omniauth-mpassid 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ff6ff316ec561eadb8093c30bcbe1097823cf11796a81386b11d40228c4cdc6
-  data.tar.gz: dd16b5f03d5e8b7814e9b210fe981b15a10521e841f9560cd40a86af67c54ce0
+  metadata.gz: 17b65779d78646dc1de8ab9199d37fc0493020fd8a6d3b36e2b4badc859622c6
+  data.tar.gz: 6ba237b13f26a22109971309d64478b836e8e8e85ab2855b8f39ef7ac82bbd72
 SHA512:
-  metadata.gz: 2bcf7c78c1072b8c52db7e9381321fa2a9bcef19c7e5e2d62d98e161808419484c1ecb5ff7472a4fa2bd90e32ebbd735e6a6b7e8150e8a0673a4e7f46d303c6e
-  data.tar.gz: 6c4d56294369192b594a2b6afc9c0ea371d21d44b46e49078c31af3d78794c255d3000ebae7cb8dc318f5a8f36ee8c2416bbcf27086528ca389a8a4203fdf4c8
+  metadata.gz: 06b3e8aaaa13509e29bce1586b8197fa62933982707263145e3047878a7800b218cc141874e80cc51c6b1ecf1466f7742b9d3604721a047e44d31052785222f8
+  data.tar.gz: 6eae3c513b774c1fa97241cbb7d4122d4054afe6716e7b8bdefc5aa8fa00d258e2a9a9c27adb9296b972cb394f84729e4d59ce5a7fd11028e47e9c52b4988859

data/README.md

@@ -109,12 +109,11 @@ The user's personal information transmitted from MPASSid can be found under
 the `:saml_attributes` key in the OmniAuth extra hash described above.
 
 This attributes hash will contain the keys described in this following
-sub-sections. The keys marked as `(undocumented)` are not described in the
-MPASSid's own documentation but are available at least in some SAML responses.
+sub-sections.
 
 See also the MPASSid data models documentation for more information:
 
-https://wiki.eduuni.fi/display/CSCMPASSID/Data+models
+https://wiki.eduuni.fi/display/OPHPALV/MPASSid%3An+tietomalli
 
 The attributes can be either single or multi type defining whether they can
 have a single or multiple values. The single type values are strings and multi
@@ -128,15 +127,15 @@ is `nil` for both types.
 - SAML FriendlyName: givenName
 - Type: Single (`String`)
 
-The first/given name of the user.
+The given name of the user.
 
-#### `:first_names`
+#### `:first_name`
 
-- SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName
-- SAML FriendlyName: firstName
+- SAML URI: urn:mpass.id:nickname
+- SAML FriendlyName: nickname
 - Type: Single (`String`)
 
-All the first/given names of the user.
+The first name / calling name / nickname of the user.
 
 #### `:last_name`
 
@@ -146,39 +145,45 @@ All the first/given names of the user.
 
 The last/family name of the user.
 
-#### `:municipality_code`
+#### `:provider_info`
 
-- SAML URI: urn:mpass.id:municipalityCode
-- SAML FriendlyName: municipalityCode
-- Type: Multi (`Array`)
+- SAML URI: urn:mpass.id:educationProviderInfo
+- SAML FriendlyName: mpassEducationProviderInfo
+- Type: Multi (`Array<String>`)
 
-The municipality codes of the authenticated user.
+Information about the educational provider, each value contains multiple fields
+separated with a semicolon (`;`) character.
 
-See:
+For instance `1.2.246.562.10.494695390410;Virallinen nimi`.
 
-http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
+The description of the fields:
 
-#### `:municipality_name`
+1. The educational provider's OID as specified at the link below (`KOULUTUSTOIMIJA`)
+2. The educational provider's name as specified at the link below
 
-- SAML URI: one of the following (first found attribute)
-  * urn:mpass.id:municipality
-  * urn:educloudalliance.org:municipality
-- SAML FriendlyName: one of the following (first found attribute)
-  * N/A
-  * ecaMunicipality
-- Type: Multi (`Array`)
+The OIDs and information for these OIDs can be found from:
 
-The human-readable names of the municipalities of the authenticated user.
+https://virkailija.opintopolku.fi/organisaatio-service/swagger-ui/index.html
 
-#### `:school_code`
+#### `:school_info`
 
-- SAML URI: urn:mpass.id:municipalityCode
-- SAML FriendlyName: N/A
-- Type: Multi (`Array`)
+- SAML URI: urn:mpass.id:schoolInfo
+- SAML FriendlyName: mpassSchoolInfo
+- Type: Multi (`Array<String>`)
+
+Information about the school, each value contains multiple fields separated with
+a semicolon (`;`) character.
+
+The values are provided in both of the following formats as separate values:
+
+- `30076;Mansikkalan testi peruskoulu`
+- `1.2.246.562.99.00000000002;Mansikkalan testi peruskoulu`
 
-The school codes of the authenticated user.
+##### First format
 
-See (JSON format):
+The first value format specifies the national educational institution code as
+the first column separated with a semicolon (`;`) as specified at the national
+educational institution registry.
 
 For the list of codes, see:
 
@@ -189,37 +194,57 @@ An example for a single school code (04647), JSON format:
 
 https://virkailija.opintopolku.fi/koodisto-service/rest/codeelement/oppilaitosnumero_04647
 
-#### `:school_name`
+##### Second format
 
-- SAML URI: urn:mpass.id:school
-- SAML FriendlyName: school
-- Type: Multi (`Array`)
+The second value format specifies the OID of the educational institution as
+the first column separated with a semicolon (`;`). These values are specified
+at (filter with `OPPILAITOS`):
 
-The human-readable names of the schools of the authenticated user.
+https://virkailija.opintopolku.fi/organisaatio-service/swagger-ui/index.html
 
-#### `:class`
+#### `:class_level`
 
-- SAML URI: one of the following (first found attribute)
-  * urn:mpass.id:class
-  * urn:educloudalliance.org:group
-- SAML FriendlyName: one of the following (first found attribute)
-  * N/A
-  * ecaGroup
-- Type: Multi (`Array`)
+- SAML URI: urn:mpass.id:classLevel
+- SAML FriendlyName: N/A
+- Type: Single (`String`)
+
+The class level information (0-10) of the authenticated user.
 
-The class/group-information of the authenticated user.
+For instance 8 or 3.
 
-For instance: 8A or 3B.
+For further information, see:
 
-#### `:class_level`
+https://www.stat.fi/meta/kas/vuosiluokka.html
+
+This information is available for pre-primary education and comprehensive
+education students.
+
+This information is not available for secondary level students (upper secondary
+education or vocational education).
+
+#### `:learning_materials_charge`
 
 - SAML URI: urn:mpass.id:classLevel
 - SAML FriendlyName: N/A
-- Type: Multi (`Array`)
+- Type: Multi (`Array<String>`)
 
-The class/level-information of the authenticated user.
+Specifies for secondary level education pupils whether their learning materials
+are paid or not, each value contains multiple fields separated with a semicolon
+(`;`) character.
 
-For instance 8 or 3.
+The values are provided in both of the following formats as separate values:
+
+- `0;00000`
+- `0;1.2.246.562.99.00000000003`
+
+Similarly to the `:school_info` field, the values are provided with the national
+educational institution code as well as the educational institution's OID.
+
+The first column specifies the value for the field which is explained as
+follows:
+
+- `0` = Learning material is free for the pupil
+- `1` = Learning material is paid for the pupil
 
 #### `:role`
 
@@ -229,33 +254,34 @@ For instance 8 or 3.
 - SAML FriendlyName: one of the following (first found attribute)
   * N/A
   * ecaStructuredRole
-- Type: Multi (`Array`)
+- Type: Multi (`Array<String>`)
 
 The roles of the user in four parts, divided with a semicolon (;) character.
 First municipality, followed by school code, group and role in the group.
 
-For instance Helsinki;32132;9A;Oppilas.
+For instance `1.2.246.562.99.00000000001;00000;1A;Oppilas;1;1.2.246.562.99.00000000003;`.
 
-#### `:role_name` (undocumented)
+Each value consists of the following fields:
 
-- SAML URI: urn:educloudalliance.org:role
-- SAML FriendlyName: ecaRole
-- Type: Multi (`Array`)
+1. Educational provider OID (e.g. `1.2.246.562.99.00000000001`)
+2. National educational institution code (e.g. `00000`)
+3. Class or group information of the pupil (e.g. `1A`)
+4. Role of the user (e.g. `Oppilas`)
+5. Role code of the user (e.g. `1`)
+6. Educational institution OID (e.g. `1.2.246.562.99.00000000003`)
+7. The office / branch OID (similar format as other OIDs, can be also empty)
 
-NOTE: This attribute is undocumented by MPASSid.
+The OIDs for the educational provider (`KOULUTUSTOIMIJA`), educational
+institution (`OPPILAITOS`) and office / branch (`TOIMIPISTE`) can be found from:
 
-The human readable names of the role (in Finnish).
+https://virkailija.opintopolku.fi/organisaatio-service/swagger-ui/index.html
 
-For instance Oppilas.
-
-#### `:funet_person_learner_id` (undocumented)
+#### `:learner_id`
 
 - SAML URI: urn:oid:1.3.6.1.4.1.16161.1.1.27
-- SAML FriendlyName: N/A
+- SAML FriendlyName: learnerId
 - Type: Single (`String`)
 
-NOTE: This attribute is undocumented by MPASSid.
-
 11-digit identifier, which may be used to identify a person while storing,
 managing or transferring personal data.
 
@@ -263,6 +289,14 @@ See:
 
 https://wiki.eduuni.fi/display/CSCHAKA/funetEduPersonSchema2dot2#funetEduPersonSchema2dot2-funetEduPersonLearnerId
 
+#### `:original_issuer`
+
+Information about the user's home organization that is relying the information
+to MPASSid. This information is added by the Finnish National Agency for
+Education.
+
+For instance `1.2.246.562.99.00000000001`.
+
 ## License
 
 MIT, see [LICENSE](LICENSE).

data/lib/omniauth/strategies/mpassid.rb

@@ -10,6 +10,12 @@ module OmniAuth
       # :test - MPASSid test environment
       option :mode, :production
 
+      # The certificate file to define the certificate.
+      option :certificate_file, nil
+
+      # The private key file to define the private key.
+      option :private_key_file, nil
+
       # Defines the lang parameters to check from the request phase request
       # parameters. A valid language will be added to the IdP sign in redirect
       # URL as the last parameter (with the name `lang` as expected by
@@ -33,44 +39,41 @@ module OmniAuth
 
