omniauth-saml 1.10.2 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c80dace14b1650bb9dab761f988bce131b76cc61
-  data.tar.gz: 46dec44c01650f34647c34bbe45486e15687a820
+SHA256:
+  metadata.gz: 032f34c12924a5666a189462f819b871c2e321891cbe23b45e56c47acdbfc53c
+  data.tar.gz: 17bb6e9741181862fcb34f3ca0a47084b9805aba71b3dd5dadfb951c7cd20d27
 SHA512:
-  metadata.gz: 41666f2cdd6dd0c61642d72e360ada0eb70e26970d02eb126b4b5689537a047bd914e640508d2bf61620ccd78ed5c8d8f46a29b52b39b6a52475d3520e3332e8
-  data.tar.gz: f2f579c26fe80b272ff1328c87dc2ba22c7b36c6b28b349072cdaf2e43491f3d4ac42cb6a9a5d76f4338155f077895d9890248f52cddf7d4204333401f3fd8e0
+  metadata.gz: eb87a7392dc23407ab0064b67efd4ffefd9ec3fbbca18b32e96bf973281dffb9477bffc3765d8b4c3e278df7aedca255a95aa03deb44053b33c3cfff5af9435e
+  data.tar.gz: 22daef0cc26447f27023c5dc2e6f816e1f79c57c0538b86ffae0f8a2ea9d08492bc351aa31838ca7b4a272ae577aea3f914a87dba0656e1ac2e098f49f034041

data/CHANGELOG.md

@@ -1,3 +1,33 @@
+<a name="v2.1.0"></a>
+### v2.1.0 (2022-03-01)
+
+
+#### Refactor
+
+* Rename usage of deprecated SAML options  ([74ed8df](/../../commit/74ed8df))
+
+#### Chores
+
+* bump ruby-saml to 1.12  ([15c156a](/../../commit/15c156a))
+
+<a name="v2.0.0"></a>
+### v2.0.0 (2021-01-13)
+
+
+#### Chores
+
+* Allow OmniAuth 2.0.0	 ([f7ec7ee](/../../commit/f7ec7ee))
+
+
+<a name="v1.10.3"></a>
+### v1.10.3 (2020-10-06)
+
+
+#### Bug Fixes
+
+* add options to logout_request initialization	 ([c271a37](/../../commit/c271a37))
+
+
 <a name="v1.10.2"></a>
 ### v1.10.2 (2018-05-23)
 

data/README.md

@@ -1,12 +1,11 @@
 # OmniAuth SAML
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth-saml.svg)][gem]
-[![Build Status](http://img.shields.io/travis/omniauth/omniauth-saml.svg)][travis]
+[![Ruby](https://github.com/omniauth/omniauth-saml/actions/workflows/ruby.yml/badge.svg)](https://github.com/omniauth/omniauth-saml/actions/workflows/ruby.yml)
 [![Maintainability](https://api.codeclimate.com/v1/badges/749e17b553ea944522c1/maintainability)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth-saml.svg)][coveralls]
 
 [gem]: https://rubygems.org/gems/omniauth-saml
-[travis]: http://travis-ci.org/omniauth/omniauth-saml
 [codeclimate]: https://codeclimate.com/github/omniauth/omniauth-saml/maintainability
 [coveralls]: https://coveralls.io/r/omniauth/omniauth-saml
 
