ruby-saml 0.8.7 → 0.8.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +7 -7
- data/README.md +3 -0
- data/lib/onelogin/ruby-saml/authrequest.rb +15 -2
- data/lib/onelogin/ruby-saml/settings.rb +2 -0
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/test/request_test.rb +69 -0
- data/test/settings_test.rb +3 -3
- metadata +45 -48
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
|
-
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
5
|
-
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
1
|
+
---
|
2
|
+
SHA512:
|
3
|
+
metadata.gz: 4841fc584fcb21a2d195ca2a0a7a3835301b4888d6eb10a916db75aaae47baa2db3142ea816cced287cda13e0e94261e33096532888e0c4dbfb88f3e815a561c
|
4
|
+
data.tar.gz: e1c81d64bc9cd5d3c9930934b02bbbe0b974b6a2606aae95ac81a0934a445971692f5ee6d5575baa5ca118f113776d824c581829fbf6f493a93041c7c6f74752
|
5
|
+
SHA256:
|
6
|
+
metadata.gz: 660a02871864e652d4676233c6c3f9afb36b5584a30dc6c12db8d683a891f609
|
7
|
+
data.tar.gz: 317d540f0b08fc67e91d74e3d46f553a50634cf9b1d199084470d1f099b79b51
|
data/README.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# Ruby SAML [](http://travis-ci.org/onelogin/ruby-saml)
|
2
2
|
|
3
|
+
# Updating from 0.8.7 to 0.8.8
|
4
|
+
Version `0.8.8` adds support for ForceAuthn and Subjects on AuthNRequests by the new name_identifier_value_requested setting
|
5
|
+
|
3
6
|
## Note on versions 0.8.6 and 0.8.7
|
4
7
|
Version `0.8.6` introduced an incompatibility with regards to manipulating the `OneLogin::RubySaml::Response#attributes` property; in this version
|
5
8
|
the `#attributes` property is a class (`OneLogin::RubySaml::Attributes`) which implements the `Enumerator` module, thus any non-overriden Hash method
|
@@ -43,22 +43,35 @@ module OneLogin
|
|
43
43
|
# Create AuthnRequest root element using REXML
|
44
44
|
request_doc = REXML::Document.new
|
45
45
|
|
46
|
-
root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" }
|
46
|
+
root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
|
47
47
|
root.attributes['ID'] = uuid
|
48
48
|
root.attributes['IssueInstant'] = time
|
49
49
|
root.attributes['Version'] = "2.0"
|
50
50
|
root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
|
51
51
|
root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
|
52
52
|
root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
|
53
|
+
root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
|
53
54
|
|
54
55
|
# Conditionally defined elements based on settings
|
55
56
|
if settings.assertion_consumer_service_url != nil
|
56
57
|
root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url
|
57
58
|
end
|
58
59
|
if settings.issuer != nil
|
59
|
-
issuer = root.add_element "saml:Issuer"
|
60
|
+
issuer = root.add_element "saml:Issuer"
|
60
61
|
issuer.text = settings.issuer
|
61
62
|
end
|
63
|
+
|
64
|
+
if settings.name_identifier_value_requested != nil
|
65
|
+
subject = root.add_element "saml:Subject"
|
66
|
+
|
67
|
+
nameid = subject.add_element "saml:NameID"
|
68
|
+
nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
|
69
|
+
nameid.text = settings.name_identifier_value_requested
|
70
|
+
|
71
|
+
subject_confirmation = subject.add_element "saml:SubjectConfirmation"
|
72
|
+
subject_confirmation.attributes['Method'] = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
|
73
|
+
end
|
74
|
+
|
62
75
|
if settings.name_identifier_format != nil
|
63
76
|
root.add_element "samlp:NameIDPolicy", {
|
64
77
|
"xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
@@ -13,10 +13,12 @@ module OneLogin
|
|
13
13
|
attr_accessor :authn_context
|
14
14
|
attr_accessor :idp_slo_target_url
|
15
15
|
attr_accessor :name_identifier_value
|
16
|
+
attr_accessor :name_identifier_value_requested
|
16
17
|
attr_accessor :sessionindex
|
17
18
|
attr_accessor :assertion_consumer_logout_service_url
|
18
19
|
attr_accessor :compress_request
|
19
20
|
attr_accessor :double_quote_xml_attribute_values
|
21
|
+
attr_accessor :force_authn
|
20
22
|
attr_accessor :passive
|
21
23
|
attr_accessor :protocol_binding
|
22
24
|
|
data/test/request_test.rb
CHANGED
@@ -63,6 +63,75 @@ class RequestTest < Test::Unit::TestCase
|
|
63
63
|
assert_match /<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated
|
64
64
|
end
|
65
65
|
|
66
|
+
should "create the SAMLRequest URL parameter with ProtocolBinding" do
|
67
|
+
settings = OneLogin::RubySaml::Settings.new
|
68
|
+
settings.idp_sso_target_url = "http://example.com"
|
69
|
+
settings.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
70
|
+
auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
|
71
|
+
assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
|
72
|
+
payload = CGI.unescape(auth_url.split("=").last)
|
73
|
+
decoded = Base64.decode64(payload)
|
74
|
+
|
75
|
+
zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
|
76
|
+
inflated = zstream.inflate(decoded)
|
77
|
+
zstream.finish
|
78
|
+
zstream.close
|
79
|
+
|
80
|
+
assert_match /<samlp:AuthnRequest[^<]* ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'/, inflated
|
81
|
+
end
|
82
|
+
|
83
|
+
should "create the SAMLRequest URL parameter with ForceAuthn" do
|
84
|
+
settings = OneLogin::RubySaml::Settings.new
|
85
|
+
settings.idp_sso_target_url = "http://example.com"
|
86
|
+
settings.force_authn = true
|
87
|
+
auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
|
88
|
+
assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
|
89
|
+
payload = CGI.unescape(auth_url.split("=").last)
|
90
|
+
decoded = Base64.decode64(payload)
|
91
|
+
|
92
|
+
zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
|
93
|
+
inflated = zstream.inflate(decoded)
|
94
|
+
zstream.finish
|
95
|
+
zstream.close
|
96
|
+
assert_match /<samlp:AuthnRequest[^<]* ForceAuthn='true'/, inflated
|
97
|
+
end
|
98
|
+
|
99
|
+
should "create the SAMLRequest URL parameter with NameID Format" do
|
100
|
+
settings = OneLogin::RubySaml::Settings.new
|
101
|
+
settings.idp_sso_target_url = "http://example.com"
|
102
|
+
settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
|
103
|
+
auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
|
104
|
+
assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
|
105
|
+
payload = CGI.unescape(auth_url.split("=").last)
|
106
|
+
decoded = Base64.decode64(payload)
|
107
|
+
zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
|
108
|
+
inflated = zstream.inflate(decoded)
|
109
|
+
zstream.finish
|
110
|
+
zstream.close
|
111
|
+
|
112
|
+
assert_match /<samlp:NameIDPolicy[^<]* AllowCreate='true'/, inflated
|
113
|
+
assert_match /<samlp:NameIDPolicy[^<]* Format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'/, inflated
|
114
|
+
end
|
115
|
+
|
116
|
+
should "create the SAMLRequest URL parameter with Subject" do
|
117
|
+
settings = OneLogin::RubySaml::Settings.new
|
118
|
+
settings.idp_sso_target_url = "http://example.com"
|
119
|
+
settings.name_identifier_value_requested = "testuser@example.com"
|
120
|
+
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
121
|
+
auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
|
122
|
+
assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
|
123
|
+
payload = CGI.unescape(auth_url.split("=").last)
|
124
|
+
decoded = Base64.decode64(payload)
|
125
|
+
zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
|
126
|
+
inflated = zstream.inflate(decoded)
|
127
|
+
zstream.finish
|
128
|
+
zstream.close
|
129
|
+
|
130
|
+
assert inflated.include?('<saml:Subject>')
|
131
|
+
assert inflated.include?("<saml:NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'>testuser@example.com</saml:NameID>")
|
132
|
+
assert inflated.include?("<saml:SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'/>")
|
133
|
