omniauth-islykill 0.9.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 56fced1e74fbd3dfc280e4bcf348fe2d9d618108
+  data.tar.gz: 5b4c83f5ba4f4d904254024305263cf5643f6368
+SHA512:
+  metadata.gz: 0aba1334e79e01ee4446173e95029afc09f0cfe55ae40b1fec260edf069d2c75ccf4dd305c8ada165bec73681aa1d1ae0eeea9d4ff84fc8940a2a64864f801aa
+  data.tar.gz: fdfc5a2a975b9d89e0ed82c9fc1dc74c35ef1ad3d211d67dfd716319625afac14ca5fbba8530b2be0a0beb47903577d75ff962b0681d90d46b894e8aaed20f9e

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+Changelog for omniauth-islykill
+=================

data/README.md

@@ -0,0 +1,103 @@
+# OmniAuth Islykill
+
+This is a specific SAML strategy that handles authentication to Icelands Íslykill for OmniAuth
+
+https://github.com/Algrim/omniauth-islykill
+
+## Requirements
+
+* [OmniAuth](http://www.omniauth.org/) 1.2+
+* [ruby-saml](https://github.com/onelogin/ruby-saml)
+* Ruby 1.9.x or Ruby 2.1.x
+
+## Usage
+
+Use the Islykill strategy in your Rails application:
+
+in `Gemfile`:
+
+```ruby
+gem 'omniauth-islykill'
+```
+
+and in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+    provider :islykill,
+        :assertion_consumer_service_url     => "consumer_service_url",
+        :issuer                             => "Islyklar",
+        :idp_sso_target_url                 => "https://innskraning.island.is/?id=consumer_service_url",
+        :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
+        :idp_cert_fingerprint               => "E7:91:B2:E1:...",
+        :name_identifier_format             => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+end
+```
+
+For IdP-initiated SSO, users should directly access the IdP SSO target URL. Set the `href` of your application's login link to the value of `idp_sso_target_url`. For SP-initiated SSO, link to `/auth/saml`.
+
+## Metadata
+
+The service provider metadata used to ease configuration of the SAML SP in the IdP can be retrieved from `http://example.com/auth/saml/metadata`. Send this URL to the administrator of the IdP.
+
+## Options
+
+* `:assertion_consumer_service_url` - The URL at which the SAML assertion should be
+  received. If not provided, defaults to the OmniAuth callback URL (typically
+  `http://example.com/auth/saml/callback`). Optional.
+
+* `:issuer` - The name of your application. Some identity providers might need this
+  to establish the identity of the service provider requesting the login. **Required**.
+
+* `:idp_sso_target_url` - The URL to which the authentication request should be sent.
+  This would be on the identity provider. **Required**.
+
+* `:idp_sso_target_url_runtime_params` - A dynamic mapping of request params that exist
+  during the request phase of OmniAuth that should to be sent to the IdP after a specific
+  mapping. So for example, a param `original_request_param` with value `original_param_value`,
+  could be sent to the IdP on the login request as `mapped_idp_param` with value
+  `original_param_value`. Optional.
+
+* `:idp_cert` - The identity provider's certificate in PEM format. Takes precedence
+  over the fingerprint option below. This option or `:idp_cert_fingerprint` must
+  be present.
+
+* `:idp_cert_fingerprint` - The SHA1 fingerprint of the certificate, e.g.
+  "90:CC:16:F0:8D:...". This is provided from the identity provider when setting up
+  the relationship. This option or `:idp_cert` must be present.
+
+* `:name_identifier_format` - Used during SP-initiated SSO. Describes the format of
+  the username required by this application. If you need the email address, use
+  "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress". See
+  http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf section 8.3 for
+  other options. Note that the identity provider might not support all options.
+  If not specified, the IdP is free to choose the name identifier format used
+  in the response. Optional.
+
+* See the `Onelogin::Saml::Settings` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for additional supported options.
+
+## Authors
+
+Authored by Björgvin Bæhrenz Þórðarson.
+
+Maintained by [Björgvin Bæhrenz Þórðarson](https://github.com/Bjorgvin).
+
+## License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/lib/omniauth-islykill.rb

