libsaml 2.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +91 -0
- data/Rakefile +33 -0
- data/lib/saml.rb +142 -0
- data/lib/saml/artifact.rb +51 -0
- data/lib/saml/artifact_resolve.rb +10 -0
- data/lib/saml/artifact_response.rb +9 -0
- data/lib/saml/assertion.rb +67 -0
- data/lib/saml/authn_request.rb +34 -0
- data/lib/saml/base.rb +47 -0
- data/lib/saml/bindings/http_artifact.rb +44 -0
- data/lib/saml/bindings/http_post.rb +29 -0
- data/lib/saml/bindings/http_redirect.rb +100 -0
- data/lib/saml/bindings/soap.rb +31 -0
- data/lib/saml/complex_types/endpoint_type.rb +17 -0
- data/lib/saml/complex_types/indexed_endpoint_type.rb +15 -0
- data/lib/saml/complex_types/request_abstract_type.rb +57 -0
- data/lib/saml/complex_types/sso_descriptor_type.rb +48 -0
- data/lib/saml/complex_types/status_response_type.rb +29 -0
- data/lib/saml/config.rb +49 -0
- data/lib/saml/elements/attribute.rb +24 -0
- data/lib/saml/elements/attribute_statement.rb +26 -0
- data/lib/saml/elements/audience_restriction.rb +12 -0
- data/lib/saml/elements/authn_context.rb +13 -0
- data/lib/saml/elements/authn_statement.rb +25 -0
- data/lib/saml/elements/conditions.rb +24 -0
- data/lib/saml/elements/contact_person.rb +33 -0
- data/lib/saml/elements/entities_descriptor.rb +27 -0
- data/lib/saml/elements/entity_descriptor.rb +37 -0
- data/lib/saml/elements/idp_sso_descriptor.rb +23 -0
- data/lib/saml/elements/key_descriptor.rb +34 -0
- data/lib/saml/elements/key_descriptor/key_info.rb +30 -0
- data/lib/saml/elements/key_descriptor/key_info/x509_data.rb +34 -0
- data/lib/saml/elements/name_id.rb +14 -0
- data/lib/saml/elements/organization.rb +16 -0
- data/lib/saml/elements/requested_authn_context.rb +28 -0
- data/lib/saml/elements/signature.rb +33 -0
- data/lib/saml/elements/signature/canonicalization_method.rb +19 -0
- data/lib/saml/elements/signature/digest_method.rb +19 -0
- data/lib/saml/elements/signature/inclusive_namespaces.rb +20 -0
- data/lib/saml/elements/signature/key_info.rb +14 -0
- data/lib/saml/elements/signature/reference.rb +23 -0
- data/lib/saml/elements/signature/signature_method.rb +19 -0
- data/lib/saml/elements/signature/signed_info.rb +24 -0
- data/lib/saml/elements/signature/transform.rb +19 -0
- data/lib/saml/elements/signature/transforms.rb +21 -0
- data/lib/saml/elements/sp_sso_descriptor.rb +27 -0
- data/lib/saml/elements/status.rb +15 -0
- data/lib/saml/elements/status_code.rb +42 -0
- data/lib/saml/elements/sub_status_code.rb +14 -0
- data/lib/saml/elements/subject.rb +38 -0
- data/lib/saml/elements/subject_confirmation.rb +30 -0
- data/lib/saml/elements/subject_confirmation_data.rb +23 -0
- data/lib/saml/elements/subject_locality.rb +12 -0
- data/lib/saml/encoding.rb +35 -0
- data/lib/saml/logout_request.rb +10 -0
- data/lib/saml/logout_response.rb +11 -0
- data/lib/saml/provider.rb +85 -0
- data/lib/saml/provider_stores/file.rb +33 -0
- data/lib/saml/response.rb +21 -0
- data/lib/saml/util.rb +51 -0
- data/lib/saml/version.rb +3 -0
- data/lib/saml/xml_helpers.rb +34 -0
- data/lib/tasks/saml_tasks.rake +4 -0
- metadata +195 -0
@@ -0,0 +1,28 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class RequestedAuthnContext
|
4
|
+
|
5
|
+
module ComparisonTypes
|
6
|
+
EXACT = 'exact'
|
7
|
+
MINIMUM = 'minimum'
|
8
|
+
MAXIMUM = 'maximum'
|
9
|
+
BETTER = 'better'
|
10
|
+
ALL = [EXACT, MINIMUM, MAXIMUM, BETTER, nil]
|
11
|
+
end
|
12
|
+
|
13
|
+
include Saml::ClassRefs
|
14
|
+
|
15
|
+
include Saml::Base
|
16
|
+
|
17
|
+
tag 'RequestedAuthnContext'
|
18
|
+
namespace 'samlp'
|
19
|
+
|
20
|
+
attribute :comparison, String, :tag => "Comparison"
|
21
|
+
|
22
|
+
element :authn_context_class_ref, String, :namespace => 'saml', :tag => "AuthnContextClassRef"
|
23
|
+
|
24
|
+
validates :authn_context_class_ref, :presence => true, :inclusion => ALL_CLASS_REFS
|
25
|
+
validates :comparison, :inclusion => ComparisonTypes::ALL
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'saml/elements/signature/inclusive_namespaces'
|
2
|
+
require 'saml/elements/signature/transform'
|
3
|
+
require 'saml/elements/signature/transforms'
|
4
|
+
require 'saml/elements/signature/digest_method'
|
5
|
+
require 'saml/elements/signature/reference'
|
6
|
+
require 'saml/elements/signature/signature_method'
|
7
|
+
require 'saml/elements/signature/canonicalization_method'
|
8
|
+
require 'saml/elements/signature/signed_info'
|
9
|
+
require 'saml/elements/signature/key_info'
|
10
|
+
|
11
|
+
module Saml
|
12
|
+
module Elements
|
13
|
+
class Signature
|
14
|
+
include Saml::Base
|
15
|
+
|
16
|
+
tag "Signature"
|
17
|
+
register_namespace 'ds', Saml::XML_DSIG_NAMESPACE
|
18
|
+
namespace 'ds'
|
19
|
+
|
20
|
+
has_one :signed_info, SignedInfo
|
21
|
+
element :signature_value, String, :tag => "SignatureValue", :state_when_nil => true
|
22
|
+
has_one :key_info, KeyInfo
|
23
|
+
|
24
|
+
|
25
|
+
def initialize(*args)
|
26
|
+
super(*args)
|
27
|
+
options = args.extract_options!
|
28
|
+
@signed_info ||= SignedInfo.new(:uri => options.delete(:uri), :digest_value => options.delete(:digest_value))
|
29
|
+
@key_info ||= KeyInfo.new
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class CanonicalizationMethod
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "CanonicalizationMethod"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
attribute :algorithm, String, :tag => "Algorithm"
|
11
|
+
|
12
|
+
def initialize(*args)
|
13
|
+
@algorithm = "http://www.w3.org/2001/10/xml-exc-c14n#"
|
14
|
+
super(*args)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class DigestMethod
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "DigestMethod"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
attribute :algorithm, String, :tag => "Algorithm"
|
11
|
+
|
12
|
+
def initialize(*args)
|
13
|
+
@algorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
|
14
|
+
super(*args)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class InclusiveNamespaces
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
register_namespace 'ec', "http://www.w3.org/2001/10/xml-exc-c14n#"
|
8
|
+
namespace 'ec'
|
9
|
+
tag 'InclusiveNamespaces'
|
10
|
+
|
11
|
+
attribute :prefix_list, String, :tag => "PrefixList"
|
12
|
+
|
13
|
+
def initialize(*args)
|
14
|
+
@prefix_list = "ds saml samlp xs"
|
15
|
+
super(*args)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class Reference
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "Reference"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
attribute :uri, String, :tag => "URI"
|
11
|
+
element :transforms, Transforms
|
12
|
+
element :digest_method, DigestMethod
|
13
|
+
element :digest_value, String, :tag => "DigestValue", :state_when_nil => true
|
14
|
+
|
15
|
+
def initialize(*args)
|
16
|
+
@transforms = Transforms.new
|
17
|
+
@digest_method = DigestMethod.new
|
18
|
+
super(*args)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class SignatureMethod
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "SignatureMethod"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
attribute :algorithm, String, :tag => "Algorithm"
|
11
|
+
|
12
|
+
def initialize(*args)
|
13
|
+
@algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
14
|
+
super(*args)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class SignedInfo
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "SignedInfo"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
element :canonicalization_method, CanonicalizationMethod
|
11
|
+
element :signature_method, SignatureMethod
|
12
|
+
element :reference, Reference
|
13
|
+
|
14
|
+
def initialize(*args)
|
15
|
+
@canonicalization_method = CanonicalizationMethod.new
|
16
|
+
@signature_method = SignatureMethod.new
|
17
|
+
super(*args)
|
18
|
+
options = args.extract_options!