@@ -31,9 +30,9 @@ Use the SAML strategy as a middleware in your application:
 require 'omniauth'
 use OmniAuth::Strategies::SAML,
   :assertion_consumer_service_url     => "consumer_service_url",
-  :issuer                             => "issuer",
-  :idp_sso_target_url                 => "idp_sso_target_url",
-  :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
+  :sp_entity_id                       => "sp_entity_id",
+  :idp_sso_service_url                => "idp_sso_service_url",
+  :idp_sso_service_url_runtime_params => {:original_request_param => :mapped_idp_param},
   :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
   :idp_cert_multi                     => {
                                            :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
@@ -58,9 +57,9 @@ and in `config/initializers/omniauth.rb`:
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :saml,
     :assertion_consumer_service_url     => "consumer_service_url",
-    :issuer                             => "rails-application",
-    :idp_sso_target_url                 => "idp_sso_target_url",
-    :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
+    :sp_entity_id                       => "rails-application",
+    :idp_sso_service_url                => "idp_sso_service_url",
+    :idp_sso_service_url_runtime_params => {:original_request_param => :mapped_idp_param},
     :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
     :idp_cert_multi                     => {
                                              :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
@@ -72,7 +71,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
 end
 ```
 
-For IdP-initiated SSO, users should directly access the IdP SSO target URL. Set the `href` of your application's login link to the value of `idp_sso_target_url`. For SP-initiated SSO, link to `/auth/saml`.
+For IdP-initiated SSO, users should directly access the IdP SSO service URL. Set the `href` of your application's login link to the value of `idp_sso_service_url`. For SP-initiated SSO, link to `/auth/saml`.
 
 A `OneLogin::RubySaml::Response` object is added to the `env['omniauth.auth']` extra attribute, so we can use it in the controller via `env['omniauth.auth'].extra.response_object`
 
@@ -88,13 +87,13 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
   received. If not provided, defaults to the OmniAuth callback URL (typically
   `http://example.com/auth/saml/callback`). Optional.
 
-* `:issuer` - The name of your application. Some identity providers might need this
+* `:sp_entity_id` - The name of your application. Some identity providers might need this
   to establish the identity of the service provider requesting the login. **Required**.
 
-* `:idp_sso_target_url` - The URL to which the authentication request should be sent.
+* `:idp_sso_service_url` - The URL to which the authentication request should be sent.
   This would be on the identity provider. **Required**.
 
-* `:idp_slo_target_url` - The URL to which the single logout request and response should
+* `:idp_slo_service_url` - The URL to which the single logout request and response should
   be sent. This would be on the identity provider. Optional.
 
 * `:idp_slo_session_destroy` - A proc that accepts up to two parameters (the rack environment, and the session),
@@ -106,7 +105,7 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
   instance will be passed to this callable if it has an arity of 1. If the value is a string,
   the string will be returned, when the `RelayState` is called. Optional.
 
-* `:idp_sso_target_url_runtime_params` - A dynamic mapping of request params that exist
+* `:idp_sso_service_url_runtime_params` - A dynamic mapping of request params that exist
   during the request phase of OmniAuth that should to be sent to the IdP after a specific
   mapping. So for example, a param `original_request_param` with value `original_param_value`,
   could be sent to the IdP on the login request as `mapped_idp_param` with value
@@ -170,7 +169,7 @@ idp_metadata = idp_metadata_parser.parse_remote_to_hash("http://idp.example.com/
 use OmniAuth::Strategies::SAML,
   idp_metadata.merge(
     :assertion_consumer_service_url => "consumer_service_url",
-    :issuer                         => "issuer"
+    :sp_entity_id                   => "sp_entity_id"
   )
 ```
 
