ruby-saml-idp 0.2 → 0.2.5

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -14,7 +14,7 @@ Add this to your Gemfile:
14
14
 
15
15
  ### Not using rails?
16
16
 
17
- Include `SamlIdp::Controller` and see the examples that use rails. It should be straightforward for you. Basically you call `decode_SAMLRequest(params[:SAMLRequest])` and then use the value `saml_acs_url` to determine the source for which you need to authenticate a user. Once a user has successfully authenticated on your system send the Service Provider a SAMLReponse by posting to `saml_acs_url` the parameter `SAMLResponse` with the return value from a call to `create_SAMLResponse(user_email, audience_uri, issuer_uri)`
17
+ Include `SamlIdp::Controller` and see the examples that use rails. It should be straightforward for you. Basically you call `decode_SAMLRequest(params[:SAMLRequest])` and then use the value `saml_acs_url` to determine the source for which you need to authenticate a user. Once a user has successfully authenticated on your system send the Service Provider a SAMLReponse by posting to `saml_acs_url` the parameter `SAMLResponse` with the return value from a call to `encode_SAMLResponse(user_email)`
18
18
 
19
19
  ### Using rails?
20
20
 
@@ -38,7 +38,7 @@ class SamlIdpController < SamlIdp::IdpController
38
38
  end
39
39
 
40
40
  def idp_make_saml_response(user)
41
- create_SAMLResponse(user.email, "https://example.com")
41
+ encode_SAMLResponse(user.email)
42
42
  end
43
43
 
44
44
  private
@@ -56,7 +56,7 @@ end
56
56
  Keys and Secrets
57
57
  ----------------
58
58
 
59
- To generate the SAML Response it uses a default X.509 certificate and secret key... which isn't so secret. You can find them in `SamlIdp::Default`. The X.509 certificate is valid until year 2032. Obviously you shouldn't use these if you intend to use this in production environments. In that case, within the controller set the properties `x509_certificate` and `secret_key` using a `prepend_before_filter` callback.
59
+ To generate the SAML Response it uses a default X.509 certificate and secret key... which isn't so secret. You can find them in `SamlIdp::Default`. The X.509 certificate is valid until year 2032. Obviously you shouldn't use these if you intend to use this in production environments. In that case, within the controller set the properties `x509_certificate` and `secret_key` using a `prepend_before_filter` callback within the current request context or set them globally via the `SamlIdp.x509_certificate` and `SamlIdp.secret_key` properties.
60
60
 
61
61
  The fingerprint to use, if you use the default X.509 certificate of this gem, is:
62
62
 
data/lib/ruby-saml-idp.rb CHANGED
@@ -1,4 +1,24 @@
1
- require 'saml-idp/controller'
2
- require 'saml-idp/default'
3
- require 'saml-idp/version'
4
- require 'saml-idp/rails' if defined?(::Rails) && Rails::VERSION::MAJOR > 2
1
+ module SamlIdp
2
+ autoload :Controller, 'saml-idp/controller'
3
+ autoload :Default, 'saml-idp/default'
4
+ autoload :Engine, 'saml-idp/engine'
5
+ autoload :Version, 'saml-idp/version'
6
+
7
+ def self.x509_certificate
8
+ @@x509_certificate
9
+ end
10
+ def self.x509_certificate=(x509_certificate)
11
+ @@x509_certificate = x509_certificate
12
+ end
13
+ @@x509_certificate = Default::X509_CERTIFICATE
14
+
15
+ def self.secret_key
16
+ @@secret_key
17
+ end
18
+ def self.secret_key=(secret_key)
19
+ @@secret_key = secret_key
20
+ end
21
+ @@secret_key = Default::SECRET_KEY
22
+
23
+ end
24
+
@@ -13,12 +13,12 @@ module SamlIdp
13
13
 
14
14
  def x509_certificate
15
15
  return @x509_certificate if defined?(@x509_certificate)
16
- @x509_certificate = SamlIdp::Default::X509_CERTIFICATE
16
+ @x509_certificate = SamlIdp.x509_certificate
17
17
  end
18
18
 
19
19
  def secret_key
20
20
  return @secret_key if defined?(@secret_key)
21
- @secret_key = SamlIdp::Default::SECRET_KEY
21
+ @secret_key = SamlIdp.secret_key
22
22
  end
23
23
 
24
24
  protected
@@ -36,9 +36,11 @@ module SamlIdp
36
36
  @saml_acs_url = text[/AssertionConsumerServiceURL='(.+?)'/, 1]
37
37
  end
38
38
 
39
- def create_SAMLResponse(nameID, audience_uri, issuer_uri = "#{request.scheme}://#{request.host_with_port}#{request.fullpath}")
39
+ def encode_SAMLResponse(nameID, opts = {})
40
40
  now = Time.now.utc
41
41
  response_id, reference_id = UUID.generate, UUID.generate
42
+ audience_uri = opts[:audience_uri] || saml_acs_url[/^(.*?\/\/.*?\/)/, 1]
43
+ issuer_uri = opts[:issuer_uri] || (defined?(request) && request.url) || "http://example.com"
42
44
 
43
45
  assertion = %[<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_#{reference_id}" IssueInstant="#{now.iso8601}" Version="2.0"><Issuer>#{issuer_uri}</Issuer><Subject><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">#{nameID}</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="#{@saml_request_id}" NotOnOrAfter="#{(now+3*60).iso8601}" Recipient="#{@saml_acs_url}"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore="#{(now-5).iso8601}" NotOnOrAfter="#{(now+60*60).iso8601}"><AudienceRestriction><Audience>#{audience_uri}</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><AttributeValue>#{nameID}</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="#{now.iso8601}" SessionIndex="_#{reference_id}"><AuthnContext><AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>]
44
46
 
@@ -0,0 +1,4 @@
1
+ module SamlIdp
2
+ class Engine < Rails::Engine
3
+ end
4
+ end if defined?(::Rails) && Rails::VERSION::MAJOR > 2
@@ -1,3 +1,3 @@
1
1
  module SamlIdp
2
- VERSION = '0.2'
2
+ VERSION = '0.2.5'
3
3
  end
@@ -25,11 +25,11 @@ describe SamlIdp::Controller do
25
25
  auth_url = auth_request.create(saml_config)
26
26
  params[:SAMLRequest] = CGI.unescape(auth_url.split("=").last)
27
27
  validate_saml_request
28
- saml_response = create_SAMLResponse("foo@example.com", "https://idp.com/saml/idp", "https://idp.com")
28
+ saml_response = encode_SAMLResponse("foo@example.com")
29
29
 
30
30
  response = Onelogin::Saml::Response.new(saml_response)
31
31
  response.name_id.should == "foo@example.com"
32
- response.issuer.should == "https://idp.com"
32
+ response.issuer.should == "http://example.com"
33
33
  response.settings = saml_config
34
34
  response.is_valid?.should be_true
35
35
  end
@@ -39,7 +39,7 @@ describe SamlIdp::Controller do
39
39
  def saml_settings(saml_acs_url)
40
40
  settings = Onelogin::Saml::Settings.new
41
41
  settings.assertion_consumer_service_url = saml_acs_url
42
- settings.issuer = "http://example.com"
42
+ settings.issuer = "http://example.com/issuer"
43
43
  settings.idp_sso_target_url = "http://idp.com/saml/idp"
44
44
  settings.idp_cert_fingerprint = SamlIdp::Default::FINGERPRINT
45
45
  settings.name_identifier_format = SamlIdp::Default::NAME_ID_FORMAT
metadata CHANGED
@@ -1,12 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml-idp
3
3
  version: !ruby/object:Gem::Version
4
- hash: 15
4
+ hash: 29
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 2
9
- version: "0.2"
9
+ - 5
10
+ version: 0.2.5
10
11
  platform: ruby
11
12
  authors:
12
13
  - Lawrence Pit
@@ -87,7 +88,7 @@ files:
87
88
  - lib/ruby-saml-idp.rb
88
89
  - lib/saml-idp/controller.rb
89
90
  - lib/saml-idp/default.rb
90
- - lib/saml-idp/rails.rb
91
+ - lib/saml-idp/engine.rb
91
92
  - lib/saml-idp/version.rb
92
93
  - MIT-LICENSE
93
94
  - README.md
@@ -1,4 +0,0 @@
1
- module SamlIdp
2
- class Engine < Rails::Engine
3
- end
4
- end