omniauth-saml 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of omniauth-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 36019dbb0985207e4a8e6faa24f50abed3f707d3d4c8ad1370403e658b708730
4
- data.tar.gz: '042845e9351550c797149bfdba0f395059a0a8d590d70cdcec19828e9cc4a6c6'
3
+ metadata.gz: 032f34c12924a5666a189462f819b871c2e321891cbe23b45e56c47acdbfc53c
4
+ data.tar.gz: 17bb6e9741181862fcb34f3ca0a47084b9805aba71b3dd5dadfb951c7cd20d27
5
5
  SHA512:
6
- metadata.gz: 5f8100b1f45f5e09e778bb6ccf96bffdf041b5dc7da72a67fe5063fe30eb01c7a61481c8b5c8e3700b91af362e3a5f8915c5797d97eb3f2e3197333a1117bb49
7
- data.tar.gz: 71c78f0ff383876af1fe15d471e35ea70bedbabccc6e2b7b79bf7c6f643c5f5330bbe706b24b25c92f47fb68d85ec062c9e12819a5430cbff9e91fb7e08c3055
6
+ metadata.gz: eb87a7392dc23407ab0064b67efd4ffefd9ec3fbbca18b32e96bf973281dffb9477bffc3765d8b4c3e278df7aedca255a95aa03deb44053b33c3cfff5af9435e
7
+ data.tar.gz: 22daef0cc26447f27023c5dc2e6f816e1f79c57c0538b86ffae0f8a2ea9d08492bc351aa31838ca7b4a272ae577aea3f914a87dba0656e1ac2e098f49f034041
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ <a name="v2.1.0"></a>
2
+ ### v2.1.0 (2022-03-01)
3
+
4
+
5
+ #### Refactor
6
+
7
+ * Rename usage of deprecated SAML options ([74ed8df](/../../commit/74ed8df))
8
+
9
+ #### Chores
10
+
11
+ * bump ruby-saml to 1.12 ([15c156a](/../../commit/15c156a))
12
+
1
13
  <a name="v2.0.0"></a>
2
14
  ### v2.0.0 (2021-01-13)
3
15
 
data/README.md CHANGED
@@ -1,12 +1,11 @@
1
1
  # OmniAuth SAML
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/omniauth-saml.svg)][gem]
4
- [![Build Status](http://img.shields.io/travis/omniauth/omniauth-saml.svg)][travis]
4
+ [![Ruby](https://github.com/omniauth/omniauth-saml/actions/workflows/ruby.yml/badge.svg)](https://github.com/omniauth/omniauth-saml/actions/workflows/ruby.yml)
5
5
  [![Maintainability](https://api.codeclimate.com/v1/badges/749e17b553ea944522c1/maintainability)][codeclimate]
6
6
  [![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth-saml.svg)][coveralls]
7
7
 
8
8
  [gem]: https://rubygems.org/gems/omniauth-saml
9
- [travis]: http://travis-ci.org/omniauth/omniauth-saml
10
9
  [codeclimate]: https://codeclimate.com/github/omniauth/omniauth-saml/maintainability
11
10
  [coveralls]: https://coveralls.io/r/omniauth/omniauth-saml
12
11
 
@@ -31,9 +30,9 @@ Use the SAML strategy as a middleware in your application:
31
30
  require 'omniauth'
32
31
  use OmniAuth::Strategies::SAML,
33
32
  :assertion_consumer_service_url => "consumer_service_url",
34
- :issuer => "issuer",
35
- :idp_sso_target_url => "idp_sso_target_url",
36
- :idp_sso_target_url_runtime_params => {:original_request_param => :mapped_idp_param},
33
+ :sp_entity_id => "sp_entity_id",
34
+ :idp_sso_service_url => "idp_sso_service_url",
35
+ :idp_sso_service_url_runtime_params => {:original_request_param => :mapped_idp_param},
37
36
  :idp_cert => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
38
37
  :idp_cert_multi => {
39
38
  :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
@@ -58,9 +57,9 @@ and in `config/initializers/omniauth.rb`:
58
57
  Rails.application.config.middleware.use OmniAuth::Builder do
59
58
  provider :saml,
60
59
  :assertion_consumer_service_url => "consumer_service_url",
61
- :issuer => "rails-application",
62
- :idp_sso_target_url => "idp_sso_target_url",
63
- :idp_sso_target_url_runtime_params => {:original_request_param => :mapped_idp_param},
60
+ :sp_entity_id => "rails-application",
61
+ :idp_sso_service_url => "idp_sso_service_url",
62
+ :idp_sso_service_url_runtime_params => {:original_request_param => :mapped_idp_param},
64
63
  :idp_cert => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
65
64
  :idp_cert_multi => {
66
65
  :signing => ["-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----", ...],
@@ -72,7 +71,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
72
71
  end
73
72
  ```
74
73
 
75
- For IdP-initiated SSO, users should directly access the IdP SSO target URL. Set the `href` of your application's login link to the value of `idp_sso_target_url`. For SP-initiated SSO, link to `/auth/saml`.
74
+ For IdP-initiated SSO, users should directly access the IdP SSO service URL. Set the `href` of your application's login link to the value of `idp_sso_service_url`. For SP-initiated SSO, link to `/auth/saml`.
76
75
 
77
76
  A `OneLogin::RubySaml::Response` object is added to the `env['omniauth.auth']` extra attribute, so we can use it in the controller via `env['omniauth.auth'].extra.response_object`
78
77
 
@@ -88,13 +87,13 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
88
87
  received. If not provided, defaults to the OmniAuth callback URL (typically
89
88
  `http://example.com/auth/saml/callback`). Optional.
90
89
 
91
- * `:issuer` - The name of your application. Some identity providers might need this
90
+ * `:sp_entity_id` - The name of your application. Some identity providers might need this
92
91
  to establish the identity of the service provider requesting the login. **Required**.
93
92
 
94
- * `:idp_sso_target_url` - The URL to which the authentication request should be sent.
93
+ * `:idp_sso_service_url` - The URL to which the authentication request should be sent.
95
94
  This would be on the identity provider. **Required**.
96
95
 
97
- * `:idp_slo_target_url` - The URL to which the single logout request and response should
96
+ * `:idp_slo_service_url` - The URL to which the single logout request and response should
98
97
  be sent. This would be on the identity provider. Optional.
99
98
 
100
99
  * `:idp_slo_session_destroy` - A proc that accepts up to two parameters (the rack environment, and the session),
@@ -106,7 +105,7 @@ Note that when [integrating with Devise](#devise-integration), the URL path will
106
105
  instance will be passed to this callable if it has an arity of 1. If the value is a string,
107
106
  the string will be returned, when the `RelayState` is called. Optional.
108
107
 
109
- * `:idp_sso_target_url_runtime_params` - A dynamic mapping of request params that exist
108
+ * `:idp_sso_service_url_runtime_params` - A dynamic mapping of request params that exist
110
109
  during the request phase of OmniAuth that should to be sent to the IdP after a specific
111
110
  mapping. So for example, a param `original_request_param` with value `original_param_value`,
112
111
  could be sent to the IdP on the login request as `mapped_idp_param` with value
@@ -170,7 +169,7 @@ idp_metadata = idp_metadata_parser.parse_remote_to_hash("http://idp.example.com/
170
169
  use OmniAuth::Strategies::SAML,
171
170
  idp_metadata.merge(
172
171
  :assertion_consumer_service_url => "consumer_service_url",
173
- :issuer => "issuer"
172
+ :sp_entity_id => "sp_entity_id"
174
173
  )
175
174
  ```
176
175
 
@@ -186,7 +185,7 @@ In `config/initializers/devise.rb`:
186
185
  Devise.setup do |config|
187
186
  config.omniauth :saml,
188
187
  idp_cert_fingerprint: 'fingerprint',
189
- idp_sso_target_url: 'target_url'
188
+ idp_sso_service_url: 'idp_sso_service_url'
190
189
  end
191
190
  ```
192
191
 
@@ -196,7 +195,7 @@ Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformate
196
195
 
197
196
  Single Logout can be Service Provider initiated or Identity Provider initiated.
198
197
 
199
- For SP initiated logout, the `idp_slo_target_url` option must be set to the logout url on the IdP,
198
+ For SP initiated logout, the `idp_slo_service_url` option must be set to the logout url on the IdP,
200
199
  and users directed to `user_saml_omniauth_authorize_path + '/spslo'` after logging out locally. For
201
200
  IdP initiated logout, logout requests from the IdP should go to `/auth/saml/slo` (this can be
202
201
  advertised in metadata by setting the `single_logout_service_url` config option).
