ruby-saml-bekk 0.3.2 → 0.3.3

data/VERSION

@@ -1 +1 @@
-0.3.2
+0.3.3

data/lib/onelogin/saml/logoutrequest.rb

@@ -1,36 +1,36 @@
-require 'base64'
 require 'uuid'
-require 'cgi'
 
 module Onelogin::Saml
   class Logoutrequest
+    include Codeing
     attr_reader :transaction_id
 
     def initialize
       @transaction_id = UUID.new.generate
     end
 
-    def create(settings,nameid,params={})
+    def create(settings, params={})
       issue_instant = Onelogin::Saml::Logoutrequest.timestamp
 
-      request = xml(settings, nameid, issue_instant)
+      request = xml(settings, issue_instant)
  
-      deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]
-      base64_request    = Base64.encode64(deflated_request)  
+      deflated_request  = deflate(request)
+      base64_request    = encode(deflated_request)
       params["SAMLRequest"] = base64_request
-      query_string = params.map {|key, value| "#{key}=#{CGI.escape(value)}"}.join("&")
+      query_string = params.map {|key, value| "#{key}=#{escape(value)}"}.join("&")
 
       settings.idp_slo_target_url + "?#{query_string}"
      end
 
-    def xml(settings, nameid, issue_instant)
+    def xml(settings, issue_instant)
       request = <<-EOF
         <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
             ID="#{transaction_id}" Version="2.0" IssueInstant="#{issue_instant}">
                 <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#{settings.issuer}</saml:Issuer>
                 <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                     NameQualifier="#{settings.sp_name_qualifier}"
-                    Format="#{settings.name_identifier_format}">#{nameid}</saml:NameID>
+                    Format="#{settings.name_identifier_format}">#{settings.name_id}</saml:NameID>
+            <samlp:SessionIndex xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">#{settings.sessionindex}</samlp:SessionIndex>
         </samlp:LogoutRequest>
       EOF
 

data/lib/onelogin/saml/logoutresponse.rb

@@ -24,6 +24,11 @@ module Onelogin
         document.elements["/samlp:LogoutResponse"].attributes["InResponseTo"]
       end
 
+      def success?
+        document.elements["/samlp:LogoutResponse/samlp:Status/samlp:StatusCode"].attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
+        
+      end
+
     protected
       def document
         REXML::Document.new(@response)

data/lib/onelogin/saml/response.rb

@@ -43,6 +43,10 @@ module Onelogin::Saml
       @expires_at ||= Time.parse(document.elements["/samlp:Response/saml:Assertion/saml:AuthnStatement"].attributes["SessionNotOnOrAfter"])
     end
 
+    def sessionindex
+      document.elements["/samlp:Response/saml:Assertion/saml:AuthnStatement"].attributes["SessionIndex"]
+    end
+
   private
 
     def make_hash_access_indiferent(hash)

data/lib/onelogin/saml/settings.rb

@@ -3,7 +3,6 @@ module Onelogin::Saml
     attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
     attr_accessor :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
     attr_accessor :idp_slo_target_url
-
-    SLO_ELEMENT_PATH = "/EntityDescriptor/IDPSSODescriptor/SingleLogoutService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']"
+    attr_accessor :sessionindex, :name_id
   end
 end

data/test/ruby-saml_test.rb

@@ -11,7 +11,7 @@ class RubySamlTest < Test::Unit::TestCase
     end
     should "should provide getters and settings" do
       accessors = [
-        :assertion_consumer_service_url, :issuer, :sp_name_qualifier, :sp_name_qualifier,
+        :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
         :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
       ]
 
@@ -82,6 +82,13 @@ class RubySamlTest < Test::Unit::TestCase
       end
     end
 
+    context "#sessionindex" do
+      should "get the sessionindex" do
+        response = Onelogin::Saml::Response.new(response_document)
+        assert_equal "_531c32d283bdff7e04e487bcdbc4dd8d", response.sessionindex
+      end
+    end
+
     context "#session_expires_at" do
       should "extract the value of the SessionNotOnOrAfter attribute" do
         response = Onelogin::Saml::Response.new(response_document)
@@ -127,7 +134,9 @@ class RubySamlTest < Test::Unit::TestCase
     should "generate a correct logout request" do
       logoutrequest = Onelogin::Saml::Logoutrequest.new
 
