ruby-saml 1.10.2 → 1.12.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

Files changed (159) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +21 -20
  3. data/README.md +95 -26
  4. data/changelog.md +30 -0
  5. data/lib/onelogin/ruby-saml/attributes.rb +24 -1
  6. data/lib/onelogin/ruby-saml/authrequest.rb +11 -6
  7. data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +62 -24
  8. data/lib/onelogin/ruby-saml/logging.rb +3 -3
  9. data/lib/onelogin/ruby-saml/logoutrequest.rb +11 -5
  10. data/lib/onelogin/ruby-saml/logoutresponse.rb +21 -2
  11. data/lib/onelogin/ruby-saml/metadata.rb +11 -3
  12. data/lib/onelogin/ruby-saml/response.rb +64 -23
  13. data/lib/onelogin/ruby-saml/saml_message.rb +6 -0
  14. data/lib/onelogin/ruby-saml/setting_error.rb +6 -0
  15. data/lib/onelogin/ruby-saml/settings.rb +71 -7
  16. data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +20 -1
  17. data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +31 -17
  18. data/lib/onelogin/ruby-saml/utils.rb +69 -0
  19. data/lib/onelogin/ruby-saml/version.rb +1 -1
  20. data/lib/xml_security.rb +34 -6
  21. data/ruby-saml.gemspec +9 -5
  22. metadata +36 -282
  23. data/test/certificates/certificate.der +0 -0
  24. data/test/certificates/certificate1 +0 -12
  25. data/test/certificates/certificate_without_head_foot +0 -1
  26. data/test/certificates/formatted_certificate +0 -14
  27. data/test/certificates/formatted_chained_certificate +0 -42
  28. data/test/certificates/formatted_private_key +0 -12
  29. data/test/certificates/formatted_rsa_private_key +0 -12
  30. data/test/certificates/invalid_certificate1 +0 -1
  31. data/test/certificates/invalid_certificate2 +0 -1
  32. data/test/certificates/invalid_certificate3 +0 -12
  33. data/test/certificates/invalid_chained_certificate1 +0 -1
  34. data/test/certificates/invalid_private_key1 +0 -1
  35. data/test/certificates/invalid_private_key2 +0 -1
  36. data/test/certificates/invalid_private_key3 +0 -10
  37. data/test/certificates/invalid_rsa_private_key1 +0 -1
  38. data/test/certificates/invalid_rsa_private_key2 +0 -1
  39. data/test/certificates/invalid_rsa_private_key3 +0 -10
  40. data/test/certificates/ruby-saml-2.crt +0 -15
  41. data/test/certificates/ruby-saml.crt +0 -14
  42. data/test/certificates/ruby-saml.key +0 -15
  43. data/test/idp_metadata_parser_test.rb +0 -594
  44. data/test/logging_test.rb +0 -62
  45. data/test/logout_requests/invalid_slo_request.xml +0 -6
  46. data/test/logout_requests/slo_request.xml +0 -4
  47. data/test/logout_requests/slo_request.xml.base64 +0 -1
  48. data/test/logout_requests/slo_request_deflated.xml.base64 +0 -1
  49. data/test/logout_requests/slo_request_with_name_id_format.xml +0 -4
  50. data/test/logout_requests/slo_request_with_session_index.xml +0 -5
  51. data/test/logout_responses/logoutresponse_fixtures.rb +0 -86
  52. data/test/logoutrequest_test.rb +0 -260
  53. data/test/logoutresponse_test.rb +0 -409
  54. data/test/metadata/idp_descriptor.xml +0 -26
  55. data/test/metadata/idp_descriptor_2.xml +0 -56
  56. data/test/metadata/idp_descriptor_3.xml +0 -14
  57. data/test/metadata/idp_descriptor_4.xml +0 -72
  58. data/test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml +0 -72
  59. data/test/metadata/idp_metadata_multi_certs.xml +0 -75
  60. data/test/metadata/idp_metadata_multi_signing_certs.xml +0 -52
  61. data/test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml +0 -71
  62. data/test/metadata/idp_multiple_descriptors.xml +0 -59
  63. data/test/metadata/idp_multiple_descriptors_2.xml +0 -59
  64. data/test/metadata/no_idp_descriptor.xml +0 -21
  65. data/test/metadata_test.rb +0 -331
  66. data/test/request_test.rb +0 -340
  67. data/test/response_test.rb +0 -1620
  68. data/test/responses/adfs_response_sha1.xml +0 -46
  69. data/test/responses/adfs_response_sha256.xml +0 -46
  70. data/test/responses/adfs_response_sha384.xml +0 -46
  71. data/test/responses/adfs_response_sha512.xml +0 -46
  72. data/test/responses/adfs_response_xmlns.xml +0 -45
  73. data/test/responses/attackxee.xml +0 -13
  74. data/test/responses/invalids/duplicated_attributes.xml.base64 +0 -1
  75. data/test/responses/invalids/empty_destination.xml.base64 +0 -1
  76. data/test/responses/invalids/empty_nameid.xml.base64 +0 -1
  77. data/test/responses/invalids/encrypted_new_attack.xml.base64 +0 -1
  78. data/test/responses/invalids/invalid_audience.xml.base64 +0 -1
  79. data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
  80. data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
  81. data/test/responses/invalids/invalid_signature_position.xml.base64 +0 -1
  82. data/test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64 +0 -1
  83. data/test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64 +0 -1
  84. data/test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64 +0 -1
  85. data/test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64 +0 -1
  86. data/test/responses/invalids/multiple_assertions.xml.base64 +0 -2
  87. data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
  88. data/test/responses/invalids/no_authnstatement.xml.base64 +0 -1
  89. data/test/responses/invalids/no_conditions.xml.base64 +0 -1
  90. data/test/responses/invalids/no_id.xml.base64 +0 -1
  91. data/test/responses/invalids/no_issuer_assertion.xml.base64 +0 -1
  92. data/test/responses/invalids/no_issuer_response.xml.base64 +0 -1
  93. data/test/responses/invalids/no_nameid.xml.base64 +0 -1
  94. data/test/responses/invalids/no_saml2.xml.base64 +0 -1
  95. data/test/responses/invalids/no_signature.xml.base64 +0 -1
  96. data/test/responses/invalids/no_status.xml.base64 +0 -1
  97. data/test/responses/invalids/no_status_code.xml.base64 +0 -1
  98. data/test/responses/invalids/no_subjectconfirmation_data.xml.base64 +0 -1
  99. data/test/responses/invalids/no_subjectconfirmation_method.xml.base64 +0 -1
  100. data/test/responses/invalids/response_invalid_signed_element.xml.base64 +0 -1
  101. data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
  102. data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
  103. data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
  104. data/test/responses/invalids/status_code_responder.xml.base64 +0 -1
  105. data/test/responses/invalids/status_code_responer_and_msg.xml.base64 +0 -1
  106. data/test/responses/invalids/wrong_spnamequalifier.xml.base64 +0 -1
  107. data/test/responses/no_signature_ns.xml +0 -48
  108. data/test/responses/open_saml_response.xml +0 -56
  109. data/test/responses/response_assertion_wrapped.xml.base64 +0 -93
  110. data/test/responses/response_audience_self_closed_tag.xml.base64 +0 -1
  111. data/test/responses/response_double_status_code.xml.base64 +0 -1
  112. data/test/responses/response_encrypted_attrs.xml.base64 +0 -1
  113. data/test/responses/response_encrypted_nameid.xml.base64 +0 -1
  114. data/test/responses/response_eval.xml +0 -7
  115. data/test/responses/response_no_cert_and_encrypted_attrs.xml +0 -29
  116. data/test/responses/response_node_text_attack.xml.base64 +0 -1
  117. data/test/responses/response_node_text_attack2.xml.base64 +0 -1
  118. data/test/responses/response_node_text_attack3.xml.base64 +0 -1
  119. data/test/responses/response_unsigned_xml_base64 +0 -1
  120. data/test/responses/response_with_ampersands.xml +0 -139
  121. data/test/responses/response_with_ampersands.xml.base64 +0 -93
  122. data/test/responses/response_with_ds_namespace_at_the_root.xml.base64 +0 -1
  123. data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
  124. data/test/responses/response_with_multiple_attribute_values.xml +0 -67
  125. data/test/responses/response_with_retrieval_method.xml +0 -26
  126. data/test/responses/response_with_saml2_namespace.xml.base64 +0 -102
  127. data/test/responses/response_with_signed_assertion.xml.base64 +0 -66
  128. data/test/responses/response_with_signed_assertion_2.xml.base64 +0 -1
  129. data/test/responses/response_with_signed_assertion_3.xml +0 -30
  130. data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
  131. data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
  132. data/test/responses/response_without_attributes.xml.base64 +0 -79
  133. data/test/responses/response_without_reference_uri.xml.base64 +0 -1
  134. data/test/responses/response_wrapped.xml.base64 +0 -150
  135. data/test/responses/signed_message_encrypted_signed_assertion.xml.base64 +0 -1
  136. data/test/responses/signed_message_encrypted_unsigned_assertion.xml.base64 +0 -1
  137. data/test/responses/signed_nameid_in_atts.xml +0 -47
  138. data/test/responses/signed_unqual_nameid_in_atts.xml +0 -47
  139. data/test/responses/simple_saml_php.xml +0 -71
  140. data/test/responses/starfield_response.xml.base64 +0 -1
  141. data/test/responses/test_sign.xml +0 -43
  142. data/test/responses/unsigned_encrypted_adfs.xml +0 -23
  143. data/test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64 +0 -1
  144. data/test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64 +0 -1
  145. data/test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64 +0 -1
  146. data/test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64 +0 -1
  147. data/test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64 +0 -1
  148. data/test/responses/unsigned_message_encrypted_signed_assertion.xml.base64 +0 -1
  149. data/test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64 +0 -1
  150. data/test/responses/valid_response.xml.base64 +0 -1
  151. data/test/responses/valid_response_with_formatted_x509certificate.xml.base64 +0 -1
  152. data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
  153. data/test/saml_message_test.rb +0 -56
  154. data/test/settings_test.rb +0 -330
  155. data/test/slo_logoutrequest_test.rb +0 -448
  156. data/test/slo_logoutresponse_test.rb +0 -233
  157. data/test/test_helper.rb +0 -331
  158. data/test/utils_test.rb +0 -259
  159. data/test/xml_security_test.rb +0 -421
@@ -1,594 +0,0 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
-
3
- require 'onelogin/ruby-saml/idp_metadata_parser'
4
-
5
- class IdpMetadataParserTest < Minitest::Test
6
- class MockSuccessResponse < Net::HTTPSuccess
7
- # override parent's initialize
8
- def initialize; end
9
-
10
- attr_accessor :body
11
- end
12
-
13
- class MockFailureResponse < Net::HTTPNotFound
14
- # override parent's initialize
15
- def initialize; end
16
-
17
- attr_accessor :body
18
- end
19
-
20
- describe "parsing an IdP descriptor file" do
21
- it "extract settings details from xml" do
