libsaml 2.2.1 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +5 -13
  2. data/README.md +126 -0
  3. data/lib/saml/response.rb +9 -3
  4. data/lib/saml/util.rb +11 -1
  5. data/lib/saml/version.rb +1 -1
  6. metadata +21 -21
  7. data/README.rdoc +0 -95
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NjQ2MjM2ZTdiNTQzMTg2OTM2NjA5ZjU0MDQ2NDU3ZmZmZmMzNjcyNg==
5
- data.tar.gz: !binary |-
6
- ODViMzc1MDk1MzQ3MDY5MTlhMDIwYWE5Yjc4NTI3MDRjZmI1MmMyMA==
2
+ SHA1:
3
+ metadata.gz: 376f0b864b8b4c1c1096f355b6be173740c02c20
4
+ data.tar.gz: 3767541a83f03d0680041922b0ea402cbb799ea0
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- NmI4NGEwYjE2OWQ3Y2U2ODQ2ZjcxMzNlZjhiNmFiMDBiNGRlMzY0YTNmNmJl
10
- ODhiNjNiZTliNWEzYjM0M2RmYTNiNDMzNWE4ODRmMTBiMjI1MTg3Mjk2NWE0
11
- MDBjNWFjMWFlZjY1YmZiZjMwOThlODI0NjIxMTFjOTZhZjQ5ODQ=
12
- data.tar.gz: !binary |-
13
- YjVkNGUyZTI5NjRkOTMwOWFhMzgwYWVlYjdkODNlZWE3ZjUyODdkYTdmMDBl
14
- YjM0ZmZlYWE3YWYyM2IxOTdjNDlhY2I1MmEzYTUyNTU5NzQ4NTgxNGRmZTEz
15
- ZTViMDhhOWJhNTJlZTc5ODc4M2I2NDg4NmJlM2Q3YzJlZmNhNjY=
6
+ metadata.gz: ed728b5842a2432874d9f08ecafd9d2b729dad0f207f5aa5ca2f764dfeeaf725deadf0ae57c443e6e140ee7a956af5c9d603b7a8084b84a282dd1d52d4909938
7
+ data.tar.gz: 025aa603a25a80e4e83d4ea9b4526595c525706983261f978f08238397f0817e2e02a1b4b90b33b20c20723bf8e42dd34989da52b43650b90c038cfa104ed1fc
data/README.md ADDED
@@ -0,0 +1,126 @@
1
+ [![Build status](https://travis-ci.org/digidentity/libsaml.png?branch=master)](https://travis-ci.org/digidentity/libsaml)
2
+ [![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
3
+ [![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
4
+ [![Dependency status](https://gemnasium.com/digidentity/libsaml.png)](https://coveralls.io/r/digidentity/libsaml)
5
+
6
+ # libsaml
7
+
8
+ Libsaml is a Ruby gem to easily create SAML 2.0 messages. This gem was written because other SAML gems were missing functionality such as XML signing.
9
+
10
+ Libsaml's features include:
11
+
12
+ - Multiple bindings:
13
+ - HTTP-Post
14
+ - HTTP-Redirect
15
+ - HTTP-Artifact
16
+ - SOAP
17
+ - XML signing and verification
18
+ - Pluggable backend for providers (FileStore backend included)
19
+
20
+ Copyright [Digidentity B.V.](https://www.digidentity.eu/), released under the MIT license. This gem was written by [Benoist Claassen](https://github.com/benoist).
21
+
22
+ ## Installation
23
+
24
+ Place in your Gemfile:
25
+
26
+ ```ruby
27
+ gem 'libsaml', require: 'saml'
28
+ ```
29
+
30
+ ## Usage
31
+
32
+ Below follows how to configure the SAML gem in a service provider.
33
+
34
+ Store the private key in:
35
+ `config/ssl/key.pem`
36
+
37
+ Store the public key of the identity provider in:
38
+ `config/ssl/trust-federate.cert`
39
+
40
+ Add the Identity Provider web container configuration file to `config/metadata/service_provider.xml`.
