libsaml 3.12.0 → 3.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -2
- data/lib/saml/provider.rb +12 -1
- data/lib/saml/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41bbe3547b557d22f9624734a120bc288a829c71bc93192265f301e319dbd5d4
|
|
4
|
+
data.tar.gz: 539fecf6754e8eb67f0a7883da478f872170adb6bbebc539b1b8274f2a9d62f0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c1e8ab017fccd80803230566d262d257f925739f8c4b6e24feb295cfe43574219860bc1fb7120dfa6125dc1b0e652cfef49a7849886729db78d28f3d7ef01d3f
|
|
7
|
+
data.tar.gz: 714f47f1da6802142227ff6f3d4b99b8342e241ad235cf59c8f38231105994db1d1b48ff6598760f1ffee2b44ab3f243d30018261ecbd6aacd01dea95f54590c
|
data/README.md
CHANGED
|
@@ -67,6 +67,8 @@ Add the Service Provider configuration file to: `config/metadata/service_provide
|
|
|
67
67
|
</md:EntityDescriptor>
|
|
68
68
|
```
|
|
69
69
|
|
|
70
|
+
Add the Identity Provider configuration file that your IdP should provide as `config/metadata/service_provider.xml`. It should have `IDPSSODescriptor` in it.
|
|
71
|
+
|
|
70
72
|
Set up an intializer in `config/initializers/saml_config.rb`:
|
|
71
73
|
|
|
72
74
|
```ruby
|
|
@@ -104,8 +106,6 @@ class SamlController < ApplicationController
|
|
|
104
106
|
session[:authn_request_id] = authn_request._id
|
|
105
107
|
|
|
106
108
|
@saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
|
|
107
|
-
|
|
108
|
-
render text: @saml_attributes.to_yaml
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
def receive_response
|
|
@@ -132,6 +132,26 @@ class SamlController < ApplicationController
|
|
|
132
132
|
end
|
|
133
133
|
```
|
|
134
134
|
|
|
135
|
+
Add `app/views/saml/request_authentication.html.erb` for the POST binding:
|
|
136
|
+
|
|
137
|
+
```erbruby
|
|
138
|
+
<!DOCTYPE html>
|
|
139
|
+
<html>
|
|
140
|
+
<body>
|
|
141
|
+
<form method="post" action="<%= @saml_attributes[:location] %>" id="SAMLRequestForm">
|
|
142
|
+
<%= @saml_attributes[:variables].each do |key, value| %>
|
|
143
|
+
<input type="hidden" name="<%= key %>" value="<%= value %>"/>
|
|
144
|
+
<%= end %>
|
|
145
|
+
<input id="SAMLSubmitButton" type="submit" value="Submit"/>
|
|
146
|
+
</form>
|
|
147
|
+
<script>
|
|
148
|
+
document.getElementById('SAMLSubmitButton').style.visibility = "hidden";
|
|
149
|
+
document.getElementById('SAMLRequestForm').submit();
|
|
150
|
+
</script>
|
|
151
|
+
</body>
|
|
152
|
+
</html>
|
|
153
|
+
```
|
|
154
|
+
|
|
135
155
|
Don't forget to define the routes in `config/routes.rb`:
|
|
136
156
|
|
|
137
157
|
```ruby
|
data/lib/saml/provider.rb
CHANGED
|
@@ -88,7 +88,14 @@ module Saml
|
|
|
88
88
|
end
|
|
89
89
|
|
|
90
90
|
def verify(signature_algorithm, signature, data, key_name = nil)
|
|
91
|
-
|
|
91
|
+
certificates = if key_name.blank? && iterate_certificates_until_verified?
|
|
92
|
+
find_key_descriptors_by_use('signing').collect(&:certificate)
|
|
93
|
+
else
|
|
94
|
+
Array(certificate(key_name))
|
|
95
|
+
end
|
|
96
|
+
valid = certificates.any? do |cert|
|
|
97
|
+
cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false
|
|
98
|
+
end
|
|
92
99
|
|
|
93
100
|
# Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215
|
|
94
101
|
OpenSSL.errors if !valid
|
|
@@ -100,6 +107,10 @@ module Saml
|
|
|
100
107
|
sp_descriptor(false).try(:authn_requests_signed)
|
|
101
108
|
end
|
|
102
109
|
|
|
110
|
+
def iterate_certificates_until_verified?
|
|
111
|
+
false
|
|
112
|
+
end
|
|
113
|
+
|
|
103
114
|
private
|
|
104
115
|
|
|
105
116
|
def digest_method(signature_algorithm)
|
data/lib/saml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libsaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoist Claassen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-06-
|
|
11
|
+
date: 2022-06-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
255
255
|
- !ruby/object:Gem::Version
|
|
256
256
|
version: '0'
|
|
257
257
|
requirements: []
|
|
258
|
-
rubygems_version: 3.
|
|
258
|
+
rubygems_version: 3.3.15
|
|
259
259
|
signing_key:
|
|
260
260
|
specification_version: 4
|
|
261
261
|
summary: A gem to easily create SAML 2.0 messages.
|