@@ -226,7 +225,7 @@ class SessionsController < Devise::SessionsController
226
225
  # ...
227
226
 
228
227
  def after_sign_out_path_for(_)
229
- if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_target_url
228
+ if session['saml_uid'] && session['saml_session_index'] && SAML_SETTINGS.idp_slo_service_url
230
229
  user_saml_omniauth_authorize_path + "/spslo"
231
230
  else
232
231
  super
@@ -13,7 +13,7 @@ module OmniAuth
13
13
  RUBYSAML_RESPONSE_OPTIONS = OneLogin::RubySaml::Response::AVAILABLE_OPTIONS
14
14
 
15
15
  option :name_identifier_format, nil
16
- option :idp_sso_target_url_runtime_params, {}
16
+ option :idp_sso_service_url_runtime_params, {}
17
17
  option :request_attributes, [
18
18
  { :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
19
19
  { :name => 'name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Full name' },
@@ -264,7 +264,7 @@ module OmniAuth
264
264
  end
265
265
 
266
266
  def other_phase_for_spslo
267
- if options.idp_slo_target_url
267
+ if options.idp_slo_service_url
268
268
  with_settings do |settings|
269
269
  redirect(generate_logout_request(settings))
270
270
  end
@@ -275,7 +275,7 @@ module OmniAuth
275
275
 
276
276
  def add_request_attributes_to(settings)
277
277
  settings.attribute_consuming_service.service_name options.attribute_service_name
278
- settings.issuer = options.issuer
278
+ settings.sp_entity_id = options.sp_entity_id
279
279
 
280
280
  options.request_attributes.each do |attribute|
281
281
  settings.attribute_consuming_service.add_attribute attribute
@@ -284,7 +284,7 @@ module OmniAuth
284
284
 
285
285
  def additional_params_for_authn_request
286
286
  {}.tap do |additional_params|
287
- runtime_request_parameters = options.delete(:idp_sso_target_url_runtime_params)
287
+ runtime_request_parameters = options.delete(:idp_sso_service_url_runtime_params)
288
288
 
289
289
  if runtime_request_parameters
290
290
  runtime_request_parameters.each_pair do |request_param_key, mapped_param_key|
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module SAML
3
- VERSION = '2.0.0'
3
+ VERSION = '2.1.0'
4
4
  end
5
5
  end
@@ -18,10 +18,10 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
18
18
  {
19
19
  :assertion_consumer_service_url => "http://localhost:9080/auth/saml/callback",
20
20
  :single_logout_service_url => "http://localhost:9080/auth/saml/slo",
21
- :idp_sso_target_url => "https://idp.sso.example.com/signon/29490",
22
- :idp_slo_target_url => "https://idp.sso.example.com/signoff/29490",
21
+ :idp_sso_service_url => "https://idp.sso.example.com/signon/29490",
22
+ :idp_slo_service_url => "https://idp.sso.example.com/signoff/29490",
23
23
  :idp_cert_fingerprint => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
24
- :idp_sso_target_url_runtime_params => {:original_param_key => :mapped_param_key},
24
+ :idp_sso_service_url_runtime_params => {:original_param_key => :mapped_param_key},
25
25
  :name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
26
26
  :request_attributes => [
27
27
  { :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
@@ -306,7 +306,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
306
306
 
307
307
  context "when response is a logout response" do
308
308
  before :each do
309
- saml_options[:issuer] = "https://idp.sso.example.com/metadata/29490"
309
+ saml_options[:sp_entity_id] = "https://idp.sso.example.com/metadata/29490"
310
310
 
311
311
  post "/auth/saml/slo", {
312
312
  SAMLResponse: load_xml(:example_logout_response),
@@ -323,7 +323,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
323
323
  subject { post "/auth/saml/slo", params, "rack.session" => { "saml_uid" => "username@example.com" } }
324
324
 
325
325
  before :each do
326
- saml_options[:issuer] = "https://idp.sso.example.com/metadata/29490"
326
+ saml_options[:sp_entity_id] = "https://idp.sso.example.com/metadata/29490"
327
327
  end
328
328
 
329
329
  let(:params) do
@@ -392,8 +392,8 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
392
392
  end
393
393
  end
394
394
 
395
- it "should give not implemented without an idp_slo_target_url" do
396
- saml_options.delete(:idp_slo_target_url)
395
+ it "should give not implemented without an idp_slo_service_url" do
396
+ saml_options.delete(:idp_slo_service_url)
397
397
  post "/auth/saml/spslo"
398
398
 
399
399
  expect(last_response.status).to eq 501
@@ -404,7 +404,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
404
404
 
405
405
  describe 'POST /auth/saml/metadata' do
406
406
  before do
407
- saml_options[:issuer] = 'http://example.com/SAML'
407
+ saml_options[:sp_entity_id] = 'http://example.com/SAML'
408
408
  post '/auth/saml/metadata'
409
409
  end
410
410
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2021-01-14 00:00:00.000000000 Z
17
+ date: 2022-03-01 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: omniauth
@@ -36,14 +36,14 @@ dependencies:
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: '1.9'
39
+ version: '1.12'
40
40
  type: :runtime
41
41
  prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - "~>"
45
45
  - !ruby/object:Gem::Version
46
- version: '1.9'
46
+ version: '1.12'
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: rake
49
49
  requirement: !ruby/object:Gem::Requirement
@@ -168,10 +168,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
168
168
  - !ruby/object:Gem::Version
169
169
  version: '0'
170
170
  requirements: []
171
- rubygems_version: 3.1.2
171
+ rubygems_version: 3.2.32
172
172
  signing_key:
173
173
  specification_version: 4
174
174
  summary: A generic SAML strategy for OmniAuth.
175
175
  test_files:
176
- - spec/spec_helper.rb
177
176
  - spec/omniauth/strategies/saml_spec.rb
177
+ - spec/spec_helper.rb