omni-saml 1.4.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b3c08edcbc8d017f9aa30e84785f8a8aad61b4bd
+  data.tar.gz: fdf4968e18de5aca5b712d3cbd75cb1c17ccf52c
+SHA512:
+  metadata.gz: 091023f80efec468e26c11d4b44266283cac69bf30d5ff0616c1e586f171f0b8d1e64b646a1e98fcd7c13ad464cb1dce42c031990a2b67b485228e086c4e89b5
+  data.tar.gz: 6e023a9b70175c5385b71f072be84d42238c2784ffb5364116e4858c883668c2cb2f1a2c6c5f31ddffb5f15a02fd84d4aad4badbdc1d103bdc81c05b6cbac097

data/CHANGELOG.md

@@ -0,0 +1,45 @@
+# OmniAuth SAML Version History
+
+A generic SAML strategy for OmniAuth.
+
+https://github.com/PracticallyGreen/omniauth-saml
+
+## 1.3.0 (2014-14-10)
+
+* add `idp_cert_fingerprint_validator` option
+
+## 1.2.0 (2014-03-19)
+
+* provide SP metadata at `/auth/saml/metadata`
+
+## 1.1.0 (2013-11-07)
+
+* no longer set a default `name_identifier_format`
+* pass strategy options to the underlying ruby-saml library
+* fallback to omniauth callback url if `assertion_consumer_service_url` is not set
+* add `idp_sso_target_url_runtime_params` option
+
+## 1.0.0 (2012-11-12)
+
+* remove SAML code and port to ruby-saml gem
+* fix incompatibility with OmniAuth 1.1
+
+## 0.9.2 (2012-03-30)
+
+* validate the SAML response
+* 100% test coverage
+* now requires ruby 1.9.2+
+
+## 0.9.1 (2012-02-23)
+
+* return first and last name in the info hash
+* no longer use LDAP OIDs for name and email selection
+* return SAML attributes as the omniauth raw_info hash
+
+## 0.9.0 (2012-02-14)
+
+* initial release
+* extracts commits from omniauth 0-3-stable branch
+* port to omniauth 1.0 strategy format
+* update README with more documentation and license
+* package as the `omniauth-saml` gem