-      logout_xml = logoutrequest.xml(@settings, "demo", "test")
+      @settings.name_id = "demo"
+      @settings.sessionindex = "s2c8e391dbfcb2f71796595c803cf8b4079119ff01"
+      logout_xml = logoutrequest.xml(@settings, "test")
 
       expected_xml = <<-EOF
     <samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
@@ -136,6 +145,7 @@ class RubySamlTest < Test::Unit::TestCase
                 <saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"
                     NameQualifier=\"sp name\"
                     Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">demo</saml:NameID>
+            <samlp:SessionIndex xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">s2c8e391dbfcb2f71796595c803cf8b4079119ff01</samlp:SessionIndex>
         </samlp:LogoutRequest>
       EOF
 
@@ -145,9 +155,11 @@ class RubySamlTest < Test::Unit::TestCase
 
     should "generate a correct request" do
       logoutrequest = Onelogin::Saml::Logoutrequest.new
-      logout_url = logoutrequest.create(@settings, "demo")
+      @settings.name_id = "demo"
+      @settings.sessionindex = "sessionindex"
+      logout_url = logoutrequest.create(@settings, {})
 
-      expected_url = "http://slotarget.com/?SAMLRequest=nZFbS8QwEIXf91eEea%2FWUmQbtgVhEQqroILv03S6BJqkZqbgz7cX0fW2D57H%0Aycl35jBKrdoxun7Qh3AMozzSy0gs6tX1nvXyUsIYvQ7IlrVHR6zF6Kebu4PO%0ALlI9xCDBhB426kT1voQWr%2FOGmjTJ0ORJepVRgoUpknzbGLOlosvzFtQzRbbB%0AlzDBQNXMI9WeBb2UIHZKE3QNVF%2FoH1vrxR9Ptj2%2FLDJTlCkOKrv83F2eYP4K%0AuZ849f4fIT94s2baw4i97SzFEnhQM%2BJ3722IDuV83DyxbdItVi0RPVvyAlVL%0ALrz3Wxt89lvH325ebd4A%0A"
+      expected_url = "http://slotarget.com/?SAMLRequest=nZJNa8MwDEDv%2FRXG92xZCKMxTWBQBoFusBV2VxxlGGI7sxToz18%2Bui1hWw%2FV%0A0ZbekywLMceOwLadOvh33%2FMrfvRILE62daSmm1z2wSkPZEg5sEiKtTo%2BPB1U%0AchOrLnj22rdyIxZR7nNZw31aYRVHCeg0iu8SjCDTWZRuK623mDVpWkvxhoGM%0Ad7kcYFKURD2Wjhgc55LNYGOwlSxW9O%2Bu1ZQfFt1ebhaIMPCgk4WZKne3C8x%2F%0AkueBU%2B6vkPzijTHSXnpoTWMw5JI6MSL%2Bzn30wQJf1o0npo6aKVVxAEcGHcui%0ARuvP880TrOc7r%2F2INL5%2F6Wo8XbH1guZ6M9bPtjXzR%2Fp1u%2FpoxeYT%0A"
       assert_equal expected_url, logout_url
     end
 
@@ -166,7 +178,7 @@ class RubySamlTest < Test::Unit::TestCase
                           <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{issuer}</saml:Issuer>
                           <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
                           <samlp:StatusCode  xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
-                          Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\">
+                          Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\">
                           </samlp:StatusCode>
                           </samlp:Status>
                           </samlp:LogoutResponse>"
@@ -177,6 +189,28 @@ class RubySamlTest < Test::Unit::TestCase
 
       assert_equal logoutresponse.issuer, issuer
       assert_equal logoutresponse.in_response_to, transaction_id
+      assert_equal true, logoutresponse.success?
+    end
+
+    should "validate the a failing response" do
+
+      
+      logout_xml = "<samlp:LogoutResponse  xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+                          ID=\"sedf164edc2121a23d4ca4b31d35261e5563dc352\" Version=\"2.0\"
+                          IssueInstant=\"2011-03-07T14:43:34Z\" Destination=\"http://localhost:3000/saml/consume_logout\"
+                          InResponseTo=\"adflkjalkfjalsdfjlaskjdf\">
+                          <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://test-idp.test.no:443/issuer</saml:Issuer>
+                          <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
+                          <samlp:StatusCode  xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+                          Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\">
+                          </samlp:StatusCode>
+                          </samlp:Status>
+                          </samlp:LogoutResponse>"
+
+
+      logoutresponse = Onelogin::Saml::Logoutresponse.new(encode(deflate(logout_xml)))
+
+      assert_equal false, logoutresponse.success?
     end
   end
 

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 3
-  - 2
-  version: 0.3.2
+  - 3
+  version: 0.3.3
 platform: ruby
 authors: 
 - OneLogin LLC