libsaml 3.11.0 → 3.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -3
  3. data/lib/saml/complex_types/role_descriptor_type.rb +2 -2
  4. data/lib/saml/provider.rb +16 -1
  5. data/lib/saml/util.rb +2 -0
  6. data/lib/saml/version.rb +1 -1
  7. data/lib/saml.rb +3 -2
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9f068650fef3acc9414a742014fc8627037e1b389ed1d3fb51ae35ccebce2132
4
- data.tar.gz: 49ea9d3a2f1c8864784a303d6831eb0a517e77ca287f774e43bd01ec095f8db6
3
+ metadata.gz: 55533de875ab34672276d744b41c7530ba9c2ae66acc6c54e447f6724aa90bf0
4
+ data.tar.gz: 85b191a2b6c42efc95e7a11894e7a01a4c0af32087b467b151e6a71d26e775ca
5
5
  SHA512:
6
- metadata.gz: d3e4a582bfe261f693c80930e22a5c516972cd72aa1886a7aa9af8747a2f440e43f1ac7251cdfb8933f8e0bd8e9be5dcf1f9eac59119ad012981311f8b4dc0dc
7
- data.tar.gz: deb28f03e0f61c917c7da96d4cd01829402af67abdef7e46b06e1d678156bad8b8580fc30222d1d92e6b47d1a9f557864c07bc56dbe610cfd22e23fb73353ab5
6
+ metadata.gz: 1f047a66fe5379de333009a8c070b1180652de32c7d273497676d6b5541f969bf8a1cda11a177fe16e7e39f788c4953f93140157e5667f7b6580ca3d2e539137
7
+ data.tar.gz: f25ebbe3da70e8c681eba7b3e8aa61058d079d2873609acdd2506b270483d7b5a1c632c502da8cb73d1f708acfd051399ab1cf2d8b0d4cc15cf20e059756a468
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- [![Build status](https://travis-ci.com/digidentity/libsaml.svg?branch=master)](https://travis-ci.com/digidentity/libsaml)
1
+ [![Build status](https://app.travis-ci.com/digidentity/libsaml.svg?branch=master)](https://app.travis-ci.com/digidentity/libsaml)
2
2
  [![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
3
3
  [![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
4
4
 
@@ -67,6 +67,8 @@ Add the Service Provider configuration file to: `config/metadata/service_provide
67
67
  </md:EntityDescriptor>
68
68
  ```
69
69
 
70
+ Add the Identity Provider configuration file that your IdP should provide as `config/metadata/service_provider.xml`. It should have `IDPSSODescriptor` in it.
71
+
70
72
  Set up an intializer in `config/initializers/saml_config.rb`:
71
73
 
72
74
  ```ruby
@@ -104,8 +106,6 @@ class SamlController < ApplicationController
104
106
  session[:authn_request_id] = authn_request._id
105
107
 
106
108
  @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
107
-
108
- render text: @saml_attributes.to_yaml
109
109
  end
110
110
 
111
111
  def receive_response
@@ -132,6 +132,26 @@ class SamlController < ApplicationController
132
132
  end
133
133
  ```
134
134
 
135
+ Add `app/views/saml/request_authentication.html.erb` for the POST binding:
136
+
137
+ ```erbruby
138
+ <!DOCTYPE html>
139
+ <html>
140
+ <body>
141
+ <form method="post" action="<%= @saml_attributes[:location] %>" id="SAMLRequestForm">
142
+ <%= @saml_attributes[:variables].each do |key, value| %>
143
+ <input type="hidden" name="<%= key %>" value="<%= value %>"/>
144
+ <%= end %>
145
+ <input id="SAMLSubmitButton" type="submit" value="Submit"/>
146
+ </form>
147
+ <script>
148
+ document.getElementById('SAMLSubmitButton').style.visibility = "hidden";
149
+ document.getElementById('SAMLRequestForm').submit();
150
+ </script>
151
+ </body>
152
+ </html>
153
+ ```
154
+
135
155
  Don't forget to define the routes in `config/routes.rb`:
136
156
 
137
157
  ```ruby
data/lib/saml/complex_types/role_descriptor_type.rb CHANGED
@@ -42,12 +42,12 @@ module Saml
42
42
  key_descriptors.select { |key| key.use == use }
43
43
  end
44
44
 
45
- private
46
-
47
45
  def find_key_descriptors_by_use_or_without(use)
48
46
  key_descriptors.select { |key| key.use == use || key.use.blank? }
49
47
  end
50
48
 
49
+ private
50
+
51
51
  def key_name_or_use_specified?
52
52
  key_descriptors.any? { |key| key.use.present? || key.key_info.key_name.present? }
53
53
  end
data/lib/saml/provider.rb CHANGED
@@ -50,6 +50,10 @@ module Saml
50
50
  descriptor(type).find_key_descriptors_by_use(use)
51
51
  end
52
52
 
53
+ def find_key_descriptors_by_use_or_without(use, type = :descriptor)
54
+ descriptor(type).find_key_descriptors_by_use_or_without(use)
55
+ end
56
+
53
57
  def signing_key
54
58
  @signing_key || encryption_key
55
59
  end
@@ -88,7 +92,14 @@ module Saml
88
92
  end
89
93
 
90
94
  def verify(signature_algorithm, signature, data, key_name = nil)
91
- valid = certificate(key_name).public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue nil
95
+ certificates = if key_name.blank? && iterate_certificates_until_verified?
96
+ find_key_descriptors_by_use_or_without('signing').collect(&:certificate)
97
+ else
98
+ Array(certificate(key_name))
99
+ end
100
+ valid = certificates.any? do |cert|
101
+ cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
102
+ end
92
103
 
93
104
  # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
94
105
  OpenSSL.errors if !valid
@@ -100,6 +111,10 @@ module Saml
100
111
  sp_descriptor(false).try(:authn_requests_signed)
101
112
  end
102
113
 
114
+ def iterate_certificates_until_verified?
115
+ false
116
+ end
117
+
103
118
  private
104
119
 
105
120
  def digest_method(signature_algorithm)
data/lib/saml/util.rb CHANGED
@@ -160,6 +160,8 @@ module Saml
160
160
 
161
161
  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
162
162
 
163
+ fail Saml::Errors::SignatureMissing unless signed_node
164
+
163
165
  message.class.parse(signed_node.canonicalize, single: true)
164
166
  end
165
167
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = '3.11.0'.freeze
2
+ VERSION = '3.13.1'.freeze
3
3
  end
data/lib/saml.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'active_support/all'
2
+ require 'active_support/xml_mini'
2
3
  require 'active_model'
3
4
  require 'saml/base'
4
5
  require 'saml/xml_helpers'
@@ -8,8 +9,8 @@ require 'saml/notification'
8
9
  require 'saml/attribute_fetcher'
9
10
  require 'xmlenc'
10
11
  require 'xmldsig'
11
- require "net/https"
12
- require "uri"
12
+ require 'net/https'
13
+ require 'uri'
13
14
 
14
15
  module Saml
15
16
  MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.11.0
4
+ version: 3.13.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-07 00:00:00.000000000 Z
11
+ date: 2022-06-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
255
255
  - !ruby/object:Gem::Version
256
256
  version: '0'
257
257
  requirements: []
258
- rubygems_version: 3.1.4
258
+ rubygems_version: 3.3.15
259
259
  signing_key:
260
260
  specification_version: 4
261
261
  summary: A gem to easily create SAML 2.0 messages.