RubyGems - ruby-saml-uppercase - Versions diffs - 0.5.3.4 → 0.6.0 - Mend

ruby-saml-uppercase 0.5.3.4 → 0.6.0

Files changed (6) hide show

data/.gitignore +1 -0
data/lib/onelogin/ruby-saml/authrequest.rb +2 -0
data/lib/onelogin/ruby-saml/metadata.rb +26 -7
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/lib/xml_security.rb +0 -3
metadata +2 -2

data/.gitignore CHANGED Viewed

@@ -8,3 +8,4 @@ Gemfile.lock
 lib/Lib.iml
 test/Test.iml
 .rvmrc
+*.gem

data/lib/onelogin/ruby-saml/authrequest.rb CHANGED Viewed

@@ -10,6 +10,8 @@ module Onelogin
   include REXML
     class Authrequest
       def create(settings, params = {})
+        params = {} if params.nil?
         request_doc = create_authentication_xml_doc(settings)
         request = ""

data/lib/onelogin/ruby-saml/metadata.rb CHANGED Viewed

@@ -12,15 +12,29 @@ module Onelogin
     class Metadata
       def generate(settings)
         meta_doc = REXML::Document.new
-        root = meta_doc.add_element "md:EntityDescriptor", {
-            "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
+        root = meta_doc.add_element "md:EntityDescriptor", {
+            "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
         }
-        sp_sso = root.add_element "md:SPSSODescriptor", {
-            "protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol"
+        sp_sso = root.add_element "md:SPSSODescriptor", {
+            "protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol",
+            # Metadata request need not be signed (as we don't publish our cert)
+            "AuthnRequestsSigned" => false,
+            # However we would like assertions signed if idp_cert_fingerprint or idp_cert is set
+            "WantAssertionsSigned" => (!settings.idp_cert_fingerprint.nil? || !settings.idp_cert.nil?)
         }
         if settings.issuer != nil
           root.attributes["entityID"] = settings.issuer
         end
+        if settings.assertion_consumer_logout_service_url != nil
+          sp_sso.add_element "md:SingleLogoutService", {
+              # Add this as a setting to create different bindings?
+              "Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
+              "Location" => settings.assertion_consumer_logout_service_url,
+              "ResponseLocation" => settings.assertion_consumer_logout_service_url,
+              "isDefault" => true,
+              "index" => 0
+          }
+        end
         if settings.name_identifier_format != nil
           name_id = sp_sso.add_element "md:NameIDFormat"
           name_id.text = settings.name_identifier_format
@@ -29,9 +43,15 @@ module Onelogin
           sp_sso.add_element "md:AssertionConsumerService", {
               # Add this as a setting to create different bindings?
               "Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-              "Location" => settings.assertion_consumer_service_url
+              "Location" => settings.assertion_consumer_service_url,
+              "isDefault" => true,
+              "index" => 0
           }
         end
+        # With OpenSSO, it might be required to also include
+        #  <md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query" xsi:type="query:AttributeQueryDescriptorType" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
+        #  <md:XACMLAuthzDecisionQueryDescriptor WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
         meta_doc << REXML::XMLDecl.new
         ret = ""
         # pretty print the XML so IdP administrators can easily see what the SP supports
@@ -39,8 +59,7 @@ module Onelogin
         Logging.debug "Generated metadata:\n#{ret}"
-        return ret
+        ret
       end
     end
   end

data/lib/onelogin/ruby-saml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Onelogin
   module Saml
-    VERSION = '0.5.3.4'
+    VERSION = '0.6.0'
   end
 end

data/lib/xml_security.rb CHANGED Viewed

@@ -27,7 +27,6 @@ require "rexml/document"
 require "rexml/xpath"
 require "openssl"
 require 'nokogiri'
-require 'xmlcanonicalizer'
 require "digest/sha1"
 require "digest/sha2"
 require "onelogin/ruby-saml/validation_error"
@@ -78,9 +77,7 @@ module XMLSecurity
       # verify signature
-      canoner                 = XML::Util::XmlCanonicalizer.new(false, true)
       signed_info_element     = REXML::XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
-      canon_string            = canoner.canonicalize(signed_info_element)
       self.noko_sig_element ||= document.at_xpath('//ds:Signature', 'ds' => DSIG)
       noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
       canon_algorithm = canon_algorithm REXML::XPath.first(sig_element, '//ds:CanonicalizationMethod')

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml-uppercase
 version: !ruby/object:Gem::Version
-  version: 0.5.3.4
+  version: 0.6.0
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-10-31 00:00:00.000000000 Z
+date: 2012-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix