omniauth-saml 1.4.0 → 1.4.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of omniauth-saml might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +22 -0
  3. data/lib/omniauth-saml/version.rb +1 -1
  4. data/lib/omniauth/strategies/saml.rb +13 -0
  5. data/spec/omniauth/strategies/saml_spec.rb +15 -1
  6. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0bcfa19e2be2f6691b84c032354fed50f9638777
4
- data.tar.gz: 1074172e663efe15a0fad598211de088f1fc3f10
3
+ metadata.gz: 2974eb31e16837cace7a25f6b94f4fc6b0e35fb9
4
+ data.tar.gz: db9560dbfc1cfe42fe9f01ed03aad459aa11e528
5
5
  SHA512:
6
- metadata.gz: b53e494e84dd5e2640026c347962824e091773f978dd1dee0d09596a269988a142d1afdd17627581a46bd918cc4921cee526ad871740cc9cfc1a2449ce9ea130
7
- data.tar.gz: 496c67b355db754816a43f120d49091fbd0123c06bb5c877043087c0ce4ced5362a8bca9e3f8df366ec83e4fda7242dff20fffd728509a1a4dbfa5719f4d0ffc
6
+ metadata.gz: 80afb434850d5cdf2f26d3cf3612d5d5cd7b45a494faae1f721f9d127466da32db08dbcbaf2d235d4f18041728f469115e8403e60e95993828538f3363f82030
7
+ data.tar.gz: 1605a7ff623a28f00e69a649f0882bde4fb43efcc118a8df13e7ec3f808af32105ce49bd6adf43ab4c8bfd2cf8e7235ddd0c179172451b9e5a51a703ea1e28f5
data/README.md CHANGED
@@ -94,8 +94,30 @@ The service provider metadata used to ease configuration of the SAML SP in the I
94
94
  If not specified, the IdP is free to choose the name identifier format used
95
95
  in the response. Optional.
96
96
 
97
+ * `:request_attributes` - Used to build the metadata file to inform the IdP to send certain attributes
98
+ along with the SAMLResponse messages. Defaults to requesting `name`, `first_name`, `last_name` and `email`
99
+ attributes. See the `OneLogin::RubySaml::AttributeService` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for the available options for each attribute. Set to `{}` to disable this from metadata.
100
+
101
+ * `:attribute_service_name` - Name for the attribute service. Defaults to `Required attributes`.
102
+
97
103
  * See the `OneLogin::RubySaml::Settings` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for additional supported options.
98
104
 
105
+ ## Devise Integration
106
+
107
+ Straightforward integration with [Devise](https://github.com/plataformatec/devise), the widely-used authentication solution for Rails.
108
+
109
+ In `config/initializers/devise.rb`:
110
+
111
+ ```ruby
112
+ Devise.setup do |config|
113
+ config.omniauth :saml,
114
+ idp_cert_fingerprint: 'fingerprint',
115
+ idp_sso_target_url: 'target_url'
116
+ end
117
+ ```
118
+
119
+ Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview), replacing references to `facebook` with `saml`.
120
+
99
121
  ## Authors
100
122
 
101
123
  Authored by [Rajiv Aaron Manglani](http://www.rajivmanglani.com/), Raecoo Cao, Todd W Saxton, Ryan Wilcox, Steven Anderson, Nikos Dimitrakopoulos, Rudolf Vriend and [Bruno Pedro](http://brunopedro.com/).
data/lib/omniauth-saml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module SAML
3
- VERSION = '1.4.0'
3
+ VERSION = '1.4.1'
4
4
  end
5
5
  end
data/lib/omniauth/strategies/saml.rb CHANGED
@@ -8,6 +8,13 @@ module OmniAuth
8
8
 
9
9
  option :name_identifier_format, nil
10
10
  option :idp_sso_target_url_runtime_params, {}
11
+ option :request_attributes, [
12
+ { name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
13
+ { name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
14
+ { name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
15
+ { name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
16
+ ]
17
+ option :attribute_service_name, 'Required attributes'
11
18
 
12
19
  def request_phase
13
20
  options[:assertion_consumer_service_url] ||= callback_url
@@ -81,6 +88,12 @@ module OmniAuth
81
88
 
82
89
  response = OneLogin::RubySaml::Metadata.new
83
90
  settings = OneLogin::RubySaml::Settings.new(options)
91
+ if options.request_attributes.length > 0
92
+ settings.attribute_consuming_service.service_name options.attribute_service_name
93
+ options.request_attributes.each do |attribute|
94
+ settings.attribute_consuming_service.add_attribute attribute
95
+ end
96
+ end
84
97
  Rack::Response.new(response.generate(settings), 200, { "Content-Type" => "application/xml" }).finish
85
98
  else
86
99
  call_app!
data/spec/omniauth/strategies/saml_spec.rb CHANGED
@@ -20,7 +20,14 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
20
20
  :idp_sso_target_url => "https://idp.sso.target_url/signon/29490",
21
21
  :idp_cert_fingerprint => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
22
22
  :idp_sso_target_url_runtime_params => {:original_param_key => :mapped_param_key},
23
- :name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
23
+ :name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
24
+ :request_attributes => [
25
+ { name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
26
+ { name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
27
+ { name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
28
+ { name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
29
+ ],
30
+ :attribute_service_name => 'Required attributes'
24
31
  }
25
32
  end
26
33
  let(:strategy) { [OmniAuth::Strategies::SAML, saml_options] }
@@ -157,5 +164,12 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
157
164
  last_response.status.should == 200
158
165
  last_response.header["Content-Type"].should == "application/xml"
159
166
  end
167
+
168
+ it 'should configure attributes consuming service' do
169
+ last_response.body.should match /AttributeConsumingService/
170
+ last_response.body.should match /first_name/
171
+ last_response.body.should match /last_name/
172
+ last_response.body.should match /Required attributes/
173
+ end
160
174
  end
161
175
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2015-07-23 00:00:00.000000000 Z
17
+ date: 2015-08-09 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: omniauth
@@ -120,10 +120,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
120
120
  version: '0'
121
121
  requirements: []
122
122
  rubyforge_project:
123
- rubygems_version: 2.2.2
123
+ rubygems_version: 2.4.3
124
124
  signing_key:
125
125
  specification_version: 4
126
126
  summary: A generic SAML strategy for OmniAuth.
127
127
  test_files:
128
128
  - spec/omniauth/strategies/saml_spec.rb
129
129
  - spec/spec_helper.rb
130
+ has_rdoc: