libsaml 2.2.1 → 2.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NjQ2MjM2ZTdiNTQzMTg2OTM2NjA5ZjU0MDQ2NDU3ZmZmZmMzNjcyNg==
5
- data.tar.gz: !binary |-
6
- ODViMzc1MDk1MzQ3MDY5MTlhMDIwYWE5Yjc4NTI3MDRjZmI1MmMyMA==
2
+ SHA1:
3
+ metadata.gz: 376f0b864b8b4c1c1096f355b6be173740c02c20
4
+ data.tar.gz: 3767541a83f03d0680041922b0ea402cbb799ea0
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- NmI4NGEwYjE2OWQ3Y2U2ODQ2ZjcxMzNlZjhiNmFiMDBiNGRlMzY0YTNmNmJl
10
- ODhiNjNiZTliNWEzYjM0M2RmYTNiNDMzNWE4ODRmMTBiMjI1MTg3Mjk2NWE0
11
- MDBjNWFjMWFlZjY1YmZiZjMwOThlODI0NjIxMTFjOTZhZjQ5ODQ=
12
- data.tar.gz: !binary |-
13
- YjVkNGUyZTI5NjRkOTMwOWFhMzgwYWVlYjdkODNlZWE3ZjUyODdkYTdmMDBl
14
- YjM0ZmZlYWE3YWYyM2IxOTdjNDlhY2I1MmEzYTUyNTU5NzQ4NTgxNGRmZTEz
15
- ZTViMDhhOWJhNTJlZTc5ODc4M2I2NDg4NmJlM2Q3YzJlZmNhNjY=
6
+ metadata.gz: ed728b5842a2432874d9f08ecafd9d2b729dad0f207f5aa5ca2f764dfeeaf725deadf0ae57c443e6e140ee7a956af5c9d603b7a8084b84a282dd1d52d4909938
7
+ data.tar.gz: 025aa603a25a80e4e83d4ea9b4526595c525706983261f978f08238397f0817e2e02a1b4b90b33b20c20723bf8e42dd34989da52b43650b90c038cfa104ed1fc
@@ -0,0 +1,126 @@
1
+ [![Build status](https://travis-ci.org/digidentity/libsaml.png?branch=master)](https://travis-ci.org/digidentity/libsaml)
2
+ [![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
3
+ [![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
4
+ [![Dependency status](https://gemnasium.com/digidentity/libsaml.png)](https://coveralls.io/r/digidentity/libsaml)
5
+
6
+ # libsaml
7
+
8
+ Libsaml is a Ruby gem to easily create SAML 2.0 messages. This gem was written because other SAML gems were missing functionality such as XML signing.
9
+
10
+ Libsaml's features include:
11
+
12
+ - Multiple bindings:
13
+ - HTTP-Post
14
+ - HTTP-Redirect
15
+ - HTTP-Artifact
16
+ - SOAP
17
+ - XML signing and verification
18
+ - Pluggable backend for providers (FileStore backend included)
19
+
20
+ Copyright [Digidentity B.V.](https://www.digidentity.eu/), released under the MIT license. This gem was written by [Benoist Claassen](https://github.com/benoist).
21
+
22
+ ## Installation
23
+
24
+ Place in your Gemfile:
25
+
26
+ ```ruby
27
+ gem 'libsaml', require: 'saml'
28
+ ```
29
+
30
+ ## Usage
31
+
32
+ Below follows how to configure the SAML gem in a service provider.
33
+
34
+ Store the private key in:
35
+ `config/ssl/key.pem`
36
+
37
+ Store the public key of the identity provider in:
38
+ `config/ssl/trust-federate.cert`
39
+
40
+ Add the Identity Provider web container configuration file to `config/metadata/service_provider.xml`.
41
+
42
+ This contains an encoded version of the public key, generate this in the ruby console by typing:
43
+
44
+ ```ruby
45
+ require 'openssl'
46
+ require 'base64'
47
+
48
+ pem = File.open("config/ssl/trust-federate.cert").read
49
+ cert = OpenSSL::X509::Certificate.new(pem)
50
+ output = Base64.encode64(cert.to_der).gsub("\n", "")
51
+ ```
52
+
53
+ Add the Service Provider configuration file to: `config/metadata/service_provider.xml`:
54
+
55
+ ```xml
56
+ <?xml version="1.0" encoding="UTF-8"?>
57
+ <md:EntityDescriptor ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="my:very:original:entityid" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
58
+ <md:SPSSODescriptor>
59
+ <md:KeyDescriptor use="signing">
60
+ <ds:KeyInfo>
61
+ <ds:X509Data>
62
+ <ds:X509Certificate>SAME_KEY_AS_GENERATED_IN_THE_CONSOLE_BEFORE</ds:X509Certificate>
63
+ </ds:X509Data>
64
+ </ds:KeyInfo>
65
+ </md:KeyDescriptor>
66
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" Location="http://localhost:3000/saml/receive_response" index="0" isDefault="true"/>
67
+ </md:SPSSODescriptor>
68
+ </md:EntityDescriptor>
69
+ ```
70
+
71
+ Set up an intializer in `config/initializers/saml_config.rb`:
72
+
73
+ ```ruby
74
+ Saml.setup do |config|
75
+ config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
76
+ end
77
+ ```
78
+
79
+ By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the `#provider_store` function in the initializer and make a model that defines `#find_by_entity_id`:
80
+
81
+ ```ruby
82
+ class SamlProvider < ActiveRecord::Base
83
+ include Saml::Provider
84
+
85
+ def self.find_by_entity_id(entity_id)
86
+ find_by entity_id: entity_id
87
+ end
88
+ end
89
+ ```
90
+
91
+
92
+ Now you can make a SAML controller in `app/controllers/saml_controller.rb`:
93
+
94
+ ```ruby
95
+ class SamlController < ApplicationController
96
+ extend Saml::Rails::ControllerHelper
97
+ current_provider "entity_id"
98
+
99
+ def request_authentication
100
+ provider = Saml.provider("my:very:original:entityid")
101
+ destination = provider.single_sign_on_service_url(Saml::ProtocolBindings::HTTP_POST)
102
+
103
+ authn_request = Saml::AuthnRequest.new(:destination => destination)
104
+
105
+ @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
106
+
107
+ render text: @saml_attributes.to_yaml
108
+ end
109
+
110
+ def receive_response
111
+ end
112
+ end
113
+ ```
114
+
115
+ Don't forget to define the routes in `config/routes.rb`:
116
+
117
+ ```ruby
118
+ get "/saml/request_authentication" => "saml#request_authentication"
119
+ get "/saml/receive_response" => "saml#receive_response"
120
+ ```
121
+
122
+ ## Contributing
123
+
124
+ - Fork the project
125
+ - Contribute your changes. Please make sure your changes are properly documented and covered by tests.
126
+ - Send a pull request
@@ -21,13 +21,19 @@ module Saml
21
21
  def encrypt_assertions(certificate)
22
22
  @encrypted_assertions = []
23
23
  assertions.each do |assertion|
24
- assertion_xml = assertion.is_a?(Assertion) ? assertion.to_xml : assertion.to_s
25
-
26
- @encrypted_assertions << Saml::Util.encrypt_assertion(assertion_xml, certificate)
24
+ @encrypted_assertions << Saml::Util.encrypt_assertion(assertion, certificate)
27
25
  end
28
26
  assertions.clear
29
27
  end
30
28
 
29
+ def decrypt_assertions(private_key)
30
+ @assertions ||= []
31
+ encrypted_assertions.each do |encrypted_assertion|
32
+ @assertions << Saml::Util.decrypt_assertion(encrypted_assertion, private_key)
33
+ end
34
+ encrypted_assertions.clear
35
+ end
36
+
31
37
  def assertion
32
38
  assertions.first
33
39
  end
@@ -52,10 +52,12 @@ module Saml
52
52
  end
53
53
 
54
54
  def encrypt_assertion(assertion, certificate)
55
+ assertion = assertion.to_xml(nil, nil, false) if assertion.is_a?(Assertion) # create xml without instruct
56
+
55
57
  encrypted_data = Xmlenc::Builder::EncryptedData.new
56
58
  encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')
57
59
 
58
- encrypted_key = encrypted_data.encrypt(assertion)
60
+ encrypted_key = encrypted_data.encrypt(assertion.to_s)
59
61
  encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
60
62
  digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
61
63
  encrypted_key.encrypt(certificate.public_key)
@@ -63,6 +65,14 @@ module Saml
63
65
  Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
64
66
  end
65
67
 
68
+ def decrypt_assertion(encrypted_assertion, private_key)
69
+ encrypted_assertion_xml = encrypted_assertion.is_a?(Saml::Elements::EncryptedAssertion) ?
70
+ encrypted_assertion.to_xml : encrypted_assertion.to_s
71
+ encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_assertion_xml)
72
+
73
+ Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
74
+ end
75
+
66
76
  def verify_xml(message, raw_body)
67
77
  document = Xmldsig::SignedDocument.new(raw_body)
68
78
 