data/README.md

@@ -0,0 +1,146 @@
+# OmniAuth SAML
+
+A generic SAML strategy for OmniAuth.
+
+https://github.com/PracticallyGreen/omniauth-saml
+
+## Requirements
+
+* [OmniAuth](http://www.omniauth.org/) 1.2+
+* Ruby 1.9.x or Ruby 2.1.x
+
+## Usage
+
+Use the SAML strategy as a middleware in your application:
+
+```ruby
+require 'omniauth'
+use OmniAuth::Strategies::SAML,
+  :assertion_consumer_service_url     => "consumer_service_url",
+  :issuer                             => "issuer",
+  :idp_sso_target_url                 => "idp_sso_target_url",
+  :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
+  :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
+  :idp_cert_fingerprint               => "E7:91:B2:E1:...",
+  :idp_cert_fingerprint_validator     => lambda { |fingerprint| fingerprint },
+  :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+```
+
+or in your Rails application:
+
+in `Gemfile`:
+
+```ruby
+gem 'omniauth-saml'
+```
+
+and in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :saml,
+    :assertion_consumer_service_url     => "consumer_service_url",
+    :issuer                             => "rails-application",
+    :idp_sso_target_url                 => "idp_sso_target_url",
+    :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
+    :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
+    :idp_cert_fingerprint               => "E7:91:B2:E1:...",
+    :idp_cert_fingerprint_validator     => lambda { |fingerprint| fingerprint },
+    :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+end
+```
+
+For IdP-initiated SSO, users should directly access the IdP SSO target URL. Set the `href` of your application's login link to the value of `idp_sso_target_url`. For SP-initiated SSO, link to `/auth/saml`.
+
+## Metadata
+
+The service provider metadata used to ease configuration of the SAML SP in the IdP can be retrieved from `http://example.com/auth/saml/metadata`. Send this URL to the administrator of the IdP.
+
+## Options
+
+* `:assertion_consumer_service_url` - The URL at which the SAML assertion should be
+  received. If not provided, defaults to the OmniAuth callback URL (typically
+  `http://example.com/auth/saml/callback`). Optional.
+
+* `:issuer` - The name of your application. Some identity providers might need this
+  to establish the identity of the service provider requesting the login. **Required**.
+
+* `:idp_sso_target_url` - The URL to which the authentication request should be sent.
+  This would be on the identity provider. **Required**.
+
+* `:idp_sso_target_url_runtime_params` - A dynamic mapping of request params that exist
+  during the request phase of OmniAuth that should to be sent to the IdP after a specific
+  mapping. So for example, a param `original_request_param` with value `original_param_value`,
+  could be sent to the IdP on the login request as `mapped_idp_param` with value
+  `original_param_value`. Optional.
+
+* `:idp_cert` - The identity provider's certificate in PEM format. Takes precedence
+  over the fingerprint option below. This option or `:idp_cert_fingerprint` or `:idp_cert_fingerprint_validator` must
+  be present.
+
+* `:idp_cert_fingerprint` - The SHA1 fingerprint of the certificate, e.g.
+  "90:CC:16:F0:8D:...". This is provided from the identity provider when setting up
+  the relationship. This option or `:idp_cert` or `:idp_cert_fingerprint_validator` MUST be present.
+
+* `:idp_cert_fingerprint_validator` - A lambda that MUST accept one parameter
+  (the fingerprint), verify if it is valid and return it if successful. This option
+  or `:idp_cert` or `:idp_cert_fingerprint` MUST be present.
+
+* `:name_identifier_format` - Used during SP-initiated SSO. Describes the format of
+  the username required by this application. If you need the email address, use
+  "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress". See
+  http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf section 8.3 for
+  other options. Note that the identity provider might not support all options.
+  If not specified, the IdP is free to choose the name identifier format used
+  in the response. Optional.
+
+* `:request_attributes` - Used to build the metadata file to inform the IdP to send certain attributes
+  along with the SAMLResponse messages. Defaults to requesting `name`, `first_name`, `last_name` and `email`
+  attributes. See the `OneLogin::RubySaml::AttributeService` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for the available options for each attribute. Set to `{}` to disable this from metadata.
+
+* `:attribute_service_name` - Name for the attribute service. Defaults to `Required attributes`.
+
+* See the `OneLogin::RubySaml::Settings` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for additional supported options.
+
+## Devise Integration
+
+Straightforward integration with [Devise](https://github.com/plataformatec/devise), the widely-used authentication solution for Rails.
+
+In `config/initializers/devise.rb`:
+
+```ruby
+Devise.setup do |config|
+  config.omniauth :saml,
+    idp_cert_fingerprint: 'fingerprint',
+    idp_sso_target_url: 'target_url'
+end
+```
+
+Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview), replacing references to `facebook` with `saml`.
+
+## Authors
+
+Authored by [Rajiv Aaron Manglani](http://www.rajivmanglani.com/), Raecoo Cao, Todd W Saxton, Ryan Wilcox, Steven Anderson, Nikos Dimitrakopoulos, Rudolf Vriend and [Bruno Pedro](http://brunopedro.com/).
+
+## License
+
+Copyright (c) 2011-2014 [Practically Green, Inc.](http://www.practicallygreen.com/).
+All rights reserved. Released under the MIT license.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/lib/omniauth-saml.rb

@@ -0,0 +1,2 @@
+require 'omniauth/strategies/saml'
+require 'omniauth/strategies/saml/validation_error'

data/lib/omniauth-saml/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module SAML
+    VERSION = '1.4.1'
+  end
+end

data/lib/omniauth/strategies/saml.rb

@@ -0,0 +1,119 @@
+require 'omniauth'
+require 'ruby-saml'
+
+module OmniAuth
+  module Strategies
+    class SAML
+      include OmniAuth::Strategy
+
+      option :name_identifier_format, nil
+      option :idp_sso_target_url_runtime_params, {}
+      option :request_attributes, [
+        { name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
+        { name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
+        { name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
+        { name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
+      ]
+      option :attribute_service_name, 'Required attributes'
+
+      def request_phase
+        options[:assertion_consumer_service_url] ||= callback_url
+        runtime_request_parameters = options.delete(:idp_sso_target_url_runtime_params)
+
+        additional_params = {}
+        runtime_request_parameters.each_pair do |request_param_key, mapped_param_key|
+          additional_params[mapped_param_key] = request.params[request_param_key.to_s] if request.params.has_key?(request_param_key.to_s)
+        end if runtime_request_parameters
+
+        authn_request = OneLogin::RubySaml::Authrequest.new
+        settings = OneLogin::RubySaml::Settings.new(options)
+
+        redirect(authn_request.create(settings, additional_params))
+      end
+
+      def callback_phase
+        unless request.params['SAMLResponse']
+          raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing")
+        end
+
+        # Call a fingerprint validation method if there's one
+        if options.idp_cert_fingerprint_validator
+          fingerprint_exists = options.idp_cert_fingerprint_validator[response_fingerprint]
+          unless fingerprint_exists
+            raise OmniAuth::Strategies::SAML::ValidationError.new("Non-existent fingerprint")
+          end
+          # id_cert_fingerprint becomes the given fingerprint if it exists
+          options.idp_cert_fingerprint = fingerprint_exists
+        end
+
+        response = OneLogin::RubySaml::Response.new(request.params['SAMLResponse'], options)
+        response.settings = OneLogin::RubySaml::Settings.new(options)
+        response.attributes['fingerprint'] = options.idp_cert_fingerprint
+
+        @name_id = response.name_id
+        @attributes = response.attributes
+
+        if @name_id.nil? || @name_id.empty?
+          raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing 'name_id'")
+        end
+
+        # will raise an error since we are not in soft mode
+        response.soft = false
+        response.is_valid?
+
+        super
+      rescue OmniAuth::Strategies::SAML::ValidationError
+        fail!(:invalid_ticket, $!)
+      rescue OneLogin::RubySaml::ValidationError
+        fail!(:invalid_ticket, $!)
+      end
+
+      # Obtain an idp certificate fingerprint from the response.
+      def response_fingerprint
+        response = request.params['SAMLResponse']
+        response = (response =~ /^</) ? response : Base64.decode64(response)
+        document = XMLSecurity::SignedDocument::new(response)
+        cert_element = REXML::XPath.first(document, "//ds:X509Certificate", { "ds"=> 'http://www.w3.org/2000/09/xmldsig#' })
+        base64_cert = cert_element.text
+        cert_text = Base64.decode64(base64_cert)
+        cert = OpenSSL::X509::Certificate.new(cert_text)
+        Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
+      end
+
+      def other_phase
+        if on_path?("#{request_path}/metadata")
+          # omniauth does not set the strategy on the other_phase
+          @env['omniauth.strategy'] ||= self
+          setup_phase
+
+          response = OneLogin::RubySaml::Metadata.new
+          settings = OneLogin::RubySaml::Settings.new(options)
+          if options.request_attributes.length > 0
+            settings.attribute_consuming_service.service_name options.attribute_service_name
+            options.request_attributes.each do |attribute|
+              settings.attribute_consuming_service.add_attribute attribute
+            end
+          end
+          Rack::Response.new(response.generate(settings), 200, { "Content-Type" => "application/xml" }).finish
+        else
+          call_app!
+        end
+      end
+
+      uid { @name_id }
+
+      info do
+        {
+          :name  => @attributes[:name],
+          :email => @attributes[:email] || @attributes[:mail],
+          :first_name => @attributes[:first_name] || @attributes[:firstname] || @attributes[:firstName],
+          :last_name => @attributes[:last_name] || @attributes[:lastname] || @attributes[:lastName]
+        }
+      end
+
+      extra { { :raw_info => @attributes } }
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'saml', 'SAML'

data/lib/omniauth/strategies/saml/validation_error.rb

@@ -0,0 +1,8 @@
+module OmniAuth
+  module Strategies
+    class SAML
+      class ValidationError < Exception
+      end
+    end
+  end
+end

