libsaml 3.10.0 → 3.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -3
  3. data/lib/saml/bindings/http_post.rb +6 -1
  4. data/lib/saml/provider.rb +12 -1
  5. data/lib/saml/util.rb +2 -0
  6. data/lib/saml/version.rb +1 -1
  7. data/lib/saml.rb +3 -2
  8. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c9c418991d49dd9d592c20de8a63075dba13cd22a36aad55aaa854d340b9f163
4
- data.tar.gz: 6e379cc45d025aa29296d6b51aa7fa0fa352c30e81c88527a886041240e86bef
3
+ metadata.gz: 41bbe3547b557d22f9624734a120bc288a829c71bc93192265f301e319dbd5d4
4
+ data.tar.gz: 539fecf6754e8eb67f0a7883da478f872170adb6bbebc539b1b8274f2a9d62f0
5
5
  SHA512:
6
- metadata.gz: e4f69d474b8e53b276f52be66b1d68bb48d5dc7c1c7b0aebb27624eea67e690f8bc09e1ba1788cda91a67038eb13bd81da48e522f1b099d32091d245ef819b42
7
- data.tar.gz: 9c8a76b240424d2833d4a3241e120e34a0d5a4ecc5e1e3472ecef0ec5f80c273a509d85fc22086909f843bcce04f989dea257371b52e6f285cf8919dc1e4fa2f
6
+ metadata.gz: c1e8ab017fccd80803230566d262d257f925739f8c4b6e24feb295cfe43574219860bc1fb7120dfa6125dc1b0e652cfef49a7849886729db78d28f3d7ef01d3f
7
+ data.tar.gz: 714f47f1da6802142227ff6f3d4b99b8342e241ad235cf59c8f38231105994db1d1b48ff6598760f1ffee2b44ab3f243d30018261ecbd6aacd01dea95f54590c
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- [![Build status](https://travis-ci.com/digidentity/libsaml.svg?branch=master)](https://travis-ci.com/digidentity/libsaml)
1
+ [![Build status](https://app.travis-ci.com/digidentity/libsaml.svg?branch=master)](https://app.travis-ci.com/digidentity/libsaml)
2
2
  [![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
3
3
  [![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
4
4
 
@@ -67,6 +67,8 @@ Add the Service Provider configuration file to: `config/metadata/service_provide
67
67
  </md:EntityDescriptor>
68
68
  ```
69
69
 
70
+ Add the Identity Provider configuration file that your IdP should provide as `config/metadata/service_provider.xml`. It should have `IDPSSODescriptor` in it.
71
+
70
72
  Set up an intializer in `config/initializers/saml_config.rb`:
71
73
 
72
74
  ```ruby
@@ -104,8 +106,6 @@ class SamlController < ApplicationController
104
106
  session[:authn_request_id] = authn_request._id
105
107
 
106
108
  @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
107
-
108
- render text: @saml_attributes.to_yaml
109
109
  end
110
110
 
111
111
  def receive_response
@@ -132,6 +132,26 @@ class SamlController < ApplicationController
132
132
  end
133
133
  ```
134
134
 
135
+ Add `app/views/saml/request_authentication.html.erb` for the POST binding:
136
+
137
+ ```erbruby
138
+ <!DOCTYPE html>
139
+ <html>
140
+ <body>
141
+ <form method="post" action="<%= @saml_attributes[:location] %>" id="SAMLRequestForm">
142
+ <%= @saml_attributes[:variables].each do |key, value| %>
143
+ <input type="hidden" name="<%= key %>" value="<%= value %>"/>
144
+ <%= end %>
145
+ <input id="SAMLSubmitButton" type="submit" value="Submit"/>
146
+ </form>
147
+ <script>
148
+ document.getElementById('SAMLSubmitButton').style.visibility = "hidden";
149
+ document.getElementById('SAMLRequestForm').submit();
150
+ </script>
151
+ </body>
152
+ </html>
153
+ ```
154
+
135
155
  Don't forget to define the routes in `config/routes.rb`:
136
156
 
137
157
  ```ruby
data/lib/saml/bindings/http_post.rb CHANGED
@@ -7,7 +7,12 @@ module Saml
7
7
  def create_form_attributes(message, options = {})
8
8
  param = message.is_a?(Saml::ComplexTypes::StatusResponseType) ? "SAMLResponse" : "SAMLRequest"
9
9
 
