RubyGems - omniauth-saml - Versions diffs - 2.0.0 → 2.2.0 - Mend

omniauth-saml 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of omniauth-saml might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +35 -0
data/README.md +20 -21
data/lib/omniauth/strategies/saml.rb +4 -4
data/lib/omniauth-saml/version.rb +1 -1
data/spec/omniauth/strategies/saml_spec.rb +9 -9
metadata +26 -32

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36019dbb0985207e4a8e6faa24f50abed3f707d3d4c8ad1370403e658b708730
-  data.tar.gz: '042845e9351550c797149bfdba0f395059a0a8d590d70cdcec19828e9cc4a6c6'
+  metadata.gz: ceb20d4b7de9b9a587366f633eaa9213e0c9488e6e71be1005d1db09bf076219
+  data.tar.gz: 3328f3ad5637d9674f2bf6ee8cf535a55ccbf6c49a27f18bf33661541f5e534f
 SHA512:
-  metadata.gz: 5f8100b1f45f5e09e778bb6ccf96bffdf041b5dc7da72a67fe5063fe30eb01c7a61481c8b5c8e3700b91af362e3a5f8915c5797d97eb3f2e3197333a1117bb49
-  data.tar.gz: 71c78f0ff383876af1fe15d471e35ea70bedbabccc6e2b7b79bf7c6f643c5f5330bbe706b24b25c92f47fb68d85ec062c9e12819a5430cbff9e91fb7e08c3055
+  metadata.gz: 3fb613e5588bfb050413c4f82af4344e31fd0e30db5e50f247f2b6710d12c4a445cfa23989fdb4403227d72728c1750d11cb9ea652c770f2b5fa8d20fa57b13e
+  data.tar.gz: 845be247c0f7b7c40f23f701266ada45d2f356a5e1c25d421eff53d4d1e4a6ec759840c53c7dc9084e62469c6073703038d7d61c2c6ae4fd78d33fb986061613

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,38 @@
+<a name="v2.2.0"></a>
+### v2.2.0 (2024-09-10)
+This release fixes:
+* [GHSA-jw9c-mfg7-9rx2](https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2)
+* [GHSA-cvp8-5r8g-fhvq](https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq)
+#### Chores
+* use semantic versioning for ruby-saml as per gem build hints ([e17f460](/../../commit/e17f460))
+<a name="v2.1.1"></a>
+### v2.1.1 (2024-09-10)
+#### Chores
+* Add Ruby 3.1 to the CI matrix ([8954310](/../../commit/8954310))
+* Add Ruby 3.2 to CI matrix ([9403366](/../../commit/9403366))
+* Fix copy-pasteability of code example ([3eb8942](/../../commit/3eb8942))
+* bump dependencies and remove ruby eol versions  ([c6fc2db](/../../commit/c6fc2db))
+* Remove old maintainer email from gemspec ([9f6daa](/../../commit/9f6daa))
+<a name="v2.1.0"></a>
+### v2.1.0 (2022-03-01)
+#### Refactor
+* Rename usage of deprecated SAML options  ([74ed8df](/../../commit/74ed8df))
+#### Chores
+* bump ruby-saml to 1.12  ([15c156a](/../../commit/15c156a))
 <a name="v2.0.0"></a>
 ### v2.0.0 (2021-01-13)