data/spec/omniauth/strategies/saml_spec.rb

@@ -0,0 +1,175 @@
+require 'spec_helper'
+
+RSpec::Matchers.define :fail_with do |message|
+  match do |actual|
+    actual.redirect? && /\?.*message=#{message}/ === actual.location
+  end
+end
+
+def post_xml(xml=:example_response)
+  post "/auth/saml/callback", {'SAMLResponse' => load_xml(xml)}
+end
+
+describe OmniAuth::Strategies::SAML, :type => :strategy do
+  include OmniAuth::Test::StrategyTestCase
+
+  let(:auth_hash){ last_request.env['omniauth.auth'] }
+  let(:saml_options) do
+    {
+      :assertion_consumer_service_url     => "http://localhost:3000/auth/saml/callback",
+      :idp_sso_target_url                 => "https://idp.sso.target_url/signon/29490",
+      :idp_cert_fingerprint               => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
+      :idp_sso_target_url_runtime_params  => {:original_param_key => :mapped_param_key},
+      :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+      :request_attributes                 => [
+        { name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
+        { name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
+        { name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
+        { name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
+      ],
+      :attribute_service_name             => 'Required attributes'
+    }
+  end
+  let(:strategy) { [OmniAuth::Strategies::SAML, saml_options] }
+
+  describe 'GET /auth/saml' do
+    context 'without idp runtime params present' do
+      before do
+        get '/auth/saml'
+      end
+
+      it 'should get authentication page' do
+        last_response.should be_redirect
+        last_response.location.should match /https:\/\/idp.sso.target_url\/signon\/29490/
+        last_response.location.should match /\?SAMLRequest=/
+        last_response.location.should_not match /mapped_param_key/
+        last_response.location.should_not match /original_param_key/
+      end
+    end
+
+    context 'with idp runtime params' do
+      before do
+        get '/auth/saml', 'original_param_key' => 'original_param_value', 'mapped_param_key' => 'mapped_param_value'
+      end
+
+      it 'should get authentication page' do
+        last_response.should be_redirect
+        last_response.location.should match /https:\/\/idp.sso.target_url\/signon\/29490/
+        last_response.location.should match /\?SAMLRequest=/
+        last_response.location.should match /\&mapped_param_key=original_param_value/
+        last_response.location.should_not match /original_param_key/
+      end
+    end
+  end
+
+  describe 'POST /auth/saml/callback' do
+    subject { last_response }
+
+    let(:xml) { :example_response }
+
+    before :each do
+      Time.stub(:now).and_return(Time.new(2012, 11, 8, 20, 40, 00, 0))
+    end
+
+    context "when the response is valid" do
+      before :each do
+        post_xml
+      end
+
+      it "should set the uid to the nameID in the SAML response" do
+        auth_hash['uid'].should == '_1f6fcf6be5e13b08b1e3610e7ff59f205fbd814f23'
+      end
+
+      it "should set the raw info to all attributes" do
+        auth_hash['extra']['raw_info'].all.to_hash.should == {
+          'first_name'   => ['Rajiv'],
+          'last_name'    => ['Manglani'],
+          'email'        => ['user@example.com'],
+          'company_name' => ['Example Company'],
+          'fingerprint'  => saml_options[:idp_cert_fingerprint]
+        }
+      end
+    end
+
+    context "when fingerprint is empty and there's a fingerprint validator" do
+      before :each do
+        saml_options.delete(:idp_cert_fingerprint)
+        saml_options[:idp_cert_fingerprint_validator] = lambda { |fingerprint| "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB" }
+        post_xml
+      end
+
+      it "should set the uid to the nameID in the SAML response" do
+        auth_hash['uid'].should == '_1f6fcf6be5e13b08b1e3610e7ff59f205fbd814f23'
+      end
+
+      it "should set the raw info to all attributes" do
+        auth_hash['extra']['raw_info'].all.to_hash.should == {
+          'first_name'   => ['Rajiv'],
+          'last_name'    => ['Manglani'],
+          'email'        => ['user@example.com'],
+          'company_name' => ['Example Company'],
+          'fingerprint'  => 'C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB'
+        }
+      end
+    end
+
+    context "when there is no SAMLResponse parameter" do
+      before :each do
+        post '/auth/saml/callback'
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when there is no name id in the XML" do
+      before :each do
+        post_xml :no_name_id
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the fingerprint is invalid" do
+      before :each do
+        saml_options[:idp_cert_fingerprint] = "00:00:00:00:00:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB"
+        post_xml
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the digest is invalid" do
+      before :each do
+        post_xml :digest_mismatch
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+
+    context "when the signature is invalid" do
+      before :each do
+        post_xml :invalid_signature
+      end
+
+      it { should fail_with(:invalid_ticket) }
+    end
+  end
+
+  describe 'GET /auth/saml/metadata' do
+    before do
+      get '/auth/saml/metadata'
+    end
+
+    it 'should get SP metadata page' do
+      last_response.status.should == 200
+      last_response.header["Content-Type"].should == "application/xml"
+    end
+
+    it 'should configure attributes consuming service' do
+      last_response.body.should match /AttributeConsumingService/
+      last_response.body.should match /first_name/
+      last_response.body.should match /last_name/
+      last_response.body.should match /Required attributes/
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+require 'simplecov'
+SimpleCov.start
+
+require 'omniauth-saml'
+require 'rack/test'
+require 'rexml/document'
+require 'rexml/xpath'
+require 'base64'
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+end
+
+def load_xml(filename=:example_response)
+  filename = File.expand_path(File.join('..', 'support', "#{filename.to_s}.xml"), __FILE__)
+  Base64.encode64(IO.read(filename))
+end

metadata

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: omni-saml
+version: !ruby/object:Gem::Version
+  version: 1.4.1
+platform: ruby
+authors:
+- Raecoo Cao
+- Ryan Wilcox
+- Rajiv Aaron Manglani
+- Steven Anderson
+- Nikos Dimitrakopoulos
+- Rudolf Vriend
+- Bruno Pedro
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: r-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+description: A generic SAML strategy for OmniAuth.
+email: rajiv@alum.mit.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- lib/omniauth-saml.rb
+- lib/omniauth-saml/version.rb
+- lib/omniauth/strategies/saml.rb
+- lib/omniauth/strategies/saml/validation_error.rb
+- spec/omniauth/strategies/saml_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/PracticallyGreen/omniauth-saml
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: A generic SAML strategy for OmniAuth.
+test_files:
+- spec/omniauth/strategies/saml_spec.rb
+- spec/spec_helper.rb
+has_rdoc: