libsaml 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +15 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.rdoc +91 -0
  4. data/Rakefile +33 -0
  5. data/lib/saml.rb +142 -0
  6. data/lib/saml/artifact.rb +51 -0
  7. data/lib/saml/artifact_resolve.rb +10 -0
  8. data/lib/saml/artifact_response.rb +9 -0
  9. data/lib/saml/assertion.rb +67 -0
  10. data/lib/saml/authn_request.rb +34 -0
  11. data/lib/saml/base.rb +47 -0
  12. data/lib/saml/bindings/http_artifact.rb +44 -0
  13. data/lib/saml/bindings/http_post.rb +29 -0
  14. data/lib/saml/bindings/http_redirect.rb +100 -0
  15. data/lib/saml/bindings/soap.rb +31 -0
  16. data/lib/saml/complex_types/endpoint_type.rb +17 -0
  17. data/lib/saml/complex_types/indexed_endpoint_type.rb +15 -0
  18. data/lib/saml/complex_types/request_abstract_type.rb +57 -0
  19. data/lib/saml/complex_types/sso_descriptor_type.rb +48 -0
  20. data/lib/saml/complex_types/status_response_type.rb +29 -0
  21. data/lib/saml/config.rb +49 -0
  22. data/lib/saml/elements/attribute.rb +24 -0
  23. data/lib/saml/elements/attribute_statement.rb +26 -0
  24. data/lib/saml/elements/audience_restriction.rb +12 -0
  25. data/lib/saml/elements/authn_context.rb +13 -0
  26. data/lib/saml/elements/authn_statement.rb +25 -0
  27. data/lib/saml/elements/conditions.rb +24 -0
  28. data/lib/saml/elements/contact_person.rb +33 -0
  29. data/lib/saml/elements/entities_descriptor.rb +27 -0
  30. data/lib/saml/elements/entity_descriptor.rb +37 -0
  31. data/lib/saml/elements/idp_sso_descriptor.rb +23 -0
  32. data/lib/saml/elements/key_descriptor.rb +34 -0
  33. data/lib/saml/elements/key_descriptor/key_info.rb +30 -0
  34. data/lib/saml/elements/key_descriptor/key_info/x509_data.rb +34 -0
  35. data/lib/saml/elements/name_id.rb +14 -0
  36. data/lib/saml/elements/organization.rb +16 -0
  37. data/lib/saml/elements/requested_authn_context.rb +28 -0
  38. data/lib/saml/elements/signature.rb +33 -0
  39. data/lib/saml/elements/signature/canonicalization_method.rb +19 -0
  40. data/lib/saml/elements/signature/digest_method.rb +19 -0
  41. data/lib/saml/elements/signature/inclusive_namespaces.rb +20 -0
  42. data/lib/saml/elements/signature/key_info.rb +14 -0
  43. data/lib/saml/elements/signature/reference.rb +23 -0
  44. data/lib/saml/elements/signature/signature_method.rb +19 -0
  45. data/lib/saml/elements/signature/signed_info.rb +24 -0
  46. data/lib/saml/elements/signature/transform.rb +19 -0
  47. data/lib/saml/elements/signature/transforms.rb +21 -0
  48. data/lib/saml/elements/sp_sso_descriptor.rb +27 -0
  49. data/lib/saml/elements/status.rb +15 -0
  50. data/lib/saml/elements/status_code.rb +42 -0
  51. data/lib/saml/elements/sub_status_code.rb +14 -0
  52. data/lib/saml/elements/subject.rb +38 -0
  53. data/lib/saml/elements/subject_confirmation.rb +30 -0
  54. data/lib/saml/elements/subject_confirmation_data.rb +23 -0
  55. data/lib/saml/elements/subject_locality.rb +12 -0
  56. data/lib/saml/encoding.rb +35 -0
  57. data/lib/saml/logout_request.rb +10 -0
  58. data/lib/saml/logout_response.rb +11 -0
  59. data/lib/saml/provider.rb +85 -0
  60. data/lib/saml/provider_stores/file.rb +33 -0
  61. data/lib/saml/response.rb +21 -0
  62. data/lib/saml/util.rb +51 -0
  63. data/lib/saml/version.rb +3 -0
  64. data/lib/saml/xml_helpers.rb +34 -0
  65. data/lib/tasks/saml_tasks.rake +4 -0
  66. metadata +195 -0
@@ -0,0 +1,28 @@
1
+ module Saml
2
+ module Elements
3
+ class RequestedAuthnContext
4
+
5
+ module ComparisonTypes
6
+ EXACT = 'exact'
7
+ MINIMUM = 'minimum'
8
+ MAXIMUM = 'maximum'
9
+ BETTER = 'better'
10
+ ALL = [EXACT, MINIMUM, MAXIMUM, BETTER, nil]
11
+ end
12
+
13
+ include Saml::ClassRefs
14
+
15
+ include Saml::Base
16
+
17
+ tag 'RequestedAuthnContext'
18
+ namespace 'samlp'
19
+
20
+ attribute :comparison, String, :tag => "Comparison"
21
+
22
+ element :authn_context_class_ref, String, :namespace => 'saml', :tag => "AuthnContextClassRef"
23
+
24
+ validates :authn_context_class_ref, :presence => true, :inclusion => ALL_CLASS_REFS
25