data/README.md CHANGED Viewed

@@ -1,12 +1,11 @@
 # OmniAuth SAML
 [![Gem Version](http://img.shields.io/gem/v/omniauth-saml.svg)][gem]
-[![Build Status](http://img.shields.io/travis/omniauth/omniauth-saml.svg)][travis]
+[![Ruby](https://github.com/omniauth/omniauth-saml/actions/workflows/ruby.yml/badge.svg)](https://github.com/omniauth/omniauth-saml/actions/workflows/ruby.yml)
 [![Maintainability](https://api.codeclimate.com/v1/badges/749e17b553ea944522c1/maintainability)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth-saml.svg)][coveralls]
 [gem]: https://rubygems.org/gems/omniauth-saml
-[travis]: http://travis-ci.org/omniauth/omniauth-saml
 [codeclimate]: https://codeclimate.com/github/omniauth/omniauth-saml/maintainability
 [coveralls]: https://coveralls.io/r/omniauth/omniauth-saml
@@ -16,8 +15,8 @@ https://github.com/omniauth/omniauth-saml
 ## Requirements
-* [OmniAuth](http://www.omniauth.org/) 1.3+
-* Ruby 2.4.x+
+* [OmniAuth](http://www.omniauth.org/) 2.1+
+* Ruby 3.1.x+
 ## Versioning
@@ -31,14 +30,14 @@ Use the SAML strategy as a middleware in your application:
 require 'omniauth'
 use OmniAuth::Strategies::SAML,
   :assertion_consumer_service_url     => "consumer_service_url",
-  :issuer                             => "issuer",
-  :idp_sso_target_url                 => "idp_sso_target_url",
-  :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
+  :sp_entity_id                       => "sp_entity_id",
+  :idp_sso_service_url                => "idp_sso_service_url",
+  :idp_sso_service_url_runtime_params => {:original_request_param => :mapped_idp_param},
   :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
   :idp_cert_multi                     => {
                                            :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
                                            :encryption => []
-                                         }
+                                         },
   :idp_cert_fingerprint               => "E7:91:B2:E1:...",
   :idp_cert_fingerprint_validator     => lambda { |fingerprint| fingerprint },
   :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
@@ -58,21 +57,21 @@ and in `config/initializers/omniauth.rb`:
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :saml,
     :assertion_consumer_service_url     => "consumer_service_url",
-    :issuer                             => "rails-application",
-    :idp_sso_target_url                 => "idp_sso_target_url",
-    :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
+    :sp_entity_id                       => "rails-application",
+    :idp_sso_service_url                => "idp_sso_service_url",
+    :idp_sso_service_url_runtime_params => {:original_request_param => :mapped_idp_param},
     :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
     :idp_cert_multi                     => {
                                              :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
                                              :encryption => []
-                                           }
+                                           },
     :idp_cert_fingerprint               => "E7:91:B2:E1:...",
     :idp_cert_fingerprint_validator     => lambda { |fingerprint| fingerprint },
     :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
 end
 ```
-For IdP-initiated SSO, users should directly access the IdP SSO target URL. Set the `href` of your application's login link to the value of `idp_sso_target_url`. For SP-initiated SSO, link to `/auth/saml`.
+For IdP-initiated SSO, users should directly access the IdP SSO service URL. Set the `href` of your application's login link to the value of `idp_sso_service_url`. For SP-initiated SSO, link to `/auth/saml`.
 A `OneLogin::RubySaml::Response` object is added to the `env['omniauth.auth']` extra attribute, so we can use it in the controller via `env['omniauth.auth'].extra.response_object`
@@ -88,13 +87,13 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
   received. If not provided, defaults to the OmniAuth callback URL (typically
   `http://example.com/auth/saml/callback`). Optional.
-* `:issuer` - The name of your application. Some identity providers might need this
+* `:sp_entity_id` - The name of your application. Some identity providers might need this
   to establish the identity of the service provider requesting the login. **Required**.
-* `:idp_sso_target_url` - The URL to which the authentication request should be sent.
+* `:idp_sso_service_url` - The URL to which the authentication request should be sent.
   This would be on the identity provider. **Required**.
-* `:idp_slo_target_url` - The URL to which the single logout request and response should
+* `:idp_slo_service_url` - The URL to which the single logout request and response should
   be sent. This would be on the identity provider. Optional.
 * `:idp_slo_session_destroy` - A proc that accepts up to two parameters (the rack environment, and the session),
@@ -106,7 +105,7 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
   instance will be passed to this callable if it has an arity of 1. If the value is a string,
   the string will be returned, when the `RelayState` is called. Optional.
-* `:idp_sso_target_url_runtime_params` - A dynamic mapping of request params that exist
+* `:idp_sso_service_url_runtime_params` - A dynamic mapping of request params that exist
   during the request phase of OmniAuth that should to be sent to the IdP after a specific
   mapping. So for example, a param `original_request_param` with value `original_param_value`,
   could be sent to the IdP on the login request as `mapped_idp_param` with value
@@ -170,7 +169,7 @@ idp_metadata = idp_metadata_parser.parse_remote_to_hash("http://idp.example.com/
 use OmniAuth::Strategies::SAML,
   idp_metadata.merge(
     :assertion_consumer_service_url => "consumer_service_url",
-    :issuer                         => "issuer"
+    :sp_entity_id                   => "sp_entity_id"
   )
 ```
@@ -186,7 +185,7 @@ In `config/initializers/devise.rb`:
 Devise.setup do |config|
   config.omniauth :saml,
     idp_cert_fingerprint: 'fingerprint',
-    idp_sso_target_url: 'target_url'
+    idp_sso_service_url: 'idp_sso_service_url'
 end
 ```
@@ -196,7 +195,7 @@ Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformate
 Single Logout can be Service Provider initiated or Identity Provider initiated.
-For SP initiated logout, the `idp_slo_target_url` option must be set to the logout url on the IdP,