41
+
42
+ This contains an encoded version of the public key, generate this in the ruby console by typing:
43
+
44
+ ```ruby
45
+ require 'openssl'
46
+ require 'base64'
47
+
48
+ pem = File.open("config/ssl/trust-federate.cert").read
49
+ cert = OpenSSL::X509::Certificate.new(pem)
50
+ output = Base64.encode64(cert.to_der).gsub("\n", "")
51
+ ```
52
+
53
+ Add the Service Provider configuration file to: `config/metadata/service_provider.xml`:
54
+
55
+ ```xml
56
+ <?xml version="1.0" encoding="UTF-8"?>
57
+ <md:EntityDescriptor ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="my:very:original:entityid" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
58
+ <md:SPSSODescriptor>
59
+ <md:KeyDescriptor use="signing">
60
+ <ds:KeyInfo>
61
+ <ds:X509Data>
62
+ <ds:X509Certificate>SAME_KEY_AS_GENERATED_IN_THE_CONSOLE_BEFORE</ds:X509Certificate>
63
+ </ds:X509Data>
64
+ </ds:KeyInfo>
65
+ </md:KeyDescriptor>
66
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" Location="http://localhost:3000/saml/receive_response" index="0" isDefault="true"/>
67
+ </md:SPSSODescriptor>
68
+ </md:EntityDescriptor>
69
+ ```
70
+
71
+ Set up an intializer in `config/initializers/saml_config.rb`:
72
+
73
+ ```ruby
74
+ Saml.setup do |config|
75
+ config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
76
+ end
77
+ ```
78
+
79
+ By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the `#provider_store` function in the initializer and make a model that defines `#find_by_entity_id`:
80
+
81
+ ```ruby
82
+ class SamlProvider < ActiveRecord::Base
83
+ include Saml::Provider
84
+
85
+ def self.find_by_entity_id(entity_id)
86
+ find_by entity_id: entity_id
87
+ end
88
+ end
89
+ ```
90
+
91
+
92
+ Now you can make a SAML controller in `app/controllers/saml_controller.rb`:
93
+
94
+ ```ruby
95
+ class SamlController < ApplicationController
96
+ extend Saml::Rails::ControllerHelper
97
+ current_provider "entity_id"
98
+
99
+ def request_authentication
100
+ provider = Saml.provider("my:very:original:entityid")
101
+ destination = provider.single_sign_on_service_url(Saml::ProtocolBindings::HTTP_POST)
102
+
103
+ authn_request = Saml::AuthnRequest.new(:destination => destination)
104
+
105
+ @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
106
+
107
+ render text: @saml_attributes.to_yaml
108
+ end
109
+
110
+ def receive_response
111
+ end
112
+ end
113
+ ```
114
+
115
+ Don't forget to define the routes in `config/routes.rb`:
116
+
117
+ ```ruby
118
+ get "/saml/request_authentication" => "saml#request_authentication"
119
+ get "/saml/receive_response" => "saml#receive_response"
120
+ ```
121
+
122
+ ## Contributing
123
+
124
+ - Fork the project
125
+ - Contribute your changes. Please make sure your changes are properly documented and covered by tests.
