryptionMethod DES-192 && Key Encryption Algorithm RSA-1_5" do
|
|
1076
1076
|
unsigned_message_des192_encrypted_signed_assertion = read_response('unsigned_message_des192_encrypted_signed_assertion.xml.base64')
|
|
1077
|
-
response = OneLogin::
|
|
1077
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_des192_encrypted_signed_assertion, :settings => settings)
|
|
1078
1078
|
assert_equal "test", response.attributes[:uid]
|
|
1079
1079
|
assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
|
|
1080
1080
|
end
|
|
1081
1081
|
|
|
1082
1082
|
it "EncryptionMethod AES-128 && Key Encryption Algorithm RSA-OAEP-MGF1P" do
|
|
1083
1083
|
unsigned_message_aes128_encrypted_signed_assertion = read_response('unsigned_message_aes128_encrypted_signed_assertion.xml.base64')
|
|
1084
|
-
response = OneLogin::
|
|
1084
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_aes128_encrypted_signed_assertion, :settings => settings)
|
|
1085
1085
|
assert_equal "test", response.attributes[:uid]
|
|
1086
1086
|
assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
|
|
1087
1087
|
end
|
|
1088
1088
|
|
|
1089
1089
|
it "EncryptionMethod AES-192 && Key Encryption Algorithm RSA-OAEP-MGF1P" do
|
|
1090
1090
|
unsigned_message_aes192_encrypted_signed_assertion = read_response('unsigned_message_aes192_encrypted_signed_assertion.xml.base64')
|
|
1091
|
-
response = OneLogin::
|
|
1091
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_aes192_encrypted_signed_assertion, :settings => settings)
|
|
1092
1092
|
assert_equal "test", response.attributes[:uid]
|
|
1093
1093
|
assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
|
|
1094
1094
|
end
|
|
1095
1095
|
|
|
1096
1096
|
it "EncryptionMethod AES-256 && Key Encryption Algorithm RSA-OAEP-MGF1P" do
|
|
1097
1097
|
unsigned_message_aes256_encrypted_signed_assertion = read_response('unsigned_message_aes256_encrypted_signed_assertion.xml.base64')
|
|
1098
|
-
response = OneLogin::
|
|
1098
|
+
response = OneLogin::KlRubySaml::Response.new(unsigned_message_aes256_encrypted_signed_assertion, :settings => settings)
|
|
1099
1099
|
assert_equal "test", response.attributes[:uid]
|
|
1100
1100
|
assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
|
|
1101
1101
|
end
|