@@ -0,0 +1,3 @@
+require 'omniauth/strategies/islykill'
+require 'omniauth/strategies/islykill/validation_error'
+require 'signed_xml'

data/lib/omniauth-islykill/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module ISLYKILL
+    VERSION = '0.9.8'
+  end
+end

data/lib/omniauth/strategies/islykill.rb

@@ -0,0 +1,103 @@
+require 'omniauth'
+require 'ruby-saml'
+
+module OmniAuth
+  module Strategies
+    class Islykill
+      include OmniAuth::Strategy
+
+      option :name_identifier_format, nil
+      option :idp_sso_target_url_runtime_params, {}
+
+      def request_phase
+        options[:assertion_consumer_service_url] ||= callback_url
+        runtime_request_parameters = options.delete(:idp_sso_target_url_runtime_params)
+
+        additional_params = {}
+        runtime_request_parameters.each_pair do |request_param_key, mapped_param_key|
+          additional_params[mapped_param_key] = request.params[request_param_key.to_s] if request.params.has_key?(request_param_key.to_s)
+        end if runtime_request_parameters
+
+        authn_request = Onelogin::Saml::Authrequest.new
+        settings = Onelogin::Saml::Settings.new(options)
+
+        redirect(authn_request.create(settings, additional_params))
+      end
+
+      def callback_phase
+        puts "   ___      _ _ _                _    "
+        puts "  / __ __ _| | | |__   __ _  ___| | __"
+        puts " / /  / _` | | | '_   / _` |/ __| |/ /"
+        puts "/ /__| (_| | | | |_) | (_| | (__|   < "
+        puts " ____/ __,_|_|_|_.__/  __,_| ___|_| _ "
+        puts "                                      "
+
+        unless request.params['token']
+          raise OmniAuth::Strategies::Islykill::ValidationError.new("Islykill response missing")
+        end
+
+        token_base64 = request.params['token']
+        islykill_xml_saml_response = Base64.decode64(token_base64)
+        signedDocument = SignedXml::Document(islykill_xml_saml_response)
+        if !signedDocument.is_verified?
+            raise OmniAuth::Strategies::Islykill::ValidationError.new("Islykill response not valid")
+        end
+
+        # response is valid so we extract the information using xpath
+        xml_doc = REXML::Document.new(islykill_xml_saml_response)
+        prefix='Response/Assertion/AttributeStatement/Attribute[@Name="'
+        postfix='"]/AttributeValue'
+
+        @attributes={
+            name: REXML::XPath.first(xml_doc,"#{prefix}Name#{postfix}").text,
+            kennitala: REXML::XPath.first(xml_doc,"#{prefix}UserSSN#{postfix}").text,
+            provider: REXML::XPath.first(xml_doc,"#{prefix}Authentication#{postfix}").text
+        }
+        
+        @name_id = REXML::XPath.first(xml_doc,"Response/Assertion/Subject/NameID/@NameQualifier").value()
+
+        if @name_id.nil? || @name_id.empty?
+          raise OmniAuth::Strategies::Islykill::ValidationError.new("SAML response missing 'name_id'")
+        end
+
+        super
+      rescue 
+        fail!(:invalid_ticket, $!)
+      rescue Onelogin::Saml::ValidationError
+        fail!(:invalid_ticket, $!)
+      end
+
+    #  def other_phase
+    #    if on_path?("#{request_path}/metadata")
+    #      # omniauth does not set the strategy on the other_phase
+    #      @env['omniauth.strategy'] ||= self
+    #      setup_phase
+
+    #      response = Onelogin::Saml::Metadata.new
+    #      settings = Onelogin::Saml::Settings.new(options)
+    #      Rack::Response.new(response.generate(settings), 200, { "Content-Type" => "application/xml" }).finish
+    #    else
+    #      call_app!
+    #    end
+    #  end
+
+      uid { 
+        #@name_id 
+        @attributes[:kennitala]
+      }
+
+      info do
+        {
+          :name  => @attributes[:name],          
+          :kennitala => @attributes[:kennitala]
+        }
+      end
+
+      extra { { :raw_info => @attributes } }
+    end
+  end
+end
+
+
+
+

data/lib/omniauth/strategies/islykill/validation_error.rb

@@ -0,0 +1,8 @@
+module OmniAuth
+  module Strategies
+    class Islykill
+      class ValidationError < Exception
+      end
+    end
+  end
+end

data/lib/signed_xml.rb

@@ -0,0 +1,40 @@
+require 'logger'
+require 'nokogiri'
+
+module SignedXml
+  XMLDSIG_NS = "http://www.w3.org/2000/09/xmldsig#"
+
+  def self.Document(thing)
+    Document.new(thing)
+  end
+
+  # Logger that does nothing
+  BITBUCKET_LOGGER = Logger.new(nil)
+  class << BITBUCKET_LOGGER
+    def add(*args)
+    end
+  end
+
+  # The logger signed_xml should use
+  def self.logger
+    @@logger ||= BITBUCKET_LOGGER
+  end
+
+  # Set the logger for signed_xml
+  def self.logger=(a_logger)
+    @@logger = a_logger
+  end
+
+  autoload :Transformable, 'signed_xml/transformable'
+  autoload :Document, 'signed_xml/document'
+  autoload :Signature, 'signed_xml/signature'
+  autoload :SignedInfo, 'signed_xml/signed_info'
+  autoload :Reference, 'signed_xml/reference'
+  autoload :DigestMethodResolution, 'signed_xml/digest_method_resolution'
+  autoload :DigestTransform, 'signed_xml/digest_transform'
+  autoload :Base64Transform, 'signed_xml/base64_transform'
+  autoload :C14NTransform, 'signed_xml/c14n_transform'
+  autoload :EnvelopedSignatureTransform, 'signed_xml/enveloped_signature_transform'
+  autoload :Fingerprinting, 'signed_xml/fingerprinting'
+  autoload :Logging, 'signed_xml/logging'
+end

data/lib/signed_xml/base64_transform.rb

@@ -0,0 +1,9 @@
+require 'base64'
+
+module SignedXml
+  class Base64Transform
+    def apply(input)
+      Base64.encode64(input).chomp
+    end
+  end
+end

data/lib/signed_xml/c14n_transform.rb

@@ -0,0 +1,26 @@
+module SignedXml
+  class C14NTransform
+    include Nokogiri::XML
+
+    attr_reader :method
+    attr_reader :with_comments
+
+    def initialize(method = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
+      method, with_comments = method.split('#')
+      @method = case method
+                when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" then XML_C14N_1_0
+                when "http://www.w3.org/2001/10/xml-exc-c14n" then XML_C14N_EXCLUSIVE_1_0
+                when "http://www.w3.org/2006/12/xml-c14n11" then XML_C14N_1_1
+                else raise ArgumentError, "unknown canonicalization method #{method}"
+                end
+
+      @with_comments = !!with_comments
+    end
+
+    def apply(input)
+      raise ArgumentError, "input #{input.inspect}:#{input.class} is not canonicalizable" unless input.respond_to?(:canonicalize)
+
+      input.canonicalize(method, nil, with_comments)
+    end
+  end
+end

data/lib/signed_xml/digest_method_resolution.rb

@@ -0,0 +1,19 @@
+require 'openssl'
+
+module SignedXml
+  module DigestMethodResolution
+    include OpenSSL
+
+    def new_digester_for_id(id)
+      id = id && id =~ /sha(.*?)$/i && $1.to_i
+      case id
+      when 256 then OpenSSL::Digest::SHA256.new
+      when 384 then OpenSSL::Digest::SHA384.new
+      when 512 then OpenSSL::Digest::SHA512.new        
+      when 1   then OpenSSL::Digest::SHA1.new
+      else
+        raise ArgumentError, "unknown digest method #{id}"
+      end
+    end
+  end
+end

data/lib/signed_xml/digest_transform.rb

@@ -0,0 +1,17 @@
+require "openssl"
+
+module SignedXml
+  class DigestTransform
+    include DigestMethodResolution
+
+    attr_reader :digest
+
+    def initialize(method_id)
+      @digest = new_digester_for_id(method_id)
+    end
+
+    def apply(input)
+      digest.digest(input)
+    end
+  end
+end

data/lib/signed_xml/document.rb

@@ -0,0 +1,70 @@
+require "openssl"
+require "options"
+
+module SignedXml
+  class Document
+    include Logging
+
+    attr_reader :doc
+
+    def initialize(thing)
+      if thing.is_a? Nokogiri::XML::Document
+        @doc = thing
+      else
+        @doc = Nokogiri::XML(thing)
+      end
+    end
+
+    def is_verifiable?
+      signatures.any?
+    end
+
+    def is_verified?(arg = nil)
+      unless is_verifiable?
+        logger.warn "document cannot be verified because it contains no <Signature> elements"
+        return false
+      end
+
+      if arg.respond_to? :public_key
+        set_public_key_for_signatures(arg)
+      elsif arg.respond_to? :has_key?
+        set_certificate_store_for_signatures(arg)
+      elsif !arg.nil?
+        raise ArgumentError, "#{arg.inspect}:#{arg.class} must have a public key or be a hash of public keys"
+      end
+
+      signatures.all?(&:is_verified?)
+    end
+
+    def sign(private_key, certificate = nil)
+      signatures.each { |sig| sig.sign(private_key, certificate) }
+      self
+    end
+
+    def to_xml
+      doc.to_xml
+    end
+
+    private
+
+    def signatures
+      @signatures ||= init_signatures
+    end
+
+    def init_signatures
+      signatures = []
+      doc.xpath("//ds:Signature", ds: XMLDSIG_NS).each do |signature_node|
+        signatures << Signature.new(signature_node)
+      end
+      signatures
+    end
+
+    def set_public_key_for_signatures(certificate)
+      signatures.each { |sig| sig.public_key = certificate.public_key }
+    end
+
+    def set_certificate_store_for_signatures(cert_store)
+      signatures.each { |sig| sig.certificate_store = cert_store }
+    end
+  end
+end

data/lib/signed_xml/enveloped_signature_transform.rb

@@ -0,0 +1,10 @@
+module SignedXml
+  class EnvelopedSignatureTransform
+    def apply(input)
+      envelope = Nokogiri::XML::Document.new
+      envelope.root = input
+      envelope.at_xpath('//ds:Signature', ds: XMLDSIG_NS).remove
+      envelope
+    end
+  end
+end

data/lib/signed_xml/fingerprinting.rb

@@ -0,0 +1,9 @@
+require 'digest'
+
+module SignedXml
+  module Fingerprinting
+    def fingerprint(data)
+      Digest::SHA1.hexdigest(data)
+    end
+  end
+end

data/lib/signed_xml/logging.rb

@@ -0,0 +1,13 @@
+module SignedXml
+  # Logging stuff borrowed from https://github.com/pezra/saml-sp
+
+  module Logging
+    def logger
+      SignedXml.logger
+    end
+
+    def self.included(base)
+      base.extend(self)
+    end
+  end
+end

