libsaml 3.11.0 → 3.13.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -3
  3. data/lib/saml/complex_types/role_descriptor_type.rb +2 -2
  4. data/lib/saml/provider.rb +16 -1
  5. data/lib/saml/util.rb +2 -0
  6. data/lib/saml/version.rb +1 -1
  7. data/lib/saml.rb +3 -2
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f068650fef3acc9414a742014fc8627037e1b389ed1d3fb51ae35ccebce2132
4
- data.tar.gz: 49ea9d3a2f1c8864784a303d6831eb0a517e77ca287f774e43bd01ec095f8db6
3
+ metadata.gz: 55533de875ab34672276d744b41c7530ba9c2ae66acc6c54e447f6724aa90bf0
4
+ data.tar.gz: 85b191a2b6c42efc95e7a11894e7a01a4c0af32087b467b151e6a71d26e775ca
5
5
  SHA512:
6
- metadata.gz: d3e4a582bfe261f693c80930e22a5c516972cd72aa1886a7aa9af8747a2f440e43f1ac7251cdfb8933f8e0bd8e9be5dcf1f9eac59119ad012981311f8b4dc0dc
7
- data.tar.gz: deb28f03e0f61c917c7da96d4cd01829402af67abdef7e46b06e1d678156bad8b8580fc30222d1d92e6b47d1a9f557864c07bc56dbe610cfd22e23fb73353ab5
6
+ metadata.gz: 1f047a66fe5379de333009a8c070b1180652de32c7d273497676d6b5541f969bf8a1cda11a177fe16e7e39f788c4953f93140157e5667f7b6580ca3d2e539137
7
+ data.tar.gz: f25ebbe3da70e8c681eba7b3e8aa61058d079d2873609acdd2506b270483d7b5a1c632c502da8cb73d1f708acfd051399ab1cf2d8b0d4cc15cf20e059756a468
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- [![Build status](https://travis-ci.com/digidentity/libsaml.svg?branch=master)](https://travis-ci.com/digidentity/libsaml)
1
+ [![Build status](https://app.travis-ci.com/digidentity/libsaml.svg?branch=master)](https://app.travis-ci.com/digidentity/libsaml)
2
2
  [![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
3
3
  [![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
4
4
 
@@ -67,6 +67,8 @@ Add the Service Provider configuration file to: `config/metadata/service_provide
67
67
  </md:EntityDescriptor>
68
68
  ```
69
69
 
70
+ Add the Identity Provider configuration file that your IdP should provide as `config/metadata/service_provider.xml`. It should have `IDPSSODescriptor` in it.
71
+
70
72
  Set up an intializer in `config/initializers/saml_config.rb`:
71
73
 
72
74
  ```ruby
@@ -104,8 +106,6 @@ class SamlController < ApplicationController
104
106
  session[:authn_request_id] = authn_request._id
105
107
 
106
108
  @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
107
-
108
- render text: @saml_attributes.to_yaml
109
109
  end
110
110
 
111
111
  def receive_response
@@ -132,6 +132,26 @@ class SamlController < ApplicationController
132
132
  end
133
133
  ```
134
134
 
135
+ Add `app/views/saml/request_authentication.html.erb` for the POST binding:
136
+
137
+ ```erbruby
138
+ <!DOCTYPE html>
139
+ <html>
140
+ <body>
141
+ <form method="post" action="<%= @saml_attributes[:location] %>" id="SAMLRequestForm">
142
+ <%= @saml_attributes[:variables].each do |key, value| %>
143
+ <input type="hidden" name="<%= key %>" value="<%= value %>"/>
144
+ <%= end %>
145
+ <input id="SAMLSubmitButton" type="submit" value="Submit"/>
146
+ </form>
147
+ <script>
148
+ document.getElementById('SAMLSubmitButton').style.visibility = "hidden";
149
+ document.getElementById('SAMLRequestForm').submit();
150
+ </script>
151
+ </body>
152
+ </html>
153
+ ```
154
+
135
155
  Don't forget to define the routes in `config/routes.rb`:
136
156
 
137
157
  ```ruby
data/lib/saml/complex_types/role_descriptor_type.rb CHANGED
@@ -42,12 +42,12 @@ module Saml
42
42
  key_descriptors.select { |key| key.use == use }
43
43
  end
44
44
 
45
- private
46
-
47
45
  def find_key_descriptors_by_use_or_without(use)
48
46
  key_descriptors.select { |key| key.use == use || key.use.blank? }
49
47
  end
50
48
 
49
+ private
50
+
51
51
  def key_name_or_use_specified?
52
52
  key_descriptors.any? { |key| key.use.present? || key.key_info.key_name.present? }
53
53
  end
data/lib/saml/provider.rb CHANGED
@@ -50,6 +50,10 @@ module Saml
50
50
  descriptor(type).find_key_descriptors_by_use(use)
51
51
  end
52
52
 
53
+ def find_key_descriptors_by_use_or_without(use, type = :descriptor)
54
+ descriptor(type).find_key_descriptors_by_use_or_without(use)
55
+ end
56
+
53
57
  def signing_key
54
58
  @signing_key || encryption_key
55
59
  end
@@ -88,7 +92,14 @@ module Saml
88
92
  end
89
93
 
90
94
  def verify(signature_algorithm, signature, data, key_name = nil)
91
- valid = certificate(key_name).public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue nil
95
+ certificates = if key_name.blank? && iterate_certificates_until_verified?
96
+ find_key_descriptors_by_use_or_without('signing').collect(&:certificate)
97
+ else
98
+ Array(certificate(key_name))
99
+ end
100
+ valid = certificates.any? do |cert|
101
+ cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
102
+ end
92
103
 
93
104
  # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
94
105
  OpenSSL.errors if !valid
@@ -100,6 +111,10 @@ module Saml
100
111
  sp_descriptor(false).try(:authn_requests_signed)
101
112
  end
102
113
 
114
+ def iterate_certificates_until_verified?
115
+ false
116
+ end
117
+
103
118
  private
104
119
 
105
120
  def digest_method(signature_algorithm)
data/lib/saml/util.rb CHANGED
@@ -160,6 +160,8 @@ module Saml
160
160
 
161
161
  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
162
162
 
163
+ fail Saml::Errors::SignatureMissing unless signed_node
164
+
163
165
  message.class.parse(signed_node.canonicalize, single: true)
164
166
  end
165
167
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = '3.11.0'.freeze
2
+ VERSION = '3.13.1'.freeze
3
3
  end
data/lib/saml.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'active_support/all'
2
+ require 'active_support/xml_mini'
2
3
  require 'active_model'
3
4
  require 'saml/base'
4
5
  require 'saml/xml_helpers'
@@ -8,8 +9,8 @@ require 'saml/notification'
8
9
  require 'saml/attribute_fetcher'
9
10
  require 'xmlenc'
10
11
  require 'xmldsig'
11
- require "net/https"
12
- require "uri"
12
+ require 'net/https'
13
+ require 'uri'
13
14
 
14
15
  module Saml
15
16
  MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.11.0
4
+ version: 3.13.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-07 00:00:00.000000000 Z
11
+ date: 2022-06-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
255
255
  - !ruby/object:Gem::Version
256
256
  version: '0'
257
257
  requirements: []
258
- rubygems_version: 3.1.4
258
+ rubygems_version: 3.3.15
259
259
  signing_key:
260
260
  specification_version: 4
261
261
  summary: A gem to easily create SAML 2.0 messages.