ruby-saml-for-portal 0.3.6 → 0.3.7
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/onelogin/saml/authrequest.rb +8 -14
- data/lib/onelogin/saml/logout_request.rb +7 -20
- data/lib/onelogin/saml/settings.rb +1 -8
- data/lib/xml_security.rb +10 -1
- data/ruby-saml-for-portal.gemspec +1 -1
- metadata +13 -13
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.3.
|
1
|
+
0.3.7
|
@@ -5,28 +5,22 @@ require "cgi"
|
|
5
5
|
|
6
6
|
module Onelogin::Saml
|
7
7
|
class Authrequest
|
8
|
-
def create(settings
|
8
|
+
def create(settings)
|
9
9
|
uuid = "_" + UUID.new.generate
|
10
10
|
time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
|
11
|
-
|
12
11
|
request =
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
"<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
|
18
|
-
"</samlp:AuthnRequest>"
|
12
|
+
"<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" Destination=\"#{settings.idp_sso_target_url}\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\">" +
|
13
|
+
"<saml:Issuer>#{settings.issuer}</saml:Issuer>" +
|
14
|
+
"<samlp:NameIDPolicy Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"/>" +
|
15
|
+
"</samlp:AuthnRequest>"
|
19
16
|
|
20
17
|
deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
|
21
18
|
base64_request = Base64.encode64(deflated_request)
|
22
19
|
encoded_request = CGI.escape(base64_request)
|
23
|
-
request_params = "
|
24
|
-
|
25
|
-
params.each_pair do |key, value|
|
26
|
-
request_params << "&#{key}=#{CGI.escape(value.to_s)}"
|
27
|
-
end
|
20
|
+
request_params = "SAMLRequest=" + encoded_request
|
28
21
|
|
29
|
-
|
22
|
+
request_params = XMLSecurity.sign_query(request_params, settings)
|
23
|
+
settings.idp_sso_target_url + "?" + request_params
|
30
24
|
end
|
31
25
|
|
32
26
|
end
|
@@ -5,12 +5,12 @@ require "cgi"
|
|
5
5
|
|
6
6
|
module Onelogin::Saml
|
7
7
|
class Logoutrequest
|
8
|
-
def create(name_id,session_index,settings
|
8
|
+
def create(name_id,session_index,settings)
|
9
9
|
uuid = "_" + UUID.new.generate
|
10
10
|
time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
|
11
11
|
|
12
12
|
request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"+
|
13
|
-
"<saml2p:LogoutRequest Destination= \"#{settings.
|
13
|
+
"<saml2p:LogoutRequest Destination= \"#{settings.idp_slo_target_url}\" ID=\"#{uuid}\" IssueInstant=\"#{time}\" Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\">" +
|
14
14
|
"<saml2:Issuer>#{settings.issuer}</saml2:Issuer>" +
|
15
15
|
"<saml2:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">#{name_id}</saml2:NameID>" +
|
16
16
|
"<saml2p:SessionIndex>#{session_index}</saml2p:SessionIndex>" +
|
@@ -19,24 +19,11 @@ module Onelogin::Saml
|
|
19
19
|
deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
|
20
20
|
base64_request = Base64.encode64(deflated_request)
|
21
21
|
encoded_request = CGI.escape(base64_request)
|
22
|
-
request_params = "
|
22
|
+
request_params = "SAMLRequest=" + encoded_request
|
23
23
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
request_params << "&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=#{sign_request_xml(request, settings)}"
|
28
|
-
settings.idp_ssl_target_url + request_params
|
24
|
+
request_params = XMLSecurity.sign_query(request_params, settings)
|
25
|
+
request_params << XMLSecurity.return_to(settings.return_to_url) unless settings.return_to_url.blank?
