omniauth-mpassid 0.3.1 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/omniauth/strategies/mpassid.rb +23 -1
- data/lib/omniauth-mpassid/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f48ffa5ce82f1a1fc9c58c23c6922a331d9ddd67a8cf0d18727eb1c9a71349b4
|
|
4
|
+
data.tar.gz: 493aee76ba5c50ba9bbb21e4cac136a73b6a121128a12bbf95863529d2126fdf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56ec987f2a110f6ce52471793e4e65625db009d1addb6d3c058f9f6e4d1b59fed48ee24d797c668f6849f36dc661f23ff7d4066d36f5ea733d32dae3efe49aa3
|
|
7
|
+
data.tar.gz: 21e0c03164aad2c68e4d1062120dbc325a8f141ee5f254e672bdb12e5271ab3f63360253e1d23dfe4281f1cd560f3f6a570817ee5ea72e70fd2815fe0218b346
|
|
@@ -10,6 +10,12 @@ module OmniAuth
|
|
|
10
10
|
# :test - MPASSid test environment
|
|
11
11
|
option :mode, :production
|
|
12
12
|
|
|
13
|
+
# The certificate file to define the certificate.
|
|
14
|
+
option :certificate_file, nil
|
|
15
|
+
|
|
16
|
+
# The private key file to define the private key.
|
|
17
|
+
option :private_key_file, nil
|
|
18
|
+
|
|
13
19
|
# Defines the lang parameters to check from the request phase request
|
|
14
20
|
# parameters. A valid language will be added to the IdP sign in redirect
|
|
15
21
|
# URL as the last parameter (with the name `lang` as expected by
|
|
@@ -205,6 +211,7 @@ module OmniAuth
|
|
|
205
211
|
|
|
206
212
|
option(
|
|
207
213
|
:security_settings,
|
|
214
|
+
authn_requests_signed: true,
|
|
208
215
|
digest_method: XMLSecurity::Document::SHA256,
|
|
209
216
|
signature_method: XMLSecurity::Document::RSA_SHA256
|
|
210
217
|
)
|
|
@@ -274,6 +281,7 @@ module OmniAuth
|
|
|
274
281
|
@options = OmniAuth::Strategy::Options.new(
|
|
275
282
|
mpassid_options.merge(options)
|
|
276
283
|
)
|
|
284
|
+
options[:security][:authn_requests_signed] = false unless options[:certificate] && options[:private_key]
|
|
277
285
|
end
|
|
278
286
|
|
|
279
287
|
# Override the request phase to be able to pass the lang parameter to
|
|
@@ -314,6 +322,14 @@ module OmniAuth
|
|
|
314
322
|
|
|
315
323
|
private
|
|
316
324
|
|
|
325
|
+
def certificate
|
|
326
|
+
File.read(options.certificate_file) if options.certificate_file
|
|
327
|
+
end
|
|
328
|
+
|
|
329
|
+
def private_key
|
|
330
|
+
File.read(options.private_key_file) if options.private_key_file
|
|
331
|
+
end
|
|
332
|
+
|
|
317
333
|
def idp_metadata_url
|
|
318
334
|
case options.mode
|
|
319
335
|
when :test
|
|
@@ -337,10 +353,16 @@ module OmniAuth
|
|
|
337
353
|
sso_binding: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
|
|
338
354
|
)
|
|
339
355
|
|
|
356
|
+
# Local certificate and private key to decrypt the responses
|
|
357
|
+
settings[:certificate] = certificate
|
|
358
|
+
settings[:private_key] = private_key
|
|
359
|
+
|
|
340
360
|
# Define the security settings as there are some defaults that need to be
|
|
341
361
|
# modified
|
|
342
362
|
security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security]
|
|
343
|
-
settings[:security] = security_defaults.merge(
|
|
363
|
+
settings[:security] = security_defaults.merge(
|
|
364
|
+
options.security_settings.to_h.transform_keys(&:to_sym)
|
|
365
|
+
)
|
|
344
366
|
|
|
345
367
|
settings
|
|
346
368
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-mpassid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Antti Hukkanen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-01
|
|
11
|
+
date: 2022-09-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-saml
|