ruby-saml-uppercase 0.5.3.4 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/.gitignore +1 -0
  2. data/lib/onelogin/ruby-saml/authrequest.rb +2 -0
  3. data/lib/onelogin/ruby-saml/metadata.rb +26 -7
  4. data/lib/onelogin/ruby-saml/version.rb +1 -1
  5. data/lib/xml_security.rb +0 -3
  6. metadata +2 -2
data/.gitignore CHANGED
@@ -8,3 +8,4 @@ Gemfile.lock
8
8
  lib/Lib.iml
9
9
  test/Test.iml
10
10
  .rvmrc
11
+ *.gem
data/lib/onelogin/ruby-saml/authrequest.rb CHANGED
@@ -10,6 +10,8 @@ module Onelogin
10
10
  include REXML
11
11
  class Authrequest
12
12
  def create(settings, params = {})
13
+ params = {} if params.nil?
14
+
13
15
  request_doc = create_authentication_xml_doc(settings)
14
16
 
15
17
  request = ""
data/lib/onelogin/ruby-saml/metadata.rb CHANGED
@@ -12,15 +12,29 @@ module Onelogin
12
12
  class Metadata
13
13
  def generate(settings)
14
14
  meta_doc = REXML::Document.new
15
- root = meta_doc.add_element "md:EntityDescriptor", {
16
- "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
15
+ root = meta_doc.add_element "md:EntityDescriptor", {
16
+ "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
17
17
  }
18
- sp_sso = root.add_element "md:SPSSODescriptor", {
19
- "protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol"
18
+ sp_sso = root.add_element "md:SPSSODescriptor", {
19
+ "protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol",
20
+ # Metadata request need not be signed (as we don't publish our cert)
21
+ "AuthnRequestsSigned" => false,
22
+ # However we would like assertions signed if idp_cert_fingerprint or idp_cert is set
23
+ "WantAssertionsSigned" => (!settings.idp_cert_fingerprint.nil? || !settings.idp_cert.nil?)
20
24
  }
21
25
  if settings.issuer != nil
22
26
  root.attributes["entityID"] = settings.issuer
23
27
  end
28
+ if settings.assertion_consumer_logout_service_url != nil
29
+ sp_sso.add_element "md:SingleLogoutService", {
30
+ # Add this as a setting to create different bindings?
31
+ "Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
32
+ "Location" => settings.assertion_consumer_logout_service_url,
33
+ "ResponseLocation" => settings.assertion_consumer_logout_service_url,
34
+ "isDefault" => true,
35
+ "index" => 0
36
+ }
37
+ end
24
38
  if settings.name_identifier_format != nil
25
39
  name_id = sp_sso.add_element "md:NameIDFormat"
26
40
  name_id.text = settings.name_identifier_format
@@ -29,9 +43,15 @@ module Onelogin
29
43
  sp_sso.add_element "md:AssertionConsumerService", {
30
44
  # Add this as a setting to create different bindings?
31
45
  "Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
32
- "Location" => settings.assertion_consumer_service_url
46
+ "Location" => settings.assertion_consumer_service_url,
47
+ "isDefault" => true,
48
+ "index" => 0
33
49
  }
34
50
  end
51
+ # With OpenSSO, it might be required to also include
52
+ # <md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query" xsi:type="query:AttributeQueryDescriptorType" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
53
+ # <md:XACMLAuthzDecisionQueryDescriptor WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
54
+
35
55
  meta_doc << REXML::XMLDecl.new
36
56
  ret = ""
37
57
  # pretty print the XML so IdP administrators can easily see what the SP supports
@@ -39,8 +59,7 @@ module Onelogin
39
59
 
40
60
  Logging.debug "Generated metadata:\n#{ret}"
41
61
 
42
- return ret
43
-
62
+ ret
44
63
  end
45
64
  end
46
65
  end
data/lib/onelogin/ruby-saml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Onelogin
2
2
  module Saml
3
- VERSION = '0.5.3.4'
3
+ VERSION = '0.6.0'
4
4
  end
5
5
  end
data/lib/xml_security.rb CHANGED
@@ -27,7 +27,6 @@ require "rexml/document"
27
27
  require "rexml/xpath"
28
28
  require "openssl"
29
29
  require 'nokogiri'
30
- require 'xmlcanonicalizer'
31
30
  require "digest/sha1"
32
31
  require "digest/sha2"
33
32
  require "onelogin/ruby-saml/validation_error"
@@ -78,9 +77,7 @@ module XMLSecurity
78
77
 
79
78
 
80
79
  # verify signature
81
- canoner = XML::Util::XmlCanonicalizer.new(false, true)
82
80
  signed_info_element = REXML::XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
83
- canon_string = canoner.canonicalize(signed_info_element)
84
81
  self.noko_sig_element ||= document.at_xpath('//ds:Signature', 'ds' => DSIG)
85
82
  noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
86
83
  canon_algorithm = canon_algorithm REXML::XPath.first(sig_element, '//ds:CanonicalizationMethod')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml-uppercase
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.3.4
4
+ version: 0.6.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-10-31 00:00:00.000000000 Z
12
+ date: 2012-11-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: canonix