ruby-saml 0.8.8 → 0.8.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

Files changed (45) hide show
  1. checksums.yaml +7 -7
  2. data/Gemfile +11 -1
  3. data/README.md +5 -2
  4. data/Rakefile +0 -14
  5. data/lib/onelogin/ruby-saml/authrequest.rb +86 -20
  6. data/lib/onelogin/ruby-saml/logoutrequest.rb +95 -20
  7. data/lib/onelogin/ruby-saml/logoutresponse.rb +5 -28
  8. data/lib/onelogin/ruby-saml/metadata.rb +5 -5
  9. data/lib/onelogin/ruby-saml/response.rb +187 -4
  10. data/lib/onelogin/ruby-saml/setting_error.rb +6 -0
  11. data/lib/onelogin/ruby-saml/settings.rb +146 -10
  12. data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +158 -0
  13. data/lib/onelogin/ruby-saml/utils.rb +169 -0
  14. data/lib/onelogin/ruby-saml/version.rb +1 -1
  15. data/lib/ruby-saml.rb +2 -1
  16. data/lib/xml_security.rb +330 -78
  17. data/test/certificates/ruby-saml-2.crt +15 -0
  18. data/test/certificates/ruby-saml.crt +14 -0
  19. data/test/certificates/ruby-saml.key +15 -0
  20. data/test/logoutrequest_test.rb +177 -44
  21. data/test/logoutresponse_test.rb +25 -29
  22. data/test/request_test.rb +100 -37
  23. data/test/response_test.rb +213 -111
  24. data/test/responses/adfs_response_xmlns.xml +45 -0
  25. data/test/responses/encrypted_new_attack.xml.base64 +1 -0
  26. data/test/responses/invalids/multiple_signed.xml.base64 +1 -0
  27. data/test/responses/invalids/no_signature.xml.base64 +1 -0
  28. data/test/responses/invalids/response_with_concealed_signed_assertion.xml +51 -0
  29. data/test/responses/invalids/response_with_doubled_signed_assertion.xml +49 -0
  30. data/test/responses/invalids/signature_wrapping_attack.xml.base64 +1 -0
  31. data/test/responses/logoutresponse_fixtures.rb +6 -6
  32. data/test/responses/response_with_concealed_signed_assertion.xml +51 -0
  33. data/test/responses/response_with_doubled_signed_assertion.xml +49 -0
  34. data/test/responses/response_with_signed_assertion_3.xml +30 -0
  35. data/test/responses/response_with_signed_message_and_assertion.xml +34 -0
  36. data/test/responses/response_with_undefined_recipient.xml.base64 +1 -0
  37. data/test/responses/response_wrapped.xml.base64 +150 -0
  38. data/test/responses/valid_response.xml.base64 +1 -0
  39. data/test/responses/valid_response_without_x509certificate.xml.base64 +1 -0
  40. data/test/settings_test.rb +7 -7
  41. data/test/slo_logoutresponse_test.rb +226 -0
  42. data/test/test_helper.rb +117 -12
  43. data/test/utils_test.rb +10 -10
  44. data/test/xml_security_test.rb +310 -68
  45. metadata +88 -45
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA512:
3
- metadata.gz: 4841fc584fcb21a2d195ca2a0a7a3835301b4888d6eb10a916db75aaae47baa2db3142ea816cced287cda13e0e94261e33096532888e0c4dbfb88f3e815a561c
4
- data.tar.gz: e1c81d64bc9cd5d3c9930934b02bbbe0b974b6a2606aae95ac81a0934a445971692f5ee6d5575baa5ca118f113776d824c581829fbf6f493a93041c7c6f74752
5
- SHA256:
6
- metadata.gz: 660a02871864e652d4676233c6c3f9afb36b5584a30dc6c12db8d683a891f609
7
- data.tar.gz: 317d540f0b08fc67e91d74e3d46f553a50634cf9b1d199084470d1f099b79b51
1
+ ---
2
+ SHA1:
3
+ metadata.gz: c3f3a436bf74c3342e13ed40b9d6d7c71e8b25f1
4
+ data.tar.gz: c39cb2b2fa7844d97cd83e2d6a34f7a5ab68151e
5
+ SHA512:
6
+ metadata.gz: 38e6e375700d52f5bd4300dc5a1e7b9b20e5283b00371418730b1857ffc9b98857e72066a9ea67b504953eddaefc8683a0d40a29156f614dc18f9aaea7e7e0e5
7
+ data.tar.gz: a93d2f2c35bed0a8c44db64e3672aa8e811883d37b0386618dd51d0d7a9f19ddd37c59381dfa2c94cc04a361f3ecce8cd9677dc9ab6f44dee4eb653fefedba91
data/Gemfile CHANGED
@@ -5,9 +5,19 @@ source 'http://rubygems.org'
5
5
 