+
end
|
134
|
+
|
66
135
|
should "accept extra parameters" do
|
67
136
|
settings = OneLogin::RubySaml::Settings.new
|
68
137
|
settings.idp_sso_target_url = "http://example.com"
|
data/test/settings_test.rb
CHANGED
@@ -10,9 +10,9 @@ class SettingsTest < Test::Unit::TestCase
|
|
10
10
|
accessors = [
|
11
11
|
:assertion_consumer_service_url, :issuer, :sp_name_qualifier,
|
12
12
|
:idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
|
13
|
-
:idp_slo_target_url, :name_identifier_value, :
|
14
|
-
:assertion_consumer_logout_service_url,
|
15
|
-
:passive, :protocol_binding
|
13
|
+
:idp_slo_target_url, :name_identifier_value, :name_identifier_value_requested,
|
14
|
+
:sessionindex, :assertion_consumer_logout_service_url,
|
15
|
+
:passive, :force_authn, :protocol_binding
|
16
16
|
]
|
17
17
|
|
18
18
|
accessors.each do |accessor|
|
metadata
CHANGED
@@ -1,54 +1,49 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-saml
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.8.8
|
5
5
|
platform: ruby
|
6
|
-
authors:
|
6
|
+
authors:
|
7
7
|
- OneLogin LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
|
12
|
-
|
13
|
-
|
11
|
+
|
12
|
+
date: 2019-03-21 00:00:00 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
14
15
|
name: uuid
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '2.3'
|
20
|
-
type: :runtime
|
21
16
|
prerelease: false
|
22
|
-
|
23
|
-
requirements:
|
24
|
-
- -
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version:
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: nokogiri
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - ">="
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 1.5.0
|
17
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: "2.3"
|
34
22
|
type: :runtime
|
23
|
+
version_requirements: *id001
|
24
|
+
- !ruby/object:Gem::Dependency
|
25
|
+
name: nokogiri
|
35
26
|
prerelease: false
|
36
|
-
|
37
|
-
requirements:
|
27
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
28
|
+
requirements:
|
38
29
|
- - ">="
|
39
|
-
- !ruby/object:Gem::Version
|
30
|
+
- !ruby/object:Gem::Version
|
40
31
|
version: 1.5.0
|
32
|
+
type: :runtime
|
33
|
+
version_requirements: *id002
|
41
34
|
description: SAML toolkit for Ruby on Rails
|
42
35
|
email: support@onelogin.com
|
43
36
|
executables: []
|
37
|
+
|
44
38
|
extensions: []
|
45
|
-
|
39
|
+
|
40
|
+
extra_rdoc_files:
|
46
41
|
- LICENSE
|
47
42
|
- README.md
|
48
|
-
files:
|
49
|
-
-
|
50
|
-
-
|
51
|
-
-
|
43
|
+
files:
|
44
|
+
- .document
|
45
|
+
- .gitignore
|
46
|
+
- .travis.yml
|
52
47
|
- Gemfile
|
53
48
|
- LICENSE
|
54
49
|
- README.md
|
@@ -106,29 +101,31 @@ files:
|
|
106
101
|
- test/xml_security_test.rb
|
107
102
|
homepage: http://github.com/onelogin/ruby-saml
|
108
103
|
licenses: []
|
104
|
+
|
109
105
|
metadata: {}
|
106
|
+
|
110
107
|
post_install_message:
|
111
|
-
rdoc_options:
|
112
|
-
-
|
113
|
-
require_paths:
|
108
|
+
rdoc_options:
|
109
|
+
- --charset=UTF-8
|
110
|
+
require_paths:
|
114
111
|
- lib
|
115
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
116
|
-
requirements:
|
117
|
-
-
|
118
|
-
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
version: '0'
|
112
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- &id003
|
115
|
+
- ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: "0"
|
118
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- *id003
|
125
121
|
requirements: []
|
122
|
+
|
126
123
|
rubyforge_project: http://www.rubygems.org/gems/ruby-saml
|
127
|
-
rubygems_version: 2.
|
124
|
+
rubygems_version: 2.7.7
|
128
125
|
signing_key:
|
129
126
|
specification_version: 4
|
130
127
|
summary: SAML Ruby Tookit
|
131
|
-
test_files:
|
128
|
+
test_files:
|
132
129
|
- test/certificates/certificate1
|
133
130
|
- test/certificates/r1_certificate2_base64
|
134
131
|
- test/logoutrequest_test.rb
|