ruby-saml 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- data/README.rdoc +10 -12
- data/VERSION +1 -1
- data/lib/onelogin/saml/authrequest.rb +8 -3
- data/ruby-saml.gemspec +2 -2
- data/test/ruby-saml_test.rb +11 -1
- data/test/xml_security_test.rb +1 -1
- metadata +4 -4
data/README.rdoc
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
The Ruby SAML library is for implementing the client side of a SAML authorization, i.e. it provides a means for managing authorization initialization and confirmation requests from identity providers.
|
|
4
4
|
|
|
5
|
-
SAML authorization is a two step process and you are expected to implement support for both.
|
|
5
|
+
SAML authorization is a two step process and you are expected to implement support for both.
|
|
6
6
|
|
|
7
7
|
== The initialization phase
|
|
8
8
|
|
|
@@ -27,7 +27,7 @@ Once you've redirected back to the identity provider, it will ensure that the us
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
In the above there are a few assumptions in place, one being that the response.name_id is an email address. This is all handled with how you specify the settings that are in play via the saml_settings method. That could be implemented along the lines of this:
|
|
30
|
-
|
|
30
|
+
|
|
31
31
|
def saml_settings
|
|
32
32
|
settings = Onelogin::Saml::Settings.new
|
|
33
33
|
|
|
@@ -48,29 +48,29 @@ What's left at this point, is to wrap it all up in a controller and point the in
|
|
|
48
48
|
request = Onelogin::Saml::Authrequest.new
|
|
49
49
|
redirect_to(request.create(saml_settings))
|
|
50
50
|
end
|
|
51
|
-
|
|
51
|
+
|
|
52
52
|
def consume
|
|
53
53
|
response = Onelogin::Saml::Response.new(params[:SAMLResponse])
|
|
54
54
|
response.settings = saml_settings
|
|
55
|
-
|
|
55
|
+
|
|
56
56
|
if response.is_valid? && user = current_account.users.find_by_email(response.name_id)
|
|
57
57
|
authorize_success(user)
|
|
58
58
|
else
|
|
59
59
|
authorize_failure(user)
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
|
-
|
|
62
|
+
|
|
63
63
|
private
|
|
64
|
-
|
|
64
|
+
|
|
65
65
|
def saml_settings
|
|
66
66
|
settings = Onelogin::Saml::Settings.new
|
|
67
|
-
|
|
67
|
+
|
|
68
68
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
|
69
69
|
settings.issuer = request.host
|
|
70
70
|
settings.idp_sso_target_url = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
|
|
71
71
|
settings.idp_cert_fingerprint = OneLoginAppCertFingerPrint
|
|
72
72
|
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
|
73
|
-
|
|
73
|
+
|
|
74
74
|
settings
|
|
75
75
|
end
|
|
76
76
|
end
|
|
@@ -81,12 +81,10 @@ What's left at this point, is to wrap it all up in a controller and point the in
|
|
|
81
81
|
Please check https://github.com/onelogin/ruby-saml-example for a very basic sample Rails application using this gem.
|
|
82
82
|
|
|
83
83
|
== Note on Patches/Pull Requests
|
|
84
|
-
|
|
84
|
+
|
|
85
85
|
* Fork the project.
|
|
86
86
|
* Make your feature addition or bug fix.
|
|
87
87
|
* Add tests for it. This is important so I don't break it in a
|
|
88
88
|
future version unintentionally.
|
|
89
|
-
* Commit, do not mess with rakefile, version, or history.
|
|
90
|
-
(if you want to have your own version, that is fine but
|
|
91
|
-
bump version in a commit by itself I can ignore when I pull)
|
|
89
|
+
* Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
|
92
90
|
* Send me a pull request. Bonus points for topic branches.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.2.
|
|
1
|
+
0.2.3
|
|
@@ -5,9 +5,9 @@ require "cgi"
|
|
|
5
5
|
|
|
6
6
|
module Onelogin::Saml
|
|
7
7
|
class Authrequest
|
|
8
|
-
def create(settings)
|
|
8
|
+
def create(settings, params = {})
|
|
9
9
|
uuid = UUID.new.generate
|
|
10
|
-
time = Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")
|
|
10
|
+
time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
|
|
11
11
|
|
|
12
12
|
request =
|
|
13
13
|
"<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
|
|
@@ -20,8 +20,13 @@ module Onelogin::Saml
|
|
|
20
20
|
deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
|
|
21
21
|
base64_request = Base64.encode64(deflated_request)
|
|
22
22
|
encoded_request = CGI.escape(base64_request)
|
|
23
|
+
request_params = "?SAMLRequest=" + encoded_request
|
|
23
24
|
|
|
24
|
-
|
|
25
|
+
params.each_pair do |key, value|
|
|
26
|
+
request_params << "&#{key}=#{CGI.escape(value.to_s)}"
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
settings.idp_sso_target_url + request_params
|
|
25
30
|
end
|
|
26
31
|
|
|
27
32
|
end
|
data/ruby-saml.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{ruby-saml}
|
|
8
|
-
s.version = "0.2.
|
|
8
|
+
s.version = "0.2.3"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["OneLogin LLC"]
|
|
12
|
-
s.date = %q{2011-02-
|
|
12
|
+
s.date = %q{2011-02-21}
|
|
13
13
|
s.description = %q{SAML toolkit for Ruby on Rails}
|
|
14
14
|
s.email = %q{support@onelogin.com}
|
|
15
15
|
s.extra_rdoc_files = [
|
data/test/ruby-saml_test.rb
CHANGED
|
@@ -77,6 +77,16 @@ class RubySamlTest < Test::Unit::TestCase
|
|
|
77
77
|
assert auth_url =~ /^http:\/\/stuff\.com\?SAMLRequest=/
|
|
78
78
|
payload = CGI.unescape(auth_url.split("=").last)
|
|
79
79
|
end
|
|
80
|
-
end
|
|
81
80
|
|
|
81
|
+
should "accept extra parameters" do
|
|
82
|
+
settings = Onelogin::Saml::Settings.new
|
|
83
|
+
settings.idp_sso_target_url = "http://stuff.com"
|
|
84
|
+
|
|
85
|
+
auth_url = Onelogin::Saml::Authrequest.new.create(settings, { :hello => "there" })
|
|
86
|
+
assert auth_url =~ /&hello=there$/
|
|
87
|
+
|
|
88
|
+
auth_url = Onelogin::Saml::Authrequest.new.create(settings, { :hello => nil })
|
|
89
|
+
assert auth_url =~ /&hello=$/
|
|
90
|
+
end
|
|
91
|
+
end
|
|
82
92
|
end
|
data/test/xml_security_test.rb
CHANGED
|
@@ -8,7 +8,7 @@ class XmlSecurityTest < Test::Unit::TestCase
|
|
|
8
8
|
@document = XMLSecurity::SignedDocument.new(Base64.decode64(response_document))
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
should "should
|
|
11
|
+
should "should run validate without throwing NS related exceptions" do
|
|
12
12
|
base64cert = @document.elements["//ds:X509Certificate"].text
|
|
13
13
|
@document.validate_doc(base64cert, nil)
|
|
14
14
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 2
|
|
9
|
-
-
|
|
10
|
-
version: 0.2.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.2.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- OneLogin LLC
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-02-
|
|
18
|
+
date: 2011-02-21 00:00:00 +01:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|