@@ -186,7 +185,7 @@ In `config/initializers/devise.rb`:
 Devise.setup do |config|
   config.omniauth :saml,
     idp_cert_fingerprint: 'fingerprint',
-    idp_sso_target_url: 'target_url'
+    idp_sso_service_url: 'idp_sso_service_url'
 end
 ```
 
@@ -196,7 +195,7 @@ Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformate
 
 Single Logout can be Service Provider initiated or Identity Provider initiated.
 
-For SP initiated logout, the `idp_slo_target_url` option must be set to the logout url on the IdP,
+For SP initiated logout, the `idp_slo_service_url` option must be set to the logout url on the IdP,
 and users directed to `user_saml_omniauth_authorize_path + '/spslo'` after logging out locally. For
 IdP initiated logout, logout requests from the IdP should go to `/auth/saml/slo` (this can be
 advertised in metadata by setting the `single_logout_service_url` config option).
@@ -226,7 +225,7 @@ class SessionsController < Devise::SessionsController
   # ...
 
   def after_sign_out_path_for(_)
-    if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_target_url
+    if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_service_url
       user_saml_omniauth_authorize_path + "/spslo"
     else
       super

data/lib/omniauth/strategies/saml.rb

@@ -13,7 +13,7 @@ module OmniAuth
       RUBYSAML_RESPONSE_OPTIONS = OneLogin::RubySaml::Response::AVAILABLE_OPTIONS
 
       option :name_identifier_format, nil
-      option :idp_sso_target_url_runtime_params, {}
+      option :idp_sso_service_url_runtime_params, {}
       option :request_attributes, [
         { :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
         { :name => 'name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Full name' },
@@ -177,7 +177,7 @@ module OmniAuth
       end
 
       def handle_logout_request(raw_request, settings)
-        logout_request = OneLogin::RubySaml::SloLogoutrequest.new(raw_request)
+        logout_request = OneLogin::RubySaml::SloLogoutrequest.new(raw_request, {}.merge(settings: settings).merge(get_params: @request.params))
 
         if logout_request.is_valid? &&
           logout_request.name_id == session["saml_uid"]
@@ -264,7 +264,7 @@ module OmniAuth
       end
 
       def other_phase_for_spslo
-        if options.idp_slo_target_url
+        if options.idp_slo_service_url
           with_settings do |settings|
             redirect(generate_logout_request(settings))
           end
@@ -275,7 +275,7 @@ module OmniAuth
 
       def add_request_attributes_to(settings)
         settings.attribute_consuming_service.service_name options.attribute_service_name
-        settings.issuer = options.issuer
+        settings.sp_entity_id = options.sp_entity_id
 
         options.request_attributes.each do |attribute|
           settings.attribute_consuming_service.add_attribute attribute
@@ -284,7 +284,7 @@ module OmniAuth
 
       def additional_params_for_authn_request
         {}.tap do |additional_params|
-          runtime_request_parameters = options.delete(:idp_sso_target_url_runtime_params)
+          runtime_request_parameters = options.delete(:idp_sso_service_url_runtime_params)
 
           if runtime_request_parameters
             runtime_request_parameters.each_pair do |request_param_key, mapped_param_key|

data/lib/omniauth-saml/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module SAML
-    VERSION = '1.10.2'
+    VERSION = '2.1.0'
   end
 end

data/spec/omniauth/strategies/saml_spec.rb

@@ -6,7 +6,7 @@ RSpec::Matchers.define :fail_with do |message|
   end
 end
 
-def post_xml(xml=:example_response, opts = {})
+def post_xml(xml = :example_response, opts = {})
   post "/auth/saml/callback", opts.merge({'SAMLResponse' => load_xml(xml)})
 end
 
@@ -18,10 +18,10 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
     {
       :assertion_consumer_service_url     => "http://localhost:9080/auth/saml/callback",
       :single_logout_service_url          => "http://localhost:9080/auth/saml/slo",
-      :idp_sso_target_url                 => "https://idp.sso.example.com/signon/29490",
-      :idp_slo_target_url                 => "https://idp.sso.example.com/signoff/29490",
+      :idp_sso_service_url                => "https://idp.sso.example.com/signon/29490",
+      :idp_slo_service_url                => "https://idp.sso.example.com/signoff/29490",
       :idp_cert_fingerprint               => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
-      :idp_sso_target_url_runtime_params  => {:original_param_key => :mapped_param_key},
+      :idp_sso_service_url_runtime_params => {:original_param_key => :mapped_param_key},
       :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
       :request_attributes                 => [
         { :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
@@ -34,10 +34,10 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
   end
   let(:strategy) { [OmniAuth::Strategies::SAML, saml_options] }
 
-  describe 'GET /auth/saml' do
