ruby-saml 0.8.16 → 0.9

data/test/responses/idp_descriptor.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor entityID="https://example.hello.com/access/saml/idp.xml" validUntil="2014-04-17T18:02:33.910Z" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.hello.com/access/saml/logout" ResponseLocation="https://example.hello.com/access/saml/logout"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.hello.com/access/saml/login"/></md:IDPSSODescriptor></md:EntityDescriptor>

data/test/responses/logoutresponse_fixtures.rb

@@ -15,9 +15,9 @@ def valid_response(opts = {})
         xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
         ID=\"#{random_id}\" Version=\"2.0\"
         IssueInstant=\"#{opts[:issue_instant]}\"
-        Destination=\"#{opts[:settings].idp_slo_target_url}\"
+        Destination=\"#{opts[:settings].single_logout_service_url}\"
         InResponseTo=\"#{opts[:uuid]}\">
-      <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{opts[:settings].idp_entity_id}</saml:Issuer>
+      <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{opts[:settings].issuer}</saml:Issuer>
       <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
       <samlp:StatusCode xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
           Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\">
@@ -33,9 +33,9 @@ def unsuccessful_response(opts = {})
         xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
         ID=\"#{random_id}\" Version=\"2.0\"
         IssueInstant=\"#{opts[:issue_instant]}\"
-        Destination=\"#{opts[:settings].idp_slo_target_url}\"
+        Destination=\"#{opts[:settings].single_logout_service_url}\"
         InResponseTo=\"#{opts[:uuid]}\">
-      <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{opts[:settings].idp_entity_id}</saml:Issuer>
+      <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{opts[:settings].issuer}</saml:Issuer>
       <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
       <samlp:StatusCode xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
           Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\">
@@ -56,7 +56,7 @@ def settings
       {
           :assertion_consumer_service_url => "http://app.muda.no/sso/consume",
           :single_logout_service_url => "http://app.muda.no/sso/consume_logout",
-          :sp_entity_id => "http://app.muda.no",
+          :issuer => "http://app.muda.no",
           :sp_name_qualifier => "http://sso.muda.no",
           :idp_sso_target_url => "http://sso.muda.no/sso",
           :idp_slo_target_url => "http://sso.muda.no/slo",

data/test/responses/response_no_cert_and_encrypted_attrs.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://vmwdemo.socialcast.com/saml/authenticate" ID="_f9fbcbf79715244c7ff909d8663d782e" InResponseTo="_4b4c72d0-eb5a-0131-0fec-0050568312b8" IssueInstant="2014-07-11T18:53:30.916Z" Version="2.0"><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_fddb13c899036a90f920ddaac50fc0d6" IssueInstant="2014-07-11T18:53:30.916Z" Version="2.0"><saml:Issuer>https://hw6dldc.vmwdemo.com/SAAS/API/1.0/GET/metadata/idp.xml</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="#_fddb13c899036a90f920ddaac50fc0d6">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml xenc xs xsi"/></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestValue>HS49Xqi+JftXvslmp/boT9ixzp8=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>
+gdY9y3GNOgOqBOlEx981yILKAssUG79fXw639MJB3uJjLYokqY+Y5KFFtAU4FGvh/L6Romghx0is
+rxukFkfw9coxKOhCoDZiaYPvvuC2qqhTwTAZ0Spvwuffrj3UwztSWbS6JGXtebo4ghKnae4hH5lF
+tRawV9HnbLJmhL3cVPSu+7SF3iWov0PZyZczH1P6sZrYeX5X32h3RhXXxMi3kgHGWxaVTQmgTEgu
+xN3GD7lnsf+WOAvdPAPgFrJjEGJZDd/MClS/x5ZwLnMZ82r7XHoFhiC47eq3Te+JE9qZvSbIs/om
+dpuFSaFKxxdM8C+vHTRUDDaGckqckPc5Y7wlgA==
+</ds:SignatureValue>
+</ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="https://hw6dldc.vmwdemo.com/SAAS/API/1.0/GET/metadata/idp.xml">akjoshi87+du@gmail.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_4b4c72d0-eb5a-0131-0fec-0050568312b8" NotOnOrAfter="2014-07-11T18:56:50.916Z" Recipient="https://vmwdemo.socialcast.com/saml/authenticate"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2014-07-11T18:53:15.916Z" NotOnOrAfter="2014-07-11T18:56:50.916Z"><saml:AudienceRestriction><saml:Audience>vmwdemo.socialcast.com</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-07-11T18:53:30.916Z" SessionIndex="_876ca8142c7ba8126af3c90d952af251"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Demo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">akjoshi87+du@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml:AttributeValue></saml:Attribute><saml:EncryptedAttribute><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_2a1c0500932ae79e9f5ede82dccb57c6" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey Id="_ff2d29836cd453cdfca94b69b630cf40"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>IdFfvxdt+YBaLSkWfcxuGqiPDyiQtpklGkJZFW+UoZXMhopZXmW/ekfEAf1VpzIlDlo3xwY2y8Rw
+zZwASwjiuHoQSMZQzZ6Ws184f1pWh9un23wgHzYc/jwXF0pXfcVL944SSxxNO4zO+DMJz6Px9rvk
+Rpac86uujfBuqXlo684=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>/+Noi1tNN1HcY+bW/iyBkwOYR4X32pTPzq7EjQO/HB3L0B2RtpsYkvC9750eb6KydbsBSGCyNt3k
+grjcI1nUgvvY488NhIo9+PWv3MhAqnljKhDzl6AcfE00Lq3HA1FcTCwrE0VLjUV4NtztK2JVCZwu
+ToViUJMlu1SGL8U7uRfsRpbrXoIEv1AwFHjz+XZgwD3nxl79iAcnm3FFX7nIkjUQIPPBWC/U4XJN
+u+u5svSoUpIOFqdeNcDQUq5+P5lXT46O5LcULQrEY8xHNGToxOwINMOrU+rCgwyAVbP/SaY9ywYe
+bxpESNkHmkjLAI7GBvLRRkTEE88Q6/uV9D1A5X3rT4BMQJ0N7BfgnOJ7IMga2Q9wU9oPuoCsqL9I
+bP9IY1vCLcAAEsMR0EgZaInLCiLoXdmDHllSo2fyKQqBGxE+KpZhvVdCOVzLN3+TrW3k/xl/kx6w
+AIPFlXd6TRVzmg==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml:EncryptedAttribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

data/test/responses/response_with_multiple_attribute_values.xml

@@ -64,4 +64,4 @@
       </saml:Attribute>
     </saml:AttributeStatement>
   </saml:Assertion>
-</samlp:Response>
+</samlp:Response>

data/test/responses/slo_request.xml

@@ -0,0 +1,4 @@
+<samlp:LogoutRequest Version='2.0' ID='_c0348950-935b-0131-1060-782bcb56fcaa' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol' IssueInstant='2014-03-21T19:20:13'>
+  <saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>https://app.onelogin.com/saml/metadata/SOMEACCOUNT</saml:Issuer>
+  <saml:NameID xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>someone@example.org</saml:NameID>
+</samlp:LogoutRequest>

data/test/settings_test.rb

@@ -1,18 +1,23 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
-class SettingsTest < Minitest::Test
+class SettingsTest < Test::Unit::TestCase
 
-  describe "Settings" do
-    before do
+  context "Settings" do
+    setup do
       @settings = OneLogin::RubySaml::Settings.new
     end
-    it "should provide getters and settings" do
+    should "should provide getters and settings" do
       accessors = [
-        :assertion_consumer_service_url, :issuer, :sp_entity_id, :sp_name_qualifier,
-        :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
-        :idp_slo_target_url, :name_identifier_value, :name_identifier_value_requested,
-        :sessionindex, :assertion_consumer_logout_service_url,
-        :passive, :force_authn, :protocol_binding, :single_logout_service_url, :single_logout_service_binding
+        :idp_entity_id, :idp_sso_target_url, :idp_slo_target_url, :idp_cert, :idp_cert_fingerprint,
+        :issuer, :assertion_consumer_service_url, :assertion_consumer_service_binding,
+        :single_logout_service_url, :single_logout_service_binding,
+        :sp_name_qualifier, :name_identifier_format, :name_identifier_value,
+        :sessionindex, :attributes_index, :passive, :force_authn,
+        :compress_request, :double_quote_xml_attribute_values, :protocol_binding,
+        :security, :certificate, :private_key,
+        :authn_context, :authn_context_comparison, :authn_context_decl_ref,
+        :assertion_consumer_logout_service_url,
+        :assertion_consumer_logout_service_binding
       ]
 
       accessors.each do |accessor|
@@ -20,9 +25,10 @@ class SettingsTest < Minitest::Test
         @settings.send("#{accessor}=".to_sym, value)
         assert_equal value, @settings.send(accessor)
       end
+
     end
 
