ruby-saml 0.8.10 → 0.8.15

data/test/certificates/ruby-saml-2.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVDCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBHMQswCQYDVQQGEwJ1czEQ
+MA4GA1UECAwHZXhhbXBsZTEQMA4GA1UECgwHZXhhbXBsZTEUMBIGA1UEAwwLZXhh
+bXBsZS5jb20wHhcNMTcwNDA3MDgzMDAzWhcNMjcwNDA1MDgzMDAzWjBHMQswCQYD
+VQQGEwJ1czEQMA4GA1UECAwHZXhhbXBsZTEQMA4GA1UECgwHZXhhbXBsZTEUMBIG
+A1UEAwwLZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhP
+S4/0azxbQekHHewQGKD7Pivr3CDpsrKxY3xlVanxj427OwzOb5KUVzsDEazumt6s
+ZFY8HfidsjXY4EYA4ZzyL7ciIAR5vlAsIYN9nJ4AwVDnN/RjVwj+TN6BqWPLpVIp
+Hc6Dl005HyE0zJnk1DZDn2tQVrIzbD3FhCp7YeotAgMBAAGjUDBOMB0GA1UdDgQW
+BBRYZx4thASfNvR/E7NsCF2IaZ7wIDAfBgNVHSMEGDAWgBRYZx4thASfNvR/E7Ns
+CF2IaZ7wIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACz4aobx9aG3
+kh+rNyrlgM3K6dYfnKG1/YH5sJCAOvg8kDr0fQAQifH8lFVWumKUMoAe0bFTfwWt
+p/VJ8MprrEJth6PFeZdczpuv+fpLcNj2VmNVJqvQYvS4m36OnBFh1QFZW8UrbFIf
+dtm2nuZ+twSKqfKwjLdqcoX0p39h7Uw/
+-----END CERTIFICATE-----

data/test/logoutrequest_test.rb

@@ -1,5 +1,4 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
-require 'uuid'
 
 class LogoutRequestTest < Minitest::Test
 
@@ -29,7 +28,7 @@ class LogoutRequestTest < Minitest::Test
     end
 
     it "set sessionindex" do
-      sessionidx = UUID.new.generate
+      sessionidx = random_id
       settings.sessionindex = sessionidx
 
       unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :name_id => "there" })
@@ -78,169 +77,168 @@ class LogoutRequestTest < Minitest::Test
         assert_match %r[ID='#{unauth_req.uuid}'], inflated
       end
     end
-  end
 
-  describe "when the settings indicate to sign (embedded) logout request" do
 
-    before do
-      # sign the logout request
-      settings.security[:logout_requests_signed] = true
-      settings.security[:embed_sign] = true
-      settings.certificate = ruby_saml_cert_text
-      settings.private_key = ruby_saml_key_text
-    end
+    describe "when the settings indicate to sign (embedded) logout request" do
 
-    it "doesn't sign through create_xml_document" do
-      unauth_req = OneLogin::RubySaml::Logoutrequest.new
-      inflated = unauth_req.create_xml_document(settings).to_s
+      before do
+        # sign the logout request
+        settings.security[:logout_requests_signed] = true
+        settings.security[:embed_sign] = true
+        settings.certificate = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
+      end
 
-      refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-      refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-      refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-    end
+      it "doesn't sign through create_xml_document" do
+        unauth_req = OneLogin::RubySaml::Logoutrequest.new
+        inflated = unauth_req.create_xml_document(settings).to_s
 
-    it "sign unsigned request" do
-      unauth_req = OneLogin::RubySaml::Logoutrequest.new
-      unauth_req_doc = unauth_req.create_xml_document(settings)
-      inflated = unauth_req_doc.to_s
+        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
 
-      refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-      refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-      refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      it "sign unsigned request" do
+        unauth_req = OneLogin::RubySaml::Logoutrequest.new
+        unauth_req_doc = unauth_req.create_xml_document(settings)
+        inflated = unauth_req_doc.to_s
 
-      inflated = unauth_req.sign_document(unauth_req_doc, settings).to_s
+        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
 
-      assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-      assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-      assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-    end
+        inflated = unauth_req.sign_document(unauth_req_doc, settings).to_s
 
-    it "signs through create_logout_request_xml_doc" do
-      unauth_req = OneLogin::RubySaml::Logoutrequest.new
-      inflated = unauth_req.create_logout_request_xml_doc(settings).to_s
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
 
-      assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-      assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-      assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-    end
+      it "signs through create_logout_request_xml_doc" do
+        unauth_req = OneLogin::RubySaml::Logoutrequest.new
+        inflated = unauth_req.create_logout_request_xml_doc(settings).to_s
 