       # The request attributes for MPASSid
       option :request_attributes, [
-        # The unique identifier of the authenticated user. Currently recommended
-        # identifier for identifying the user. NOTE: will change if the user
-        # moves to another user registry.
-        # (single value)
-        {
-          name: 'urn:mpass.id:uid',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'mpassUsername'
-        },
-        # Funet EDU person learner ID
+        # The last/family name of the user.
         # (single value)
         {
-          name: 'urn:oid:1.3.6.1.4.1.16161.1.1.27',
+          name: 'urn:oid:2.5.4.4',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'learnerId'
+          friendly_name: 'sn'
         },
-        # The first/given name of the user.
+        # The given name of the user.
         # (single value)
         {
           name: 'urn:oid:2.5.4.42',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'givenName'
         },
-        # All the first/given names of the user.
+        # The first name/nickname of the user (calling name / kutsumanimi).
         # (single value)
         {
-          name: 'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName',
+          name: 'urn:mpass.id:nickname',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'firstName'
+          friendly_name: 'nickname'
         },
-        # The last/family name of the user.
+        # The unique identifier of the authenticated user. Currently recommended
+        # identifier for identifying the user. NOTE: will change if the user
+        # moves to another user registry.
         # (single value)
         {
-          name: 'urn:oid:2.5.4.4',
+          name: 'urn:mpass.id:uid',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'sn'
+          friendly_name: 'mpassUsername'
         },
-        # The school code of the authenticated user. See
+        # Combination of the school code and official name of the educational
+        # institution separated with semicolon.
+        # For instance: 30076;Mansikkalan testi peruskoulu AND 1.2.246.562.99.00000000002;Mansikkalan testi peruskoulu
+        #
+        # Contains the school code of the authenticated user. See
         # https://virkailija.opintopolku.fi/koodisto-service/rest/json/oppilaitosnumero/koodi
         # (JSON format)
         # https://virkailija.opintopolku.fi/koodisto-service/rest/oppilaitosnumero/koodi
@@ -79,93 +82,77 @@ module OmniAuth
         # https://virkailija.opintopolku.fi/koodisto-service/rest/codeelement/oppilaitosnumero_04647
         # for school code 04647.
         # (multi value)
-        {
-          name: 'urn:mpass.id:schoolCode',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'mpassSchoolCode'
-        },
-        # The human-readable name of the school of the authenticated user.
-        # (multi value)
-        {
-          name: 'urn:mpass.id:school',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'school'
-        },
-        # Combination of the school code and official name of the educational
-        # institution separated with semicolon.
-        # For instance: 00000;Tuntematon
+        #
+        # The OIDs for educational institution (`OPPILAITOS`) can be found from:
+        # https://virkailija.opintopolku.fi/organisaatio-service/swagger-ui/index.html
         {
           name: 'urn:mpass.id:schoolInfo',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'mpassSchoolInfo'
         },
-        # The class/group-information of the authenticated user.
-        # For instance: 8A or 3B.
-        # (multi value)
-        {
-          name: 'urn:mpass.id:class',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'mpassClass'
-        },
-        {
-          name: 'urn:educloudalliance.org:group',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'ecaGroup'
-        },
         # The class/level-information of the authenticated user.
         # For instance 8 or 3.
-        # (multi value)
+        # (single value)
         {
           name: 'urn:mpass.id:classLevel',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'mpassClassLevel'
         },
-        # The role name of the user.
-        # For instance Oppilas.
+        # The learning material charge.
+        # For instance 0;00000 AND 0;1.2.246.562.99.00000000003.
         # (multi value)
         {
-          name: 'urn:educloudalliance.org:role',
+          name: 'urn:mpass.id:learningMaterialsCharge',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'ecaRole'
+          friendly_name: 'mpassLearningMaterialsCharge'
         },
         # The role of the user in four parts, divided with a semicolon (;)
         # character. First educational provider's organization OID, followed by
-        # school code, group and role in the group.
-        # For instance 1.2.246.562.10.12345678907;99900;7B;Oppilas.
+        # school code, group (e.g. the class), role in the group (e.g.
+        # "Oppilas"), the role code (e.g. "1"), the educational institution's
+        # OID and finally the office OID (can be undefined).
+        # For instance 1.2.246.562.99.00000000001;00000;1A;Oppilas;1;1.2.246.562.99.00000000003;
         # (multi value)
         #
-        # The educational providers' organization OIDs can be found from:
-        # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
+        # The OIDs for educational providers (`KOULUTUSTOIMIJA`), educational
+        # institutions (`OPPILAITOS`) and offices/branches (`TOIMIPISTE`) can be
+        # found from:
+        # https://virkailija.opintopolku.fi/organisaatio-service/swagger-ui/index.html
+        #
+        # The test entries are in:
+        # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V12_0__oppilaitosten_puuttuvat_koulutustoimijat.sql
         {
           name: 'urn:mpass.id:role',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'mpassRole'
         },
-        # The educational provider's permanent organization OID.
-        # (multi value)
-        #
-        # The educational providers' organization OIDs can be found from:
-        # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
-        {
-          name: 'urn:mpass.id:educationProviderId',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'mpassEducationProviderOid'
-        },
-        # The educational provider's human-readable name.
-        # (multi value)
+        # Funet EDU person learner ID
+        # (single value)
         {
-          name: 'urn:mpass.id:educationProvider',
+          name: 'urn:oid:1.3.6.1.4.1.16161.1.1.27',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'mpassEducationProviderName'
+          friendly_name: 'learnerId'
         },
         # Combination of the education provider's organisation-OID and official
         # name. Separated by semicolon.
         # For instance: 1.2.246.562.10.494695390410;Virallinen nimi
         # (multi value)
+        #
+        # The OIDs for educational providers (`KOULUTUSTOIMIJA`) can be found
+        # from:
+        # https://virkailija.opintopolku.fi/organisaatio-service/swagger-ui/index.html
         {
           name: 'urn:mpass.id:educationProviderInfo',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'mpassEducationProviderInfo'
+        },
+        # The relaying organization for the information.
+        # For instance: 1.2.246.562.10.00000000000
+        # (single value)
+        {
+          name: 'urn:mpass.id:originalIssuer',
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'originalIssuer'
         }
       ]
 