-    it "create settings from hash" do
+    should "create settings from hash" do
 
       config = {
           :assertion_consumer_service_url => "http://app.muda.no/sso",
@@ -32,6 +38,7 @@ class SettingsTest < Minitest::Test
           :idp_slo_target_url => "http://sso.muda.no/slo",
           :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
           :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
+          :attributes_index => 30,
           :passive => true,
           :protocol_binding => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
       }
@@ -42,110 +49,16 @@ class SettingsTest < Minitest::Test
       end
     end
 
-    describe "#get_idp_cert" do
-      it "returns nil when the cert is an empty string" do
-        @settings.idp_cert = ""
-        assert_nil @settings.get_idp_cert
-      end
-
-      it "returns nil when the cert is nil" do
-        @settings.idp_cert = nil
-        assert_nil @settings.get_idp_cert
-      end
-
-      it "returns the certificate when it is valid" do
-        @settings.idp_cert = ruby_saml_cert_text
-        assert @settings.get_idp_cert.kind_of? OpenSSL::X509::Certificate
-      end
-
-      it "raises when the certificate is not valid" do
-        # formatted but invalid cert
-        @settings.idp_cert = read_certificate("formatted_certificate")
-        assert_raises(OpenSSL::X509::CertificateError) {
-          @settings.get_idp_cert
-        }
-      end
-    end
-
-    describe "#get_sp_cert" do
-      it "returns nil when the cert is an empty string" do
-        @settings.certificate = ""
-        assert_nil @settings.get_sp_cert
-      end
-
-      it "returns nil when the cert is nil" do
-        @settings.certificate = nil
-        assert_nil @settings.get_sp_cert
-      end
-
-      it "returns the certificate when it is valid" do
-        @settings.certificate = ruby_saml_cert_text
-        assert @settings.get_sp_cert.kind_of? OpenSSL::X509::Certificate
-      end
-
-      it "raises when the certificate is not valid" do
-        # formatted but invalid cert
-        @settings.certificate = read_certificate("formatted_certificate")
-        assert_raises(OpenSSL::X509::CertificateError) {
-          @settings.get_sp_cert
-        }
-      end
-    end
-
-    describe "#get_sp_key" do
-      it "returns nil when the private key is an empty string" do
-        @settings.private_key = ""
-        assert_nil @settings.get_sp_key
-      end
-
-      it "returns nil when the private key is nil" do
-        @settings.private_key = nil
-        assert_nil @settings.get_sp_key
-      end
-
-      it "returns the private key when it is valid" do
-        @settings.private_key = ruby_saml_key_text
-        assert @settings.get_sp_key.kind_of? OpenSSL::PKey::RSA
-      end
-
-      it "raises when the private key is not valid" do
-        # formatted but invalid rsa private key
-        @settings.private_key = read_certificate("formatted_rsa_private_key")
-        assert_raises(OpenSSL::PKey::RSAError) {
-          @settings.get_sp_key
-        }
-      end
-
-    end
-
-    describe "#get_fingerprint" do
-      it "get the fingerprint value when cert and fingerprint in settings are nil" do
-        @settings.idp_cert_fingerprint = nil
-        @settings.idp_cert = nil
-        fingerprint = @settings.get_fingerprint
-        assert_nil fingerprint
-      end
-
-      it "get the fingerprint value when there is a cert at the settings" do
-        @settings.idp_cert_fingerprint = nil
-        @settings.idp_cert = ruby_saml_cert_text
-        fingerprint = @settings.get_fingerprint
-        assert fingerprint.downcase == ruby_saml_cert_fingerprint.downcase
-      end
-
-      it "get the fingerprint value when there is a fingerprint at the settings" do
-        @settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
-        @settings.idp_cert = nil
-        fingerprint = @settings.get_fingerprint
-        assert fingerprint.downcase == ruby_saml_cert_fingerprint.downcase
+    should "configure attribute service attributes correctly" do
+      @settings = OneLogin::RubySaml::Settings.new
+      @settings.attribute_consuming_service.configure do
+        service_name "Test Service"
+        add_attribute :name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name" 
       end
 