22
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
23
-
24
- settings = idp_metadata_parser.parse(idp_metadata_descriptor)
25
-
26
- assert_equal "https://hello.example.com/access/saml/idp.xml", settings.idp_entity_id
27
- assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_target_url
28
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
29
- assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_target_url
30
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
31
- assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
32
- assert_equal '2014-04-17T18:02:33.910Z', settings.valid_until
33
- end
34
-
35
- it "extract certificate from md:KeyDescriptor[@use='signing']" do
36
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
37
- idp_metadata = idp_metadata_descriptor
38
- settings = idp_metadata_parser.parse(idp_metadata)
39
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
40
- end
41
-
42
- it "extract certificate from md:KeyDescriptor[@use='encryption']" do
43
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
44
- idp_metadata = idp_metadata_descriptor
45
- idp_metadata = idp_metadata.sub(/<md:KeyDescriptor use="signing">(.*?)<\/md:KeyDescriptor>/m, "")
46
- settings = idp_metadata_parser.parse(idp_metadata)
47
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
48
- end
49
-
50
- it "extract certificate from md:KeyDescriptor" do
51
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
52
- idp_metadata = idp_metadata_descriptor
53
- idp_metadata = idp_metadata.sub(/<md:KeyDescriptor use="signing">(.*?)<\/md:KeyDescriptor>/m, "")
54
- idp_metadata = idp_metadata.sub('<md:KeyDescriptor use="encryption">', '<md:KeyDescriptor>')
55
- settings = idp_metadata_parser.parse(idp_metadata)
56
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
57
- end
58
-
59
- it "extract SSO endpoint with no specific binding, it takes the first" do
60
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
61
- idp_metadata = idp_metadata_descriptor3
62
- settings = idp_metadata_parser.parse(idp_metadata)
63
- assert_equal "https://idp.example.com/idp/profile/Shibboleth/SSO", settings.idp_sso_target_url
64
- end
65
-
66
- it "extract SSO endpoint with specific binding" do
67
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
68
- idp_metadata = idp_metadata_descriptor3
69
- options = {}
70
- options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
71
- settings = idp_metadata_parser.parse(idp_metadata, options)
72
- assert_equal "https://idp.example.com/idp/profile/SAML2/POST/SSO", settings.idp_sso_target_url
73
-
74
- options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
75
- settings = idp_metadata_parser.parse(idp_metadata, options)
76
- assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", settings.idp_sso_target_url
77
-
78
- options[:sso_binding] = ['invalid_binding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
79
- settings = idp_metadata_parser.parse(idp_metadata, options)
80
- assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", settings.idp_sso_target_url
81
- end
82
-
83
- it "uses settings options as hash for overrides" do
84
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
85
- idp_metadata = idp_metadata_descriptor
86
- settings = idp_metadata_parser.parse(idp_metadata, {
87
- :settings => {
88
- :security => {
89
- :digest_method => XMLSecurity::Document::SHA256,
90
- :signature_method => XMLSecurity::Document::RSA_SHA256
91
- }
92
- }
93
- })
94
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
95
- assert_equal XMLSecurity::Document::SHA256, settings.security[:digest_method]
96
- assert_equal XMLSecurity::Document::RSA_SHA256, settings.security[:signature_method]
97
- end
98
-
99
- it "merges results into given settings object" do
100
- settings = OneLogin::RubySaml::Settings.new(:security => {
101
- :digest_method => XMLSecurity::Document::SHA256,
102
- :signature_method => XMLSecurity::Document::RSA_SHA256
103
- })
104
-
105
- OneLogin::RubySaml::IdpMetadataParser.new.parse(idp_metadata_descriptor, :settings => settings)
106
-
107
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
108
- assert_equal XMLSecurity::Document::SHA256, settings.security[:digest_method]
109
- assert_equal XMLSecurity::Document::RSA_SHA256, settings.security[:signature_method]
110
- end
111
- end
112
-
113
- describe "parsing an IdP descriptor file into an Hash" do
114
- it "extract settings details from xml" do
115
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
116
-
117
- metadata = idp_metadata_parser.parse_to_hash(idp_metadata_descriptor)
118
-
119
- assert_equal "https://hello.example.com/access/saml/idp.xml", metadata[:idp_entity_id]
120
- assert_equal "https://hello.example.com/access/saml/login", metadata[:idp_sso_target_url]
121
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", metadata[:idp_cert_fingerprint]
122
- assert_equal "https://hello.example.com/access/saml/logout", metadata[:idp_slo_target_url]
123
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", metadata[:name_identifier_format]
124
- assert_equal ["AuthToken", "SSOStartPage"], metadata[:idp_attribute_names]
125
- assert_equal '2014-04-17T18:02:33.910Z', metadata[:valid_until]
126
- end
127
-
128
- it "extract certificate from md:KeyDescriptor[@use='signing']" do
129
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
130
- idp_metadata = idp_metadata_descriptor
131
- metadata = idp_metadata_parser.parse_to_hash(idp_metadata)
132
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", metadata[:idp_cert_fingerprint]
133
- end
134
-
135
- it "extract certificate from md:KeyDescriptor[@use='encryption']" do
136
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
137
- idp_metadata = idp_metadata_descriptor
138
- idp_metadata = idp_metadata.sub(/<md:KeyDescriptor use="signing">(.*?)<\/md:KeyDescriptor>/m, "")
139
- parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata)
140
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", parsed_metadata[:idp_cert_fingerprint]
141
- end
142
-
143
- it "extract certificate from md:KeyDescriptor" do
144
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
145
- idp_metadata = idp_metadata_descriptor
146
- idp_metadata = idp_metadata.sub(/<md:KeyDescriptor use="signing">(.*?)<\/md:KeyDescriptor>/m, "")
147
- idp_metadata = idp_metadata.sub('<md:KeyDescriptor use="encryption">', '<md:KeyDescriptor>')
148
- parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata)
149
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", parsed_metadata[:idp_cert_fingerprint]
150
- end
151
-
152
- it "extract SSO endpoint with no specific binding, it takes the first" do
153
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
154
- idp_metadata = idp_metadata_descriptor3
155
- metadata = idp_metadata_parser.parse_to_hash(idp_metadata)
156
- assert_equal "https://idp.example.com/idp/profile/Shibboleth/SSO", metadata[:idp_sso_target_url]
157
- end
158
-
159
- it "extract SSO endpoint with specific binding" do
160
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
161
- idp_metadata = idp_metadata_descriptor3
162
- options = {}
163
- options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
164
- parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, options)
165
- assert_equal "https://idp.example.com/idp/profile/SAML2/POST/SSO", parsed_metadata[:idp_sso_target_url]
166
-
167
- options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
168
- parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, options)
169
- assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", parsed_metadata[:idp_sso_target_url]
170
-
171
- options[:sso_binding] = ['invalid_binding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
172
- parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, options)
173
- assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", parsed_metadata[:idp_sso_target_url]
174
- end
175
-
176
- it "ignores a given :settings hash" do
177
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
178
- idp_metadata = idp_metadata_descriptor
179
- parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, {
180
- :settings => {
181
- :security => {
182
- :digest_method => XMLSecurity::Document::SHA256,
183
- :signature_method => XMLSecurity::Document::RSA_SHA256
184
- }
185
- }
186
- })
187
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", parsed_metadata[:idp_cert_fingerprint]
188
- assert_nil parsed_metadata[:security]
189
- end
190
-
191
- it "can extract certificates multiple times in sequence" do
192
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
193
- idp_metadata1 = idp_metadata_descriptor
194
- idp_metadata2 = idp_metadata_descriptor4
195
- metadata1 = idp_metadata_parser.parse_to_hash(idp_metadata1)
196
- metadata2 = idp_metadata_parser.parse_to_hash(idp_metadata2)
197
-
198
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", metadata1[:idp_cert_fingerprint]
199
- assert_equal "CD:2B:2B:DA:FF:F5:DB:64:10:7C:AC:FD:FE:0F:CB:5D:73:5F:16:07", metadata2[:idp_cert_fingerprint]
200
- end
201
- end
202
-
203
- describe "parsing an IdP descriptor file with multiple signing certs" do
204
- it "extract settings details from xml" do
205
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
206
-
207
- settings = idp_metadata_parser.parse(idp_metadata_descriptor2)
208
-
209
- assert_equal "https://hello.example.com/access/saml/idp.xml", settings.idp_entity_id
210
- assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_target_url
211
- assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_target_url
212
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
213
- assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
214
-
215
- assert_nil settings.idp_cert_fingerprint
216
- assert_nil settings.idp_cert
217
- assert_equal 2, settings.idp_cert_multi.size
218
- assert settings.idp_cert_multi.key?(:signing)
219
- assert_equal 2, settings.idp_cert_multi[:signing].size
220
- assert settings.idp_cert_multi.key?(:encryption)
221
- assert_equal 1, settings.idp_cert_multi[:encryption].size
222
- end
223
- end
224
-
225
- describe "download and parse IdP descriptor file" do
226
- before do
227
- mock_response = MockSuccessResponse.new
228
- mock_response.body = idp_metadata_descriptor
229
- @url = "https://example.com"
230
- uri = URI(@url)
231
-
232
- @http = Net::HTTP.new(uri.host, uri.port)
233
- Net::HTTP.expects(:new).returns(@http)
234
- @http.expects(:request).returns(mock_response)
235
- end
236
-
237
- it "extract settings from remote xml" do
238
