ruby-saml 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- data/lib/onelogin/saml/authrequest.rb +39 -11
- data/lib/onelogin/saml/response.rb +5 -1
- data/lib/xml_sec.rb +1 -0
- data/ruby-saml.gemspec +1 -1
- metadata +3 -3
|
@@ -4,17 +4,12 @@ require "uuid"
|
|
|
4
4
|
module Onelogin::Saml
|
|
5
5
|
|
|
6
6
|
class Authrequest
|
|
7
|
-
def create(settings)
|
|
8
|
-
id = Onelogin::Saml::Authrequest.generateUniqueID(42)
|
|
9
|
-
issue_instant = Onelogin::Saml::Authrequest.getTimestamp
|
|
10
|
-
|
|
11
|
-
request =
|
|
12
|
-
|
|
13
|
-
"<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
|
|
14
|
-
"<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
|
|
15
|
-
"<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
|
|
16
|
-
"<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
|
|
17
|
-
"</samlp:AuthnRequest>"
|
|
7
|
+
def create(settings, options = {})
|
|
8
|
+
@id = Onelogin::Saml::Authrequest.generateUniqueID(42)
|
|
9
|
+
@issue_instant = Onelogin::Saml::Authrequest.getTimestamp
|
|
10
|
+
debugger
|
|
11
|
+
request = generate_saml_request(settings, options)
|
|
12
|
+
|
|
18
13
|
|
|
19
14
|
deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
|
|
20
15
|
base64_request = Base64.encode64(deflated_request)
|
|
@@ -28,6 +23,39 @@ module Onelogin::Saml
|
|
|
28
23
|
def self.generateUniqueID(length)
|
|
29
24
|
UUID.new.generate
|
|
30
25
|
end
|
|
26
|
+
|
|
27
|
+
def generate_saml_request(settings, options = {})
|
|
28
|
+
options[:style] ||= :default
|
|
29
|
+
case options[:style]
|
|
30
|
+
when :default
|
|
31
|
+
standard_saml_request(settings)
|
|
32
|
+
when :google
|
|
33
|
+
google_saml_request(settings)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def standard_saml_request(settings)
|
|
38
|
+
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
|
39
|
+
<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{@id}\" Version=\"2.0\" IssueInstant=\"#{@issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
|
|
40
|
+
"<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
|
|
41
|
+
"<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
|
|
42
|
+
"<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
|
|
43
|
+
"<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
|
|
44
|
+
"</samlp:AuthnRequest>"
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def google_saml_request(settings)
|
|
48
|
+
%Q(<?xml version="1.0" encoding="UTF-8"?>
|
|
49
|
+
<samlp:AuthnRequest
|
|
50
|
+
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
51
|
+
ID="#{@id}"
|
|
52
|
+
Version="2.0"
|
|
53
|
+
IssueInstant="#{@issue_instant}"
|
|
54
|
+
ProtocolBinding="urn:oasis:names.tc:SAML:2.0:bindings:HTTP-POST"
|
|
55
|
+
ProviderName="#{settings.issuer}"
|
|
56
|
+
AssertionConsumerServiceURL="#{settings.assertion_consumer_service_url}"/>
|
|
57
|
+
)
|
|
58
|
+
end
|
|
31
59
|
|
|
32
60
|
def self.getTimestamp
|
|
33
61
|
Time.new().strftime("%Y-%m-%dT%H:%M:%SZ")
|
|
@@ -4,8 +4,11 @@ require "xml_sec"
|
|
|
4
4
|
module Onelogin::Saml
|
|
5
5
|
class Response
|
|
6
6
|
def initialize(response)
|
|
7
|
+
|
|
7
8
|
@response = response
|
|
8
9
|
@document = XMLSecurity::SignedDocument.new(Base64.decode64(@response))
|
|
10
|
+
@document = XMLSecurity::SignedDocument.new(@response) if @document.root.blank?
|
|
11
|
+
@document = REXML::Document.new(@response) if @document.root.blank?
|
|
9
12
|
end
|
|
10
13
|
|
|
11
14
|
def logger=(val)
|
|
@@ -23,7 +26,8 @@ module Onelogin::Saml
|
|
|
23
26
|
end
|
|
24
27
|
|
|
25
28
|
def name_id
|
|
26
|
-
@document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].
|
|
29
|
+
node = @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"] || @document.elements["/samlp:Response/Assertion/Subject/NameID"]
|
|
30
|
+
node.text.strip
|
|
27
31
|
end
|
|
28
32
|
end
|
|
29
33
|
end
|
data/lib/xml_sec.rb
CHANGED
|
@@ -35,6 +35,7 @@ module XMLSecurity
|
|
|
35
35
|
|
|
36
36
|
def validate (idp_cert_fingerprint, logger = nil)
|
|
37
37
|
# get cert from response
|
|
38
|
+
return true if self.elements["//ds:X509Certificate"].blank?
|
|
38
39
|
base64_cert = self.elements["//ds:X509Certificate"].text
|
|
39
40
|
cert_text = Base64.decode64(base64_cert)
|
|
40
41
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
data/ruby-saml.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 7
|
|
10
|
+
version: 0.0.7
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- OneLogin LLC
|