126
+ - Send a pull request
data/lib/saml/response.rb CHANGED
@@ -21,13 +21,19 @@ module Saml
21
21
  def encrypt_assertions(certificate)
22
22
  @encrypted_assertions = []
23
23
  assertions.each do |assertion|
24
- assertion_xml = assertion.is_a?(Assertion) ? assertion.to_xml : assertion.to_s
25
-
26
- @encrypted_assertions << Saml::Util.encrypt_assertion(assertion_xml, certificate)
24
+ @encrypted_assertions << Saml::Util.encrypt_assertion(assertion, certificate)
27
25
  end
28
26
  assertions.clear
29
27
  end
30
28
 
29
+ def decrypt_assertions(private_key)
30
+ @assertions ||= []
31
+ encrypted_assertions.each do |encrypted_assertion|
32
+ @assertions << Saml::Util.decrypt_assertion(encrypted_assertion, private_key)
33
+ end
34
+ encrypted_assertions.clear
35
+ end
36
+
31
37
  def assertion
32
38
  assertions.first
33
39
  end
data/lib/saml/util.rb CHANGED
@@ -52,10 +52,12 @@ module Saml
52
52
  end
53
53
 
54
54
  def encrypt_assertion(assertion, certificate)
55
+ assertion = assertion.to_xml(nil, nil, false) if assertion.is_a?(Assertion) # create xml without instruct
56
+
55
57
  encrypted_data = Xmlenc::Builder::EncryptedData.new
56
58
  encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')
57
59
 
58
- encrypted_key = encrypted_data.encrypt(assertion)
60
+ encrypted_key = encrypted_data.encrypt(assertion.to_s)
59
61
  encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
60
62
  digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
61
63
  encrypted_key.encrypt(certificate.public_key)
@@ -63,6 +65,14 @@ module Saml
63
65
  Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
64
66
  end
65
67
 
68
+ def decrypt_assertion(encrypted_assertion, private_key)
69
+ encrypted_assertion_xml = encrypted_assertion.is_a?(Saml::Elements::EncryptedAssertion) ?
70
+ encrypted_assertion.to_xml : encrypted_assertion.to_s
71
+ encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_assertion_xml)
72
+
73
+ Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
74
+ end
75
+
66
76
  def verify_xml(message, raw_body)
67
77
  document = Xmldsig::SignedDocument.new(raw_body)
68
78
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = "2.2.1"
2
+ VERSION = "2.2.2"
3
3
  end
metadata CHANGED
@@ -1,111 +1,111 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-01-29 00:00:00.000000000 Z
11
+ date: 2014-04-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ! '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 3.0.0
19
+ version: 3.2.15
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ! '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 3.0.0
26
+ version: 3.2.15
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ! '>='
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: 3.0.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ! '>='
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: 3.0.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: nokogiri-happymapper
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
47
  version: 0.5.7
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: 0.5.7
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: xmldsig
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - ~>
59
+ - - "~>"
60
60
  - !ruby/object:Gem::Version
61
61
  version: 0.2.1
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - ~>
66
+ - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: 0.2.1
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: xmlenc
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ~>
73
+ - - "~>"
74
74
  - !ruby/object:Gem::Version
75
75
  version: 0.1.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ~>
80
+ - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: 0.1.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: curb
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ! '>='
87
+ - - ">="
88
88
  - !ruby/object:Gem::Version
89
89
  version: '0'
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ! '>='
94
+ - - ">="
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: coveralls
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ~>
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0.7'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ~>
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0.7'
111
111
  description: Libsaml makes the creation of SAML 2.0 messages easy. The object structure
@@ -119,7 +119,7 @@ extensions: []
119
119
  extra_rdoc_files: []
120
120
  files:
121
121
  - MIT-LICENSE
122
- - README.rdoc
122
+ - README.md
123
123
  - Rakefile
124
124
  - lib/saml.rb
125
125
  - lib/saml/artifact.rb
@@ -211,12 +211,12 @@ require_paths:
211
211
  - lib
212
212
  required_ruby_version: !ruby/object:Gem::Requirement
213
213
  requirements:
214
- - - ! '>='
214
+ - - ">="
215
215
  - !ruby/object:Gem::Version
216
216
  version: '0'
217
217
  required_rubygems_version: !ruby/object:Gem::Requirement
218
218
  requirements:
219
- - - ! '>='
219
+ - - ">="
220
220
  - !ruby/object:Gem::Version
221
221
  version: '0'
222
222
  requirements: []
data/README.rdoc DELETED
@@ -1,95 +0,0 @@
1
- {<img src="https://travis-ci.org/digidentity/libsaml.png?branch=master" alt="Build Status" />}[https://travis-ci.org/digidentity/libsaml]
2
- {<img src="https://coveralls.io/repos/digidentity/libsaml/badge.png" alt="Coverage Status" />}[https://coveralls.io/r/digidentity/libsaml]
3
- {<img src="https://gemnasium.com/digidentity/libsaml.png" alt="Dependency Status" />}[https://gemnasium.com/digidentity/libsaml]
4
- {<img src="https://codeclimate.com/github/digidentity/libsaml.png" />}[https://codeclimate.com/github/digidentity/libsaml]
5
- = libsaml
6
- Libsaml is a Ruby gem to easily create SAML 2.0 messages. This gem was written because other SAML gems were missing functionality such as XML signing.