+  describe 'POST /auth/saml' do
     context 'without idp runtime params present' do
       before do
-        get '/auth/saml'
+        post '/auth/saml'
       end
 
       it 'should get authentication page' do
@@ -51,7 +51,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
 
     context 'with idp runtime params' do
       before do
-        get '/auth/saml', 'original_param_key' => 'original_param_value', 'mapped_param_key' => 'mapped_param_value'
+        post '/auth/saml', 'original_param_key' => 'original_param_value', 'mapped_param_key' => 'mapped_param_value'
       end
 
       it 'should get authentication page' do
@@ -71,7 +71,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
 
       it 'should send the current callback_url as the assertion_consumer_service_url' do
         %w(foo.example.com bar.example.com).each do |host|
-          get "https://#{host}/auth/saml"
+          post "https://#{host}/auth/saml"
 
           expect(last_response).to be_redirect
 
@@ -89,7 +89,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
     end
 
     context 'when authn request signing is requested' do
-      subject { get '/auth/saml' }
+      subject { post '/auth/saml' }
 
       let(:private_key) { OpenSSL::PKey::RSA.new 2048 }
 
@@ -306,7 +306,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
 
     context "when response is a logout response" do
       before :each do
-        saml_options[:issuer] = "https://idp.sso.example.com/metadata/29490"
+        saml_options[:sp_entity_id] = "https://idp.sso.example.com/metadata/29490"
 
         post "/auth/saml/slo", {
           SAMLResponse: load_xml(:example_logout_response),
@@ -323,7 +323,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
       subject { post "/auth/saml/slo", params, "rack.session" => { "saml_uid" => "username@example.com" } }
 
       before :each do
-        saml_options[:issuer] = "https://idp.sso.example.com/metadata/29490"
+        saml_options[:sp_entity_id] = "https://idp.sso.example.com/metadata/29490"
       end
 
       let(:params) do
@@ -392,8 +392,8 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
         end
       end
 
-      it "should give not implemented without an idp_slo_target_url" do
-        saml_options.delete(:idp_slo_target_url)
+      it "should give not implemented without an idp_slo_service_url" do
+        saml_options.delete(:idp_slo_service_url)
         post "/auth/saml/spslo"
 
         expect(last_response.status).to eq 501
@@ -402,10 +402,10 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
     end
   end
 
-  describe 'GET /auth/saml/metadata' do
+  describe 'POST /auth/saml/metadata' do
     before do
-      saml_options[:issuer] = 'http://example.com/SAML'
-      get '/auth/saml/metadata'
+      saml_options[:sp_entity_id] = 'http://example.com/SAML'
+      post '/auth/saml/metadata'
     end
 
     it 'should get SP metadata page' do
@@ -424,19 +424,19 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
   end
 
   context 'when hitting an unknown route in our sub path' do
-    before { get '/auth/saml/unknown' }
+    before { post '/auth/saml/unknown' }
 
     specify { expect(last_response.status).to eql 404 }
   end
 
   context 'when hitting a completely unknown route' do
-    before { get '/unknown' }
+    before { post '/unknown' }
 
     specify { expect(last_response.status).to eql 404 }
   end
 
   context 'when hitting a route that contains a substring match for the strategy name' do
-    before { get '/auth/saml2/metadata' }
+    before { post '/auth/saml2/metadata' }
 
     it 'should not set the strategy' do
       expect(last_request.env['omniauth.strategy']).to be_nil

data/spec/spec_helper.rb

@@ -16,6 +16,7 @@ require 'base64'
 TEST_LOGGER = Logger.new(StringIO.new)
 OneLogin::RubySaml::Logging.logger = TEST_LOGGER
 OmniAuth.config.logger = TEST_LOGGER
+OmniAuth.config.request_validation_phase = proc {}
 
 RSpec.configure do |config|
   config.include Rack::Test::Methods

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-saml
 version: !ruby/object:Gem::Version
-  version: 1.10.2
+  version: 2.1.0
 platform: ruby
 authors:
 - Raecoo Cao
@@ -11,10 +11,10 @@ authors:
 - Nikos Dimitrakopoulos
 - Rudolf Vriend
 - Bruno Pedro
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-04 00:00:00.000000000 Z
+date: 2022-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -22,34 +22,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.2
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.2
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.12'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.12'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -159,7 +153,7 @@ homepage: https://github.com/omniauth/omniauth-saml
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -174,9 +168,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.14
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: A generic SAML strategy for OmniAuth.
 test_files: