ruby-saml 1.11.0 → 1.13.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +25 -0
- data/{changelog.md → CHANGELOG.md} +44 -1
- data/README.md +333 -217
- data/UPGRADING.md +149 -0
- data/lib/onelogin/ruby-saml/attributes.rb +24 -1
- data/lib/onelogin/ruby-saml/authrequest.rb +11 -7
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +154 -83
- data/lib/onelogin/ruby-saml/logoutrequest.rb +12 -6
- data/lib/onelogin/ruby-saml/logoutresponse.rb +5 -1
- data/lib/onelogin/ruby-saml/metadata.rb +62 -17
- data/lib/onelogin/ruby-saml/response.rb +51 -31
- data/lib/onelogin/ruby-saml/saml_message.rb +8 -3
- data/lib/onelogin/ruby-saml/setting_error.rb +6 -0
- data/lib/onelogin/ruby-saml/settings.rb +89 -49
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +16 -4
- data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +31 -17
- data/lib/onelogin/ruby-saml/utils.rb +63 -2
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/xml_security.rb +39 -13
- data/ruby-saml.gemspec +8 -4
- metadata +24 -282
- data/.travis.yml +0 -46
- data/test/certificates/certificate.der +0 -0
- data/test/certificates/certificate1 +0 -12
- data/test/certificates/certificate_without_head_foot +0 -1
- data/test/certificates/formatted_certificate +0 -14
- data/test/certificates/formatted_chained_certificate +0 -42
- data/test/certificates/formatted_private_key +0 -12
- data/test/certificates/formatted_rsa_private_key +0 -12
- data/test/certificates/invalid_certificate1 +0 -1
- data/test/certificates/invalid_certificate2 +0 -1
- data/test/certificates/invalid_certificate3 +0 -12
- data/test/certificates/invalid_chained_certificate1 +0 -1
- data/test/certificates/invalid_private_key1 +0 -1
- data/test/certificates/invalid_private_key2 +0 -1
- data/test/certificates/invalid_private_key3 +0 -10
- data/test/certificates/invalid_rsa_private_key1 +0 -1
- data/test/certificates/invalid_rsa_private_key2 +0 -1
- data/test/certificates/invalid_rsa_private_key3 +0 -10
- data/test/certificates/ruby-saml-2.crt +0 -15
- data/test/certificates/ruby-saml.crt +0 -14
- data/test/certificates/ruby-saml.key +0 -15
- data/test/idp_metadata_parser_test.rb +0 -594
- data/test/logging_test.rb +0 -62
- data/test/logout_requests/invalid_slo_request.xml +0 -6
- data/test/logout_requests/slo_request.xml +0 -4
- data/test/logout_requests/slo_request.xml.base64 +0 -1
- data/test/logout_requests/slo_request_deflated.xml.base64 +0 -1
- data/test/logout_requests/slo_request_with_name_id_format.xml +0 -4
- data/test/logout_requests/slo_request_with_session_index.xml +0 -5
- data/test/logout_responses/logoutresponse_fixtures.rb +0 -86
- data/test/logoutrequest_test.rb +0 -260
- data/test/logoutresponse_test.rb +0 -427
- data/test/metadata/idp_descriptor.xml +0 -26
- data/test/metadata/idp_descriptor_2.xml +0 -56
- data/test/metadata/idp_descriptor_3.xml +0 -14
- data/test/metadata/idp_descriptor_4.xml +0 -72
- data/test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml +0 -72
- data/test/metadata/idp_metadata_multi_certs.xml +0 -75
- data/test/metadata/idp_metadata_multi_signing_certs.xml +0 -52
- data/test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml +0 -71
- data/test/metadata/idp_multiple_descriptors.xml +0 -59
- data/test/metadata/idp_multiple_descriptors_2.xml +0 -59
- data/test/metadata/no_idp_descriptor.xml +0 -21
- data/test/metadata_test.rb +0 -331
- data/test/request_test.rb +0 -340
- data/test/response_test.rb +0 -1629
- data/test/responses/adfs_response_sha1.xml +0 -46
- data/test/responses/adfs_response_sha256.xml +0 -46
- data/test/responses/adfs_response_sha384.xml +0 -46
- data/test/responses/adfs_response_sha512.xml +0 -46
- data/test/responses/adfs_response_xmlns.xml +0 -45
- data/test/responses/attackxee.xml +0 -13
- data/test/responses/invalids/duplicated_attributes.xml.base64 +0 -1
- data/test/responses/invalids/empty_destination.xml.base64 +0 -1
- data/test/responses/invalids/empty_nameid.xml.base64 +0 -1
- data/test/responses/invalids/encrypted_new_attack.xml.base64 +0 -1
- data/test/responses/invalids/invalid_audience.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
- data/test/responses/invalids/invalid_signature_position.xml.base64 +0 -1
