libsaml 3.10.0 → 3.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -3
  3. data/lib/saml/bindings/http_post.rb +6 -1
  4. data/lib/saml/provider.rb +12 -1
  5. data/lib/saml/util.rb +2 -0
  6. data/lib/saml/version.rb +1 -1
  7. data/lib/saml.rb +3 -2
  8. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c9c418991d49dd9d592c20de8a63075dba13cd22a36aad55aaa854d340b9f163
4
- data.tar.gz: 6e379cc45d025aa29296d6b51aa7fa0fa352c30e81c88527a886041240e86bef
3
+ metadata.gz: 41bbe3547b557d22f9624734a120bc288a829c71bc93192265f301e319dbd5d4
4
+ data.tar.gz: 539fecf6754e8eb67f0a7883da478f872170adb6bbebc539b1b8274f2a9d62f0
5
5
  SHA512:
6
- metadata.gz: e4f69d474b8e53b276f52be66b1d68bb48d5dc7c1c7b0aebb27624eea67e690f8bc09e1ba1788cda91a67038eb13bd81da48e522f1b099d32091d245ef819b42
7
- data.tar.gz: 9c8a76b240424d2833d4a3241e120e34a0d5a4ecc5e1e3472ecef0ec5f80c273a509d85fc22086909f843bcce04f989dea257371b52e6f285cf8919dc1e4fa2f
6
+ metadata.gz: c1e8ab017fccd80803230566d262d257f925739f8c4b6e24feb295cfe43574219860bc1fb7120dfa6125dc1b0e652cfef49a7849886729db78d28f3d7ef01d3f
7
+ data.tar.gz: 714f47f1da6802142227ff6f3d4b99b8342e241ad235cf59c8f38231105994db1d1b48ff6598760f1ffee2b44ab3f243d30018261ecbd6aacd01dea95f54590c
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- [![Build status](https://travis-ci.com/digidentity/libsaml.svg?branch=master)](https://travis-ci.com/digidentity/libsaml)
1
+ [![Build status](https://app.travis-ci.com/digidentity/libsaml.svg?branch=master)](https://app.travis-ci.com/digidentity/libsaml)
2
2
  [![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
3
3
  [![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
4
4
 
@@ -67,6 +67,8 @@ Add the Service Provider configuration file to: `config/metadata/service_provide
67
67
  </md:EntityDescriptor>
68
68
  ```
69
69
 
70
+ Add the Identity Provider configuration file that your IdP should provide as `config/metadata/service_provider.xml`. It should have `IDPSSODescriptor` in it.
71
+
70
72
  Set up an intializer in `config/initializers/saml_config.rb`:
71
73
 
72
74
  ```ruby
@@ -104,8 +106,6 @@ class SamlController < ApplicationController
104
106
  session[:authn_request_id] = authn_request._id
105
107
 
106
108
  @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
107
-
108
- render text: @saml_attributes.to_yaml
109
109
  end
110
110
 
111
111
  def receive_response
@@ -132,6 +132,26 @@ class SamlController < ApplicationController
132
132
  end
133
133
  ```
134
134
 
135
+ Add `app/views/saml/request_authentication.html.erb` for the POST binding:
136
+
137
+ ```erbruby
138
+ <!DOCTYPE html>
139
+ <html>
140
+ <body>
141
+ <form method="post" action="<%= @saml_attributes[:location] %>" id="SAMLRequestForm">
142
+ <%= @saml_attributes[:variables].each do |key, value| %>
143
+ <input type="hidden" name="<%= key %>" value="<%= value %>"/>
144
+ <%= end %>
145
+ <input id="SAMLSubmitButton" type="submit" value="Submit"/>
146
+ </form>
147
+ <script>
148
+ document.getElementById('SAMLSubmitButton').style.visibility = "hidden";
149
+ document.getElementById('SAMLRequestForm').submit();
150
+ </script>
151
+ </body>
152
+ </html>
153
+ ```
154
+
135
155
  Don't forget to define the routes in `config/routes.rb`:
136
156
 
137
157
  ```ruby
data/lib/saml/bindings/http_post.rb CHANGED
@@ -7,7 +7,12 @@ module Saml
7
7
  def create_form_attributes(message, options = {})
8
8
  param = message.is_a?(Saml::ComplexTypes::StatusResponseType) ? "SAMLResponse" : "SAMLRequest"
9
9
 
10
- xml = notify('create_message', Saml::Util.sign_xml(message))
10
+ xml = if options[:skip_signature]
11
+ message.to_xml
12
+ else
13
+ Saml::Util.sign_xml(message)
14
+ end
15
+ notify('create_message', xml)
11
16
 
12
17
  variables = {}
13
18
  variables[param] = Saml::Encoding.encode_64(xml)
data/lib/saml/provider.rb CHANGED
@@ -88,7 +88,14 @@ module Saml
88
88
  end
89
89
 
90
90
  def verify(signature_algorithm, signature, data, key_name = nil)
91
- valid = certificate(key_name).public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue nil
91
+ certificates = if key_name.blank? && iterate_certificates_until_verified?
92
+ find_key_descriptors_by_use('signing').collect(&:certificate)
93
+ else
94
+ Array(certificate(key_name))
95
+ end
96
+ valid = certificates.any? do |cert|
97
+ cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
98
+ end
92
99
 
93
100
  # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
94
101
  OpenSSL.errors if !valid
@@ -100,6 +107,10 @@ module Saml
100
107
  sp_descriptor(false).try(:authn_requests_signed)
101
108
  end
102
109
 
110
+ def iterate_certificates_until_verified?
111
+ false
112
+ end
113
+
103
114
  private
104
115
 
105
116
  def digest_method(signature_algorithm)
data/lib/saml/util.rb CHANGED
@@ -160,6 +160,8 @@ module Saml
160
160
 
161
161
  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
162
162
 
163
+ fail Saml::Errors::SignatureMissing unless signed_node
164
+
163
165
  message.class.parse(signed_node.canonicalize, single: true)
164
166
  end
165
167
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = '3.10.0'.freeze
2
+ VERSION = '3.13.0'.freeze
3
3
  end
data/lib/saml.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'active_support/all'
2
+ require 'active_support/xml_mini'
2
3
  require 'active_model'
3
4
  require 'saml/base'
4
5
  require 'saml/xml_helpers'
@@ -8,8 +9,8 @@ require 'saml/notification'
8
9
  require 'saml/attribute_fetcher'
9
10
  require 'xmlenc'
10
11
  require 'xmldsig'
11
- require "net/https"
12
- require "uri"
12
+ require 'net/https'
13
+ require 'uri'
13
14
 
14
15
  module Saml
15
16
  MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.10.0
4
+ version: 3.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-14 00:00:00.000000000 Z
11
+ date: 2022-06-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -95,7 +95,7 @@ dependencies:
95
95
  version: 0.6.9
96
96
  - - "<"
97
97
  - !ruby/object:Gem::Version
98
- version: 0.8.0
98
+ version: 0.9.0
99
99
  type: :runtime
100
100
  prerelease: false
101
101
  version_requirements: !ruby/object:Gem::Requirement
@@ -105,7 +105,7 @@ dependencies:
105
105
  version: 0.6.9
106
106
  - - "<"
107
107
  - !ruby/object:Gem::Version
108
- version: 0.8.0
108
+ version: 0.9.0
109
109
  - !ruby/object:Gem::Dependency
110
110
  name: coveralls
111
111
  requirement: !ruby/object:Gem::Requirement
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
255
255
  - !ruby/object:Gem::Version
256
256
  version: '0'
257
257
  requirements: []
258
- rubygems_version: 3.1.4
258
+ rubygems_version: 3.3.15
259
259
  signing_key:
260
260
  specification_version: 4
261
261
  summary: A gem to easily create SAML 2.0 messages.