omniauth-saml 1.10.0 → 1.10.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 6bf6bca05fbb7097d01d4f3abe1ff2b033932051
-  data.tar.gz: 5cde5570d1457ba576f7d7d05850bcca7b4384c5
+SHA256:
+  metadata.gz: 78fc2aa9d53a76bfcee786298a146e780f2519b1dc610f9a3387af3be5d7e763
+  data.tar.gz: 07776a19a05fd26b1779523947c7e54268663436ca469fd135379a1a38f488ee
 SHA512:
-  metadata.gz: d3413b70bad6963317a2fa55389a370fea07cb3a2015b600d10461d36245feb1e3efa02ec2fc25529d391f7f8929f9918859ab51055fc6bba979b7f3b920e2ca
-  data.tar.gz: 4623b91adf535ff1e018d15007fab6a050410f806884d6cc842eec80f60a46a2838f13f35786cb7ee1e725ee70043b8c669bad62dfde10c761df97c22c72d7ff
+  metadata.gz: a06e92595e4b5008f530ead717e5948a852ef6cc656e73badb9119549425f45696a655d3073c6fd0364c1a91774d36a818af317e790301dbe5027d2c1c96f798
+  data.tar.gz: da2e24b71ed687e075299b24ad79e23b3ed878dd4b58666e42f927306e793712d43be949ba19b3c685b271666405355c093c130d538676edaa62a980b3873ba5

data/CHANGELOG.md

@@ -1,3 +1,32 @@
+<a name="v1.10.3"></a>
+### v1.10.3 (2020-10-06)
+
+
+#### Bug Fixes
+
+* add options to logout_request initialization	 ([c271a37](/../../commit/c271a37))
+
+
+<a name="v1.10.2"></a>
+### v1.10.2 (2018-05-23)
+
+
+#### Features
+
+* **saml**
+  * inherits allows response options from ruby-saml instead of whitelist	 ([a0eedd6](/../../commit/a0eedd6))
+
+
+<a name="v1.10.1"></a>
+### v1.10.1 (2018-06-07)
+
+
+#### Features
+
+* **saml-response**
+  * whitelist more response options	 ([575198d](/../../commit/575198d))
+
+
 <a name="v1.10.0"></a>
 ### v1.10.0 (2018-02-19)
 

data/README.md

@@ -2,14 +2,12 @@
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth-saml.svg)][gem]
 [![Build Status](http://img.shields.io/travis/omniauth/omniauth-saml.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth-saml.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/omniauth/omniauth-saml.svg)][codeclimate]
+[![Maintainability](https://api.codeclimate.com/v1/badges/749e17b553ea944522c1/maintainability)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth-saml.svg)][coveralls]
 
 [gem]: https://rubygems.org/gems/omniauth-saml
 [travis]: http://travis-ci.org/omniauth/omniauth-saml
-[gemnasium]: https://gemnasium.com/omniauth/omniauth-saml
-[codeclimate]: https://codeclimate.com/github/omniauth/omniauth-saml
+[codeclimate]: https://codeclimate.com/github/omniauth/omniauth-saml/maintainability
 [coveralls]: https://coveralls.io/r/omniauth/omniauth-saml
 
 A generic SAML strategy for OmniAuth available under the [MIT License](LICENSE.md)
@@ -19,7 +17,7 @@ https://github.com/omniauth/omniauth-saml
 ## Requirements
 
 * [OmniAuth](http://www.omniauth.org/) 1.3+
-* Ruby 2.1.x+
+* Ruby 2.4.x+
 
 ## Versioning
 
@@ -37,6 +35,10 @@ use OmniAuth::Strategies::SAML,
   :idp_sso_target_url                 => "idp_sso_target_url",
   :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
   :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
+  :idp_cert_multi                     => {
+                                           :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
+                                           :encryption => []
+                                         }
   :idp_cert_fingerprint               => "E7:91:B2:E1:...",
   :idp_cert_fingerprint_validator     => lambda { |fingerprint| fingerprint },
   :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
@@ -60,6 +62,10 @@ Rails.application.config.middleware.use OmniAuth::Builder do
     :idp_sso_target_url                 => "idp_sso_target_url",
     :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
     :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
+    :idp_cert_multi                     => {
+                                             :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
+                                             :encryption => []
+                                           }
     :idp_cert_fingerprint               => "E7:91:B2:E1:...",
     :idp_cert_fingerprint_validator     => lambda { |fingerprint| fingerprint },
     :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
@@ -107,16 +113,20 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
   `original_param_value`. Optional.
 