- data/test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64 +0 -1
- data/test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64 +0 -1
- data/test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64 +0 -1
- data/test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64 +0 -1
- data/test/responses/invalids/multiple_assertions.xml.base64 +0 -2
- data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
- data/test/responses/invalids/no_authnstatement.xml.base64 +0 -1
- data/test/responses/invalids/no_conditions.xml.base64 +0 -1
- data/test/responses/invalids/no_id.xml.base64 +0 -1
- data/test/responses/invalids/no_issuer_assertion.xml.base64 +0 -1
- data/test/responses/invalids/no_issuer_response.xml.base64 +0 -1
- data/test/responses/invalids/no_nameid.xml.base64 +0 -1
- data/test/responses/invalids/no_saml2.xml.base64 +0 -1
- data/test/responses/invalids/no_signature.xml.base64 +0 -1
- data/test/responses/invalids/no_status.xml.base64 +0 -1
- data/test/responses/invalids/no_status_code.xml.base64 +0 -1
- data/test/responses/invalids/no_subjectconfirmation_data.xml.base64 +0 -1
- data/test/responses/invalids/no_subjectconfirmation_method.xml.base64 +0 -1
- data/test/responses/invalids/response_invalid_signed_element.xml.base64 +0 -1
- data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
- data/test/responses/invalids/status_code_responder.xml.base64 +0 -1
- data/test/responses/invalids/status_code_responer_and_msg.xml.base64 +0 -1
- data/test/responses/invalids/wrong_spnamequalifier.xml.base64 +0 -1
- data/test/responses/no_signature_ns.xml +0 -48
- data/test/responses/open_saml_response.xml +0 -56
- data/test/responses/response_assertion_wrapped.xml.base64 +0 -93
- data/test/responses/response_audience_self_closed_tag.xml.base64 +0 -1
- data/test/responses/response_double_status_code.xml.base64 +0 -1
- data/test/responses/response_encrypted_attrs.xml.base64 +0 -1
- data/test/responses/response_encrypted_nameid.xml.base64 +0 -1
- data/test/responses/response_eval.xml +0 -7
- data/test/responses/response_no_cert_and_encrypted_attrs.xml +0 -29
- data/test/responses/response_node_text_attack.xml.base64 +0 -1
- data/test/responses/response_node_text_attack2.xml.base64 +0 -1
- data/test/responses/response_node_text_attack3.xml.base64 +0 -1
- data/test/responses/response_unsigned_xml_base64 +0 -1
- data/test/responses/response_with_ampersands.xml +0 -139
- data/test/responses/response_with_ampersands.xml.base64 +0 -93
- data/test/responses/response_with_ds_namespace_at_the_root.xml.base64 +0 -1
- data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
- data/test/responses/response_with_multiple_attribute_values.xml +0 -67
- data/test/responses/response_with_retrieval_method.xml +0 -26
- data/test/responses/response_with_saml2_namespace.xml.base64 +0 -102
- data/test/responses/response_with_signed_assertion.xml.base64 +0 -66
- data/test/responses/response_with_signed_assertion_2.xml.base64 +0 -1
- data/test/responses/response_with_signed_assertion_3.xml +0 -30
- data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
- data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
- data/test/responses/response_without_attributes.xml.base64 +0 -79
- data/test/responses/response_without_reference_uri.xml.base64 +0 -1
- data/test/responses/response_wrapped.xml.base64 +0 -150
- data/test/responses/signed_message_encrypted_signed_assertion.xml.base64 +0 -1
- data/test/responses/signed_message_encrypted_unsigned_assertion.xml.base64 +0 -1
- data/test/responses/signed_nameid_in_atts.xml +0 -47
- data/test/responses/signed_unqual_nameid_in_atts.xml +0 -47
- data/test/responses/simple_saml_php.xml +0 -71
- data/test/responses/starfield_response.xml.base64 +0 -1
- data/test/responses/test_sign.xml +0 -43
- data/test/responses/unsigned_encrypted_adfs.xml +0 -23
- data/test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64 +0 -1
- data/test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64 +0 -1
- data/test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64 +0 -1
- data/test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64 +0 -1