-    it "created a signed logout request" do
-      settings.compress_request = true
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
 
-      unauth_req = OneLogin::RubySaml::Logoutrequest.new
-      unauth_url = unauth_req.create(settings)
+      it "created a signed logout request" do
+        settings.compress_request = true
 
-      inflated = decode_saml_request_payload(unauth_url)
-      assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-      assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-      assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-    end
+        unauth_req = OneLogin::RubySaml::Logoutrequest.new
+        unauth_url = unauth_req.create(settings)
+
+        inflated = decode_saml_request_payload(unauth_url)
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
 
-    it "create a signed logout request with 256 digest and signature method" do
-      settings.compress_request = false
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
-      settings.security[:digest_method] = XMLSecurity::Document::SHA256
+      it "create a signed logout request with 256 digest and signature method" do
+        settings.compress_request = false
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
+        settings.security[:digest_method] = XMLSecurity::Document::SHA256
 
-      params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
-      request_xml = Base64.decode64(params["SAMLRequest"])
+        params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
+        request_xml = Base64.decode64(params["SAMLRequest"])
 
-      assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
-      assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], request_xml
-      assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'/>], request_xml
-    end
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], request_xml
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'/>], request_xml
+      end
 
-    it "create a signed logout request with 512 digest and signature method RSA_SHA384" do
-      settings.compress_request = false
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
-      settings.security[:digest_method] = XMLSecurity::Document::SHA512
+      it "create a signed logout request with 512 digest and signature method RSA_SHA384" do
+        settings.compress_request = false
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
+        settings.security[:digest_method] = XMLSecurity::Document::SHA512
 
-      params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
-      request_xml = Base64.decode64(params["SAMLRequest"])
+        params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
+        request_xml = Base64.decode64(params["SAMLRequest"])
 
-      assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
-      assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'/>], request_xml
-      assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha512'/>], request_xml
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'/>], request_xml
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha512'/>], request_xml
+      end
     end
-  end
 
-  describe "#create_params when the settings indicate to sign the logout request" do
+    describe "#create_params when the settings indicate to sign the logout request" do
 
-    let(:cert) { OpenSSL::X509::Certificate.new(ruby_saml_cert_text) }
+      let(:cert) { OpenSSL::X509::Certificate.new(ruby_saml_cert_text) }
 
-    before do
-      # sign the logout request
-      settings.security[:logout_requests_signed] = true
-      settings.security[:embed_sign] = false
-      settings.certificate = ruby_saml_cert_text
-      settings.private_key = ruby_saml_key_text
-    end
+      before do
+        # sign the logout request
+        settings.security[:logout_requests_signed] = true
+        settings.security[:embed_sign] = false
+        settings.certificate = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
+      end
 
-    it "create a signature parameter with RSA_SHA1 / SHA1 and validate it" do
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
+      it "create a signature parameter with RSA_SHA1 / SHA1 and validate it" do
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
 
-      params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
-      assert params['SAMLRequest']
-      assert params[:RelayState]
-      assert params['Signature']
-      assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
+        params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
+        assert params['SAMLRequest']
+        assert params[:RelayState]
+        assert params['Signature']
+        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
 
-      query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
-      query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-      query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
+        query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
+        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
+        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
 
-      signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-      assert_equal signature_algorithm, OpenSSL::Digest::SHA1
-      assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-    end
+        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
+        assert_equal signature_algorithm, OpenSSL::Digest::SHA1
+        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+      end
 
-    it "create a signature parameter with RSA_SHA256 / SHA256 and validate it" do
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
+      it "create a signature parameter with RSA_SHA256 / SHA256 and validate it" do
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
 
-      params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
-      assert params['Signature']
-      assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
+        params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
+        assert params['Signature']
+        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
 
-      query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
-      query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-      query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
+        query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
+        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
+        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
 
-      signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-      assert_equal signature_algorithm, OpenSSL::Digest::SHA256
-      assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-    end
+        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
+        assert_equal signature_algorithm, OpenSSL::Digest::SHA256
+        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+      end
 
-    it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
+      it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
 
-      params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
-      assert params['Signature']
-      assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
+        params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
+        assert params['Signature']
+        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
 
-      query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
-      query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-      query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
+        query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
+        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
+        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
 
-      signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-      assert_equal signature_algorithm, OpenSSL::Digest::SHA384
-      assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-    end
+        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
+        assert_equal signature_algorithm, OpenSSL::Digest::SHA384
+        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+      end
 
-    it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
+      it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
 
-      params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
-      assert params['Signature']
-      assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
+        params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
+        assert params['Signature']
+        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
 
-      query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
-      query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-      query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
+        query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
+        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
+        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
 
-      signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-      assert_equal signature_algorithm, OpenSSL::Digest::SHA512
-      assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
+        assert_equal signature_algorithm, OpenSSL::Digest::SHA512
+        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+      end
     end
-
   end
-
 end

data/test/logoutresponse_test.rb

@@ -1,27 +1,27 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
-require 'rexml/document'
-require 'responses/logoutresponse_fixtures'
+require File.expand_path(File.join(File.dirname(__FILE__), "responses/logoutresponse_fixtures"))
 
-class LogoutResponseTest < Test::Unit::TestCase
+class LogoutResponseTest < Minitest::Test
 
-  context "Logoutresponse" do
-    context "#new" do
-      should "raise an exception when response is initialized with nil" do
+  describe "Logoutresponse" do
+
+    describe "#new" do
+      it "raise an exception when response is initialized with nil" do
         assert_raises(ArgumentError) { OneLogin::RubySaml::Logoutresponse.new(nil) }
       end
-      should "default to empty settings" do
+      it "default to empty settings" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new( valid_response)
         assert logoutresponse.settings.nil?
       end
-      should "accept constructor-injected settings" do
+      it "accept constructor-injected settings" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response, settings)
         assert !logoutresponse.settings.nil?
       end
-      should "accept constructor-injected options" do
+      it "accept constructor-injected options" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response, nil, { :foo => :bar} )
         assert !logoutresponse.options.empty?
       end
-      should "support base64 encoded responses" do
+      it "support base64 encoded responses" do
         expected_response = valid_response
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(Base64.encode64(expected_response), settings)
 
@@ -29,8 +29,8 @@ class LogoutResponseTest < Test::Unit::TestCase
       end
     end
 
-    context "#validate" do
-      should "validate the response" do
+    describe "#validate" do
+      it "validate the response" do
         in_relation_to_request_id = random_id
 
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response({:uuid => in_relation_to_request_id}), settings)
@@ -43,7 +43,7 @@ class LogoutResponseTest < Test::Unit::TestCase
         assert logoutresponse.success?
       end
 
-      should "invalidate responses with wrong id when given option :matches_uuid" do
+      it "invalidate responses with wrong id when given option :matches_uuid" do
 
         expected_request_id = "_some_other_expected_uuid"
         opts = { :matches_request_id => expected_request_id}
@@ -51,10 +51,10 @@ class LogoutResponseTest < Test::Unit::TestCase
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response, settings, opts)
 
         assert !logoutresponse.validate
-        assert_not_equal expected_request_id, logoutresponse.in_response_to
+        assert expected_request_id != logoutresponse.in_response_to
       end
 
-      should "invalidate responses with wrong request status" do
+      it "invalidate responses with wrong request status" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response, settings)
 
         assert !logoutresponse.validate
@@ -62,8 +62,8 @@ class LogoutResponseTest < Test::Unit::TestCase
       end
     end
 
-    context "#validate!" do
-      should "validates good responses" do
+    describe "#validate!" do
+      it "validates good responses" do
         in_relation_to_request_id = random_id
 
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response({:uuid => in_relation_to_request_id}), settings)
@@ -71,7 +71,7 @@ class LogoutResponseTest < Test::Unit::TestCase
         logoutresponse.validate!
       end
 
-      should "raises validation error when matching for wrong request id" do
+      it "raises validation error when matching for wrong request id" do
 
         expected_request_id = "_some_other_expected_id"
         opts = { :matches_request_id => expected_request_id}
@@ -81,19 +81,19 @@ class LogoutResponseTest < Test::Unit::TestCase
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise validation error for wrong request status" do
+      it "raise validation error for wrong request status" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response, settings)
 
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise validation error when in bad state" do
+      it "raise validation error when in bad state" do
         # no settings
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response)
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise validation error when in lack of sp_entity_id setting" do
+      it "raise validation error when in lack of sp_entity_id setting" do
         bad_settings = settings
         bad_settings.issuer = nil
         bad_settings.sp_entity_id = nil
@@ -101,7 +101,7 @@ class LogoutResponseTest < Test::Unit::TestCase
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise error for invalid xml" do
+      it "raise error for invalid xml" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(invalid_xml_response, settings)
 
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
@@ -109,10 +109,4 @@ class LogoutResponseTest < Test::Unit::TestCase
     end
 
   end
-
-  # logoutresponse fixtures
-  def random_id
-    "_#{UUID.new.generate}"
-  end
-
 end