6
6
  gemspec
7
7
 
8
+ if RUBY_VERSION < '1.9'
9
+ gem 'nokogiri', '~> 1.5.0'
10
+ gem 'minitest', '~> 5.5', '<= 5.11.3'
11
+ elsif RUBY_VERSION < '2.1'
12
+ gem 'nokogiri', '>= 1.5.0', '<= 1.6.8.1'
13
+ gem 'minitest', '~> 5.5'
14
+ else
15
+ gem 'nokogiri', '>= 1.5.0'
16
+ gem 'minitest', '~> 5.5'
17
+ end
18
+
8
19
  group :test do
9
20
  if RUBY_VERSION < '1.9'
10
- gem 'nokogiri', '~> 1.5.0'
11
21
  gem 'ruby-debug', '~> 0.10.4'
12
22
  elsif RUBY_VERSION < '2.0'
13
23
  gem 'debugger-linecache', '~> 1.2.0'
data/README.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml)
2
2
 
3
+ # Updating from 0.8.8 to 0.8.9
4
+ Version `0.8.9` deprecates the use of settings.issuer, use instead settings.sp_entity_id. Deprecates assertion_consumer_logout_service_url and assertion_consumer_logout_service_binding as well, use instead single_logout_service_url and single_logout_service_binding. Adds validate_audience.
5
+
3
6
  # Updating from 0.8.7 to 0.8.8
4
7
  Version `0.8.8` adds support for ForceAuthn and Subjects on AuthNRequests by the new name_identifier_value_requested setting
5
8
 
@@ -52,7 +55,7 @@ def saml_settings
52
55
  settings = OneLogin::RubySaml::Settings.new
53
56
 
54
57
  settings.assertion_consumer_service_url = "http://#{request.host}/saml/finalize"
55
- settings.issuer = request.host
58
+ settings.sp_entity_id = request.host
56
59
  settings.idp_sso_target_url = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
57
60
  settings.idp_cert_fingerprint = OneLoginAppCertFingerPrint
58
61
  settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
@@ -90,7 +93,7 @@ class SamlController < ApplicationController
90
93
  settings = OneLogin::RubySaml::Settings.new
91
94
 
92
95
  settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
93
- settings.issuer = request.host
96
+ settings.sp_entity_id = request.host
94
97
  settings.idp_sso_target_url = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
95
98
  settings.idp_cert_fingerprint = OneLoginAppCertFingerPrint
96
99
  settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
data/Rakefile CHANGED
@@ -25,17 +25,3 @@ end
25
25
  task :test
26
26
 
27
27
  task :default => :test
28
-
29
- # require 'rake/rdoctask'
30
- # Rake::RDocTask.new do |rdoc|
31
- # if File.exist?('VERSION')
32
- # version = File.read('VERSION')
33
- # else
34
- # version = ""
35
- # end
36
-
37
- # rdoc.rdoc_dir = 'rdoc'
38
- # rdoc.title = "ruby-saml #{version}"
39
- # rdoc.rdoc_files.include('README*')
40
- # rdoc.rdoc_files.include('lib/**/*.rb')
41
- #end
@@ -1,16 +1,50 @@
1
1
  require "base64"
2
- require "uuid"
3
2
  require "zlib"
4
3
  require "cgi"
5
- require "rexml/document"
6
- require "rexml/xpath"
4
+ require "onelogin/ruby-saml/utils"
5
+ require "onelogin/ruby-saml/setting_error"
7
6
 