 * `:idp_cert` - The identity provider's certificate in PEM format. Takes precedence
-  over the fingerprint option below. This option or `:idp_cert_fingerprint` or `:idp_cert_fingerprint_validator` must
+  over the fingerprint option below. This option or `:idp_cert_multi` or `:idp_cert_fingerprint` or `:idp_cert_fingerprint_validator` must
   be present.
+  
+* `:idp_cert_multi` - Multiple identity provider certificates in PEM format. Takes precedence
+over the fingerprint option below. This option `:idp_cert` or `:idp_cert_fingerprint` or `:idp_cert_fingerprint_validator` must
+be present.
 
 * `:idp_cert_fingerprint` - The SHA1 fingerprint of the certificate, e.g.
   "90:CC:16:F0:8D:...". This is provided from the identity provider when setting up
-  the relationship. This option or `:idp_cert` or `:idp_cert_fingerprint_validator` MUST be present.
+  the relationship. This option or `:idp_cert` or `:idp_cert_multi` or `:idp_cert_fingerprint_validator` MUST be present.
 
 * `:idp_cert_fingerprint_validator` - A lambda that MUST accept one parameter
   (the fingerprint), verify if it is valid and return it if successful. This option
-  or `:idp_cert` or `:idp_cert_fingerprint` MUST be present.
+  or `:idp_cert` or `:idp_cert_multi` or `:idp_cert_fingerprint` MUST be present.
 
 * `:name_identifier_format` - Used during SP-initiated SSO. Describes the format of
   the username required by this application. If you need the email address, use
@@ -194,7 +204,7 @@ advertised in metadata by setting the `single_logout_service_url` config option)
 When using Devise as an authentication solution, the SP initiated flow can be integrated
 in the `SessionsController#destroy` action.
 
-For this to work it is important to preserve the `saml_uid` value before Devise
+For this to work it is important to preserve the `saml_uid` and `saml_session_index` value before Devise
 clears the session and redirect to the `/spslo` sub-path to initiate the single logout.
 
 Example `destroy` action in `sessions_controller.rb`:
@@ -204,17 +214,19 @@ class SessionsController < Devise::SessionsController
   # ...
 
   def destroy
-    # Preserve the saml_uid in the session
-    saml_uid = session["saml_uid"]
+    # Preserve the saml_uid and saml_session_index in the session
+    saml_uid = session['saml_uid']
+    saml_session_index = session['saml_session_index']
     super do
-      session["saml_uid"] = saml_uid
+      session['saml_uid'] = saml_uid
+      session['saml_session_index'] = saml_session_index
     end
   end
 
   # ...
 
   def after_sign_out_path_for(_)
-    if session['saml_uid'] && SAML_SETTINGS.idp_slo_target_url
+    if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_target_url
       user_saml_omniauth_authorize_path + "/spslo"
     else
       super

data/lib/omniauth/strategies/saml.rb

@@ -10,7 +10,7 @@ module OmniAuth
         OmniAuth::Strategy.included(subclass)
       end
 
-      OTHER_REQUEST_OPTIONS = [:skip_conditions, :allowed_clock_drift, :matches_request_id, :skip_subject_confirmation].freeze
+      RUBYSAML_RESPONSE_OPTIONS = OneLogin::RubySaml::Response::AVAILABLE_OPTIONS
 
       option :name_identifier_format, nil
       option :idp_sso_target_url_runtime_params, {}
@@ -177,7 +177,7 @@ module OmniAuth
       end
 
       def handle_logout_request(raw_request, settings)
-        logout_request = OneLogin::RubySaml::SloLogoutrequest.new(raw_request)
+        logout_request = OneLogin::RubySaml::SloLogoutrequest.new(raw_request, {}.merge(settings: settings).merge(get_params: @request.params))
 
         if logout_request.is_valid? &&
           logout_request.name_id == session["saml_uid"]
@@ -231,7 +231,7 @@ module OmniAuth
 
       def options_for_response_object
         # filter options to select only extra parameters
-        opts = options.select {|k,_| OTHER_REQUEST_OPTIONS.include?(k.to_sym)}
+        opts = options.select {|k,_| RUBYSAML_RESPONSE_OPTIONS.include?(k.to_sym)}
 
         # symbolize keys without activeSupport/symbolize_keys (ruby-saml use symbols)
         opts.inject({}) do |new_hash, (key, value)|

data/lib/omniauth-saml/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module SAML
-    VERSION = '1.10.0'
+    VERSION = '1.10.3'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-saml
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.10.3
 platform: ruby
 authors:
 - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-01 00:00:00.000000000 Z
+date: 2020-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -42,34 +42,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.9'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '10'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '12'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '10'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '12'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -132,6 +126,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.23
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.23
 description: A generic SAML strategy for OmniAuth.
 email: rajiv@alum.mit.edu
 executables: []
@@ -159,18 +167,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A generic SAML strategy for OmniAuth.
 test_files:
-- spec/spec_helper.rb
 - spec/omniauth/strategies/saml_spec.rb
+- spec/spec_helper.rb