- data/test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64 +0 -1
- data/test/responses/unsigned_message_encrypted_signed_assertion.xml.base64 +0 -1
- data/test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64 +0 -1
- data/test/responses/valid_response.xml.base64 +0 -1
- data/test/responses/valid_response_with_formatted_x509certificate.xml.base64 +0 -1
- data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
- data/test/saml_message_test.rb +0 -56
- data/test/settings_test.rb +0 -338
- data/test/slo_logoutrequest_test.rb +0 -467
- data/test/slo_logoutresponse_test.rb +0 -233
- data/test/test_helper.rb +0 -333
- data/test/utils_test.rb +0 -259
- data/test/xml_security_test.rb +0 -421
data/lib/xml_security.rb
CHANGED
@@ -159,15 +159,13 @@ module XMLSecurity
|
|
159
159
|
x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")
|
160
160
|
|
161
161
|
# add the signature
|
162
|
-
issuer_element =
|
162
|
+
issuer_element = elements["//saml:Issuer"]
|
163
163
|
if issuer_element
|
164
|
-
|
164
|
+
root.insert_after(issuer_element, signature_element)
|
165
|
+
elsif first_child = root.children[0]
|
166
|
+
root.insert_before(first_child, signature_element)
|
165
167
|
else
|
166
|
-
|
167
|
-
self.root.insert_before sp_sso_descriptor, signature_element
|
168
|
-
else
|
169
|
-
self.root.add_element(signature_element)
|
170
|
-
end
|
168
|
+
root.add_element(signature_element)
|
171
169
|
end
|
172
170
|
end
|
173
171
|
|
@@ -212,7 +210,7 @@ module XMLSecurity
|
|
212
210
|
begin
|
213
211
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
214
212
|
rescue OpenSSL::X509::CertificateError => _e
|
215
|
-
return append_error("Certificate Error", soft)
|
213
|
+
return append_error("Document Certificate Error", soft)
|
216
214
|
end
|
217
215
|
|
218
216
|
if options[:fingerprint_alg]
|
@@ -224,7 +222,6 @@ module XMLSecurity
|
|
224
222
|
|
225
223
|
# check cert matches registered idp cert
|
226
224
|
if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
|
227
|
-
@errors << "Fingerprint mismatch"
|
228
225
|
return append_error("Fingerprint mismatch", soft)
|
229
226
|
end
|
230
227
|
else
|
@@ -241,7 +238,7 @@ module XMLSecurity
|
|
241
238
|
validate_signature(base64_cert, soft)
|
242
239
|
end
|
243
240
|
|
244
|
-
def validate_document_with_cert(idp_cert)
|
241
|
+
def validate_document_with_cert(idp_cert, soft = true)
|
245
242
|
# get cert from response
|
246
243
|
cert_element = REXML::XPath.first(
|
247
244
|
self,
|
@@ -255,12 +252,12 @@ module XMLSecurity
|
|
255
252
|
begin
|
256
253
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
257
254
|
rescue OpenSSL::X509::CertificateError => _e
|
258
|
-
return append_error("Certificate Error", soft)
|
255
|
+
return append_error("Document Certificate Error", soft)
|
259
256
|
end
|
260
257
|
|
261
258
|
# check saml response cert matches provided idp cert
|
262
259
|
if idp_cert.to_pem != cert.to_pem
|
263
|
-
return
|
260
|
+
return append_error("Certificate of the Signature element does not match provided certificate", soft)
|
264
261
|
end
|
265
262
|
else
|
266
263
|
base64_cert = Base64.encode64(idp_cert.to_pem)
|
@@ -326,6 +323,9 @@ module XMLSecurity
|
|
326
323
|
'//ds:CanonicalizationMethod',
|
327
324
|
{ "ds" => DSIG }
|
328
325
|
)
|
326
|
+
|
327
|
+
canon_algorithm = process_transforms(ref, canon_algorithm)
|
328
|
+
|
329
329
|
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
330
330
|
|
331
331
|
digest_algorithm = algorithm(REXML::XPath.first(
|
@@ -342,7 +342,6 @@ module XMLSecurity
|
|
342
342
|
digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
|
343
343
|
|
344
344
|
unless digests_match?(hash, digest_value)
|
345
|
-
@errors << "Digest mismatch"
|
346
345
|
return append_error("Digest mismatch", soft)
|
347
346
|
end
|
348
347
|
|
@@ -360,6 +359,33 @@ module XMLSecurity
|
|
360
359
|
|
361
360
|
private
|
362
361
|
|
362
|
+
def process_transforms(ref, canon_algorithm)
|
363
|
+
transforms = REXML::XPath.match(
|
364
|
+
ref,
|
365
|
+
"//ds:Transforms/ds:Transform",
|
366
|
+
{ "ds" => DSIG }
|
367
|
+
)
|
368
|
+
|
369
|
+
transforms.each do |transform_element|
|
370
|
+
if transform_element.attributes && transform_element.attributes["Algorithm"]
|
371
|
+
algorithm = transform_element.attributes["Algorithm"]
|
372
|
+
case algorithm
|
373
|
+
when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
|
374
|
+
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
|
375
|
+
canon_algorithm = Nokogiri::XML::XML_C14N_1_0
|
376
|
+
when "http://www.w3.org/2006/12/xml-c14n11",
|
377
|
+
"http://www.w3.org/2006/12/xml-c14n11#WithComments"
|
378
|
+
canon_algorithm = Nokogiri::XML::XML_C14N_1_1
|
379
|
+
when "http://www.w3.org/2001/10/xml-exc-c14n#",
|
380
|
+
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
|
381
|
+
canon_algorithm = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
|
382
|
+
end
|
383
|
+
end
|
384
|
+
end
|
385
|
+
|
386
|
+
canon_algorithm
|
387
|
+
end
|
388
|
+
|
363
389
|
def digests_match?(hash, digest_value)
|
364
390
|
hash == digest_value
|
365
391
|
end
|
data/ruby-saml.gemspec
CHANGED
@@ -15,14 +15,13 @@ Gem::Specification.new do |s|
|
|
15
15
|
"LICENSE",
|
16
16
|
"README.md"
|
17
17
|
]
|
18
|
-
s.files = `git ls-files`.split("\
|
19
|
-
s.homepage = %q{
|
18
|
+
s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
19
|
+
s.homepage = %q{https://github.com/onelogin/ruby-saml}
|
20
20
|
s.rdoc_options = ["--charset=UTF-8"]
|
21
21
|
s.require_paths = ["lib"]
|
22
22
|
s.rubygems_version = %q{1.3.7}
|
23
23
|
s.required_ruby_version = '>= 1.8.7'
|
24
24
|
s.summary = %q{SAML Ruby Tookit}
|
25
|
-
s.test_files = `git ls-files test/*`.split("\n")
|
26
25
|
|
27
26
|
# Because runtime dependencies are determined at build time, we cannot make
|
28
27
|
# Nokogiri's version dependent on the Ruby version, even though we would
|
@@ -31,6 +30,7 @@ Gem::Specification.new do |s|
|
|
31
30
|
if JRUBY_VERSION < '9.2.0.0'
|
32
31
|
s.add_runtime_dependency('nokogiri', '>= 1.8.2', '<= 1.8.5')
|
33
32
|
s.add_runtime_dependency('jruby-openssl', '>= 0.9.8')
|
33
|
+
s.add_runtime_dependency('json', '< 2.3.0')
|
34
34
|
else
|
35
35
|
s.add_runtime_dependency('nokogiri', '>= 1.8.2')
|
36
36
|
end
|
@@ -39,8 +39,12 @@ Gem::Specification.new do |s|
|
|
39
39
|
s.add_runtime_dependency('nokogiri', '<= 1.5.11')
|
40
40
|
elsif RUBY_VERSION < '2.1'
|
41
41
|
s.add_runtime_dependency('nokogiri', '>= 1.5.10', '<= 1.6.8.1')
|
42
|
+
s.add_runtime_dependency('json', '< 2.3.0')
|
43
|
+
elsif RUBY_VERSION < '2.3'
|
44
|
+
s.add_runtime_dependency('nokogiri', '>= 1.9.1', '<= 1.10.0')
|
42
45
|
else
|
43
|
-
s.add_runtime_dependency('nokogiri', '>= 1.5
|
46
|
+
s.add_runtime_dependency('nokogiri', '>= 1.10.5')
|
47
|
+
s.add_runtime_dependency('rexml')
|
44
48
|
end
|
45
49
|
|
46
50
|
s.add_development_dependency('coveralls')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-saml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.13.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OneLogin LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -16,14 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.5
|
19
|
+
version: 1.10.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.5
|
26
|
+
version: 1.10.5
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rexml
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
42
|
name: coveralls
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -159,13 +173,14 @@ extra_rdoc_files:
|
|
159
173
|
- README.md
|
160
174
|
files:
|
161
175
|
- ".document"
|
176
|
+
- ".github/workflows/test.yml"
|
162
177
|
- ".gitignore"
|
163
|
-
-
|
178
|
+
- CHANGELOG.md
|
164
179
|
- Gemfile
|
165
180
|
- LICENSE
|
166
181
|
- README.md
|
167
182
|
- Rakefile
|
168
|
-
-
|
183
|
+
- UPGRADING.md
|
169
184
|
- gemfiles/nokogiri-1.5.gemfile
|
170
185
|
- lib/onelogin/ruby-saml.rb
|
171
186
|
- lib/onelogin/ruby-saml/attribute_service.rb
|
@@ -180,6 +195,7 @@ files:
|
|
180
195
|
- lib/onelogin/ruby-saml/metadata.rb
|
181
196
|
- lib/onelogin/ruby-saml/response.rb
|
182
197
|
- lib/onelogin/ruby-saml/saml_message.rb
|
198
|
+
- lib/onelogin/ruby-saml/setting_error.rb
|
183
199
|
- lib/onelogin/ruby-saml/settings.rb
|
184
200
|
- lib/onelogin/ruby-saml/slo_logoutrequest.rb
|
185
201
|
- lib/onelogin/ruby-saml/slo_logoutresponse.rb
