ruby-saml-for-portal 0.3.6 → 0.3.7

data/VERSION

@@ -1 +1 @@
-0.3.2 p
+0.3.7

data/lib/onelogin/saml/authrequest.rb

@@ -5,28 +5,22 @@ require "cgi"
 
 module Onelogin::Saml
   class Authrequest
-    def create(settings, params = {})
+    def create(settings)
       uuid = "_" + UUID.new.generate
       time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
-
       request =
-        "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
-        "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
-        "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
-        "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
-        "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
-        "</samlp:AuthnRequest>"
+          "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" Destination=\"#{settings.idp_sso_target_url}\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\">" +
+          "<saml:Issuer>#{settings.issuer}</saml:Issuer>" +
+          "<samlp:NameIDPolicy Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"/>" +
+          "</samlp:AuthnRequest>"
       
       deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]
       base64_request    = Base64.encode64(deflated_request)
       encoded_request   = CGI.escape(base64_request)
-      request_params    = "?SAMLRequest=" + encoded_request
-
-      params.each_pair do |key, value|
-        request_params << "&#{key}=#{CGI.escape(value.to_s)}"
-      end
+      request_params    = "SAMLRequest=" + encoded_request
 
-      settings.idp_sso_target_url + request_params
+      request_params = XMLSecurity.sign_query(request_params, settings)
+      settings.idp_sso_target_url + "?" + request_params
     end
 
   end

data/lib/onelogin/saml/logout_request.rb

@@ -5,12 +5,12 @@ require "cgi"
 
 module Onelogin::Saml
   class Logoutrequest
-    def create(name_id,session_index,settings, params = {})
+    def create(name_id,session_index,settings)
       uuid = "_" + UUID.new.generate
       time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
 
       request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"+
-                "<saml2p:LogoutRequest Destination= \"#{settings.idp_ssl_target_url}\" ID=\"#{uuid}\" IssueInstant=\"#{time}\" Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\">" +
+                "<saml2p:LogoutRequest Destination= \"#{settings.idp_slo_target_url}\" ID=\"#{uuid}\" IssueInstant=\"#{time}\" Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\">" +
                 "<saml2:Issuer>#{settings.issuer}</saml2:Issuer>" +
                 "<saml2:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">#{name_id}</saml2:NameID>" +
                 "<saml2p:SessionIndex>#{session_index}</saml2p:SessionIndex>" +
@@ -19,24 +19,11 @@ module Onelogin::Saml
       deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]
       base64_request    = Base64.encode64(deflated_request)
       encoded_request   = CGI.escape(base64_request)
-      request_params    = "?SAMLRequest=" + encoded_request
+      request_params    = "SAMLRequest=" + encoded_request
 
-      params.each_pair do |key, value|
-        request_params << "&#{key}=#{CGI.escape(value.to_s)}"
-      end
-      request_params << "&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=#{sign_request_xml(request, settings)}"
-      settings.idp_ssl_target_url + request_params
+      request_params = XMLSecurity.sign_query(request_params, settings)
+      request_params << XMLSecurity.return_to(settings.return_to_url) unless settings.return_to_url.blank?
+      settings.idp_slo_target_url + "?" + request_params
     end
-
-    def sign_request_xml(xml_request, settings)
-      sig = settings.private_key.sign(OpenSSL::Digest::SHA1.new, xml_request)
-      Base64.encode64(sig).gsub(/\n/, '')
-    end
-
-    def xml
-      "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-<saml2p:LogoutRequest Destination=\"https://sia-dev.egov.at-consulting.ru/idp/profile/SAML2/Redirect/SLO\" ID=\"_d1c51491-5966-4a60-9113-386d04734df5\" IssueInstant=\"2011-08-17T12:30:51.744Z\" Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\"><saml2:Issuer>http://saml.pgu-dev.egov.at-consulting.ru</saml2:Issuer><saml2:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">_52874221a2fc2732af462bd3fa18c4f9</saml2:NameID><saml2p:SessionIndex>eca05eca7415ebb74858c6dcac7a4b2d6cf862534c5f6251c685851a1cec8af4</saml2p:SessionIndex></saml2p:LogoutRequest>"
-    end
-
   end
-end
+end

data/lib/onelogin/saml/settings.rb

@@ -1,7 +1,7 @@
 module Onelogin::Saml
   class Settings
     attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
-    attr_accessor :idp_sso_target_url, :idp_ssl_target_url, :idp_cert_fingerprint, :name_identifier_format
+    attr_accessor :idp_sso_target_url, :idp_slo_target_url, :idp_cert_fingerprint, :name_identifier_format, :return_to_url
 
     def private_key=(private_key_path)
       @private_key =  OpenSSL::PKey::RSA.new(File.read(private_key_path))
@@ -19,12 +19,5 @@ module Onelogin::Saml
       @idp_public_cert
     end
 
-#    def private_key_logout_sign=(private_key_path)
-#      @private_key_logout_sign = OpenSSL::PKey::RSA.new(File.read(private_key_path))
-#    end
-#
-#    def private_key_logout_sign
-#      @private_key_logout_sign
-#    end
   end
 end

data/lib/xml_security.rb

@@ -32,6 +32,16 @@ require 'rsa_ext'
 
 module XMLSecurity
 
+  def self.sign_query(request_params, settings)
+    request_params = request_params + "&" + "SigAlg=" + CGI.escape('http://www.w3.org/2000/09/xmldsig#rsa-sha1')
+    request_params << "&" + "Signature=" + CGI.escape(Base64.encode64(settings.private_key.sign(OpenSSL::Digest::SHA1.new, request_params)))
+    request_params
+  end
+
+  def self.return_to(uri_string)
+    "&" + "returnTo=" + CGI.escape(uri_string)
+  end
+
   class SignedDocument < REXML::Document
 
     def validate (idp_cert_fingerprint, logger = nil, private_key = nil)
@@ -139,6 +149,5 @@ module XMLSecurity
       padding = out.bytes.to_a.last
       self.class.new(out[0..-(padding + 1)])
     end
-
   end
 end

data/ruby-saml-for-portal.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{ruby-saml-for-portal}
-  s.version = "0.3.6"
+  s.version = "0.3.7"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["OneLogin LLC"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml-for-portal
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.3.7
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2011-03-08 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: xmlcanonicalizer
-  requirement: &19026180 !ruby/object:Gem::Requirement
+  requirement: &20721940 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 0.1.1
   type: :runtime
   prerelease: false
-  version_requirements: *19026180
+  version_requirements: *20721940
 - !ruby/object:Gem::Dependency
   name: uuid
-  requirement: &19025660 !ruby/object:Gem::Requirement
+  requirement: &20721320 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 2.3.3
   type: :runtime
   prerelease: false
-  version_requirements: *19025660
+  version_requirements: *20721320
 - !ruby/object:Gem::Dependency
   name: systemu
-  requirement: &19025180 !ruby/object:Gem::Requirement
+  requirement: &20720720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,10 +43,10 @@ dependencies:
         version: 2.2.0
   type: :runtime
   prerelease: false
-  version_requirements: *19025180
+  version_requirements: *20720720
 - !ruby/object:Gem::Dependency
   name: rsa
-  requirement: &19024580 !ruby/object:Gem::Requirement
+  requirement: &20720140 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +54,10 @@ dependencies:
         version: 0.1.4
   type: :runtime
   prerelease: false
-  version_requirements: *19024580
+  version_requirements: *20720140
 - !ruby/object:Gem::Dependency
   name: shoulda
-  requirement: &19024020 !ruby/object:Gem::Requirement
+  requirement: &20719540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *19024020
+  version_requirements: *20719540
 - !ruby/object:Gem::Dependency
   name: mocha
-  requirement: &19023480 !ruby/object:Gem::Requirement
+  requirement: &20718940 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,7 +76,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *19023480
+  version_requirements: *20718940
 description: SAML toolkit for Ruby on Rails
 email: support@onelogin.com
 executables: []