+For SP initiated logout, the `idp_slo_service_url` option must be set to the logout url on the IdP,
 and users directed to `user_saml_omniauth_authorize_path + '/spslo'` after logging out locally. For
 IdP initiated logout, logout requests from the IdP should go to `/auth/saml/slo` (this can be
 advertised in metadata by setting the `single_logout_service_url` config option).
@@ -226,7 +225,7 @@ class SessionsController < Devise::SessionsController
   # ...
   def after_sign_out_path_for(_)
-    if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_target_url
+    if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_service_url
       user_saml_omniauth_authorize_path + "/spslo"
     else
       super

data/lib/omniauth/strategies/saml.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module OmniAuth
       RUBYSAML_RESPONSE_OPTIONS = OneLogin::RubySaml::Response::AVAILABLE_OPTIONS
       option :name_identifier_format, nil
-      option :idp_sso_target_url_runtime_params, {}
+      option :idp_sso_service_url_runtime_params, {}
       option :request_attributes, [
         { :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
         { :name => 'name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Full name' },
@@ -264,7 +264,7 @@ module OmniAuth
       end
       def other_phase_for_spslo
-        if options.idp_slo_target_url
+        if options.idp_slo_service_url
           with_settings do |settings|
             redirect(generate_logout_request(settings))
           end
@@ -275,7 +275,7 @@ module OmniAuth
       def add_request_attributes_to(settings)
         settings.attribute_consuming_service.service_name options.attribute_service_name
-        settings.issuer = options.issuer
+        settings.sp_entity_id = options.sp_entity_id
         options.request_attributes.each do |attribute|
           settings.attribute_consuming_service.add_attribute attribute
@@ -284,7 +284,7 @@ module OmniAuth
       def additional_params_for_authn_request
         {}.tap do |additional_params|
-          runtime_request_parameters = options.delete(:idp_sso_target_url_runtime_params)
+          runtime_request_parameters = options.delete(:idp_sso_service_url_runtime_params)
           if runtime_request_parameters
             runtime_request_parameters.each_pair do |request_param_key, mapped_param_key|

data/lib/omniauth-saml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OmniAuth
   module SAML
-    VERSION = '2.0.0'
+    VERSION = '2.2.0'
   end
 end

data/spec/omniauth/strategies/saml_spec.rb CHANGED Viewed

@@ -18,10 +18,10 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
     {
       :assertion_consumer_service_url     => "http://localhost:9080/auth/saml/callback",
       :single_logout_service_url          => "http://localhost:9080/auth/saml/slo",
-      :idp_sso_target_url                 => "https://idp.sso.example.com/signon/29490",
-      :idp_slo_target_url                 => "https://idp.sso.example.com/signoff/29490",
+      :idp_sso_service_url                => "https://idp.sso.example.com/signon/29490",
+      :idp_slo_service_url                => "https://idp.sso.example.com/signoff/29490",
       :idp_cert_fingerprint               => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
-      :idp_sso_target_url_runtime_params  => {:original_param_key => :mapped_param_key},
+      :idp_sso_service_url_runtime_params => {:original_param_key => :mapped_param_key},
       :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
       :request_attributes                 => [
         { :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
@@ -306,7 +306,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
     context "when response is a logout response" do
       before :each do
-        saml_options[:issuer] = "https://idp.sso.example.com/metadata/29490"
+        saml_options[:sp_entity_id] = "https://idp.sso.example.com/metadata/29490"
         post "/auth/saml/slo", {
           SAMLResponse: load_xml(:example_logout_response),
@@ -323,7 +323,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
       subject { post "/auth/saml/slo", params, "rack.session" => { "saml_uid" => "username@example.com" } }
       before :each do
-        saml_options[:issuer] = "https://idp.sso.example.com/metadata/29490"
+        saml_options[:sp_entity_id] = "https://idp.sso.example.com/metadata/29490"
       end
       let(:params) do
@@ -392,8 +392,8 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
         end
       end
-      it "should give not implemented without an idp_slo_target_url" do
-        saml_options.delete(:idp_slo_target_url)
+      it "should give not implemented without an idp_slo_service_url" do
+        saml_options.delete(:idp_slo_service_url)
         post "/auth/saml/spslo"
         expect(last_response.status).to eq 501
@@ -404,13 +404,13 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
   describe 'POST /auth/saml/metadata' do
     before do
-      saml_options[:issuer] = 'http://example.com/SAML'
+      saml_options[:sp_entity_id] = 'http://example.com/SAML'
       post '/auth/saml/metadata'
     end
     it 'should get SP metadata page' do
       expect(last_response.status).to eq 200
-      expect(last_response.header["Content-Type"]).to eq "application/xml"
+      expect(last_response.headers["Content-Type"]).to eq "application/xml"
     end
     it 'should configure attributes consuming service' do

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-saml
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-14 00:00:00.000000000 Z
+date: 2024-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -22,120 +22,114 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.17'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.17'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.3.3
+        version: '13.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.3.3
+        version: '13.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.13'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: conventional-changelog
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.23
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.23
+        version: '0.8'
 description: A generic SAML strategy for OmniAuth.
-email: rajiv@alum.mit.edu
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -161,17 +155,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.5.15
 signing_key:
 specification_version: 4
 summary: A generic SAML strategy for OmniAuth.
 test_files:
-- spec/spec_helper.rb
 - spec/omniauth/strategies/saml_spec.rb
+- spec/spec_helper.rb