|
19
|
+
@reference ||= Reference.new(:uri => options.delete(:uri), :digest_value => options.delete(:digest_value))
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class Transform
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "Transform"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
attribute :algorithm, String, :tag => "Algorithm"
|
11
|
+
has_one :inclusive_namespaces, InclusiveNamespaces
|
12
|
+
|
13
|
+
def inclusive_namespaces
|
14
|
+
@inclusive_namespaces == [] ? nil : @inclusive_namespaces
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Signature
|
4
|
+
class Transforms
|
5
|
+
include Saml::Base
|
6
|
+
|
7
|
+
tag "Transforms"
|
8
|
+
namespace 'ds'
|
9
|
+
|
10
|
+
has_many :transform, Transform, :tag => "Transform"
|
11
|
+
|
12
|
+
def initialize(*args)
|
13
|
+
@transform = [Transform.new(:algorithm => "http://www.w3.org/2000/09/xmldsig#enveloped-signature"),
|
14
|
+
Transform.new(:algorithm => "http://www.w3.org/2001/10/xml-exc-c14n#",
|
15
|
+
:inclusive_namespaces => InclusiveNamespaces.new)]
|
16
|
+
super(*args)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class SPSSODescriptor
|
4
|
+
include Saml::ComplexTypes::SSODescriptorType
|
5
|
+
|
6
|
+
class AssertionConsumerService
|
7
|
+
include Saml::ComplexTypes::IndexedEndpointType
|
8
|
+
tag 'AssertionConsumerService'
|
9
|
+
end
|
10
|
+
|
11
|
+
tag 'SPSSODescriptor'
|
12
|
+
|
13
|
+
attribute :authn_requests_signed, Boolean, :tag => "AuthnRequestsSigned", :default => false
|
14
|
+
attribute :want_assertions_signed, Boolean, :tag => "WantAssertionsSigned", :default => false
|
15
|
+
|
16
|
+
has_many :assertion_consumer_services, AssertionConsumerService
|
17
|
+
|
18
|
+
validates :assertion_consumer_services, :presence => true
|
19
|
+
|
20
|
+
def initialize(*args)
|
21
|
+
super(*args)
|
22
|
+
self.assertion_consumer_services ||= []
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class StatusCode
|
4
|
+
include Saml::Base
|
5
|
+
|
6
|
+
tag "StatusCode"
|
7
|
+
namespace 'samlp'
|
8
|
+
|
9
|
+
attribute :value, String, :tag => "Value"
|
10
|
+
|
11
|
+
has_one :sub_status_code, Saml::Elements::SubStatusCode
|
12
|
+
|
13
|
+
validates :value, :presence => true, :inclusion => TopLevelCodes::ALL
|
14
|
+
|
15
|
+
def initialize(*args)
|
16
|
+
options = args.extract_options!
|
17
|
+
@sub_status_code = Saml::Elements::SubStatusCode.new(:value => options.delete(:sub_status_value)) if options[:sub_status_value]
|
18
|
+
super(*(args << options))
|
19
|
+
end
|
20
|
+
|
21
|
+
def success?
|
22
|
+
value == TopLevelCodes::SUCCESS
|
23
|
+
end
|
24
|
+
|
25
|
+
def authn_failed?
|
26
|
+
sub_status_code.value == SubStatusCodes::AUTHN_FAILED
|
27
|
+
end
|
28
|
+
|
29
|
+
def request_denied?
|
30
|
+
sub_status_code.value == SubStatusCodes::REQUEST_DENIED
|
31
|
+
end
|
32
|
+
|
33
|
+
def no_authn_context?