+ validates :comparison, :inclusion => ComparisonTypes::ALL
26
+ end
27
+ end
28
+ end
@@ -0,0 +1,33 @@
1
+ require 'saml/elements/signature/inclusive_namespaces'
2
+ require 'saml/elements/signature/transform'
3
+ require 'saml/elements/signature/transforms'
4
+ require 'saml/elements/signature/digest_method'
5
+ require 'saml/elements/signature/reference'
6
+ require 'saml/elements/signature/signature_method'
7
+ require 'saml/elements/signature/canonicalization_method'
8
+ require 'saml/elements/signature/signed_info'
9
+ require 'saml/elements/signature/key_info'
10
+
11
+ module Saml
12
+ module Elements
13
+ class Signature
14
+ include Saml::Base
15
+
16
+ tag "Signature"
17
+ register_namespace 'ds', Saml::XML_DSIG_NAMESPACE
18
+ namespace 'ds'
19
+
20
+ has_one :signed_info, SignedInfo
21
+ element :signature_value, String, :tag => "SignatureValue", :state_when_nil => true
22
+ has_one :key_info, KeyInfo
23
+
24
+
25
+ def initialize(*args)
26
+ super(*args)
27
+ options = args.extract_options!
28
+ @signed_info ||= SignedInfo.new(:uri => options.delete(:uri), :digest_value => options.delete(:digest_value))
29
+ @key_info ||= KeyInfo.new
30
+ end
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,19 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class CanonicalizationMethod
5
+ include Saml::Base
6
+
7
+ tag "CanonicalizationMethod"
8
+ namespace 'ds'
9
+
10
+ attribute :algorithm, String, :tag => "Algorithm"
11
+
12
+ def initialize(*args)
13
+ @algorithm = "http://www.w3.org/2001/10/xml-exc-c14n#"
14
+ super(*args)
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,19 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class DigestMethod
5
+ include Saml::Base
6
+
7
+ tag "DigestMethod"
8
+ namespace 'ds'
9
+
10
+ attribute :algorithm, String, :tag => "Algorithm"
11
+
12
+ def initialize(*args)
13
+ @algorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
14
+ super(*args)
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,20 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class InclusiveNamespaces
5
+ include Saml::Base
6
+
7
+ register_namespace 'ec', "http://www.w3.org/2001/10/xml-exc-c14n#"
8
+ namespace 'ec'
9
+ tag 'InclusiveNamespaces'
10
+
11
+ attribute :prefix_list, String, :tag => "PrefixList"
12
+
13
+ def initialize(*args)
14
+ @prefix_list = "ds saml samlp xs"
15
+ super(*args)
16
+ end
17
+ end
18
+ end
19
+ end
20
+ end
@@ -0,0 +1,14 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class KeyInfo
5
+ include Saml::Base
6
+
7
+ tag "KeyInfo"
8
+ namespace 'ds'
9
+
10
+ element :key_name, String, :namespace => 'ds', :tag => "KeyName"
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,23 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class Reference
5
+ include Saml::Base
6
+
7
+ tag "Reference"
8
+ namespace 'ds'
9
+
10
+ attribute :uri, String, :tag => "URI"
11
+ element :transforms, Transforms
12
+ element :digest_method, DigestMethod
13
+ element :digest_value, String, :tag => "DigestValue", :state_when_nil => true
14
+
15
+ def initialize(*args)
16
+ @transforms = Transforms.new
17
+ @digest_method = DigestMethod.new
18
+ super(*args)
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,19 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class SignatureMethod
5
+ include Saml::Base
6
+
7
+ tag "SignatureMethod"
8
+ namespace 'ds'
9
+
10
+ attribute :algorithm, String, :tag => "Algorithm"
11
+
12
+ def initialize(*args)
13
+ @algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
14
+ super(*args)
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,24 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class SignedInfo
5
+ include Saml::Base
6
+
7
+ tag "SignedInfo"
8
+ namespace 'ds'
9
+
10
+ element :canonicalization_method, CanonicalizationMethod
11
+ element :signature_method, SignatureMethod
12
+ element :reference, Reference
13
+
14
+ def initialize(*args)
15
+ @canonicalization_method = CanonicalizationMethod.new
16
+ @signature_method = SignatureMethod.new
17
+ super(*args)
18
+ options = args.extract_options!
19
+ @reference ||= Reference.new(:uri => options.delete(:uri), :digest_value => options.delete(:digest_value))
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,19 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class Transform
5
+ include Saml::Base
6
+
7
+ tag "Transform"
8
+ namespace 'ds'
9
+
10
+ attribute :algorithm, String, :tag => "Algorithm"
11
+ has_one :inclusive_namespaces, InclusiveNamespaces
12
+
13
+ def inclusive_namespaces
14
+ @inclusive_namespaces == [] ? nil : @inclusive_namespaces
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,21 @@
1
+ module Saml
2
+ module Elements
3
+ class Signature
4
+ class Transforms
5
+ include Saml::Base
6
+
7
+ tag "Transforms"
8
+ namespace 'ds'
9
+
10
+ has_many :transform, Transform, :tag => "Transform"
11
+
12
+ def initialize(*args)
13
+ @transform = [Transform.new(:algorithm => "http://www.w3.org/2000/09/xmldsig#enveloped-signature"),
14
+ Transform.new(:algorithm => "http://www.w3.org/2001/10/xml-exc-c14n#",
15
+ :inclusive_namespaces => InclusiveNamespaces.new)]
16
+ super(*args)
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,27 @@
1
+ module Saml
2
+ module Elements
3
+ class SPSSODescriptor
4
+ include Saml::ComplexTypes::SSODescriptorType
5
+
6
+ class AssertionConsumerService
7
+ include Saml::ComplexTypes::IndexedEndpointType
8
+ tag 'AssertionConsumerService'
9
+ end
10
+
11
+ tag 'SPSSODescriptor'
12
+
13
+ attribute :authn_requests_signed, Boolean, :tag => "AuthnRequestsSigned", :default => false
14
+ attribute :want_assertions_signed, Boolean, :tag => "WantAssertionsSigned", :default => false
15
+
16
+ has_many :assertion_consumer_services, AssertionConsumerService
17
+
18
+ validates :assertion_consumer_services, :presence => true
19
+
20
+ def initialize(*args)
21
+ super(*args)
22
+ self.assertion_consumer_services ||= []
23
+ end
24
+
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,15 @@
1
+ module Saml
2
+ module Elements
3
+ class Status
4
+ include Saml::Base
5
+
6
+ tag "Status"
7
+ namespace 'samlp'
8
+
9
+ has_one :status_code, Saml::Elements::StatusCode
10
+
11
+ validates :status_code, :presence => true
12
+
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,42 @@
1
+ module Saml
2
+ module Elements
3
+ class StatusCode
4
+ include Saml::Base
5
+
6
+ tag "StatusCode"
7
+ namespace 'samlp'
8
+
9
+ attribute :value, String, :tag => "Value"
10
+
11
+ has_one :sub_status_code, Saml::Elements::SubStatusCode
12
+
13
+ validates :value, :presence => true, :inclusion => TopLevelCodes::ALL
14
+
15
+ def initialize(*args)
16
+ options = args.extract_options!
17
+ @sub_status_code = Saml::Elements::SubStatusCode.new(:value => options.delete(:sub_status_value)) if options[:sub_status_value]
18
+ super(*(args << options))
19
+ end
20
+
21
+ def success?
22
+ value == TopLevelCodes::SUCCESS
23
+ end
24
+
25
+ def authn_failed?
26
+ sub_status_code.value == SubStatusCodes::AUTHN_FAILED
27
+ end
28
+
29
+ def request_denied?
30
+ sub_status_code.value == SubStatusCodes::REQUEST_DENIED
31
+ end
32
+
33
+ def no_authn_context?
34
+ sub_status_code.value == SubStatusCodes::NO_AUTHN_CONTEXT
35
+ end
36
+
37
+ def partial_logout?
38
+ sub_status_code.value == SubStatusCodes::PARTIAL_LOGOUT
39
+ end
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,14 @@
1
+ module Saml
2
+ module Elements
3
+ class SubStatusCode
4
+ include Saml::Base
5
+
6
+ tag "StatusCode"
7
+ namespace 'samlp'
8
+
9
+ attribute :value, String, :tag => "Value"
10
+
11
+ validates :value, :presence => true, :inclusion => SubStatusCodes::ALL
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,38 @@
1
+ module Saml
2
+ module Elements
3
+ class Subject
4
+ include Saml::Base
5
+
6
+ tag "Subject"
7
+ register_namespace 'saml', Saml::SAML_NAMESPACE
8
+ namespace 'saml'
9
+
10
+ element :_name_id, NameId, :tag => "NameID"
11
+
12
+ has_many :subject_confirmation, Saml::Elements::SubjectConfirmation
13
+
14
+ validates :name_id, :subject_confirmation, :presence => true
15
+
16
+ def initialize(*args)
17
+ options = args.extract_options!
18
+ @_name_id = Saml::Elements::NameId.new(format: options.delete(:name_id_format),
19
+ value: options.delete(:name_id))
20
+ @subject_confirmation = Saml::Elements::SubjectConfirmation.new(recipient: options.delete(:recipient),
21
+ in_response_to: options.delete(:in_response_to))
22
+ super(*(args << options))
23
+ end
24
+
25
+ def name_id
26
+ @_name_id.value
27
+ end
28
+
29
+ def name_id=(value)
30
+ @_name_id.value = value
31
+ end
32
+
33
+ def name_id_format
34
+ @_name_id.format
35
+ end
36
+ end
37
+ end
38
+ end
@@ -0,0 +1,30 @@
1
+ module Saml
2
+ module Elements
3
+ class SubjectConfirmation
4
+ include Saml::Base
5
+
6
+ class Methods
7
+ BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
8
+ end
9
+
10
+ tag "SubjectConfirmation"
11
+ register_namespace 'saml', Saml::SAML_NAMESPACE
12
+ namespace 'saml'
13
+
14
+ attribute :_method, String, :tag => 'Method'
15
+
16
+ has_many :subject_confirmation_data, Saml::Elements::SubjectConfirmationData
17
+
18
+ validates :_method, :presence => true
19
+
20
+
21
+ def initialize(*args)
22
+ options = args.extract_options!
23
+ @subject_confirmation_data = Saml::Elements::SubjectConfirmationData.new(:recipient => options.delete(:recipient),
24
+ :in_response_to => options.delete(:in_response_to))
25
+ super(*(args << options))
26
+ @_method ||= Methods::BEARER
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,23 @@
1
+ module Saml
2
+ module Elements
3
+ class SubjectConfirmationData
4
+ include Saml::Base
5
+
6
+ tag "SubjectConfirmationData"
7
+ register_namespace 'saml', Saml::SAML_NAMESPACE
8
+ namespace 'saml'
9
+
10
+ attribute :not_on_or_after, Time, :tag => "NotOnOrAfter", :on_save => lambda { |val| val.utc.xmlschema }
11
+ attribute :recipient, String, :tag => "Recipient"
12
+ attribute :in_response_to, String, :tag => "InResponseTo"
13
+
14
+ validates :not_on_or_after, :in_response_to, :recipient, :presence => true
15
+
16
+ def initialize(*args)
17
+ options = args.extract_options!
18
+ super(*(args << options))
19
+ @not_on_or_after = Time.now + Saml::Config.max_issue_instant_offset.minutes
20
+ end
21
+ end
22
+ end
23
+ end