|
@@ -201,144 +217,7 @@ files:
|
|
201
217
|
- lib/schemas/xmldsig-core-schema.xsd
|
202
218
|
- lib/xml_security.rb
|
203
219
|
- ruby-saml.gemspec
|
204
|
-
|
205
|
-
- test/certificates/certificate1
|
206
|
-
- test/certificates/certificate_without_head_foot
|
207
|
-
- test/certificates/formatted_certificate
|
208
|
-
- test/certificates/formatted_chained_certificate
|
209
|
-
- test/certificates/formatted_private_key
|
210
|
-
- test/certificates/formatted_rsa_private_key
|
211
|
-
- test/certificates/invalid_certificate1
|
212
|
-
- test/certificates/invalid_certificate2
|
213
|
-
- test/certificates/invalid_certificate3
|
214
|
-
- test/certificates/invalid_chained_certificate1
|
215
|
-
- test/certificates/invalid_private_key1
|
216
|
-
- test/certificates/invalid_private_key2
|
217
|
-
- test/certificates/invalid_private_key3
|
218
|
-
- test/certificates/invalid_rsa_private_key1
|
219
|
-
- test/certificates/invalid_rsa_private_key2
|
220
|
-
- test/certificates/invalid_rsa_private_key3
|
221
|
-
- test/certificates/ruby-saml-2.crt
|
222
|
-
- test/certificates/ruby-saml.crt
|
223
|
-
- test/certificates/ruby-saml.key
|
224
|
-
- test/idp_metadata_parser_test.rb
|
225
|
-
- test/logging_test.rb
|
226
|
-
- test/logout_requests/invalid_slo_request.xml
|
227
|
-
- test/logout_requests/slo_request.xml
|
228
|
-
- test/logout_requests/slo_request.xml.base64
|
229
|
-
- test/logout_requests/slo_request_deflated.xml.base64
|
230
|
-
- test/logout_requests/slo_request_with_name_id_format.xml
|
231
|
-
- test/logout_requests/slo_request_with_session_index.xml
|
232
|
-
- test/logout_responses/logoutresponse_fixtures.rb
|
233
|
-
- test/logoutrequest_test.rb
|
234
|
-
- test/logoutresponse_test.rb
|
235
|
-
- test/metadata/idp_descriptor.xml
|
236
|
-
- test/metadata/idp_descriptor_2.xml
|
237
|
-
- test/metadata/idp_descriptor_3.xml
|
238
|
-
- test/metadata/idp_descriptor_4.xml
|
239
|
-
- test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
|
240
|
-
- test/metadata/idp_metadata_multi_certs.xml
|
241
|
-
- test/metadata/idp_metadata_multi_signing_certs.xml
|
242
|
-
- test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
|
243
|
-
- test/metadata/idp_multiple_descriptors.xml
|
244
|
-
- test/metadata/idp_multiple_descriptors_2.xml
|
245
|
-
- test/metadata/no_idp_descriptor.xml
|
246
|
-
- test/metadata_test.rb
|
247
|
-
- test/request_test.rb
|
248
|
-
- test/response_test.rb
|
249
|
-
- test/responses/adfs_response_sha1.xml
|
250
|
-
- test/responses/adfs_response_sha256.xml
|
251
|
-
- test/responses/adfs_response_sha384.xml
|
252
|
-
- test/responses/adfs_response_sha512.xml
|
253
|
-
- test/responses/adfs_response_xmlns.xml
|
254
|
-
- test/responses/attackxee.xml
|
255
|
-
- test/responses/invalids/duplicated_attributes.xml.base64
|
256
|
-
- test/responses/invalids/empty_destination.xml.base64
|
257
|
-
- test/responses/invalids/empty_nameid.xml.base64
|
258
|
-
- test/responses/invalids/encrypted_new_attack.xml.base64
|
259
|
-
- test/responses/invalids/invalid_audience.xml.base64
|
260
|
-
- test/responses/invalids/invalid_issuer_assertion.xml.base64
|
261
|
-
- test/responses/invalids/invalid_issuer_message.xml.base64
|
262
|
-
- test/responses/invalids/invalid_signature_position.xml.base64
|
263
|
-
- test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
|
264
|
-
- test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
|
265
|
-
- test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
|
266
|
-
- test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
|
267
|
-
- test/responses/invalids/multiple_assertions.xml.base64
|
268
|
-
- test/responses/invalids/multiple_signed.xml.base64
|
269
|
-
- test/responses/invalids/no_authnstatement.xml.base64
|
270
|
-
- test/responses/invalids/no_conditions.xml.base64
|
271
|
-
- test/responses/invalids/no_id.xml.base64
|
272
|
-
- test/responses/invalids/no_issuer_assertion.xml.base64
|
273
|
-
- test/responses/invalids/no_issuer_response.xml.base64
|
274
|
-
- test/responses/invalids/no_nameid.xml.base64
|
275
|
-
- test/responses/invalids/no_saml2.xml.base64
|
276
|
-
- test/responses/invalids/no_signature.xml.base64