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
239
- settings = idp_metadata_parser.parse_remote(@url)
240
-
241
- assert_equal "https://hello.example.com/access/saml/idp.xml", settings.idp_entity_id
242
- assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_target_url
243
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
244
- assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_target_url
245
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
246
- assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
247
- assert_equal '2014-04-17T18:02:33.910Z', settings.valid_until
248
- assert_equal OpenSSL::SSL::VERIFY_PEER, @http.verify_mode
249
- end
250
-
251
- it "accept self signed certificate if insturcted" do
252
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
253
- idp_metadata_parser.parse_remote(@url, false)
254
-
255
- assert_equal OpenSSL::SSL::VERIFY_NONE, @http.verify_mode
256
- end
257
- end
258
-
259
- describe "download and parse IdP descriptor file into an Hash" do
260
- before do
261
- mock_response = MockSuccessResponse.new
262
- mock_response.body = idp_metadata_descriptor
263
- @url = "https://example.com"
264
- uri = URI(@url)
265
-
266
- @http = Net::HTTP.new(uri.host, uri.port)
267
- Net::HTTP.expects(:new).returns(@http)
268
- @http.expects(:request).returns(mock_response)
269
- end
270
-
271
- it "extract settings from remote xml" do
272
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
273
- parsed_metadata = idp_metadata_parser.parse_remote_to_hash(@url)
274
-
275
- assert_equal "https://hello.example.com/access/saml/idp.xml", parsed_metadata[:idp_entity_id]
276
- assert_equal "https://hello.example.com/access/saml/login", parsed_metadata[:idp_sso_target_url]
277
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", parsed_metadata[:idp_cert_fingerprint]
278
- assert_equal "https://hello.example.com/access/saml/logout", parsed_metadata[:idp_slo_target_url]
279
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", parsed_metadata[:name_identifier_format]
280
- assert_equal ["AuthToken", "SSOStartPage"], parsed_metadata[:idp_attribute_names]
281
- assert_equal '2014-04-17T18:02:33.910Z', parsed_metadata[:valid_until]
282
- assert_equal OpenSSL::SSL::VERIFY_PEER, @http.verify_mode
283
- end
284
-
285
- it "accept self signed certificate if insturcted" do
286
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
287
- idp_metadata_parser.parse_remote_to_hash(@url, false)
288
-
289
- assert_equal OpenSSL::SSL::VERIFY_NONE, @http.verify_mode
290
- end
291
- end
292
-
293
- describe "download failure cases" do
294
- it "raises an exception when the url has no scheme" do
295
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
296
-
297
- exception = assert_raises(ArgumentError) do
298
- idp_metadata_parser.parse_remote("blahblah")
299
- end
300
-
301
- assert_equal("url must begin with http or https", exception.message)
302
- end
303
-
304
- it "raises an exception when unable to download metadata" do
305
- mock_response = MockFailureResponse.new
306
- @url = "https://example.com"
307
- uri = URI(@url)
308
-
309
- @http = Net::HTTP.new(uri.host, uri.port)
310
- Net::HTTP.expects(:new).returns(@http)
311
- @http.expects(:request).returns(mock_response)
312
-
313
- idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
314
-
315
- exception = assert_raises(OneLogin::RubySaml::HttpError) do
316
- idp_metadata_parser.parse_remote("https://hello.example.com/access/saml/idp.xml")
317
- end
318
-
319
- assert_match("Failed to fetch idp metadata", exception.message)
320
- end
321
- end
322
-
323
- describe "parsing metadata with many entity descriptors" do
324
- before do
325
- @idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
326
- @idp_metadata = idp_metadata_multiple_descriptors2
327
- @settings = @idp_metadata_parser.parse(@idp_metadata)
328
- end
329
-
330
- it "should find first descriptor" do
331
- assert_equal "https://foo.example.com/access/saml/idp.xml", @settings.idp_entity_id
332
- end
333
-
334
- it "should find named descriptor" do
335
- entity_id = "https://bar.example.com/access/saml/idp.xml"
336
- settings = @idp_metadata_parser.parse(
337
- @idp_metadata, :entity_id => entity_id
338
- )
339
- assert_equal entity_id, settings.idp_entity_id
340
- end
341
-
342
- it "should retreive data" do
343
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", @settings.name_identifier_format
344
- assert_equal "https://hello.example.com/access/saml/login", @settings.idp_sso_target_url
345
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", @settings.idp_cert_fingerprint
346
- assert_equal "https://hello.example.com/access/saml/logout", @settings.idp_slo_target_url
347
- assert_equal ["AuthToken", "SSOStartPage"], @settings.idp_attribute_names
348
- assert_equal '2014-04-17T18:02:33.910Z', @settings.valid_until
349
- end
350
-
351
- it "should handle multiple descriptors at once" do
352
- settings = @idp_metadata_parser.parse_to_array(@idp_metadata)
353
- assert_equal "https://foo.example.com/access/saml/idp.xml", settings.first[:idp_entity_id]
354
- assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.first[:idp_cert_fingerprint]
355
- assert_equal '2014-04-17T18:02:33.910Z', settings.first[:valid_until]
356
