ruby-saml-uppercase 0.5.3.4 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/lib/onelogin/ruby-saml/authrequest.rb +2 -0
- data/lib/onelogin/ruby-saml/metadata.rb +26 -7
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/xml_security.rb +0 -3
- metadata +2 -2
data/.gitignore
CHANGED
@@ -12,15 +12,29 @@ module Onelogin
|
|
12
12
|
class Metadata
|
13
13
|
def generate(settings)
|
14
14
|
meta_doc = REXML::Document.new
|
15
|
-
root = meta_doc.add_element "md:EntityDescriptor", {
|
16
|
-
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
|
15
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
16
|
+
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
|
17
17
|
}
|
18
|
-
sp_sso = root.add_element "md:SPSSODescriptor", {
|
19
|
-
"protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol"
|
18
|
+
sp_sso = root.add_element "md:SPSSODescriptor", {
|
19
|
+
"protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
20
|
+
# Metadata request need not be signed (as we don't publish our cert)
|
21
|
+
"AuthnRequestsSigned" => false,
|
22
|
+
# However we would like assertions signed if idp_cert_fingerprint or idp_cert is set
|
23
|
+
"WantAssertionsSigned" => (!settings.idp_cert_fingerprint.nil? || !settings.idp_cert.nil?)
|
20
24
|
}
|
21
25
|
if settings.issuer != nil
|
22
26
|
root.attributes["entityID"] = settings.issuer
|
23
27
|
end
|
28
|
+
if settings.assertion_consumer_logout_service_url != nil
|
29
|
+
sp_sso.add_element "md:SingleLogoutService", {
|
30
|
+
# Add this as a setting to create different bindings?
|
31
|
+
"Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
|
32
|
+
"Location" => settings.assertion_consumer_logout_service_url,
|
33
|
+
"ResponseLocation" => settings.assertion_consumer_logout_service_url,
|
34
|
+
"isDefault" => true,
|
35
|
+
"index" => 0
|
36
|
+
}
|
37
|
+
end
|
24
38
|
if settings.name_identifier_format != nil
|
25
39
|
name_id = sp_sso.add_element "md:NameIDFormat"
|
26
40
|
name_id.text = settings.name_identifier_format
|
@@ -29,9 +43,15 @@ module Onelogin
|
|
29
43
|
sp_sso.add_element "md:AssertionConsumerService", {
|
30
44
|
# Add this as a setting to create different bindings?
|
31
45
|
"Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
|
32
|
-
"Location" => settings.assertion_consumer_service_url
|
46
|
+
"Location" => settings.assertion_consumer_service_url,
|
47
|
+
"isDefault" => true,
|
48
|
+
"index" => 0
|
33
49
|
}
|
34
50
|
end
|
51
|
+
# With OpenSSO, it might be required to also include
|
52
|
+
# <md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query" xsi:type="query:AttributeQueryDescriptorType" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
|
53
|
+
# <md:XACMLAuthzDecisionQueryDescriptor WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
|
54
|
+
|
35
55
|
meta_doc << REXML::XMLDecl.new
|
36
56
|
ret = ""
|
37
57
|
# pretty print the XML so IdP administrators can easily see what the SP supports
|
@@ -39,8 +59,7 @@ module Onelogin
|
|
39
59
|
|
40
60
|
Logging.debug "Generated metadata:\n#{ret}"
|
41
61
|
|
42
|
-
|
43
|
-
|
62
|
+
ret
|
44
63
|
end
|
45
64
|
end
|
46
65
|
end
|
data/lib/xml_security.rb
CHANGED
@@ -27,7 +27,6 @@ require "rexml/document"
|
|
27
27
|
require "rexml/xpath"
|
28
28
|
require "openssl"
|
29
29
|
require 'nokogiri'
|
30
|
-
require 'xmlcanonicalizer'
|
31
30
|
require "digest/sha1"
|
32
31
|
require "digest/sha2"
|
33
32
|
require "onelogin/ruby-saml/validation_error"
|
@@ -78,9 +77,7 @@ module XMLSecurity
|
|
78
77
|
|
79
78
|
|
80
79
|
# verify signature
|
81
|
-
canoner = XML::Util::XmlCanonicalizer.new(false, true)
|
82
80
|
signed_info_element = REXML::XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
|
83
|
-
canon_string = canoner.canonicalize(signed_info_element)
|
84
81
|
self.noko_sig_element ||= document.at_xpath('//ds:Signature', 'ds' => DSIG)
|
85
82
|
noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
|
86
83
|
canon_algorithm = canon_algorithm REXML::XPath.first(sig_element, '//ds:CanonicalizationMethod')
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-saml-uppercase
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-11-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: canonix
|