ruby-saml-mod 0.1.4 → 0.1.5

data/lib/onelogin/saml.rb

@@ -13,6 +13,7 @@ module Onelogin
 end
 
 require 'onelogin/saml/auth_request'
+require 'onelogin/saml/authn_contexts.rb'
 require 'onelogin/saml/response'
 require 'onelogin/saml/settings'
 require 'onelogin/saml/name_identifiers'

data/lib/onelogin/saml/auth_request.rb

@@ -7,10 +7,15 @@ module Onelogin::Saml
       request = 
         "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{id}\" Version=\"2.0\" IssueInstant=\"#{issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
         "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
-        "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
-        "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
-        "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
-        "</samlp:AuthnRequest>"
+        "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n"
+      
+      if settings.requested_authn_context
+        request += "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">"
+        request += "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.requested_authn_context}</saml:AuthnContextClassRef>"
+        request += "</samlp:RequestedAuthnContext>\n"
+      end
+        
+      request += "</samlp:AuthnRequest>"
 
       deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]     
       base64_request    = Base64.encode64(deflated_request)  

data/lib/onelogin/saml/authn_contexts.rb

@@ -0,0 +1,35 @@
+module Onelogin::Saml
+  module AuthnContexts
+    # see section 3.4 of http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf
+    INTERNET_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"
+    INTERNET_PROTOCOL_PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"
+    KERBEROS = "urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"
+    MOBILE_ONE_FACTOR_UNREGISTERED = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered"
+    MOBILE_TWO_FACTOR_UNREGISTERED = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered"
+    MOBILE_ONE_FACTOR_CONTRACT = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract"
+    MOBILE_TWO_FACTOR_CONTRACT = "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract"
+    PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+    PASSWORD_PROTECTED_TRANSPORT = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+    PREVIOUS_SESSION = "urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession"
+    X509 = "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
+    PGP = "urn:oasis:names:tc:SAML:2.0:ac:classes:PGP"
+    SPKI = "urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI"
+    XMLD_SIG = "urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig"
+    SMARTCARD_PKI = "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"
+    SOFTWARE_PKI = "urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI"
+    TELEPHONY = "urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony"
+    NOMAD_TELEPHONY = "urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony"
+    PERSONAL_TELEPHONY = "urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalTelephony"
+    AUTHENTICATED_TELEPHONY = "urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony"
+    SECURE_REMOTE_PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
+    TLS_CLIENT = "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"
+    TIME_SYNC_TOKEN = "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken"
+    UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
+    
+    ALL_CONTEXTS = [INTERNET_PROTOCOL_PASSWORD, KERBEROS, MOBILE_ONE_FACTOR_UNREGISTERED,
+                    MOBILE_TWO_FACTOR_UNREGISTERED, MOBILE_ONE_FACTOR_CONTRACT, MOBILE_TWO_FACTOR_CONTRACT,
+                    PASSWORD, PASSWORD_PROTECTED_TRANSPORT, PREVIOUS_SESSION, X509, PGP, SPKI, XMLD_SIG,
+                    SMARTCARD_PKI, SOFTWARE_PKI, TELEPHONY, NOMAD_TELEPHONY, PERSONAL_TELEPHONY,
+                    AUTHENTICATED_TELEPHONY, SECURE_REMOTE_PASSWORD, TLS_CLIENT, TIME_SYNC_TOKEN, UNSPECIFIED]
+  end
+end

data/lib/onelogin/saml/response.rb

@@ -36,5 +36,9 @@ module Onelogin::Saml
     def auth_failure?
       @status_code == Onelogin::Saml::StatusCodes::AUTHN_FAILED_URI
     end
+    
+    def no_authn_context?
+      @status_code == Onelogin::Saml::StatusCodes::NO_AUTHN_CONTEXT_URI
+    end
   end
 end

data/lib/onelogin/saml/settings.rb

@@ -31,6 +31,9 @@ module Onelogin::Saml
     # For email: Onelogin::Saml::NameIdentifiers::EMAIL
     attr_accessor :name_identifier_format
     
+    # The type of authentication requested (see Onelogin::Saml::AuthnContexts)
+    attr_accessor :requested_authn_context
+    
     ## Attributes for the metadata
     
     # The logout url of your application

data/ruby-saml-mod.gemspec

@@ -1,9 +1,9 @@
 Gem::Specification.new do |s|
   s.name = %q{ruby-saml-mod}
-  s.version = "0.1.4"
+  s.version = "0.1.5"
 
   s.authors = ["OneLogin LLC", "Bracken", "Zach"]
-  s.date = %q{2011-11-05}
+  s.date = %q{2012-01-26}
   s.extra_rdoc_files = [
     "LICENSE"
   ]
@@ -12,6 +12,7 @@ Gem::Specification.new do |s|
     "README",
     "lib/onelogin/saml.rb",
     "lib/onelogin/saml/auth_request.rb",
+    "lib/onelogin/saml/authn_contexts.rb",
     "lib/onelogin/saml/log_out_request.rb",
     "lib/onelogin/saml/meta_data.rb",
     "lib/onelogin/saml/name_identifiers.rb",

metadata

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: ruby-saml-mod
 version: !ruby/object:Gem::Version 
-  prerelease: false
+  hash: 17
+  prerelease: 
   segments: 
   - 0
   - 1
-  - 4
-  version: 0.1.4
+  - 5
+  version: 0.1.5
 platform: ruby
 authors: 
 - OneLogin LLC
@@ -16,8 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-11-05 00:00:00 -06:00
-default_executable: 
+date: 2012-01-26 00:00:00 Z
 dependencies: []
 
 description: "This is an early fork from https://github.com/onelogin/ruby-saml - I plan to \"rebase\" these changes ontop of their current version eventually. "
@@ -33,6 +33,7 @@ files:
 - README
 - lib/onelogin/saml.rb
 - lib/onelogin/saml/auth_request.rb
+- lib/onelogin/saml/authn_contexts.rb
 - lib/onelogin/saml/log_out_request.rb
 - lib/onelogin/saml/meta_data.rb
 - lib/onelogin/saml/name_identifiers.rb
@@ -41,7 +42,6 @@ files:
 - lib/onelogin/saml/status_codes.rb
 - lib/xml_sec.rb
 - ruby-saml-mod.gemspec
-has_rdoc: true
 homepage: http://github.com/bracken/ruby-saml
 licenses: []
 
@@ -51,23 +51,27 @@ rdoc_options: []
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
 summary: Ruby library for SAML service providers