-      it "get the fingerprint value when there are cert and fingerprint at the settings" do
-        @settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
-        @settings.idp_cert = ruby_saml_cert_text
-        fingerprint = @settings.get_fingerprint
-        assert fingerprint.downcase == ruby_saml_cert_fingerprint.downcase
-      end
+      assert_equal @settings.attribute_consuming_service.configured?, true
+      assert_equal @settings.attribute_consuming_service.name, "Test Service"
+      assert_equal @settings.attribute_consuming_service.attributes, [{:name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name" }]
     end
 
   end

data/test/slo_logoutrequest_test.rb

@@ -1,64 +1,61 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
-require File.expand_path(File.join(File.dirname(__FILE__), "requests/logoutrequest_fixtures"))
+require 'responses/logoutresponse_fixtures'
 
-class SloLogoutrequestTest < Minitest::Test
+class RubySamlTest < Test::Unit::TestCase
 
-  describe "SloLogoutrequest" do
+  context "SloLogoutrequest" do
+    should "raise an exception when response is initialized with nil" do
+      assert_raises(ArgumentError) { OneLogin::RubySaml::SloLogoutrequest.new(nil) }
+    end
 
-    describe "#new" do
-      it "raise an exception when request is initialized with nil" do
-        assert_raises(ArgumentError) { OneLogin::RubySaml::SloLogoutrequest.new(nil) }
+    context "#is_valid?" do
+      should "return false when response is initialized with blank data" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new('')
+        assert !request.is_valid?
       end
-      it "default to empty settings" do
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(valid_request)
-        assert logoutrequest.settings.nil?
+
+      should "return true when the request is initialized with valid data" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        assert request.is_valid?
+        assert_equal 'someone@example.org', request.name_id
       end
-      it "accept constructor-injected settings" do
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(valid_request, settings)
-        assert !logoutrequest.settings.nil?
+
+      should "should be idempotent when the response is initialized with invalid data" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new(invalid_xml_response)
+        assert !request.is_valid?
+        assert !request.is_valid?
       end
-      it "accept constructor-injected options" do
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(valid_request, nil, { :foo => :bar} )
-        assert !logoutrequest.options.empty?
+
+      should "should be idempotent when the response is initialized with valid data" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        assert request.is_valid?
+        assert request.is_valid?
       end
-      it "support base64 encoded requests" do
-        expected_request = valid_request
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(Base64.encode64(expected_request), settings)
 
-        assert_equal expected_request, logoutrequest.request
+      should "raise error for invalid xml" do
+        logout_request = OneLogin::RubySaml::SloLogoutrequest.new(invalid_xml_response)
+        assert_raises(OneLogin::RubySaml::ValidationError) { logout_request.validate! }
       end
     end
 
-    describe "#validate" do
-      it "validate the request" do
-        in_relation_to_request_id = random_id
-        settings.idp_entity_id = "https://example.com/idp"
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(valid_request({:uuid => in_relation_to_request_id}), settings)
-
-        assert logoutrequest.validate
-
-        assert_equal settings.idp_entity_id, logoutrequest.issuer
-
-        assert_equal "testuser@example.com", logoutrequest.nameid
-
-        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", logoutrequest.nameid_format
+    context "#name_id" do
+      should "extract the value of the name id element" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        assert_equal "someone@example.org", request.name_id
       end
-
     end
 
-    describe "#validate!" do
-      it "validates good requests" do
-        in_relation_to_request_id = random_id
-
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(valid_request({:uuid => in_relation_to_request_id}), settings)
-
-        logoutrequest.validate!
+    context "#issuer" do
+      should "return the issuer inside the request" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        assert_equal "https://app.onelogin.com/saml/metadata/SOMEACCOUNT", request.issuer
       end
+    end
 