@@ -173,38 +160,43 @@ module OmniAuth
       # https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later
       option(
         :attribute_statements,
-        # Given name or all first names (in case given name is not found)
-        first_name: ['urn:oid:2.5.4.42', 'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
-        last_name: ['urn:oid:2.5.4.4'],
-        # The education provider (e.g. municipality) of the person (literal format in Finnish)
-        location: ['urn:mpass.id:educationProvider']
+        # First name/calling name or given name (in case first name/calling name is not found)
+        first_name: ['urn:mpass.id:nickname', 'urn:oid:2.5.4.42'],
+        last_name: ['urn:oid:2.5.4.4']
       )
 
       info do
         # Generate the full name to the info hash
         first_name = find_attribute_by(
           [
-            'urn:oid:2.5.4.42',
-            'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'
+            'urn:mpass.id:nickname',
+            'urn:oid:2.5.4.42'
           ]
         )
         last_name = find_attribute_by(['urn:oid:2.5.4.4'])
         display_name = "#{first_name} #{last_name}".strip
-        display_name = nil if display_name.length.zero?
+        display_name = nil if display_name.length.zero? # rubocop:disable Style/ZeroLengthPredicate
 
         found_attributes = [[:name, display_name]]
 
+        provider = find_attribute_by(['urn:mpass.id:educationProviderInfo'])
+        if provider
+          provider_parts = provider.split(';')
+          found_attributes << [:location, provider_parts[1]] if provider_parts[1]
+        end
+
         # Default functionality from omniauth-saml
         found_attributes += options.attribute_statements.map do |key, values|
           attribute = find_attribute_by(values)
-          [key, attribute]
+          [key.to_sym, attribute]
         end
 
-        Hash[found_attributes]
+        found_attributes.to_h
       end
 
       option(
         :security_settings,
+        authn_requests_signed: true,
         digest_method: XMLSecurity::Document::SHA256,
         signature_method: XMLSecurity::Document::RSA_SHA256
       )
@@ -215,43 +207,27 @@ module OmniAuth
       option(
         :saml_attributes_map,
         given_name: ['urn:oid:2.5.4.42'],
-        first_names: ['urn:oid:2.5.4.42'],
+        first_name: ['urn:mpass.id:nickname'],
         last_name: ['urn:oid:2.5.4.4'],
-        provider_id: {
-          name: ['urn:mpass.id:educationProviderId'],
+        provider_info: {
+          name: ['urn:mpass.id:educationProviderInfo'],
           type: :multi
         },
-        provider_name: {
-          name: ['urn:mpass.id:educationProvider'],
+        school_info: {
+          name: ['urn:mpass.id:schoolInfo'],
           type: :multi
         },
-        school_code: {
-          name: ['urn:mpass.id:schoolCode'],
-          type: :multi
-        },
-        school_name: {
-          name: ['urn:mpass.id:school'],
-          type: :multi
-        },
-        class: {
-          name: ['urn:mpass.id:class', 'urn:educloudalliance.org:group'],
-          type: :multi
-        },
-        class_level: {
-          name: ['urn:mpass.id:classLevel'],
+        class_level: ['urn:mpass.id:classLevel'],
+        learning_materials_charge: {
+          name: ['urn:mpass.id:learningMaterialsCharge'],
           type: :multi
         },
         role: {
-          name: ['urn:mpass.id:role', 'urn:educloudalliance.org:structuredRole'],
-          type: :multi
-        },
-        role_name: {
-          name: ['urn:educloudalliance.org:role'],
+          name: ['urn:mpass.id:role'],
           type: :multi
         },
-        # Extra
-        # Unique learner ID
-        funet_person_learner_id: ['urn:oid:1.3.6.1.4.1.16161.1.1.27']
+        learner_id: ['urn:oid:1.3.6.1.4.1.16161.1.1.27'],
+        original_issuer: ['urn:mpass.id:originalIssuer']
       )
 
       # Defines the SAML attribute from which to determine the OmniAuth `uid`.
@@ -264,6 +240,9 @@ module OmniAuth
       # Add the SAML attributes to the extra hash for easier access.
       extra { {saml_attributes: saml_attributes} }
 
+      attr_accessor :options
+      attr_reader :mpassid_thread
+
       def initialize(app, *args, &block)
         super
 
@@ -271,15 +250,19 @@ module OmniAuth
         # fetched from the metadata. The options array is the one that gets
         # priority in case it overrides some of the metadata or locally defined
         # option values.
-        @options = OmniAuth::Strategy::Options.new(
-          mpassid_options.merge(options)
-        )
+        @mpassid_thread = Thread.new do
+          @options = OmniAuth::Strategy::Options.new(
+            mpassid_options.merge(options)
+          )
+          options[:security][:authn_requests_signed] = false unless options[:certificate] && options[:private_key]
+        end
       end
 
       # Override the request phase to be able to pass the lang parameter to
       # the redirect URL. Note that this needs to be the last parameter to
       # be passed to the redirect URL.
       def request_phase
+        mpassid_thread.join if mpassid_thread.alive?
         authn_request = OneLogin::RubySaml::Authrequest.new
         lang = lang_for_authn_request
 
@@ -314,6 +297,14 @@ module OmniAuth
 
     private
 
+      def certificate
+        File.read(options.certificate_file) if options.certificate_file
+      end
+
+      def private_key
+        File.read(options.private_key_file) if options.private_key_file
+      end
+
       def idp_metadata_url
         case options.mode
         when :test
@@ -337,10 +328,16 @@ module OmniAuth
           sso_binding: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
         )
 
+        # Local certificate and private key to decrypt the responses
+        settings[:certificate] = certificate
+        settings[:private_key] = private_key
+
         # Define the security settings as there are some defaults that need to be
         # modified
         security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security]
-        settings[:security] = security_defaults.merge(options.security_settings)
+        settings[:security] = security_defaults.merge(
+          options.security_settings.to_h.transform_keys(&:to_sym)
+        )
 
         settings
       end
@@ -357,7 +354,7 @@ module OmniAuth
 
             value = definition[:name].map do |key|
               @attributes.public_send(definition[:type], key)
-            end.reject(&:nil?).first
+            end.compact.first
 
             attrs[target] = value
           end

data/lib/omniauth-mpassid/test/certificate_generator.rb

@@ -17,14 +17,14 @@ module OmniAuth
             cert = OpenSSL::X509::Certificate.new
             cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
             cert.not_before = Time.now
-            cert.not_after = Time.now + 365 * 24 * 60 * 60
+            cert.not_after = Time.now + (365 * 24 * 60 * 60)
             cert.public_key = public_key
             cert.serial = 0x0
             cert.version = 2
 
             inject_certificate_extensions(cert)
 
-            cert.sign(private_key, OpenSSL::Digest::SHA1.new)
+            cert.sign(private_key, OpenSSL::Digest.new('SHA1'))
 
             cert
           end

data/lib/omniauth-mpassid/test/utility.rb

@@ -10,7 +10,7 @@ module OmniAuth
         end
 
         def self.signed_xml(raw_xml_file, opts)
-          raw_xml = IO.read(raw_xml_file)
+          raw_xml = File.read(raw_xml_file)
           signed_xml_from_string(raw_xml, opts)
         end
 

data/lib/omniauth-mpassid/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module MPASSid
-    VERSION = '0.5.0'
+    VERSION = '0.6.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-mpassid
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Antti Hukkanen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-09 00:00:00.000000000 Z
+date: 2024-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-saml
@@ -133,7 +133,8 @@ files:
 homepage: https://github.com/mainio/omniauth-mpassid
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -142,14 +143,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.33
 signing_key: 
 specification_version: 4
 summary: Provides an MPASSid strategy for OmniAuth.