libsaml 3.11.0 → 3.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +23 -3
- data/lib/saml/complex_types/role_descriptor_type.rb +2 -2
- data/lib/saml/provider.rb +16 -1
- data/lib/saml/util.rb +2 -0
- data/lib/saml/version.rb +1 -1
- data/lib/saml.rb +3 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 55533de875ab34672276d744b41c7530ba9c2ae66acc6c54e447f6724aa90bf0
|
4
|
+
data.tar.gz: 85b191a2b6c42efc95e7a11894e7a01a4c0af32087b467b151e6a71d26e775ca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1f047a66fe5379de333009a8c070b1180652de32c7d273497676d6b5541f969bf8a1cda11a177fe16e7e39f788c4953f93140157e5667f7b6580ca3d2e539137
|
7
|
+
data.tar.gz: f25ebbe3da70e8c681eba7b3e8aa61058d079d2873609acdd2506b270483d7b5a1c632c502da8cb73d1f708acfd051399ab1cf2d8b0d4cc15cf20e059756a468
|
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
[](https://travis-ci.com/digidentity/libsaml)
|
1
|
+
[](https://app.travis-ci.com/digidentity/libsaml)
|
2
2
|
[](https://coveralls.io/r/digidentity/libsaml)
|
3
3
|
[](https://codeclimate.com/github/digidentity/libsaml)
|
4
4
|
|
@@ -67,6 +67,8 @@ Add the Service Provider configuration file to: `config/metadata/service_provide
|
|
67
67
|
</md:EntityDescriptor>
|
68
68
|
```
|
69
69
|
|
70
|
+
Add the Identity Provider configuration file that your IdP should provide as `config/metadata/service_provider.xml`. It should have `IDPSSODescriptor` in it.
|
71
|
+
|
70
72
|
Set up an intializer in `config/initializers/saml_config.rb`:
|
71
73
|
|
72
74
|
```ruby
|
@@ -104,8 +106,6 @@ class SamlController < ApplicationController
|
|
104
106
|
session[:authn_request_id] = authn_request._id
|
105
107
|
|
106
108
|
@saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
|
107
|
-
|
108
|
-
render text: @saml_attributes.to_yaml
|
109
109
|
end
|
110
110
|
|
111
111
|
def receive_response
|
@@ -132,6 +132,26 @@ class SamlController < ApplicationController
|
|
132
132
|
end
|
133
133
|
```
|
134
134
|
|
135
|
+
Add `app/views/saml/request_authentication.html.erb` for the POST binding:
|
136
|
+
|
137
|
+
```erbruby
|
138
|
+
<!DOCTYPE html>
|
139
|
+
<html>
|
140
|
+
<body>
|
141
|
+
<form method="post" action="<%= @saml_attributes[:location] %>" id="SAMLRequestForm">
|
142
|
+
<%= @saml_attributes[:variables].each do |key, value| %>
|
143
|
+
<input type="hidden" name="<%= key %>" value="<%= value %>"/>
|
144
|
+
<%= end %>
|
145
|
+
<input id="SAMLSubmitButton" type="submit" value="Submit"/>
|
146
|
+
</form>
|
147
|
+
<script>
|
148
|
+
document.getElementById('SAMLSubmitButton').style.visibility = "hidden";
|
149
|
+
document.getElementById('SAMLRequestForm').submit();
|
150
|
+
</script>
|
151
|
+
</body>
|
152
|
+
</html>
|
153
|
+
```
|
154
|
+
|
135
155
|
Don't forget to define the routes in `config/routes.rb`:
|
136
156
|
|
137
157
|
```ruby
|
@@ -42,12 +42,12 @@ module Saml
|
|
42
42
|
key_descriptors.select { |key| key.use == use }
|
43
43
|
end
|
44
44
|
|
45
|
-
private
|
46
|
-
|
47
45
|
def find_key_descriptors_by_use_or_without(use)
|
48
46
|
key_descriptors.select { |key| key.use == use || key.use.blank? }
|
49
47
|
end
|
50
48
|
|
49
|
+
private
|
50
|
+
|
51
51
|
def key_name_or_use_specified?
|
52
52
|
key_descriptors.any? { |key| key.use.present? || key.key_info.key_name.present? }
|
53
53
|
end
|
data/lib/saml/provider.rb
CHANGED
@@ -50,6 +50,10 @@ module Saml
|
|
50
50
|
descriptor(type).find_key_descriptors_by_use(use)
|
51
51
|
end
|
52
52
|
|
53
|
+
def find_key_descriptors_by_use_or_without(use, type = :descriptor)
|
54
|
+
descriptor(type).find_key_descriptors_by_use_or_without(use)
|
55
|
+
end
|
56
|
+
|
53
57
|
def signing_key
|
54
58
|
@signing_key || encryption_key
|
55
59
|
end
|
@@ -88,7 +92,14 @@ module Saml
|
|
88
92
|
end
|
89
93
|
|
90
94
|
def verify(signature_algorithm, signature, data, key_name = nil)
|
91
|
-
|
95
|
+
certificates = if key_name.blank? && iterate_certificates_until_verified?
|
96
|
+
find_key_descriptors_by_use_or_without('signing').collect(&:certificate)
|
97
|
+
else
|
98
|
+
Array(certificate(key_name))
|
99
|
+
end
|
100
|
+
valid = certificates.any? do |cert|
|
101
|
+
cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
|
102
|
+
end
|
92
103
|
|
93
104
|
# Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
|
94
105
|
OpenSSL.errors if !valid
|
@@ -100,6 +111,10 @@ module Saml
|
|
100
111
|
sp_descriptor(false).try(:authn_requests_signed)
|
101
112
|
end
|
102
113
|
|
114
|
+
def iterate_certificates_until_verified?
|
115
|
+
false
|
116
|
+
end
|
117
|
+
|
103
118
|
private
|
104
119
|
|
105
120
|
def digest_method(signature_algorithm)
|
data/lib/saml/util.rb
CHANGED
data/lib/saml/version.rb
CHANGED
data/lib/saml.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'active_support/all'
|
2
|
+
require 'active_support/xml_mini'
|
2
3
|
require 'active_model'
|
3
4
|
require 'saml/base'
|
4
5
|
require 'saml/xml_helpers'
|
@@ -8,8 +9,8 @@ require 'saml/notification'
|
|
8
9
|
require 'saml/attribute_fetcher'
|
9
10
|
require 'xmlenc'
|
10
11
|
require 'xmldsig'
|
11
|
-
require
|
12
|
-
require
|
12
|
+
require 'net/https'
|
13
|
+
require 'uri'
|
13
14
|
|
14
15
|
module Saml
|
15
16
|
MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: libsaml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.13.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Benoist Claassen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-06-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
255
255
|
- !ruby/object:Gem::Version
|
256
256
|
version: '0'
|
257
257
|
requirements: []
|
258
|
-
rubygems_version: 3.
|
258
|
+
rubygems_version: 3.3.15
|
259
259
|
signing_key:
|
260
260
|
specification_version: 4
|
261
261
|
summary: A gem to easily create SAML 2.0 messages.
|