8
7
  module OneLogin
9
8
  module RubySaml
10
- include REXML
9
+
11
10
  class Authrequest
11
+ # AuthNRequest ID
12
+ attr_reader :uuid
13
+
14
+ # Initializes the AuthNRequest. An Authrequest Object.
15
+ # Asigns an ID, a random uuid.
16
+ #
17
+ def initialize
18
+ @uuid = OneLogin::RubySaml::Utils.uuid
19
+ end
20
+
12
21
  def create(settings, params = {})
13
- params = {} if params.nil?
22
+ params = create_params(settings, params)
23
+ params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?'
24
+ saml_request = CGI.escape(params.delete("SAMLRequest"))
25
+ request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
26
+ params.each_pair do |key, value|
27
+ request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
28
+ end
29
+ raise SettingError.new "Invalid settings, idp_sso_target_url is not set!" if settings.idp_sso_target_url.nil? or settings.idp_sso_target_url.empty?
30
+ @login_url = settings.idp_sso_target_url + request_params
31
+ end
32
+
33
+ # Creates the Get parameters for the request.
34
+ # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
35
+ # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
36
+ # @return [Hash] Parameters
37
+ #
38
+ def create_params(settings, params={})
39
+ # The method expects :RelayState but sometimes we get 'RelayState' instead.
40
+ # Based on the HashWithIndifferentAccess value in Rails we could experience
41
+ # conflicts so this line will solve them.
42
+ relay_state = params[:RelayState] || params['RelayState']
43
+
44
+ if relay_state.nil?
45
+ params.delete(:RelayState)
46
+ params.delete('RelayState')
47
+ end
14
48
 
15
49
  request_doc = create_authentication_xml_doc(settings)
16
50
  request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
@@ -20,34 +54,55 @@ module OneLogin
20
54
 
21
55
  Logging.debug "Created AuthnRequest: #{request}"
22
56
 
23
- request = Zlib::Deflate.deflate(request, 9)[2..-5] if settings.compress_request
57
+ request = Zlib::Deflate.deflate(request, 9)[2..-5] if settings.compress_request
24
58
  if Base64.respond_to?('strict_encode64')
25
- base64_request = Base64.strict_encode64(request)
59
+ base64_request = Base64.strict_encode64(request)
26
60
  else
27
- base64_request = Base64.encode64(request).gsub(/\n/, "")
61
+ base64_request = Base64.encode64(request).gsub(/\n/, "")
62
+ end
63
+
64
+ request_params = {"SAMLRequest" => base64_request}
65
+
66
+ if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
67
+ params['SigAlg'] = settings.security[:signature_method]
68
+ url_string = OneLogin::RubySaml::Utils.build_query(
69
+ :type => 'SAMLRequest',
70
+ :data => base64_request,
71
+ :relay_state => relay_state,
72
+ :sig_alg => params['SigAlg']
73
+ )
74
+ sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
75
+ signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
76
+ if Base64.respond_to?('strict_encode64')
77
+ params['Signature'] = Base64.strict_encode64(signature)
78
+ else
79
+ params['Signature'] = Base64.encode64(signature).gsub(/\n/, "")
80
+ end
28
81
  end
29
- encoded_request = CGI.escape(base64_request)
30
- params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?'
31
- request_params = "#{params_prefix}SAMLRequest=#{encoded_request}"
32
82
 
33
83
  params.each_pair do |key, value|
34
- request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
84
+ request_params[key] = value.to_s
35
85
  end
36
86
 
37
- settings.idp_sso_target_url + request_params
87
+ request_params
38
88
  end
39
89
 
40
90
  def create_authentication_xml_doc(settings)
41
- uuid = "_" + UUID.new.generate
42
- time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
43
- # Create AuthnRequest root element using REXML
44
- request_doc = REXML::Document.new
91
+ document = create_xml_document(settings)
92
+ sign_document(document, settings)
93
+ end
94
+
95
+ def create_xml_document(settings)
96
+ time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
97
+
98
+ request_doc = XMLSecurity::Document.new
99
+ request_doc.uuid = uuid
45
100
 
46
101
  root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
47
102
  root.attributes['ID'] = uuid
48
103
  root.attributes['IssueInstant'] = time
49
104
  root.attributes['Version'] = "2.0"
50
- root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
105
+ root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? or settings.idp_sso_target_url.empty?
51
106
  root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
52
107
  root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
53
108
  root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
@@ -56,9 +111,9 @@ module OneLogin
56
111
  if settings.assertion_consumer_service_url != nil
57
112
  root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url
58
113
  end
59
- if settings.issuer != nil
114
+ if settings.sp_entity_id != nil
60
115
  issuer = root.add_element "saml:Issuer"
61
- issuer.text = settings.issuer
116
+ issuer.text = settings.sp_entity_id
62
117
  end
63
118
 
64
119
  if settings.name_identifier_value_requested != nil
@@ -97,6 +152,17 @@ module OneLogin
97
152
  request_doc
98
153
  end
99
154
 