data/lib/signed_xml/reference.rb

@@ -0,0 +1,73 @@
+module SignedXml
+  class Reference
+    include Transformable
+    include Logging
+
+    attr_reader :here, :start
+
+    def initialize(here)
+      @here = here
+
+      uri = here['URI']
+      case uri
+      when nil, ""
+        @start = here.document.root
+      when /^#/
+        id = uri.split('#').last
+        raise ArgumentError, "XPointer expressions like #{id} are not yet supported" if id =~ /^xpointer/
+        # TODO: handle ID attrs with names other than 'ID'
+        @start = here.document.at_xpath("//*[@ID='#{id}']")
+        raise ArgumentError, "no match found for ID #{id}" if @start.nil?
+      else
+        raise ArgumentError, "unsupported Reference URI #{uri}"
+      end
+
+      @transforms = init_transforms
+    end
+
+    def is_verified?
+      result = apply_transforms == digest_value
+      logger.info "verification failed for digest value [#{digest_value}]" unless result
+      result
+    end
+
+    def compute_and_set_digest_value
+      digest_value_node.content = apply_transforms
+      logger.debug "set digest value to [#{digest_value}]"
+    end
+
+    private
+
+    def init_transforms
+      transforms = []
+
+      here.xpath('.//ds:Transform', ds: XMLDSIG_NS).each do |transform_node|
+        method = transform_node['Algorithm']
+        case method
+        when "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+          transforms << EnvelopedSignatureTransform.new
+        when %r{^http://.*c14n}
+          transforms << C14NTransform.new(method)
+        else
+          raise ArgumentError, "unknown transform method #{method}"
+        end
+      end
+
+      # If no explicit c14n transform is specified, make sure we do one before digesting.
+      transforms << C14NTransform.new unless transforms.last.is_a? C14NTransform
+
+      digest_method = here.at_xpath('//ds:DigestMethod/@Algorithm', ds: XMLDSIG_NS).value.strip
+      transforms << DigestTransform.new(digest_method)
+
+      transforms << Base64Transform.new
+    end
+
+    def digest_value
+      @digest_value ||= digest_value_node.text.strip
+    end
+
+    def digest_value_node
+      @digest_value_node ||= here.at_xpath('ds:DigestValue', ds: XMLDSIG_NS)
+    end
+  end
+end

data/lib/signed_xml/signature.rb

@@ -0,0 +1,137 @@
+require 'base64'
+
+module SignedXml
+  class Signature
+    include DigestMethodResolution
+    include Fingerprinting
+    include Logging
+
+    attr_accessor :here
+    attr_accessor :public_key
+    attr_accessor :certificate_store
+
+    def initialize(here)
+      @here = here
+    end
+
+    def is_verified?
+      is_signed_info_verified? && are_reference_digests_verified?
+    end
+
+    def sign(private_key, certificate = nil)
+      compute_digests_for_references
+      sign_signed_info(private_key)
+      set_certificate_data(certificate)
+    end
+
+    private
+
+    def is_signed_info_verified?
+      return false if public_key.nil?
+
+      result = public_key.verify(new_digester_for_id(signed_info.signature_method), decoded_value, signed_info.apply_transforms)
+      logger.info "verification of signature value [#{value}] failed" unless result
+      result
+    end
+
+    def are_reference_digests_verified?
+      references.all?(&:is_verified?)
+    end
+
+    def sign_signed_info(private_key)
+      data = signed_info.apply_transforms
+      logger.debug "data to sign: [#{data}]"
+      digester = new_digester_for_id(signed_info.signature_method)
+      logger.debug "digester: #{digester.inspect}"
+      sig_value = private_key.sign(digester, data)
+      logger.debug "signature value (before Base64 encoding): [#{sig_value}]"
+      value_node.content = Base64Transform.new.apply(sig_value)
+      logger.debug "SignatureValue set to [#{value}]"
+    end
+
+    def compute_digests_for_references
+      references.each(&:compute_and_set_digest_value)
+    end
+
+    def set_certificate_data(certificate)
+      x509_cert_data_node.content = certificate.to_pem.split("\n")[1..-2].join("\n") if certificate
+      logger.debug "set certificate data to [#{x509_cert_data}]"
+    end
+
+    def references
+      @references ||= init_references
+    end
+
+    def init_references
+      references = []
+
+      here.xpath('//ds:Reference', ds: XMLDSIG_NS).each do |reference_node|
+        references << Reference.new(reference_node)
+      end
+
+      references
+    end
+
+    def decoded_value
+      @decoded_value ||= Base64.decode64 value
+    end
+
+    def value
+      @value ||= value_node.text.strip
+    end
+
+    def value_node
+      @value_node ||= here.at_xpath('//ds:SignatureValue', ds: XMLDSIG_NS)
+    end
+
+    def signed_info
+      @signed_info ||= SignedInfo.new(here.at_xpath("//ds:SignedInfo", ds: XMLDSIG_NS))
+    end
+
+    def certificate_store
+      @certificate_store ||= {}
+    end
+
+    def public_key
+      # If the user provided a certificate store, we MUST only use a
+      # key which matches the one in the signature's KeyInfo. Otherwise,
+      # use the key in the signature.
+      @public_key ||= if certificate_store.any?
+                        logger.debug "using cert store #{certificate_store}"
+                        if certificate_store.has_key? x509_cert_fingerprint
+                          certificate_store[x509_cert_fingerprint].public_key
+                        else
+                          logger.warn "Store has no certificate with fingerprint #{x509_cert_fingerprint}. Signature validation will fail."
+                          nil
+                        end
+                      else
+                        x509_certificate.public_key
+                      end
+    end
+
+    def x509_certificate
+      OpenSSL::X509::Certificate.new(certificate(x509_cert_data))
+    end
+
+    def x509_cert_fingerprint
+      @x509_cert_fingerprint ||= fingerprint(x509_certificate.to_der)
+    end
+
+    def x509_cert_data
+      x509_cert_data_node.text
+    end
+
+    def x509_cert_data_node
+      @x509_cert_data_node ||= here.at_xpath("//ds:X509Certificate", ds: XMLDSIG_NS)
+    end
+
+    def certificate(data)
+      "-----BEGIN CERTIFICATE-----\n#{wrap_text(data, 64)}-----END CERTIFICATE-----\n"
+    end
+
+    # http://blog.macromates.com/2006/wrapping-text-with-regular-expressions/
+    def wrap_text(txt, col = 80)
+      txt.gsub(/(.{1,#{col}})( +|$)\n?|(.{#{col}})/, "\\1\\3\n")
+    end
+  end
+end