|
34
|
+
sub_status_code.value == SubStatusCodes::NO_AUTHN_CONTEXT
|
35
|
+
end
|
36
|
+
|
37
|
+
def partial_logout?
|
38
|
+
sub_status_code.value == SubStatusCodes::PARTIAL_LOGOUT
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class SubStatusCode
|
4
|
+
include Saml::Base
|
5
|
+
|
6
|
+
tag "StatusCode"
|
7
|
+
namespace 'samlp'
|
8
|
+
|
9
|
+
attribute :value, String, :tag => "Value"
|
10
|
+
|
11
|
+
validates :value, :presence => true, :inclusion => SubStatusCodes::ALL
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class Subject
|
4
|
+
include Saml::Base
|
5
|
+
|
6
|
+
tag "Subject"
|
7
|
+
register_namespace 'saml', Saml::SAML_NAMESPACE
|
8
|
+
namespace 'saml'
|
9
|
+
|
10
|
+
element :_name_id, NameId, :tag => "NameID"
|
11
|
+
|
12
|
+
has_many :subject_confirmation, Saml::Elements::SubjectConfirmation
|
13
|
+
|
14
|
+
validates :name_id, :subject_confirmation, :presence => true
|
15
|
+
|
16
|
+
def initialize(*args)
|
17
|
+
options = args.extract_options!
|
18
|
+
@_name_id = Saml::Elements::NameId.new(format: options.delete(:name_id_format),
|
19
|
+
value: options.delete(:name_id))
|
20
|
+
@subject_confirmation = Saml::Elements::SubjectConfirmation.new(recipient: options.delete(:recipient),
|
21
|
+
in_response_to: options.delete(:in_response_to))
|
22
|
+
super(*(args << options))
|
23
|
+
end
|
24
|
+
|
25
|
+
def name_id
|
26
|
+
@_name_id.value
|
27
|
+
end
|
28
|
+
|
29
|
+
def name_id=(value)
|
30
|
+
@_name_id.value = value
|
31
|
+
end
|
32
|
+
|
33
|
+
def name_id_format
|
34
|
+
@_name_id.format
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class SubjectConfirmation
|
4
|
+
include Saml::Base
|
5
|
+
|
6
|
+
class Methods
|
7
|
+
BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
|
8
|
+
end
|
9
|
+
|
10
|
+
tag "SubjectConfirmation"
|
11
|
+
register_namespace 'saml', Saml::SAML_NAMESPACE
|
12
|
+
namespace 'saml'
|
13
|
+
|
14
|
+
attribute :_method, String, :tag => 'Method'
|
15
|
+
|
16
|
+
has_many :subject_confirmation_data, Saml::Elements::SubjectConfirmationData
|
17
|
+
|
18
|
+
validates :_method, :presence => true
|
19
|
+
|
20
|
+
|
21
|
+
def initialize(*args)
|
22
|
+
options = args.extract_options!
|
23
|
+
@subject_confirmation_data = Saml::Elements::SubjectConfirmationData.new(:recipient => options.delete(:recipient),
|
24
|
+
:in_response_to => options.delete(:in_response_to))
|
25
|
+
super(*(args << options))
|
26
|
+
@_method ||= Methods::BEARER
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module Saml
|
2
|
+
module Elements
|
3
|
+
class SubjectConfirmationData
|
4
|
+
include Saml::Base
|
5
|
+
|
6
|
+
tag "SubjectConfirmationData"
|
7
|
+
register_namespace 'saml', Saml::SAML_NAMESPACE
|
8
|
+
namespace 'saml'
|
9
|
+
|
10
|
+
attribute :not_on_or_after, Time, :tag => "NotOnOrAfter", :on_save => lambda { |val| val.utc.xmlschema }
|
11
|
+
attribute :recipient, String, :tag => "Recipient"
|
12
|
+
attribute :in_response_to, String, :tag => "InResponseTo"
|
13
|
+
|
14
|
+
validates :not_on_or_after, :in_response_to, :recipient, :presence => true
|
15
|
+
|
16
|
+
def initialize(*args)
|
17
|
+
options = args.extract_options!
|
18
|
+
super(*(args << options))
|
19
|
+
@not_on_or_after = Time.now + Saml::Config.max_issue_instant_offset.minutes
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|