10
- xml = notify('create_message', Saml::Util.sign_xml(message))
10
+ xml = if options[:skip_signature]
11
+ message.to_xml
12
+ else
13
+ Saml::Util.sign_xml(message)
14
+ end
15
+ notify('create_message', xml)
11
16
 
12
17
  variables = {}
13
18
  variables[param] = Saml::Encoding.encode_64(xml)
data/lib/saml/provider.rb CHANGED
@@ -88,7 +88,14 @@ module Saml
88
88
  end
89
89
 
90
90
  def verify(signature_algorithm, signature, data, key_name = nil)
91
- valid = certificate(key_name).public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue nil
91
+ certificates = if key_name.blank? && iterate_certificates_until_verified?
92
+ find_key_descriptors_by_use('signing').collect(&:certificate)
93
+ else
94
+ Array(certificate(key_name))
95
+ end
96
+ valid = certificates.any? do |cert|
97
+ cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
98
+ end
92
99
 
93
100
  # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
94
101
  OpenSSL.errors if !valid
@@ -100,6 +107,10 @@ module Saml
100
107
  sp_descriptor(false).try(:authn_requests_signed)
101
108
  end
102
109
 
110
+ def iterate_certificates_until_verified?
111
+ false
112
+ end
113
+
103
114
  private
104
115
 
105
116
  def digest_method(signature_algorithm)
data/lib/saml/util.rb CHANGED
@@ -160,6 +160,8 @@ module Saml
160
160
 
161
161
  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
162
162
 
163
+ fail Saml::Errors::SignatureMissing unless signed_node
164
+
163
165
  message.class.parse(signed_node.canonicalize, single: true)
164
166
  end
165
167
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = '3.10.0'.freeze
2
+ VERSION = '3.13.0'.freeze
3
3
  end
data/lib/saml.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'active_support/all'
2
+ require 'active_support/xml_mini'
2
3
  require 'active_model'
3
4
  require 'saml/base'
4
5
  require 'saml/xml_helpers'
@@ -8,8 +9,8 @@ require 'saml/notification'
8
9
  require 'saml/attribute_fetcher'
9
10
  require 'xmlenc'
10
11
  require 'xmldsig'
11
- require "net/https"
12
- require "uri"
12
+ require 'net/https'
13
+ require 'uri'
13
14
 
14
15
  module Saml
15
16
  MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.10.0
4
+ version: 3.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-14 00:00:00.000000000 Z
11
+ date: 2022-06-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -95,7 +95,7 @@ dependencies:
95
95
  version: 0.6.9
96
96
  - - "<"
97
97
  - !ruby/object:Gem::Version
98
- version: 0.8.0
98
+ version: 0.9.0
99
99
  type: :runtime
100
100
  prerelease: false
101
101
  version_requirements: !ruby/object:Gem::Requirement
@@ -105,7 +105,7 @@ dependencies:
105
105
  version: 0.6.9
106
106
  - - "<"
107
107
  - !ruby/object:Gem::Version
108
- version: 0.8.0
108
+ version: 0.9.0
109
109
  - !ruby/object:Gem::Dependency
110
110
  name: coveralls
111
111
  requirement: !ruby/object:Gem::Requirement
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
255
255
  - !ruby/object:Gem::Version
256
256
  version: '0'
257
257
  requirements: []
258
- rubygems_version: 3.1.4
258
+ rubygems_version: 3.3.15
259
259
  signing_key:
260
260
  specification_version: 4
261
261
  summary: A gem to easily create SAML 2.0 messages.