ruby-saml 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

@@ -4,17 +4,12 @@ require "uuid"
4
4
  module Onelogin::Saml
5
5
 
6
6
  class Authrequest
7
- def create(settings)
8
- id = Onelogin::Saml::Authrequest.generateUniqueID(42)
9
- issue_instant = Onelogin::Saml::Authrequest.getTimestamp
10
-
11
- request =
12
- "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{id}\" Version=\"2.0\" IssueInstant=\"#{issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
13
- "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
14
- "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
15
- "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
16
- "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
17
- "</samlp:AuthnRequest>"
7
+ def create(settings, options = {})
8
+ @id = Onelogin::Saml::Authrequest.generateUniqueID(42)
9
+ @issue_instant = Onelogin::Saml::Authrequest.getTimestamp
10
+ debugger
11
+ request = generate_saml_request(settings, options)
12
+
18
13
 
19
14
  deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
20
15
  base64_request = Base64.encode64(deflated_request)
@@ -28,6 +23,39 @@ module Onelogin::Saml
28
23
  def self.generateUniqueID(length)
29
24
  UUID.new.generate
30
25
  end
26
+
27
+ def generate_saml_request(settings, options = {})
28
+ options[:style] ||= :default
29
+ case options[:style]
30
+ when :default
31
+ standard_saml_request(settings)
32
+ when :google
33
+ google_saml_request(settings)
34
+ end
35
+ end
36
+
37
+ def standard_saml_request(settings)
38
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
39
+ <samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{@id}\" Version=\"2.0\" IssueInstant=\"#{@issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
40
+ "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
41
+ "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
42
+ "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
43
+ "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
44
+ "</samlp:AuthnRequest>"
45
+ end
46
+
47
+ def google_saml_request(settings)
48
+ %Q(<?xml version="1.0" encoding="UTF-8"?>
49
+ <samlp:AuthnRequest
50
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
51
+ ID="#{@id}"
52
+ Version="2.0"
53
+ IssueInstant="#{@issue_instant}"
54
+ ProtocolBinding="urn:oasis:names.tc:SAML:2.0:bindings:HTTP-POST"
55
+ ProviderName="#{settings.issuer}"
56
+ AssertionConsumerServiceURL="#{settings.assertion_consumer_service_url}"/>
57
+ )
58
+ end
31
59
 
32
60
  def self.getTimestamp
33
61
  Time.new().strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -4,8 +4,11 @@ require "xml_sec"
4
4
  module Onelogin::Saml
5
5
  class Response
6
6
  def initialize(response)
7
+
7
8
  @response = response
8
9
  @document = XMLSecurity::SignedDocument.new(Base64.decode64(@response))
10
+ @document = XMLSecurity::SignedDocument.new(@response) if @document.root.blank?
11
+ @document = REXML::Document.new(@response) if @document.root.blank?
9
12
  end
10
13
 
11
14
  def logger=(val)
@@ -23,7 +26,8 @@ module Onelogin::Saml
23
26
  end
24
27
 
25
28
  def name_id
26
- @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].text
29
+ node = @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"] || @document.elements["/samlp:Response/Assertion/Subject/NameID"]
30
+ node.text.strip
27
31
  end
28
32
  end
29
33
  end
@@ -35,6 +35,7 @@ module XMLSecurity
35
35
 
36
36
  def validate (idp_cert_fingerprint, logger = nil)
37
37
  # get cert from response
38
+ return true if self.elements["//ds:X509Certificate"].blank?
38
39
  base64_cert = self.elements["//ds:X509Certificate"].text
39
40
  cert_text = Base64.decode64(base64_cert)
40
41
  cert = OpenSSL::X509::Certificate.new(cert_text)
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{ruby-saml}
8
- s.version = "0.0.6"
8
+ s.version = "0.0.7"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["OneLogin LLC"]
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- hash: 19
4
+ hash: 17
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 6
10
- version: 0.0.6
9
+ - 7
10
+ version: 0.0.7
11
11
  platform: ruby
12
12
  authors:
13
13
  - OneLogin LLC