|
277
|
-
- test/responses/invalids/no_status.xml.base64
|
278
|
-
- test/responses/invalids/no_status_code.xml.base64
|
279
|
-
- test/responses/invalids/no_subjectconfirmation_data.xml.base64
|
280
|
-
- test/responses/invalids/no_subjectconfirmation_method.xml.base64
|
281
|
-
- test/responses/invalids/response_invalid_signed_element.xml.base64
|
282
|
-
- test/responses/invalids/response_with_concealed_signed_assertion.xml
|
283
|
-
- test/responses/invalids/response_with_doubled_signed_assertion.xml
|
284
|
-
- test/responses/invalids/signature_wrapping_attack.xml.base64
|
285
|
-
- test/responses/invalids/status_code_responder.xml.base64
|
286
|
-
- test/responses/invalids/status_code_responer_and_msg.xml.base64
|
287
|
-
- test/responses/invalids/wrong_spnamequalifier.xml.base64
|
288
|
-
- test/responses/no_signature_ns.xml
|
289
|
-
- test/responses/open_saml_response.xml
|
290
|
-
- test/responses/response_assertion_wrapped.xml.base64
|
291
|
-
- test/responses/response_audience_self_closed_tag.xml.base64
|
292
|
-
- test/responses/response_double_status_code.xml.base64
|
293
|
-
- test/responses/response_encrypted_attrs.xml.base64
|
294
|
-
- test/responses/response_encrypted_nameid.xml.base64
|
295
|
-
- test/responses/response_eval.xml
|
296
|
-
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
297
|
-
- test/responses/response_node_text_attack.xml.base64
|
298
|
-
- test/responses/response_node_text_attack2.xml.base64
|
299
|
-
- test/responses/response_node_text_attack3.xml.base64
|
300
|
-
- test/responses/response_unsigned_xml_base64
|
301
|
-
- test/responses/response_with_ampersands.xml
|
302
|
-
- test/responses/response_with_ampersands.xml.base64
|
303
|
-
- test/responses/response_with_ds_namespace_at_the_root.xml.base64
|
304
|
-
- test/responses/response_with_multiple_attribute_statements.xml
|
305
|
-
- test/responses/response_with_multiple_attribute_values.xml
|
306
|
-
- test/responses/response_with_retrieval_method.xml
|
307
|
-
- test/responses/response_with_saml2_namespace.xml.base64
|
308
|
-
- test/responses/response_with_signed_assertion.xml.base64
|
309
|
-
- test/responses/response_with_signed_assertion_2.xml.base64
|
310
|
-
- test/responses/response_with_signed_assertion_3.xml
|
311
|
-
- test/responses/response_with_signed_message_and_assertion.xml
|
312
|
-
- test/responses/response_with_undefined_recipient.xml.base64
|
313
|
-
- test/responses/response_without_attributes.xml.base64
|
314
|
-
- test/responses/response_without_reference_uri.xml.base64
|
315
|
-
- test/responses/response_wrapped.xml.base64
|
316
|
-
- test/responses/signed_message_encrypted_signed_assertion.xml.base64
|
317
|
-
- test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
|
318
|
-
- test/responses/signed_nameid_in_atts.xml
|
319
|
-
- test/responses/signed_unqual_nameid_in_atts.xml
|
320
|
-
- test/responses/simple_saml_php.xml
|
321
|
-
- test/responses/starfield_response.xml.base64
|
322
|
-
- test/responses/test_sign.xml
|
323
|
-
- test/responses/unsigned_encrypted_adfs.xml
|
324
|
-
- test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
|
325
|
-
- test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
|
326
|
-
- test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
|
327
|
-
- test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
|
328
|
-
- test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
|
329
|
-
- test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
|
330
|
-
- test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
|
331
|
-
- test/responses/valid_response.xml.base64
|
332
|
-
- test/responses/valid_response_with_formatted_x509certificate.xml.base64
|
333
|
-
- test/responses/valid_response_without_x509certificate.xml.base64
|
334
|
-
- test/saml_message_test.rb
|
335
|
-
- test/settings_test.rb
|
336
|
-
- test/slo_logoutrequest_test.rb
|
337
|
-
- test/slo_logoutresponse_test.rb
|
338
|
-
- test/test_helper.rb
|
339
|
-
- test/utils_test.rb
|
340
|
-
- test/xml_security_test.rb
|
341
|
-
homepage: http://github.com/onelogin/ruby-saml
|
220
|
+
homepage: https://github.com/onelogin/ruby-saml
|
342
221
|
licenses:
|
343
222
|
- MIT
|
344
223
|
metadata: {}
|
@@ -363,141 +242,4 @@ rubygems_version: 2.5.2.1
|
|
363
242
|
signing_key:
|
364
243
|
specification_version: 4
|
365
244
|
summary: SAML Ruby Tookit
|
366
|
-
test_files:
|
367
|
-
- test/certificates/certificate.der
|
368
|
-
- test/certificates/certificate1
|
369
|
-
- test/certificates/certificate_without_head_foot
|
370
|
-
- test/certificates/formatted_certificate
|
371
|
-
- test/certificates/formatted_chained_certificate
|
372
|
-
- test/certificates/formatted_private_key
|
373
|
-
- test/certificates/formatted_rsa_private_key
|
374
|
-
- test/certificates/invalid_certificate1
|
375
|
-
- test/certificates/invalid_certificate2
|
376
|
-
- test/certificates/invalid_certificate3
|
377
|
-
- test/certificates/invalid_chained_certificate1
|
378
|
-
- test/certificates/invalid_private_key1
|
379
|
-
- test/certificates/invalid_private_key2
|
380
|
-
- test/certificates/invalid_private_key3
|
381
|
-
- test/certificates/invalid_rsa_private_key1
|
382
|
-
- test/certificates/invalid_rsa_private_key2
|
383
|
-
- test/certificates/invalid_rsa_private_key3
|
384
|
-
- test/certificates/ruby-saml-2.crt
|
385
|
-
- test/certificates/ruby-saml.crt
|
386
|
-
- test/certificates/ruby-saml.key
|
387
|
-
- test/idp_metadata_parser_test.rb
|
388
|
-
- test/logging_test.rb
|
389
|
-
- test/logout_requests/invalid_slo_request.xml
|
390
|
-
- test/logout_requests/slo_request.xml
|
391
|
-
- test/logout_requests/slo_request.xml.base64
|
392
|
-
- test/logout_requests/slo_request_deflated.xml.base64
|
393
|
-
- test/logout_requests/slo_request_with_name_id_format.xml
|
394
|
-
- test/logout_requests/slo_request_with_session_index.xml
|
395
|
-
- test/logout_responses/logoutresponse_fixtures.rb
|
396
|
-
- test/logoutrequest_test.rb
|
397
|
-
- test/logoutresponse_test.rb
|
398
|
-
- test/metadata/idp_descriptor.xml
|
399
|
-
- test/metadata/idp_descriptor_2.xml
|
400
|
-
- test/metadata/idp_descriptor_3.xml
|
401
|
-
- test/metadata/idp_descriptor_4.xml
|
402
|
-
- test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
|
403
|
-
- test/metadata/idp_metadata_multi_certs.xml
|
404
|
-
- test/metadata/idp_metadata_multi_signing_certs.xml
|
405
|
-
- test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
|
406
|
-
- test/metadata/idp_multiple_descriptors.xml
|
407
|
-
- test/metadata/idp_multiple_descriptors_2.xml
|
408
|
-
- test/metadata/no_idp_descriptor.xml
|
409
|
-
- test/metadata_test.rb
|
410
|
-
- test/request_test.rb
|
411
|
-
- test/response_test.rb
|
412
|
-
- test/responses/adfs_response_sha1.xml
|
413
|
-
- test/responses/adfs_response_sha256.xml
|
414
|
-
- test/responses/adfs_response_sha384.xml
|
415
|
-
- test/responses/adfs_response_sha512.xml
|
416
|
-
- test/responses/adfs_response_xmlns.xml
|
417
|
-
- test/responses/attackxee.xml
|
418
|
-
- test/responses/invalids/duplicated_attributes.xml.base64
|
419
|
-
- test/responses/invalids/empty_destination.xml.base64
|
420
|
-
- test/responses/invalids/empty_nameid.xml.base64
|
421
|
-
- test/responses/invalids/encrypted_new_attack.xml.base64
|
422
|
-
- test/responses/invalids/invalid_audience.xml.base64
|
423
|
-
- test/responses/invalids/invalid_issuer_assertion.xml.base64
|
424
|
-
- test/responses/invalids/invalid_issuer_message.xml.base64
|
425
|
-
- test/responses/invalids/invalid_signature_position.xml.base64
|
426
|
-
- test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
|
427
|
-
- test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
|
428
|
-
- test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
|
429
|
-
- test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
|
430
|
-
- test/responses/invalids/multiple_assertions.xml.base64
|
431
|
-
- test/responses/invalids/multiple_signed.xml.base64
|
432
|
-
- test/responses/invalids/no_authnstatement.xml.base64
|
433
|
-
- test/responses/invalids/no_conditions.xml.base64
|
434
|
-
- test/responses/invalids/no_id.xml.base64
|
435
|
-
- test/responses/invalids/no_issuer_assertion.xml.base64
|
436
|
-
- test/responses/invalids/no_issuer_response.xml.base64
|
437
|
-
- test/responses/invalids/no_nameid.xml.base64
|