-      it "raise error for invalid xml" do
-        logoutrequest = OneLogin::RubySaml::SloLogoutrequest.new(invalid_xml_request, settings)
-
-        assert_raises(OneLogin::RubySaml::ValidationError) { logoutrequest.validate! }
+    context "#id" do
+      should "extract the value of the ID attribute" do
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        assert_equal "_c0348950-935b-0131-1060-782bcb56fcaa", request.id
       end
     end
 

data/test/slo_logoutresponse_test.rb

@@ -1,226 +1,146 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
-class SloLogoutresponseTest < Minitest::Test
+class SloLogoutresponseTest < Test::Unit::TestCase
 
-  describe "SloLogoutresponse" do
+  context "SloLogoutresponse" do
+    settings = OneLogin::RubySaml::Settings.new
 
-    let(:settings) { OneLogin::RubySaml::Settings.new }
-
-    before do
+    should "create the deflated SAMLResponse URL parameter" do
       settings.idp_slo_target_url = "http://unauth.com/logout"
       settings.name_identifier_value = "f00f00"
       settings.compress_request = true
-      settings.certificate = ruby_saml_cert_text
-      settings.private_key = ruby_saml_key_text
-    end
 
-    it "create the deflated SAMLResponse URL parameter" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings)
-      assert_match /^http:\/\/unauth\.com\/logout\?SAMLResponse=/, unauth_url
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
 
-      inflated = decode_saml_response_payload(unauth_url)
-      assert_match /^<samlp:LogoutResponse/, inflated
-    end
+      assert request.is_valid?
 
-    it "support additional params" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :hello => nil })
-      assert_match /&hello=$/, unauth_url
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id)
+      assert unauth_url =~ /^http:\/\/unauth\.com\/logout\?SAMLResponse=/
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :foo => "bar" })
-      assert_match /&foo=bar$/, unauth_url
+      inflated = decode_saml_response_payload(unauth_url)
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :RelayState => "http://idp.example.com" })
-      assert_match /&RelayState=http%3A%2F%2Fidp.example.com$/, unauth_url
+      assert_match /^<samlp:LogoutResponse/, inflated
     end
 
-    it "RelayState cases" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :RelayState => nil })
-      assert !unauth_url.include?('RelayState')
+    should "support additional params" do
+      settings.idp_slo_target_url = "http://unauth.com/logout"
+      settings.name_identifier_value = "f00f00"
+      settings.compress_request = true
+
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :RelayState => "http://example.com" })
-      assert unauth_url.include?('&RelayState=http%3A%2F%2Fexample.com')
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, nil, { :hello => nil })
+      assert unauth_url =~ /&hello=$/
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { 'RelayState' => nil })
-      assert !unauth_url.include?('RelayState')
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, nil, { :foo => "bar" })
+      assert unauth_url =~ /&foo=bar$/
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { 'RelayState' => "http://example.com" })
-      assert unauth_url.include?('&RelayState=http%3A%2F%2Fexample.com')
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, nil, { :RelayState => "http://idp.example.com" })
+      assert unauth_url =~ /&RelayState=http%3A%2F%2Fidp.example.com$/
     end
 
-    it "set InResponseTo to the ID from the logout request" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, '_c0348950-935b-0131-1060-782bcb56fcaa')
+    should "set InResponseTo to the ID from the logout request" do
+      settings.idp_slo_target_url = "http://unauth.com/logout"
+      settings.name_identifier_value = "f00f00"
+      settings.compress_request = true
+
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id)
 
       inflated = decode_saml_response_payload(unauth_url)
+
       assert_match /InResponseTo='_c0348950-935b-0131-1060-782bcb56fcaa'/, inflated
     end
 
-    it "set a custom successful logout message on the response" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, "Custom Logout Message")
+    should "set a custom successful logout message on the response" do
+      settings.idp_slo_target_url = "http://unauth.com/logout"
+      settings.name_identifier_value = "f00f00"
+      settings.compress_request = true
+
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, "Custom Logout Message")
 
       inflated = decode_saml_response_payload(unauth_url)
+
       assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
     end
 
-    describe "when the settings indicate to sign (embedded) logout response" do
-
-      before do
+    context "when the settings indicate to sign (embebed) the logout response" do
+      should "create a signed logout response" do
+        settings = OneLogin::RubySaml::Settings.new
         settings.compress_response = false
+        settings.idp_slo_target_url = "http://example.com?field=value"
         settings.security[:logout_responses_signed] = true
         settings.security[:embed_sign] = true
-      end
-
-      it "doesn't sign through create_xml_document" do
-        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
-        inflated = unauth_res.create_xml_document(settings).to_s
-
-        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-      end
-
-      it "sign unsigned request" do
-        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
-        unauth_res_doc = unauth_res.create_xml_document(settings)
-        inflated = unauth_res_doc.to_s
+        settings.certificate  = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
 
-        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-
-        inflated = unauth_res.sign_document(unauth_res_doc, settings).to_s
-
-        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-      end
-
-      it "signs through create_logout_response_xml_doc" do
-        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
-        inflated = unauth_res.create_logout_response_xml_doc(settings).to_s
-
-        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-      end
-
-      it "create a signed logout response" do
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message")
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
 
         response_xml = Base64.decode64(params["SAMLResponse"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
-        assert_match /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/, response_xml
-        assert_match /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#sha1'\/>/, response_xml
+        response_xml =~ /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
+        response_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
       end
 
-      it "create a signed logout response with 256 digest and signature methods" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
-        settings.security[:digest_method] = XMLSecurity::Document::SHA256
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message")
-
-        response_xml = Base64.decode64(params["SAMLResponse"])
-        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
-        assert_match /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256'\/>/, response_xml
-        assert_match /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256'\/>/, response_xml
-      end
-
-      it "create a signed logout response with 512 digest and signature method RSA_SHA384" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
+      should "create a signed logout response with 256 digest and signature methods" do
+        settings = OneLogin::RubySaml::Settings.new
+        settings.compress_response = false
+        settings.idp_slo_target_url = "http://example.com?field=value"
+        settings.security[:logout_responses_signed] = true
+        settings.security[:embed_sign] = true
+        settings.security[:signature_method] = XMLSecurity::Document::SHA256
         settings.security[:digest_method] = XMLSecurity::Document::SHA512
+        settings.certificate  = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
 
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message")
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
 
         response_xml = Base64.decode64(params["SAMLResponse"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
-        assert_match /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha384'\/>/, response_xml
-        assert_match /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmlenc#sha512'\/>/, response_xml
+        response_xml =~ /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256'\/>/
+        response_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha512'\/>/
       end
     end
 
-    describe "#create_params when the settings indicate to sign the logout response" do
-
-      let(:cert) { OpenSSL::X509::Certificate.new(ruby_saml_cert_text) }
-
-      before do
+    context "when the settings indicate to sign the logout response" do
+      should "create a signature parameter" do
+        settings = OneLogin::RubySaml::Settings.new
         settings.compress_response = false
+        settings.idp_slo_target_url = "http://example.com?field=value"
+        settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
         settings.security[:logout_responses_signed] = true
         settings.security[:embed_sign] = false
-      end
-
-      it "create a signature parameter with RSA_SHA1 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
-        assert params['Signature']
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
-
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
-
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA1
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-      end
+        settings.security[:signature_method] = XMLSecurity::Document::SHA1
+        settings.certificate  = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
 
-      it "create a signature parameter with RSA_SHA256 /SHA256 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
         assert params['Signature']
+        assert params['SigAlg'] == XMLSecurity::Document::SHA1
 
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
-
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
-
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA256
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-      end
-
-      it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
+        # signature_method only affects the embedeed signature
+        settings.security[:signature_method] = XMLSecurity::Document::SHA256
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
         assert params['Signature']
-
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
-
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
-
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA384
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+        assert params['SigAlg'] == XMLSecurity::Document::SHA1
       end
+    end
 
-      it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
-        assert params['Signature']
-
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
+  end
 
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
+  def decode_saml_response_payload(unauth_url)
+    payload = CGI.unescape(unauth_url.split("SAMLResponse=").last)
+    decoded = Base64.decode64(payload)
 
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA512
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-      end
-    end
+    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+    inflated = zstream.inflate(decoded)
+    zstream.finish
+    zstream.close
+    inflated
   end
+
 end