155
+ def sign_document(document, settings)
156
+ # embed signature
157
+ if settings.security[:authn_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
158
+ private_key = settings.get_sp_key
159
+ cert = settings.get_sp_cert
160
+ document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
161
+ end
162
+
163
+ document
164
+ end
165
+
100
166
  end
101
167
  end
102
168
  end
@@ -1,55 +1,115 @@
1
1
  require "base64"
2
- require "uuid"
3
2
  require "zlib"
4
3
  require "cgi"
4
+ require 'rexml/document'
5
+ require "onelogin/ruby-saml/utils"
6
+ require "onelogin/ruby-saml/setting_error"
5
7
 
6
8
  module OneLogin
7
9
  module RubySaml
8
- include REXML
10
+
9
11
  class Logoutrequest
10
12
 
11
13
  attr_reader :uuid # Can be obtained if neccessary
12
14
 
13
15
  def initialize
14
- @uuid = "_" + UUID.new.generate
16
+ @uuid = OneLogin::RubySaml::Utils.uuid
15
17
  end
16
18
 
17
19
  def create(settings, params={})
18
- request_doc = create_unauth_xml_doc(settings, params)
20
+ params = create_params(settings, params)
21
+ params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
22
+ saml_request = CGI.escape(params.delete("SAMLRequest"))
23
+ request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
24
+ params.each_pair do |key, value|
25
+ request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
26
+ end
27
+ raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if settings.idp_slo_target_url.nil? or settings.idp_slo_target_url.empty?
28
+ @logout_url = settings.idp_slo_target_url + request_params
29
+ end
30
+
31
+ # Creates the Get parameters for the logout request.
32
+ # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
33
+ # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
34
+ # @return [Hash] Parameters
35
+ #
36
+ def create_params(settings, params={})
37
+ # The method expects :RelayState but sometimes we get 'RelayState' instead.
38
+ # Based on the HashWithIndifferentAccess value in Rails we could experience
39
+ # conflicts so this line will solve them.
40
+ relay_state = params[:RelayState] || params['RelayState']
41
+
42
+ if relay_state.nil?
43
+ params.delete(:RelayState)
44
+ params.delete('RelayState')
45
+ end
46
+
47
+ request_doc = create_logout_request_xml_doc(settings)
48
+ request_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
49
+
19
50
  request = ""
20
51
  request_doc.write(request)
21
52
 
22
- deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
53
+ Logging.debug "Created SLO Logout Request: #{request}"
54
+
55
+ request = Zlib::Deflate.deflate(request, 9)[2..-5] if settings.compress_request
23
56
  if Base64.respond_to?('strict_encode64')
24
- base64_request = Base64.strict_encode64(deflated_request)
57
+ base64_request = Base64.strict_encode64(request)
25
58
  else
26
- base64_request = Base64.encode64(deflated_request).gsub(/\n/, "")
59
+ base64_request = Base64.encode64(request).gsub(/\n/, "")
27
60
  end
28
- encoded_request = CGI.escape(base64_request)
61
+ request_params = {"SAMLRequest" => base64_request}
29
62
 
30
- params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
31
- request_params = "#{params_prefix}SAMLRequest=#{encoded_request}"
63
+ if settings.security[:logout_requests_signed] && !settings.security[:embed_sign] && settings.private_key
64
+ params['SigAlg'] = settings.security[:signature_method]
65
+ url_string = OneLogin::RubySaml::Utils.build_query(
66
+ :type => 'SAMLRequest',
67
+ :data => base64_request,
68
+ :relay_state => relay_state,
69
+ :sig_alg => params['SigAlg']
70
+ )
71
+ sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
72
+ signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
73
+ if Base64.respond_to?('strict_encode64')
74
+ params['Signature'] = Base64.strict_encode64(signature)
75
+ else
76
+ params['Signature'] = Base64.encode64(signature).gsub(/\n/, "")
77
+ end
78
+ end
32
79
 
33
80
  params.each_pair do |key, value|
34
- request_params << "&#{key}=#{CGI.escape(value.to_s)}"
81
+ request_params[key] = value.to_s
35
82
  end
36
83
 
37
- @logout_url = settings.idp_slo_target_url + request_params
84
+ request_params
38
85
  end
39
86
 
40
- def create_unauth_xml_doc(settings, params)
87
+ # Creates the SAMLRequest String.
88
+ # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
89
+ # @return [String] The SAMLRequest String.
90
+ #
91
+ def create_logout_request_xml_doc(settings)
92
+ document = create_xml_document(settings)
93
+ sign_document(document, settings)
94
+ end
95
+
96
+ def create_xml_document(settings, request_doc=nil)
97
+ time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
41
98
 
42
- time = Time.new().strftime("%Y-%m-%dT%H:%M:%S")
99
+ if request_doc.nil?
100
+ request_doc = XMLSecurity::Document.new
101
+ request_doc.uuid = uuid
102
+ end
43
103
 
44
- request_doc = REXML::Document.new
45
104
  root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" }
46
- root.attributes['ID'] = @uuid
105
+ root.attributes['ID'] = uuid
47
106
  root.attributes['IssueInstant'] = time
48
107
  root.attributes['Version'] = "2.0"
108
+ root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil? or settings.idp_slo_target_url.empty?
49
109
 
50
- if settings.issuer
110
+ if settings.sp_entity_id
51
111
  issuer = root.add_element "saml:Issuer", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
52
- issuer.text = settings.issuer
112
+ issuer.text = settings.sp_entity_id
53
113
  end
54
114
 
55
115
  if settings.name_identifier_value
@@ -57,8 +117,6 @@ module OneLogin
57
117
  name_id.attributes['NameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
58
118
  name_id.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
59
119
  name_id.text = settings.name_identifier_value
60
- else
61
- raise ValidationError.new("Missing required name identifier")
62
120
  end
63
121
 
64
122
  if settings.sessionindex
@@ -81,6 +139,23 @@ module OneLogin
81
139
  end
82
140
  request_doc
83
141
  end
142
+
143
+ def sign_document(document, settings)
144
+ # embed signature
145
+ if settings.security[:logout_requests_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
146
+ private_key = settings.get_sp_key
147
+ cert = settings.get_sp_cert
148
+ document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
149
+ end
150
+
151
+ document
152
+ end
153
+
154
+ # Leave due compatibility
155
+ def create_unauth_xml_doc(settings, params)
156
+ request_doc = ReXML::Document.new
157
+ create_xml_document(settings, request_doc)
158
+ end
84
159
  end
85
160
  end
86
161
  end
@@ -1,7 +1,5 @@
1
1
  require "xml_security"
2
2
  require "time"
3
- require "base64"
4
- require "zlib"
5
3
 
6
4
  module OneLogin
7
5
  module RubySaml
@@ -30,7 +28,7 @@ module OneLogin
30
28
  self.settings = settings
31
29
 
32
30
  @options = options
33
- @response = decode_raw_response(response)
31
+ @response = OneLogin::RubySaml::Utils.decode_raw_saml(response)
34
32
  @document = XMLSecurity::SignedDocument.new(response)
35
33
  end
36
34
 
@@ -75,27 +73,6 @@ module OneLogin
75
73
 
76
74
  private
77
75
 
78
- def decode(encoded)
79
- Base64.decode64(encoded)
80
- end
81
-
82
- def inflate(deflated)
83
- zlib = Zlib::Inflate.new(-Zlib::MAX_WBITS)
84
- zlib.inflate(deflated)
85
- end
86
-
87
- def decode_raw_response(response)
88
- if response =~ /^</
89
- return response
90
- elsif (decoded = decode(response)) =~ /^</
91
- return decoded
92
- elsif (inflated = inflate(decoded)) =~ /^</
93
- return inflated
94
- end
95
-
96
- raise "Couldn't decode SAMLResponse"
97
- end
98
-
99
76
  def valid_saml?(soft = true)
100
77
  Dir.chdir(File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'schemas'))) do
101
78
  @schema = Nokogiri::XML::Schema(IO.read('saml20protocol_schema.xsd'))
@@ -117,8 +94,8 @@ module OneLogin
117
94
  return soft ? false : validation_error("No settings on response")
118
95
  end
119
96
 
120
- if settings.issuer.nil?
121
- return soft ? false : validation_error("No issuer in settings")
97
+ if settings.sp_entity_id.nil?
98
+ return soft ? false : validation_error("No sp_entity_id in settings")
122
99
  end
123
100
 
124
101
  if settings.idp_cert_fingerprint.nil? && settings.idp_cert.nil?
@@ -139,8 +116,8 @@ module OneLogin
139
116
  end
140
117
 
141
118
  def valid_issuer?(soft = true)
142
- unless URI.parse(issuer) == URI.parse(self.settings.issuer)
143
- return soft ? false : validation_error("Doesn't match the issuer, expected: <#{self.settings.issuer}>, but was: <#{issuer}>")
119
+ unless URI.parse(issuer) == URI.parse(self.settings.sp_entity_id)
120
+ return soft ? false : validation_error("Doesn't match the issuer, expected: <#{self.settings.sp_entity_id}>, but was: <#{issuer}>")
144
121
  end
145
122
  true
146
123
  end