|
26
|
+
settings.idp_slo_target_url + "?" + request_params
|
29
27
|
end
|
30
|
-
|
31
|
-
def sign_request_xml(xml_request, settings)
|
32
|
-
sig = settings.private_key.sign(OpenSSL::Digest::SHA1.new, xml_request)
|
33
|
-
Base64.encode64(sig).gsub(/\n/, '')
|
34
|
-
end
|
35
|
-
|
36
|
-
def xml
|
37
|
-
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
38
|
-
<saml2p:LogoutRequest Destination=\"https://sia-dev.egov.at-consulting.ru/idp/profile/SAML2/Redirect/SLO\" ID=\"_d1c51491-5966-4a60-9113-386d04734df5\" IssueInstant=\"2011-08-17T12:30:51.744Z\" Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\"><saml2:Issuer>http://saml.pgu-dev.egov.at-consulting.ru</saml2:Issuer><saml2:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">_52874221a2fc2732af462bd3fa18c4f9</saml2:NameID><saml2p:SessionIndex>eca05eca7415ebb74858c6dcac7a4b2d6cf862534c5f6251c685851a1cec8af4</saml2p:SessionIndex></saml2p:LogoutRequest>"
|
39
|
-
end
|
40
|
-
|
41
28
|
end
|
42
|
-
end
|
29
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module Onelogin::Saml
|
2
2
|
class Settings
|
3
3
|
attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
|
4
|
-
attr_accessor :idp_sso_target_url, :
|
4
|
+
attr_accessor :idp_sso_target_url, :idp_slo_target_url, :idp_cert_fingerprint, :name_identifier_format, :return_to_url
|
5
5
|
|
6
6
|
def private_key=(private_key_path)
|
7
7
|
@private_key = OpenSSL::PKey::RSA.new(File.read(private_key_path))
|
@@ -19,12 +19,5 @@ module Onelogin::Saml
|
|
19
19
|
@idp_public_cert
|
20
20
|
end
|
21
21
|
|
22
|
-
# def private_key_logout_sign=(private_key_path)
|
23
|
-
# @private_key_logout_sign = OpenSSL::PKey::RSA.new(File.read(private_key_path))
|
24
|
-
# end
|
25
|
-
#
|
26
|
-
# def private_key_logout_sign
|
27
|
-
# @private_key_logout_sign
|
28
|
-
# end
|
29
22
|
end
|
30
23
|
end
|
data/lib/xml_security.rb
CHANGED
@@ -32,6 +32,16 @@ require 'rsa_ext'
|
|
32
32
|
|
33
33
|
module XMLSecurity
|
34
34
|
|
35
|
+
def self.sign_query(request_params, settings)
|
36
|
+
request_params = request_params + "&" + "SigAlg=" + CGI.escape('http://www.w3.org/2000/09/xmldsig#rsa-sha1')
|
37
|
+
request_params << "&" + "Signature=" + CGI.escape(Base64.encode64(settings.private_key.sign(OpenSSL::Digest::SHA1.new, request_params)))
|
38
|
+
request_params
|
39
|
+
end
|
40
|
+
|
41
|
+
def self.return_to(uri_string)
|
42
|
+
"&" + "returnTo=" + CGI.escape(uri_string)
|
43
|
+
end
|
44
|
+
|
35
45
|
class SignedDocument < REXML::Document
|
36
46
|
|
37
47
|
def validate (idp_cert_fingerprint, logger = nil, private_key = nil)
|
@@ -139,6 +149,5 @@ module XMLSecurity
|
|
139
149
|
padding = out.bytes.to_a.last
|
140
150
|
self.class.new(out[0..-(padding + 1)])
|
141
151
|
end
|
142
|
-
|
143
152
|
end
|
144
153
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-saml-for-portal
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.7
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2011-03-08 00:00:00.000000000Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: xmlcanonicalizer
|
16
|
-
requirement: &
|
16
|
+
requirement: &20721940 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ~>
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 0.1.1
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *20721940
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: uuid
|
27
|
-
requirement: &
|
27
|
+
requirement: &20721320 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ~>
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 2.3.3
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *20721320
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: systemu
|
38
|
-
requirement: &
|
38
|
+
requirement: &20720720 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ~>
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: 2.2.0
|
44
44
|
type: :runtime
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *20720720
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: rsa
|
49
|
-
requirement: &
|
49
|
+
requirement: &20720140 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ~>
|
@@ -54,10 +54,10 @@ dependencies:
|
|
54
54
|
version: 0.1.4
|
55
55
|
type: :runtime
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *20720140
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
59
|
name: shoulda
|
60
|
-
requirement: &
|
60
|
+
requirement: &20719540 !ruby/object:Gem::Requirement
|
61
61
|
none: false
|
62
62
|
requirements:
|
63
63
|
- - ! '>='
|
@@ -65,10 +65,10 @@ dependencies:
|
|
65
65
|
version: '0'
|
66
66
|
type: :development
|
67
67
|
prerelease: false
|
68
|
-
version_requirements: *
|
68
|
+
version_requirements: *20719540
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: mocha
|
71
|
-
requirement: &
|
71
|
+
requirement: &20718940 !ruby/object:Gem::Requirement
|
72
72
|
none: false
|
73
73
|
requirements:
|
74
74
|
- - ! '>='
|
@@ -76,7 +76,7 @@ dependencies:
|
|
76
76
|
version: '0'
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
|
-
version_requirements: *
|
79
|
+
version_requirements: *20718940
|
80
80
|
description: SAML toolkit for Ruby on Rails
|
81
81
|
email: support@onelogin.com
|
82
82
|
executables: []
|