ruby-saml 1.12.0 → 1.12.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +9 -3
- data/changelog.md +4 -0
- data/lib/onelogin/ruby-saml/attributes.rb +1 -1
- data/lib/onelogin/ruby-saml/response.rb +1 -1
- data/lib/onelogin/ruby-saml/utils.rb +3 -3
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ac80594648fe4830b965c65366f8bb261a4edfe148c9e929f352b39a1b3428f
|
|
4
|
+
data.tar.gz: b6379aa66a89f2074f434e8c97163022d533e1cdc30c20555135c2e4c82353b4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b1a380101d7684431209f4e8cc2704c8118621465c3b0a8efc623d573377e14706a4368eae6ea9ef1666da4c36e5e6a61ccae845d9f87e1bab98fbf2cd626ad6
|
|
7
|
+
data.tar.gz: e251b75351483f04d21bc4228af9752cab4d0cc4568952835960363671c28f9e38e62f9b727bde5d62b3a39e095593041e1e7dea9d93084fe6a87aef45a0f8ab
|
data/README.md
CHANGED
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
Version `1.12.0` adds support for gcm algorithm and
|
|
5
5
|
change/adds specific error messages for signature validations
|
|
6
6
|
|
|
7
|
+
`idp_sso_target_url` and `idp_slo_target_url` attributes of the Settings class deprecated in favor of `idp_sso_service_url` and `idp_slo_service_url`.
|
|
8
|
+
In IDPMetadataParser, `parse`, `parse_to_hash` and `parse_to_array` methods now retrieve SSO URL and SLO URL endpoints with
|
|
9
|
+
`idp_sso_service_url` and `idp_slo_service_url` (previously `idp_sso_target_url` and `idp_slo_target_url` respectively).
|
|
10
|
+
|
|
7
11
|
## Updating from 1.10.x to 1.11.0
|
|
8
12
|
Version `1.11.0` deprecates the use of `settings.issuer` in favour of `settings.sp_entity_id`.
|
|
9
13
|
There are two new security settings: `settings.security[:check_idp_cert_expiration]` and `settings.security[:check_sp_cert_expiration]` (both false by default) that check if the IdP or SP X.509 certificate has expired, respectively.
|
|
@@ -120,9 +124,11 @@ We created a demo project for Rails4 that uses the latest version of this librar
|
|
|
120
124
|
* 2.5.x
|
|
121
125
|
* 2.6.x
|
|
122
126
|
* 2.7.x
|
|
123
|
-
*
|
|
124
|
-
* JRuby
|
|
125
|
-
* JRuby 9.
|
|
127
|
+
* 3.0.x
|
|
128
|
+
* JRuby 1.7.x
|
|
129
|
+
* JRuby 9.0.x
|
|
130
|
+
* JRuby 9.1.x
|
|
131
|
+
* JRuby 9.2.x
|
|
126
132
|
|
|
127
133
|
## Adding Features, Pull Requests
|
|
128
134
|
* Fork the repository
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
2
|
|
|
3
|
+
### 1.12.1 (Apr 05, 2022)
|
|
4
|
+
* Fix XPath typo incompatible with Rexml 3.2.5
|
|
5
|
+
* Refactor GCM support
|
|
6
|
+
|
|
3
7
|
### 1.12.0 (Feb 18, 2021)
|
|
4
8
|
* Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
|
|
5
9
|
* Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
|
|
@@ -124,7 +124,7 @@ module OneLogin
|
|
|
124
124
|
def fetch(name)
|
|
125
125
|
attributes.each_key do |attribute_key|
|
|
126
126
|
if name.is_a?(Regexp)
|
|
127
|
-
if name.
|
|
127
|
+
if name.respond_to? :match?
|
|
128
128
|
return self[attribute_key] if name.match?(attribute_key)
|
|
129
129
|
else
|
|
130
130
|
return self[attribute_key] if name.match(attribute_key)
|
|
@@ -828,7 +828,7 @@ module OneLogin
|
|
|
828
828
|
# otherwise, review if the decrypted assertion contains a signature
|
|
829
829
|
sig_elements = REXML::XPath.match(
|
|
830
830
|
document,
|
|
831
|
-
"/p:Response[@ID=$id]/ds:Signature
|
|
831
|
+
"/p:Response[@ID=$id]/ds:Signature",
|
|
832
832
|
{ "p" => PROTOCOL, "ds" => DSIG },
|
|
833
833
|
{ 'id' => document.signed_element_id }
|
|
834
834
|
)
|
|
@@ -296,9 +296,9 @@ module OneLogin
|
|
|
296
296
|
when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
|
|
297
297
|
when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
|
|
298
298
|
when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
|
|
299
|
-
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
300
|
-
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
301
|
-
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
299
|
+
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
|
|
300
|
+
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(192, :GCM).decrypt
|
|
301
|
+
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(256, :GCM).decrypt
|
|
302
302
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
|
|
303
303
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
|
|
304
304
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.12.
|
|
4
|
+
version: 1.12.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|