data/lib/signed_xml/signed_info.rb

@@ -0,0 +1,17 @@
+module SignedXml
+  class SignedInfo
+    include Transformable
+
+    attr_reader :start, :signature_method
+
+    def initialize(here)
+      @start = here
+
+      canonicalization_method = here.at_xpath('//ds:CanonicalizationMethod/@Algorithm', ds: XMLDSIG_NS).value.strip
+
+      transforms << C14NTransform.new(canonicalization_method)
+
+      @signature_method = here.at_xpath('//ds:SignatureMethod/@Algorithm', ds: XMLDSIG_NS).value.strip
+    end
+  end
+end

data/lib/signed_xml/transformable.rb

@@ -0,0 +1,20 @@
+module SignedXml
+  module Transformable
+    include Logging
+
+    def transforms
+      @transforms ||= []
+    end
+
+    def apply_transforms
+      transforms.reduce(start) do |input, transform|
+        logger.debug "applying transform #{transform.inspect}"
+        logger.debug "input:  [#{input}]"
+
+        result = transform.apply(input)
+        logger.debug "output: [#{result}]"
+        result
+      end
+    end
+  end
+end

data/lib/signed_xml/version.rb

@@ -0,0 +1,3 @@
+module SignedXml
+  VERSION = "1.0.2"
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-islykill
+version: !ruby/object:Gem::Version
+  version: 0.9.8
+platform: ruby
+authors:
+- Bjorgvin Thordarson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.3
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: options
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This is a specific SAML strategy that handles authentication to Icelands
+  Íslykill for OmniAuth.
+email: algrim.is@outlook.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- CHANGELOG.md
+- lib/signed_xml.rb
+- lib/signed_xml/c14n_transform.rb
+- lib/signed_xml/signed_info.rb
+- lib/signed_xml/digest_transform.rb
+- lib/signed_xml/document.rb
+- lib/signed_xml/enveloped_signature_transform.rb
+- lib/signed_xml/reference.rb
+- lib/signed_xml/base64_transform.rb
+- lib/signed_xml/version.rb
+- lib/signed_xml/digest_method_resolution.rb
+- lib/signed_xml/logging.rb
+- lib/signed_xml/fingerprinting.rb
+- lib/signed_xml/transformable.rb
+- lib/signed_xml/signature.rb
+- lib/omniauth-islykill.rb
+- lib/omniauth-islykill/version.rb
+- lib/omniauth/strategies/islykill/validation_error.rb
+- lib/omniauth/strategies/islykill.rb
+homepage: https://github.com/Algrim/omniauth-islykill
+licenses:
+- ''
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.9
+signing_key: 
+specification_version: 4
+summary: This is a specific SAML strategy that handles authentication to Icelands
+  Íslykill for OmniAuth.
+test_files: []