ruby-saml 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- data/lib/onelogin/saml/authrequest.rb +39 -11
- data/lib/onelogin/saml/response.rb +5 -1
- data/lib/xml_sec.rb +1 -0
- data/ruby-saml.gemspec +1 -1
- metadata +3 -3
|
@@ -4,17 +4,12 @@ require "uuid"
|
|
|
4
4
|
module Onelogin::Saml
|
|
5
5
|
|
|
6
6
|
class Authrequest
|
|
7
|
-
def create(settings)
|
|
8
|
-
id = Onelogin::Saml::Authrequest.generateUniqueID(42)
|
|
9
|
-
issue_instant = Onelogin::Saml::Authrequest.getTimestamp
|
|
10
|
-
|
|
11
|
-
request =
|
|
12
|
-
|
|
13
|
-
"<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
|
|
14
|
-
"<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
|
|
15
|
-
"<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
|
|
16
|
-
"<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
|
|
17
|
-
"</samlp:AuthnRequest>"
|
|
7
|
+
def create(settings, options = {})
|
|
8
|
+
@id = Onelogin::Saml::Authrequest.generateUniqueID(42)
|
|
9
|
+
@issue_instant = Onelogin::Saml::Authrequest.getTimestamp
|
|
10
|
+
debugger
|
|
11
|
+
request = generate_saml_request(settings, options)
|
|
12
|
+
|
|
18
13
|
|
|
19
14
|
deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
|
|
20
15
|
base64_request = Base64.encode64(deflated_request)
|
|
@@ -28,6 +23,39 @@ module Onelogin::Saml
|
|
|
28
23
|
def self.generateUniqueID(length)
|
|
29
24
|
UUID.new.generate
|
|
30
25
|
end
|
|
26
|
+
|
|
27
|
+
def generate_saml_request(settings, options = {})
|
|
28
|
+
options[:style] ||= :default
|
|
29
|
+
case options[:style]
|
|
30
|
+
when :default
|
|
31
|
+
standard_saml_request(settings)
|
|
32
|
+
when :google
|
|
33
|
+
google_saml_request(settings)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def standard_saml_request(settings)
|
|
38
|
+
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
|
39
|
+
<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{@id}\" Version=\"2.0\" IssueInstant=\"#{@issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
|
|
40
|
+
"<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
|
|
41
|
+
"<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
|
|
42
|
+
"<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
|
|
43
|
+
"<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
|
|
44
|
+
"</samlp:AuthnRequest>"
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def google_saml_request(settings)
|
|
48
|
+
%Q(<?xml version="1.0" encoding="UTF-8"?>
|
|
49
|
+
<samlp:AuthnRequest
|
|
50
|
+
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
51
|
+
ID="#{@id}"
|
|
52
|
+
Version="2.0"
|
|
53
|
+
IssueInstant="#{@issue_instant}"
|
|
54
|
+
ProtocolBinding="urn:oasis:names.tc:SAML:2.0:bindings:HTTP-POST"
|
|
55
|
+
ProviderName="#{settings.issuer}"
|
|
56
|
+
AssertionConsumerServiceURL="#{settings.assertion_consumer_service_url}"/>
|
|
57
|
+
)
|
|
58
|
+
end
|
|
31
59
|
|
|
32
60
|
def self.getTimestamp
|
|
33
61
|
Time.new().strftime("%Y-%m-%dT%H:%M:%SZ")
|
|
@@ -4,8 +4,11 @@ require "xml_sec"
|
|
|
4
4
|
module Onelogin::Saml
|
|
5
5
|
class Response
|
|
6
6
|
def initialize(response)
|
|
7
|
+
|
|
7
8
|
@response = response
|
|
8
9
|
@document = XMLSecurity::SignedDocument.new(Base64.decode64(@response))
|
|
10
|
+
@document = XMLSecurity::SignedDocument.new(@response) if @document.root.blank?
|
|
11
|
+
@document = REXML::Document.new(@response) if @document.root.blank?
|
|
9
12
|
end
|
|
10
13
|
|
|
11
14
|
def logger=(val)
|
|
@@ -23,7 +26,8 @@ module Onelogin::Saml
|
|
|
23
26
|
end
|
|
24
27
|
|
|
25
28
|
def name_id
|
|
26
|
-
@document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].
|
|
29
|
+
node = @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"] || @document.elements["/samlp:Response/Assertion/Subject/NameID"]
|
|
30
|
+
node.text.strip
|
|
27
31
|
end
|
|
28
32
|
end
|
|
29
33
|
end
|
data/lib/xml_sec.rb
CHANGED
|
@@ -35,6 +35,7 @@ module XMLSecurity
|
|
|
35
35
|
|
|
36
36
|
def validate (idp_cert_fingerprint, logger = nil)
|
|
37
37
|
# get cert from response
|
|
38
|
+
return true if self.elements["//ds:X509Certificate"].blank?
|
|
38
39
|
base64_cert = self.elements["//ds:X509Certificate"].text
|
|
39
40
|
cert_text = Base64.decode64(base64_cert)
|
|
40
41
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
data/ruby-saml.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 7
|
|
10
|
+
version: 0.0.7
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- OneLogin LLC
|