- assert_equal "https://bar.example.com/access/saml/idp.xml", settings.last[:idp_entity_id]
357
- assert_equal "08:EB:6E:60:A2:14:4E:89:EC:FA:05:74:9D:72:BF:5D:BE:54:F0:1A", settings.last[:idp_cert_fingerprint]
358
- assert_equal '2014-04-17T18:02:33.910Z', settings.last[:valid_until]
359
- end
360
- end
361
-
362
- describe "parsing metadata with no IDPSSODescriptor element" do
363
- before do
364
- @idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
365
- @idp_metadata = no_idp_metadata_descriptor
366
- end
367
-
368
- it "raise due no IDPSSODescriptor element" do
369
- assert_raises(ArgumentError) { @idp_metadata_parser.parse(@idp_metadata) }
370
- end
371
- end
372
-
373
- describe "parsing metadata with IDPSSODescriptor with multiple certs" do
374
- before do
375
- @idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
376
- @idp_metadata = idp_metadata_multiple_certs
377
- @settings = @idp_metadata_parser.parse(@idp_metadata)
378
- end
379
-
380
- it "should return a idp_cert_multi and no idp_cert and no idp_cert_fingerprint" do
381
- assert_nil @settings.idp_cert
382
- assert_nil @settings.idp_cert_fingerprint
383
-
384
- expected_multi_cert = {}
385
- expected_multi_cert[:signing] = ["MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF
386
- BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj
387
- aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW
388
- T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy
389
- MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz
390
- Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV
391
- BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
392
- DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo
393
- 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw
394
- tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx
395
- VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5
396
- L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t
397
- 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/
398
- BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB
399
- pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD
400
- VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL
401
- DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC
402
- FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
403
- AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM
404
- GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c
405
- hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB
406
- vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37
407
- MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ
408
- WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==", "MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ=="]
409
- expected_multi_cert[:encryption] = ["MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF
410
- BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj
411
- aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW
412
- T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy
413
- MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz
414
- Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV
415
- BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
416
- DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo
417
- 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw
418
- tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx
419
- VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5
420
- L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t
421
- 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/
422
- BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB
423
- pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD
424
- VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL
425
- DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC
426
- FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
427
- AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM
428
- GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c
429
- hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB
430
- vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37
431
- MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ
432
- WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw=="]
433
-
434
- assert_equal expected_multi_cert, @settings.idp_cert_multi
435
- assert_equal "https://idp.examle.com/saml/metadata", @settings.idp_entity_id
436
- assert_equal "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", @settings.name_identifier_format
437
- assert_equal "https://idp.examle.com/saml/sso", @settings.idp_sso_target_url
438
- assert_equal "https://idp.examle.com/saml/slo", @settings.idp_slo_target_url
439
- end
440
- end
441
-
442
- describe "parsing metadata with IDPSSODescriptor with multiple signing certs" do
443
- before do
444
- @idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
445
- @idp_metadata = idp_metadata_multiple_signing_certs
446
- @settings = @idp_metadata_parser.parse(@idp_metadata)
447
- end
448
-
449
- it "should return a idp_cert_multi and no idp_cert and no idp_cert_fingerprint" do
450
- assert_nil @settings.idp_cert
451
- assert_nil @settings.idp_cert_fingerprint
452
-
453
- expected_multi_cert = {}
454
- expected_multi_cert[:signing] = ["MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF
455
- BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj
456
- aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW
457
- T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy
458
- MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz
459
- Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV
460
- BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
461
- DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo
462
- 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw
463
- tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx
464
- VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5
465
- L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t
466
- 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/
467
- BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB
468
- pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD
469
- VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL
470
- DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC
471
- FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
472
- AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM
473
- GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c
474
- hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB
475
- vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37
476
- MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ
477
- WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==", "MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ==","LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="]
478
-
479
- assert_equal expected_multi_cert, @settings.idp_cert_multi
480
- assert_equal "https://idp.examle.com/saml/metadata", @settings.idp_entity_id
481
- assert_equal "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", @settings.name_identifier_format
482
- assert_equal "https://idp.examle.com/saml/sso", @settings.idp_sso_target_url
483
- assert_equal "https://idp.examle.com/saml/slo", @settings.idp_slo_target_url
484
- end
485
- end
486
-
487
- describe "parsing metadata with IDPSSODescriptor with same signature cert and encrypt cert" do
488
- before do
489
- @idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
490
- @idp_metadata = idp_metadata_same_sign_and_encrypt_cert
491
- @settings = @idp_metadata_parser.parse(@idp_metadata)
492
- end
493
-
494
- it "should return idp_cert and idp_cert_fingerprint and no idp_cert_multi" do
495
- assert_equal "MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET
496
- MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD
497
- VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2
498
- MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
499
- DApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9u
500
- ZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0B
501
- AQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z
502
- 0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sT
503
- gf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0m
504
- Tr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SF
505
- zRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJ
506
- UAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwG
507
- A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNV
508
- HSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJV
509
- UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREw
510
- DwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAO
511
- BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHu
512
- AuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcV
513
- gG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJ
514
- sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP
515
- TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu
516
- QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78
517
- 1sE=", @settings.idp_cert
518
- assert_equal "2D:A9:40:88:28:EE:67:BB:4A:5B:E0:58:A7:CC:71:95:2D:1B:C9:D3", @settings.idp_cert_fingerprint
519
- assert_nil @settings.idp_cert_multi
520
- assert_equal "https://app.onelogin.com/saml/metadata/383123", @settings.idp_entity_id
521
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", @settings.name_identifier_format
522
- assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_target_url
523
- assert_nil @settings.idp_slo_target_url
524
- end
525
- end
526
-
527
- describe "parsing metadata with IDPSSODescriptor with different signature cert and encrypt cert" do
528
- before do
529
- @idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
530
- @idp_metadata = idp_metadata_different_sign_and_encrypt_cert
531
- @settings = @idp_metadata_parser.parse(@idp_metadata)
532
- end
533
-
534
- it "should return a idp_cert_multi and no idp_cert and no idp_cert_fingerprint" do
535
- assert_nil @settings.idp_cert
536
- assert_nil @settings.idp_cert_fingerprint
537
-
538
- expected_multi_cert = {}
539
- expected_multi_cert[:signing] = ["MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET
540
- MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD
541
- VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2
542
- MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
543
- DApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9u
544
- ZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0B
545
- AQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z
546
- 0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sT
547
- gf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0m
548
- Tr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SF
549
- zRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJ
550
- UAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwG
551
- A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNV
552
- HSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJV
553
- UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREw
554
- DwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAO
555
- BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHu
556
- AuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcV
557
- gG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJ
558
- sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP
559
- TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu
560
- QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78
561
- 1sE="]
562
- expected_multi_cert[:encryption] = ["MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF
563
- BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj
564
- aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW
565
- T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy
566
- MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz
567
- Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV
568
- BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
569
- DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo
570
- 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw
571
- tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx
572
- VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5
573
- L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t
574
- 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/
575
- BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB
576
- pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD
577
- VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL
578
- DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC
579
- FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
580
- AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM
581
- GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c
582
- hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB
583
- vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37
584
- MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ
585
- WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw=="]
586
-
587
- assert_equal expected_multi_cert, @settings.idp_cert_multi
588
- assert_equal "https://app.onelogin.com/saml/metadata/383123", @settings.idp_entity_id
589
- assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", @settings.name_identifier_format
590
- assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_target_url
591
- assert_nil @settings.idp_slo_target_url
592
- end
593
- end
594
- end
data/test/logging_test.rb DELETED
@@ -1,62 +0,0 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
-
3
- require 'onelogin/ruby-saml/logging'
4
-
5
- class LoggingTest < Minitest::Test
6
-
7
- describe "Logging" do
8
- before do
9
- OneLogin::RubySaml::Logging.logger = nil
10
- end
11
-
12
- after do
13
- OneLogin::RubySaml::Logging.logger = ::TEST_LOGGER
14
- end
15
-
16
- describe "given no specific logging setup" do
17
- it "prints to stdout" do
18
- OneLogin::RubySaml::Logging::DEFAULT_LOGGER.expects(:debug).with('hi mom')
19
- OneLogin::RubySaml::Logging.debug('hi mom')
20
- end
21
- end
22
-
23
- describe "given a Rails app" do
24
- let(:logger) { mock('Logger') }
25
-
26
- before do
27
- ::Rails = mock('Rails module')
28
- ::Rails.stubs(:logger).returns(logger)
29
- end
30
-
31
- after do
32
- Object.instance_eval { remove_const(:Rails) }
33
- end
34
-
35
- it "delegates to Rails" do
36
- logger.expects(:debug).with('hi mom')
37
- logger.expects(:info).with('sup?')
38
-
39
- OneLogin::RubySaml::Logging.debug('hi mom')
40
- OneLogin::RubySaml::Logging.info('sup?')
41
- end
42
- end
43
-
44
- describe "given a specific Logger" do
45
- let(:logger) { mock('Logger') }
46
-
47
- before { OneLogin::RubySaml::Logging.logger = logger }
48
-
49
- after do
50
- OneLogin::RubySaml::Logging.logger = ::TEST_LOGGER
51
- end
52
-
53
- it "delegates to the object" do
54
- logger.expects(:debug).with('hi mom')
55
- logger.expects(:info).with('sup?')
56
-
57
- OneLogin::RubySaml::Logging.debug('hi mom')
58
- OneLogin::RubySaml::Logging.info('sup?')
59
- end
60
- end
61
- end
62
- end
@@ -1,6 +0,0 @@
1
- <samlp:LogoutRequest Version='2.0' ID='_c0348950-935b-0131-1060-782bcb56fcaa' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol' IssueInstant='2014-03-21T19:20:13'>
2
- <saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>https://app.onelogin.com/saml/metadata/SOMEACCOUNT</saml:Issuer>
3
- <saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>https://app.onelogin.com/saml/metadata/SOMEACCOUNT</saml:Issuer>
4
- <saml:NameID xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>someone@example.org</saml:NameID>
5
- <saml:NameID xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>someone2@example.org</saml:NameID>
6
- </samlp:LogoutRequest>