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = "2.2.1"
2
+ VERSION = "2.2.2"
3
3
  end
metadata CHANGED
@@ -1,111 +1,111 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-01-29 00:00:00.000000000 Z
11
+ date: 2014-04-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ! '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 3.0.0
19
+ version: 3.2.15
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ! '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 3.0.0
26
+ version: 3.2.15
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ! '>='
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: 3.0.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ! '>='
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: 3.0.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: nokogiri-happymapper
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
47
  version: 0.5.7
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: 0.5.7
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: xmldsig
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: 0.2.1
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: 0.2.1
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: xmlenc
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ~>
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
75
  version: 0.1.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ~>
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: 0.1.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: curb
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ! '>='
87
+ - - ">="
88
88
  - !ruby/object:Gem::Version
89
89
  version: '0'
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ! '>='
94
+ - - ">="
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: coveralls
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ~>
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0.7'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ~>
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0.7'
111
111
  description: Libsaml makes the creation of SAML 2.0 messages easy. The object structure
@@ -119,7 +119,7 @@ extensions: []
119
119
  extra_rdoc_files: []
120
120
  files:
121
121
  - MIT-LICENSE
122
- - README.rdoc
122
+ - README.md
123
123
  - Rakefile
124
124
  - lib/saml.rb
125
125
  - lib/saml/artifact.rb
@@ -211,12 +211,12 @@ require_paths:
211
211
  - lib
212
212
  required_ruby_version: !ruby/object:Gem::Requirement
213
213
  requirements:
214
- - - ! '>='
214
+ - - ">="
215
215
  - !ruby/object:Gem::Version
216
216
  version: '0'
217
217
  required_rubygems_version: !ruby/object:Gem::Requirement
218
218
  requirements:
219
- - - ! '>='
219
+ - - ">="
220
220
  - !ruby/object:Gem::Version
221
221
  version: '0'
222
222
  requirements: []
@@ -1,95 +0,0 @@
1
- {<img src="https://travis-ci.org/digidentity/libsaml.png?branch=master" alt="Build Status" />}[https://travis-ci.org/digidentity/libsaml]
2
- {<img src="https://coveralls.io/repos/digidentity/libsaml/badge.png" alt="Coverage Status" />}[https://coveralls.io/r/digidentity/libsaml]
3
- {<img src="https://gemnasium.com/digidentity/libsaml.png" alt="Dependency Status" />}[https://gemnasium.com/digidentity/libsaml]
4
- {<img src="https://codeclimate.com/github/digidentity/libsaml.png" />}[https://codeclimate.com/github/digidentity/libsaml]
5
- = libsaml
6
- Libsaml is a Ruby gem to easily create SAML 2.0 messages. This gem was written because other SAML gems were missing functionality such as XML signing.
7
-
8
- Libsaml's features include:
9
- - Bindings: HTTP-Post, HTTP-Redirect, HTTP-Artifact, SOAP
10
- - XML signing and verification
11
- - Pluggable backend for providers (FileStore backend included)
12
-
13
- Copyright Digidentity BV, released under the MIT license. This gem was written by Benoist Claassen.
14
-
15
- = Installation
16
-
17
- Place in your Gemfile:
18
- gem 'libsaml', require: 'saml'
19
-
20
- = Usage
21
- Below follows how to configure the SAML gem in a service provider.
22
-
23
- Store the private key in:
24
- config/ssl/key.pem
25
-
26
- Store the public key of the identity provider in:
27
- config/ssl/trust-federate.cert
28
-
29
- Add the Identity Provider web container configuration file to config/metadata/service_provider.xml.
30
- This contains an encoded version of the public key, generate this in the ruby console by typing:
31
- irb
32
- require 'openssl'
33
- require 'base64'
34
- pem = File.open("config/ssl/trust-federate.cert").read
35
- cert = OpenSSL::X509::Certificate.new(pem)
36
- output = Base64.encode64(cert.to_der).gsub("\n", "")
37
-
38
- Add the Service Provider configuration file to config/metadata/service_provider.xml:
39
- <?xml version="1.0" encoding="UTF-8"?>
40
- <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="my:very:original:entityid">
41
- <md:SPSSODescriptor>
42
- <md:KeyDescriptor use="signing">
43
- <ds:KeyInfo>
44
- <ds:X509Data>
45
- <ds:X509Certificate>SAME_KEY_AS_GENERATED_IN_THE_CONSOLE_BEFORE</ds:X509Certificate>
46
- </ds:X509Data>
47
- </ds:KeyInfo>
48
- </md:KeyDescriptor>
49
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" index="0" Location="http://localhost:3000/saml/receive_response" isDefault="true"/>
50
- </md:SPSSODescriptor>
51
- </md:EntityDescriptor>
52
-
53
- Set up an intializer in config/initializers/saml_config.rb:
54
- Saml.setup do |config|
55
- config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
56
- end
57
-
58
- By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the #provider_store function in the initializer and make a model that defines #find_by_entity_id:
59
- class SamlProvider < ActiveRecord::Base
60
- include Saml::Provider
61
-
62
- def self.find_by_entity_id(entity_id)
63
- where(entity_id: entity_id).first!
64
- end
65
- end
66
-
67
-
68
- Now you can make a SAML controller in app/controllers/saml_controller.rb:
69
- class SamlController < ApplicationController
70
- extend Saml::Rails::ControllerHelper
71
- current_provider "entity_id"
72
-
73
- def request_authentication
74
- provider = Saml.provider("my:very:original:entityid")
75
- destination = provider.single_sign_on_service_url(Saml::ProtocolBindings::HTTP_POST)
76
-
77
- authn_request = Saml::AuthnRequest.new(:destination => destination)
78
-
79
- @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
80
-
81
- render text: @saml_attributes.to_yaml
82
- end
83
-
84
- def receive_response
85
- end
86
- end
87
-
88
- Don't forget to define the routes in config/routes.rb:
89
- get "/saml/request_authentication" => "saml#request_authentication"
90
- get "/saml/receive_response" => "saml#receive_response"
91
-
92
- = Contributing
93
- - Fork the project
94
- - Contribute your changes. Please make sure your changes are properly documented and covered by tests.
95
- - Send a pull request