ruby-saml 0.8.7 → 0.8.8

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 99b6868dbb0c85f62887107838735de63e1d9136
4
- data.tar.gz: 15eeebe4a761be9840b5136dfe957fb966f9519d
5
- SHA512:
6
- metadata.gz: 98a67ff93d0195daf43d1d4ecefea284be38566f85717314d2ec301d7fda271f14a1cbc60527d172fdc8314175f4ed67e30304ae9a2f840fa99988928c372745
7
- data.tar.gz: e528f8945eea81bdbeedd9c2bf7bd9f66e466ca941852758b79d2ad84e05a59516057a9a173538de29336863f935bb649ca5083049e707f6f0bcb6a0b269ce3c
1
+ ---
2
+ SHA512:
3
+ metadata.gz: 4841fc584fcb21a2d195ca2a0a7a3835301b4888d6eb10a916db75aaae47baa2db3142ea816cced287cda13e0e94261e33096532888e0c4dbfb88f3e815a561c
4
+ data.tar.gz: e1c81d64bc9cd5d3c9930934b02bbbe0b974b6a2606aae95ac81a0934a445971692f5ee6d5575baa5ca118f113776d824c581829fbf6f493a93041c7c6f74752
5
+ SHA256:
6
+ metadata.gz: 660a02871864e652d4676233c6c3f9afb36b5584a30dc6c12db8d683a891f609
7
+ data.tar.gz: 317d540f0b08fc67e91d74e3d46f553a50634cf9b1d199084470d1f099b79b51
data/README.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml)
2
2
 
3
+ # Updating from 0.8.7 to 0.8.8
4
+ Version `0.8.8` adds support for ForceAuthn and Subjects on AuthNRequests by the new name_identifier_value_requested setting
5
+
3
6
  ## Note on versions 0.8.6 and 0.8.7
4
7
  Version `0.8.6` introduced an incompatibility with regards to manipulating the `OneLogin::RubySaml::Response#attributes` property; in this version
5
8
  the `#attributes` property is a class (`OneLogin::RubySaml::Attributes`) which implements the `Enumerator` module, thus any non-overriden Hash method
@@ -43,22 +43,35 @@ module OneLogin
43
43
  # Create AuthnRequest root element using REXML
44
44
  request_doc = REXML::Document.new
45
45
 
46
- root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" }
46
+ root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
47
47
  root.attributes['ID'] = uuid
48
48
  root.attributes['IssueInstant'] = time
49
49
  root.attributes['Version'] = "2.0"
50
50
  root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
51
51
  root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
52
52
  root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
53
+ root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
53
54
 
54
55
  # Conditionally defined elements based on settings
55
56
  if settings.assertion_consumer_service_url != nil
56
57
  root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url
57
58
  end
58
59
  if settings.issuer != nil
59
- issuer = root.add_element "saml:Issuer", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
60
+ issuer = root.add_element "saml:Issuer"
60
61
  issuer.text = settings.issuer
61
62
  end
63
+
64
+ if settings.name_identifier_value_requested != nil
65
+ subject = root.add_element "saml:Subject"
66
+
67
+ nameid = subject.add_element "saml:NameID"
68
+ nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
69
+ nameid.text = settings.name_identifier_value_requested
70
+
71
+ subject_confirmation = subject.add_element "saml:SubjectConfirmation"
72
+ subject_confirmation.attributes['Method'] = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
73
+ end
74
+
62
75
  if settings.name_identifier_format != nil
63
76
  root.add_element "samlp:NameIDPolicy", {
64
77
  "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
@@ -13,10 +13,12 @@ module OneLogin
13
13
  attr_accessor :authn_context
14
14
  attr_accessor :idp_slo_target_url
15
15
  attr_accessor :name_identifier_value
16
+ attr_accessor :name_identifier_value_requested
16
17
  attr_accessor :sessionindex
17
18
  attr_accessor :assertion_consumer_logout_service_url
18
19
  attr_accessor :compress_request
19
20
  attr_accessor :double_quote_xml_attribute_values
21
+ attr_accessor :force_authn
20
22
  attr_accessor :passive
21
23
  attr_accessor :protocol_binding
22
24
 
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '0.8.7'
3
+ VERSION = '0.8.8'
4
4
  end
5
5
  end
@@ -63,6 +63,75 @@ class RequestTest < Test::Unit::TestCase
63
63
  assert_match /<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated
64
64
  end
65
65
 
66
+ should "create the SAMLRequest URL parameter with ProtocolBinding" do
67
+ settings = OneLogin::RubySaml::Settings.new
68
+ settings.idp_sso_target_url = "http://example.com"
69
+ settings.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
70
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
71
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
72
+ payload = CGI.unescape(auth_url.split("=").last)
73
+ decoded = Base64.decode64(payload)
74
+
75
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
76
+ inflated = zstream.inflate(decoded)
77
+ zstream.finish
78
+ zstream.close
79
+
80
+ assert_match /<samlp:AuthnRequest[^<]* ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'/, inflated
81
+ end
82
+
83
+ should "create the SAMLRequest URL parameter with ForceAuthn" do
84
+ settings = OneLogin::RubySaml::Settings.new
85
+ settings.idp_sso_target_url = "http://example.com"
86
+ settings.force_authn = true
87
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
88
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
89
+ payload = CGI.unescape(auth_url.split("=").last)
90
+ decoded = Base64.decode64(payload)
91
+
92
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
93
+ inflated = zstream.inflate(decoded)
94
+ zstream.finish
95
+ zstream.close
96
+ assert_match /<samlp:AuthnRequest[^<]* ForceAuthn='true'/, inflated
97
+ end
98
+
99
+ should "create the SAMLRequest URL parameter with NameID Format" do
100
+ settings = OneLogin::RubySaml::Settings.new
101
+ settings.idp_sso_target_url = "http://example.com"
102
+ settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
103
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
104
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
105
+ payload = CGI.unescape(auth_url.split("=").last)
106
+ decoded = Base64.decode64(payload)
107
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
108
+ inflated = zstream.inflate(decoded)
109
+ zstream.finish
110
+ zstream.close
111
+
112
+ assert_match /<samlp:NameIDPolicy[^<]* AllowCreate='true'/, inflated
113
+ assert_match /<samlp:NameIDPolicy[^<]* Format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'/, inflated
114
+ end
115
+
116
+ should "create the SAMLRequest URL parameter with Subject" do
117
+ settings = OneLogin::RubySaml::Settings.new
118
+ settings.idp_sso_target_url = "http://example.com"
119
+ settings.name_identifier_value_requested = "testuser@example.com"
120
+ settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
121
+ auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
122
+ assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
123
+ payload = CGI.unescape(auth_url.split("=").last)
124
+ decoded = Base64.decode64(payload)
125
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
126
+ inflated = zstream.inflate(decoded)
127
+ zstream.finish
128
+ zstream.close
129
+
130
+ assert inflated.include?('<saml:Subject>')
131
+ assert inflated.include?("<saml:NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'>testuser@example.com</saml:NameID>")
132
+ assert inflated.include?("<saml:SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'/>")
133
+ end
134
+
66
135
  should "accept extra parameters" do
67
136
  settings = OneLogin::RubySaml::Settings.new
68
137
  settings.idp_sso_target_url = "http://example.com"
@@ -10,9 +10,9 @@ class SettingsTest < Test::Unit::TestCase
10
10
  accessors = [
11
11
  :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
12
12
  :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
13
- :idp_slo_target_url, :name_identifier_value, :sessionindex,
14
- :assertion_consumer_logout_service_url,
15
- :passive, :protocol_binding
13
+ :idp_slo_target_url, :name_identifier_value, :name_identifier_value_requested,
14
+ :sessionindex, :assertion_consumer_logout_service_url,
15
+ :passive, :force_authn, :protocol_binding
16
16
  ]
17
17
 
18
18
  accessors.each do |accessor|
metadata CHANGED
@@ -1,54 +1,49 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
- version: !ruby/object:Gem::Version
4
- version: 0.8.7
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.8.8
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-13 00:00:00.000000000 Z
12
- dependencies:
13
- - !ruby/object:Gem::Dependency
11
+
12
+ date: 2019-03-21 00:00:00 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
14
15
  name: uuid
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '2.3'
20
- type: :runtime
21
16
  prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '2.3'
27
- - !ruby/object:Gem::Dependency
28
- name: nokogiri
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: 1.5.0
17
+ requirement: &id001 !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: "2.3"
34
22
  type: :runtime
23
+ version_requirements: *id001
24
+ - !ruby/object:Gem::Dependency
25
+ name: nokogiri
35
26
  prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
27
+ requirement: &id002 !ruby/object:Gem::Requirement
28
+ requirements:
38
29
  - - ">="
39
- - !ruby/object:Gem::Version
30
+ - !ruby/object:Gem::Version
40
31
  version: 1.5.0
32
+ type: :runtime
33
+ version_requirements: *id002
41
34
  description: SAML toolkit for Ruby on Rails
42
35
  email: support@onelogin.com
43
36
  executables: []
37
+
44
38
  extensions: []
45
- extra_rdoc_files:
39
+
40
+ extra_rdoc_files:
46
41
  - LICENSE
47
42
  - README.md
48
- files:
49
- - ".document"
50
- - ".gitignore"
51
- - ".travis.yml"
43
+ files:
44
+ - .document
45
+ - .gitignore
46
+ - .travis.yml
52
47
  - Gemfile
53
48
  - LICENSE
54
49
  - README.md
@@ -106,29 +101,31 @@ files:
106
101
  - test/xml_security_test.rb
107
102
  homepage: http://github.com/onelogin/ruby-saml
108
103
  licenses: []
104
+
109
105
  metadata: {}
106
+
110
107
  post_install_message:
111
- rdoc_options:
112
- - "--charset=UTF-8"
113
- require_paths:
108
+ rdoc_options:
109
+ - --charset=UTF-8
110
+ require_paths:
114
111
  - lib
115
- required_ruby_version: !ruby/object:Gem::Requirement
116
- requirements:
117
- - - ">="
118
- - !ruby/object:Gem::Version
119
- version: '0'
120
- required_rubygems_version: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - ">="
123
- - !ruby/object:Gem::Version
124
- version: '0'
112
+ required_ruby_version: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - &id003
115
+ - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: "0"
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - *id003
125
121
  requirements: []
122
+
126
123
  rubyforge_project: http://www.rubygems.org/gems/ruby-saml
127
- rubygems_version: 2.5.2.1
124
+ rubygems_version: 2.7.7
128
125
  signing_key:
129
126
  specification_version: 4
130
127
  summary: SAML Ruby Tookit
131
- test_files:
128
+ test_files:
132
129
  - test/certificates/certificate1
133
130
  - test/certificates/r1_certificate2_base64
134
131
  - test/logoutrequest_test.rb