ruby-saml 0.8.7 → 0.8.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 99b6868dbb0c85f62887107838735de63e1d9136
4
- data.tar.gz: 15eeebe4a761be9840b5136dfe957fb966f9519d
5
- SHA512:
6
- metadata.gz: 98a67ff93d0195daf43d1d4ecefea284be38566f85717314d2ec301d7fda271f14a1cbc60527d172fdc8314175f4ed67e30304ae9a2f840fa99988928c372745
7
- data.tar.gz: e528f8945eea81bdbeedd9c2bf7bd9f66e466ca941852758b79d2ad84e05a59516057a9a173538de29336863f935bb649ca5083049e707f6f0bcb6a0b269ce3c
1
+ ---
2
+ SHA512:
3
+ metadata.gz: 4841fc584fcb21a2d195ca2a0a7a3835301b4888d6eb10a916db75aaae47baa2db3142ea816cced287cda13e0e94261e33096532888e0c4dbfb88f3e815a561c
4
+ data.tar.gz: e1c81d64bc9cd5d3c9930934b02bbbe0b974b6a2606aae95ac81a0934a445971692f5ee6d5575baa5ca118f113776d824c581829fbf6f493a93041c7c6f74752
5
+ SHA256:
6
+ metadata.gz: 660a02871864e652d4676233c6c3f9afb36b5584a30dc6c12db8d683a891f609
7
+ data.tar.gz: 317d540f0b08fc67e91d74e3d46f553a50634cf9b1d199084470d1f099b79b51
data/README.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml)
2
2
 
3
+ # Updating from 0.8.7 to 0.8.8
4
+ Version `0.8.8` adds support for ForceAuthn and Subjects on AuthNRequests by the new name_identifier_value_requested setting
5
+
3
6
  ## Note on versions 0.8.6 and 0.8.7
4
7
  Version `0.8.6` introduced an incompatibility with regards to manipulating the `OneLogin::RubySaml::Response#attributes` property; in this version
5
8
  the `#attributes` property is a class (`OneLogin::RubySaml::Attributes`) which implements the `Enumerator` module, thus any non-overriden Hash method
@@ -43,22 +43,35 @@ module OneLogin
43
43
  # Create AuthnRequest root element using REXML
44
44
  request_doc = REXML::Document.new
45
45
 
46
- root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" }
46
+ root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
47
47
  root.attributes['ID'] = uuid
48
48
  root.attributes['IssueInstant'] = time
49
49
  root.attributes['Version'] = "2.0"
50
50
  root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
51
51
  root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
52
52
  root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
53
+ root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
53
54
 
54
55
  # Conditionally defined elements based on settings
55
56
  if settings.assertion_consumer_service_url != nil
56
57
  root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url
57
58
  end
58
59
  if settings.issuer != nil
59
- issuer = root.add_element "saml:Issuer", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
60
+ issuer = root.add_element "saml:Issuer"
60
61
  issuer.text = settings.issuer
61
62
  end
63
+
64
+ if settings.name_identifier_value_requested != nil
65
+ subject = root.add_element "saml:Subject"
66
+
67
+ nameid = subject.add_element "saml:NameID"
68
+ nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
69
+ nameid.text = settings.name_identifier_value_requested
70
+
71
+ subject_confirmation = subject.add_element "saml:SubjectConfirmation"
72
+ subject_confirmation.attributes['Method'] = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
73
+ end
74
+
62
75
  if settings.name_identifier_format != nil
63
76
  root.add_element "samlp:NameIDPolicy", {
64
77
  "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
@@ -13,10 +13,12 @@ module OneLogin
13
13
  attr_accessor :authn_context
14
14
  attr_accessor :idp_slo_target_url
15
15
  attr_accessor :name_identifier_value
16
+ attr_accessor :name_identifier_value_requested
16
17
  attr_accessor :sessionindex
17
18
  attr_accessor :assertion_consumer_logout_service_url
18
19
  attr_accessor :compress_request
19
20
  attr_accessor :double_quote_xml_attribute_values
21
+ attr_accessor :force_authn
20
22
  attr_accessor :passive
21
23
  attr_accessor :protocol_binding
22
24
 
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '0.8.7'
3
+ VERSION = '0.8.8'
4
4
  end
5
5
  end
@@ -63,6 +63,75 @@ class RequestTest < Test::Unit::TestCase
63
63
  assert_match /<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated
64
64
  end
65
65
 
66
+ should "create the SAMLRequest URL parameter with ProtocolBinding" do
67
+ settings = OneLogin::RubySaml::Settings.new
68
+ settings.idp_sso_target_url = "http://example.com"
69
+ settings.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
70
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
71
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
72
+ payload = CGI.unescape(auth_url.split("=").last)
73
+ decoded = Base64.decode64(payload)
74
+
75
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
76
+ inflated = zstream.inflate(decoded)
77
+ zstream.finish
78
+ zstream.close
79
+
80
+ assert_match /<samlp:AuthnRequest[^<]* ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'/, inflated
81
+ end
82
+
83
+ should "create the SAMLRequest URL parameter with ForceAuthn" do
84
+ settings = OneLogin::RubySaml::Settings.new
85
+ settings.idp_sso_target_url = "http://example.com"
86
+ settings.force_authn = true
87
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
88
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
89
+ payload = CGI.unescape(auth_url.split("=").last)
90
+ decoded = Base64.decode64(payload)
91
+
92
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
93
+ inflated = zstream.inflate(decoded)
94
+ zstream.finish
95
+ zstream.close
96
+ assert_match /<samlp:AuthnRequest[^<]* ForceAuthn='true'/, inflated
97
+ end
98
+
99
+ should "create the SAMLRequest URL parameter with NameID Format" do
100
+ settings = OneLogin::RubySaml::Settings.new
101
+ settings.idp_sso_target_url = "http://example.com"
102
+ settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
103
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
104
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
105
+ payload = CGI.unescape(auth_url.split("=").last)
106
+ decoded = Base64.decode64(payload)
107
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
108
+ inflated = zstream.inflate(decoded)
109
+ zstream.finish
110
+ zstream.close
111
+
112
+ assert_match /<samlp:NameIDPolicy[^<]* AllowCreate='true'/, inflated
113
+ assert_match /<samlp:NameIDPolicy[^<]* Format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'/, inflated
114
+ end
115
+
116
+ should "create the SAMLRequest URL parameter with Subject" do
117
+ settings = OneLogin::RubySaml::Settings.new
118
+ settings.idp_sso_target_url = "http://example.com"
119
+ settings.name_identifier_value_requested = "testuser@example.com"
120
+ settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
121
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
122
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
123
+ payload = CGI.unescape(auth_url.split("=").last)
124
+ decoded = Base64.decode64(payload)
125
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
126
+ inflated = zstream.inflate(decoded)
127
+ zstream.finish
128
+ zstream.close
129
+
130
+ assert inflated.include?('<saml:Subject>')
131
+ assert inflated.include?("<saml:NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'>testuser@example.com</saml:NameID>")
132
+ assert inflated.include?("<saml:SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'/>")
133
+ end
134
+
66
135
  should "accept extra parameters" do
67
136
  settings = OneLogin::RubySaml::Settings.new
68
137
  settings.idp_sso_target_url = "http://example.com"
@@ -10,9 +10,9 @@ class SettingsTest < Test::Unit::TestCase
10
10
  accessors = [
11
11
  :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
12
12
  :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
13
- :idp_slo_target_url, :name_identifier_value, :sessionindex,
14
- :assertion_consumer_logout_service_url,
15
- :passive, :protocol_binding
13
+ :idp_slo_target_url, :name_identifier_value, :name_identifier_value_requested,
14
+ :sessionindex, :assertion_consumer_logout_service_url,
15
+ :passive, :force_authn, :protocol_binding
16
16
  ]
17
17
 
18
18
  accessors.each do |accessor|
metadata CHANGED
@@ -1,54 +1,49 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
- version: !ruby/object:Gem::Version
4
- version: 0.8.7
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.8.8
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-13 00:00:00.000000000 Z
12
- dependencies:
13
- - !ruby/object:Gem::Dependency
11
+
12
+ date: 2019-03-21 00:00:00 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
14
15
  name: uuid
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '2.3'
20
- type: :runtime
21
16
  prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '2.3'
27
- - !ruby/object:Gem::Dependency
28
- name: nokogiri
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: 1.5.0
17
+ requirement: &id001 !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: "2.3"
34
22
  type: :runtime
23
+ version_requirements: *id001
24
+ - !ruby/object:Gem::Dependency
25
+ name: nokogiri
35
26
  prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
27
+ requirement: &id002 !ruby/object:Gem::Requirement
28
+ requirements:
38
29
  - - ">="
39
- - !ruby/object:Gem::Version
30
+ - !ruby/object:Gem::Version
40
31
  version: 1.5.0
32
+ type: :runtime
33
+ version_requirements: *id002
41
34
  description: SAML toolkit for Ruby on Rails
42
35
  email: support@onelogin.com
43
36
  executables: []
37
+
44
38
  extensions: []
45
- extra_rdoc_files:
39
+
40
+ extra_rdoc_files:
46
41
  - LICENSE
47
42
  - README.md
48
- files:
49
- - ".document"
50
- - ".gitignore"
51
- - ".travis.yml"
43
+ files:
44
+ - .document
45
+ - .gitignore
46
+ - .travis.yml
52
47
  - Gemfile
53
48
  - LICENSE
54
49
  - README.md
@@ -106,29 +101,31 @@ files:
106
101
  - test/xml_security_test.rb
107
102
  homepage: http://github.com/onelogin/ruby-saml
108
103
  licenses: []
104
+
109
105
  metadata: {}
106
+
110
107
  post_install_message:
111
- rdoc_options:
112
- - "--charset=UTF-8"
113
- require_paths:
108
+ rdoc_options:
109
+ - --charset=UTF-8
110
+ require_paths:
114
111
  - lib
115
- required_ruby_version: !ruby/object:Gem::Requirement
116
- requirements:
117
- - - ">="
118
- - !ruby/object:Gem::Version
119
- version: '0'
120
- required_rubygems_version: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - ">="
123
- - !ruby/object:Gem::Version
124
- version: '0'
112
+ required_ruby_version: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - &id003
115
+ - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: "0"
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - *id003
125
121
  requirements: []
122
+
126
123
  rubyforge_project: http://www.rubygems.org/gems/ruby-saml
127
- rubygems_version: 2.5.2.1
124
+ rubygems_version: 2.7.7
128
125
  signing_key:
129
126
  specification_version: 4
130
127
  summary: SAML Ruby Tookit
131
- test_files:
128
+ test_files:
132
129
  - test/certificates/certificate1
133
130
  - test/certificates/r1_certificate2_base64
134
131
  - test/logoutrequest_test.rb