438
|
-
- test/responses/invalids/no_saml2.xml.base64
|
439
|
-
- test/responses/invalids/no_signature.xml.base64
|
440
|
-
- test/responses/invalids/no_status.xml.base64
|
441
|
-
- test/responses/invalids/no_status_code.xml.base64
|
442
|
-
- test/responses/invalids/no_subjectconfirmation_data.xml.base64
|
443
|
-
- test/responses/invalids/no_subjectconfirmation_method.xml.base64
|
444
|
-
- test/responses/invalids/response_invalid_signed_element.xml.base64
|
445
|
-
- test/responses/invalids/response_with_concealed_signed_assertion.xml
|
446
|
-
- test/responses/invalids/response_with_doubled_signed_assertion.xml
|
447
|
-
- test/responses/invalids/signature_wrapping_attack.xml.base64
|
448
|
-
- test/responses/invalids/status_code_responder.xml.base64
|
449
|
-
- test/responses/invalids/status_code_responer_and_msg.xml.base64
|
450
|
-
- test/responses/invalids/wrong_spnamequalifier.xml.base64
|
451
|
-
- test/responses/no_signature_ns.xml
|
452
|
-
- test/responses/open_saml_response.xml
|
453
|
-
- test/responses/response_assertion_wrapped.xml.base64
|
454
|
-
- test/responses/response_audience_self_closed_tag.xml.base64
|
455
|
-
- test/responses/response_double_status_code.xml.base64
|
456
|
-
- test/responses/response_encrypted_attrs.xml.base64
|
457
|
-
- test/responses/response_encrypted_nameid.xml.base64
|
458
|
-
- test/responses/response_eval.xml
|
459
|
-
- test/responses/response_no_cert_and_encrypted_attrs.xml
|
460
|
-
- test/responses/response_node_text_attack.xml.base64
|
461
|
-
- test/responses/response_node_text_attack2.xml.base64
|
462
|
-
- test/responses/response_node_text_attack3.xml.base64
|
463
|
-
- test/responses/response_unsigned_xml_base64
|
464
|
-
- test/responses/response_with_ampersands.xml
|
465
|
-
- test/responses/response_with_ampersands.xml.base64
|
466
|
-
- test/responses/response_with_ds_namespace_at_the_root.xml.base64
|
467
|
-
- test/responses/response_with_multiple_attribute_statements.xml
|
468
|
-
- test/responses/response_with_multiple_attribute_values.xml
|
469
|
-
- test/responses/response_with_retrieval_method.xml
|
470
|
-
- test/responses/response_with_saml2_namespace.xml.base64
|
471
|
-
- test/responses/response_with_signed_assertion.xml.base64
|
472
|
-
- test/responses/response_with_signed_assertion_2.xml.base64
|
473
|
-
- test/responses/response_with_signed_assertion_3.xml
|
474
|
-
- test/responses/response_with_signed_message_and_assertion.xml
|
475
|
-
- test/responses/response_with_undefined_recipient.xml.base64
|
476
|
-
- test/responses/response_without_attributes.xml.base64
|
477
|
-
- test/responses/response_without_reference_uri.xml.base64
|
478
|
-
- test/responses/response_wrapped.xml.base64
|
479
|
-
- test/responses/signed_message_encrypted_signed_assertion.xml.base64
|
480
|
-
- test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
|
481
|
-
- test/responses/signed_nameid_in_atts.xml
|
482
|
-
- test/responses/signed_unqual_nameid_in_atts.xml
|
483
|
-
- test/responses/simple_saml_php.xml
|
484
|
-
- test/responses/starfield_response.xml.base64
|
485
|
-
- test/responses/test_sign.xml
|
486
|
-
- test/responses/unsigned_encrypted_adfs.xml
|
487
|
-
- test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
|
488
|
-
- test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
|
489
|
-
- test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
|
490
|
-
- test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
|
491
|
-
- test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
|
492
|
-
- test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
|
493
|
-
- test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
|
494
|
-
- test/responses/valid_response.xml.base64
|
495
|
-
- test/responses/valid_response_with_formatted_x509certificate.xml.base64
|
496
|
-
- test/responses/valid_response_without_x509certificate.xml.base64
|
497
|
-
- test/saml_message_test.rb
|
498
|
-
- test/settings_test.rb
|
499
|
-
- test/slo_logoutrequest_test.rb
|
500
|
-
- test/slo_logoutresponse_test.rb
|
501
|
-
- test/test_helper.rb
|
502
|
-
- test/utils_test.rb
|
503
|
-
- test/xml_security_test.rb
|
245
|
+
test_files: []
|