7
-
8
- Libsaml's features include:
9
- - Bindings: HTTP-Post, HTTP-Redirect, HTTP-Artifact, SOAP
10
- - XML signing and verification
11
- - Pluggable backend for providers (FileStore backend included)
12
-
13
- Copyright Digidentity BV, released under the MIT license. This gem was written by Benoist Claassen.
14
-
15
- = Installation
16
-
17
- Place in your Gemfile:
18
- gem 'libsaml', require: 'saml'
19
-
20
- = Usage
21
- Below follows how to configure the SAML gem in a service provider.
22
-
23
- Store the private key in:
24
- config/ssl/key.pem
25
-
26
- Store the public key of the identity provider in:
27
- config/ssl/trust-federate.cert
28
-
29
- Add the Identity Provider web container configuration file to config/metadata/service_provider.xml.
30
- This contains an encoded version of the public key, generate this in the ruby console by typing:
31
- irb
32
- require 'openssl'
33
- require 'base64'
34
- pem = File.open("config/ssl/trust-federate.cert").read
35
- cert = OpenSSL::X509::Certificate.new(pem)
36
- output = Base64.encode64(cert.to_der).gsub("\n", "")
37
-
38
- Add the Service Provider configuration file to config/metadata/service_provider.xml:
39
- <?xml version="1.0" encoding="UTF-8"?>
40
- <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="my:very:original:entityid">
41
- <md:SPSSODescriptor>
42
- <md:KeyDescriptor use="signing">
43
- <ds:KeyInfo>
44
- <ds:X509Data>
45
- <ds:X509Certificate>SAME_KEY_AS_GENERATED_IN_THE_CONSOLE_BEFORE</ds:X509Certificate>
46
- </ds:X509Data>
47
- </ds:KeyInfo>
48
- </md:KeyDescriptor>
49
- <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" index="0" Location="http://localhost:3000/saml/receive_response" isDefault="true"/>
50
- </md:SPSSODescriptor>
51
- </md:EntityDescriptor>
52
-
53
- Set up an intializer in config/initializers/saml_config.rb:
54
- Saml.setup do |config|
55
- config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
56
- end
57
-
58
- By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the #provider_store function in the initializer and make a model that defines #find_by_entity_id:
59
- class SamlProvider < ActiveRecord::Base
60
- include Saml::Provider
61
-
62
- def self.find_by_entity_id(entity_id)
63
- where(entity_id: entity_id).first!
64
- end
65
- end
66
-
67
-
68
- Now you can make a SAML controller in app/controllers/saml_controller.rb:
69
- class SamlController < ApplicationController
70
- extend Saml::Rails::ControllerHelper
71
- current_provider "entity_id"
72
-
73
- def request_authentication
74
- provider = Saml.provider("my:very:original:entityid")
75
- destination = provider.single_sign_on_service_url(Saml::ProtocolBindings::HTTP_POST)
76
-
77
- authn_request = Saml::AuthnRequest.new(:destination => destination)
78
-
79
- @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
80
-
81
- render text: @saml_attributes.to_yaml
82
- end
83
-
84
- def receive_response
85
- end
86
- end
87
-
88
- Don't forget to define the routes in config/routes.rb:
89
- get "/saml/request_authentication" => "saml#request_authentication"
90
- get "/saml/receive_response" => "saml#receive_response"
91
-
92
- = Contributing
93
- - Fork the project
94
- - Contribute your changes. Please make sure your changes are properly documented and covered by tests.
95
- - Send a pull request