ruby-saml 1.12.0 → 1.12.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +9 -3
- data/changelog.md +7 -0
- data/lib/onelogin/ruby-saml/attributes.rb +1 -1
- data/lib/onelogin/ruby-saml/logoutrequest.rb +4 -4
- data/lib/onelogin/ruby-saml/response.rb +1 -1
- data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +5 -4
- data/lib/onelogin/ruby-saml/utils.rb +3 -3
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 25c4115dff650511c702291e7e6e3277a2c50c43b603c4cf68ae1473b3c061b5
|
|
4
|
+
data.tar.gz: 375b631e4059b50e112f4fc5b890e48c000ddae894fdef7cc665b9a58bad5b7a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1207da19dae7cb853704a0dbbd1d55791156d6703a5d3162adaa4d47ea1e645e4806687392db53c8c3e9c0a51b2fbb45772b8202975565f9157d32b707fd56a1
|
|
7
|
+
data.tar.gz: 9a4a9ba94e5ffd0eb24ef08e4a45435dec63333b2cbf1a0f0ecc164ce0569bb8720941c88874d64aef8524bebb5209bd70299e0e5bbdc953b7546aa055da58be
|
data/README.md
CHANGED
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
Version `1.12.0` adds support for gcm algorithm and
|
|
5
5
|
change/adds specific error messages for signature validations
|
|
6
6
|
|
|
7
|
+
`idp_sso_target_url` and `idp_slo_target_url` attributes of the Settings class deprecated in favor of `idp_sso_service_url` and `idp_slo_service_url`.
|
|
8
|
+
In IDPMetadataParser, `parse`, `parse_to_hash` and `parse_to_array` methods now retrieve SSO URL and SLO URL endpoints with
|
|
9
|
+
`idp_sso_service_url` and `idp_slo_service_url` (previously `idp_sso_target_url` and `idp_slo_target_url` respectively).
|
|
10
|
+
|
|
7
11
|
## Updating from 1.10.x to 1.11.0
|
|
8
12
|
Version `1.11.0` deprecates the use of `settings.issuer` in favour of `settings.sp_entity_id`.
|
|
9
13
|
There are two new security settings: `settings.security[:check_idp_cert_expiration]` and `settings.security[:check_sp_cert_expiration]` (both false by default) that check if the IdP or SP X.509 certificate has expired, respectively.
|
|
@@ -120,9 +124,11 @@ We created a demo project for Rails4 that uses the latest version of this librar
|
|
|
120
124
|
* 2.5.x
|
|
121
125
|
* 2.6.x
|
|
122
126
|
* 2.7.x
|
|
123
|
-
*
|
|
124
|
-
* JRuby
|
|
125
|
-
* JRuby 9.
|
|
127
|
+
* 3.0.x
|
|
128
|
+
* JRuby 1.7.x
|
|
129
|
+
* JRuby 9.0.x
|
|
130
|
+
* JRuby 9.1.x
|
|
131
|
+
* JRuby 9.2.x
|
|
126
132
|
|
|
127
133
|
## Adding Features, Pull Requests
|
|
128
134
|
* Fork the repository
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
2
|
|
|
3
|
+
### 1.12.2 (Apr 08, 2022)
|
|
4
|
+
* [575](https://github.com/onelogin/ruby-saml/pull/575) Fix SloLogoutresponse bug on LogoutRequest
|
|
5
|
+
|
|
6
|
+
### 1.12.1 (Apr 05, 2022)
|
|
7
|
+
* Fix XPath typo incompatible with Rexml 3.2.5
|
|
8
|
+
* Refactor GCM support
|
|
9
|
+
|
|
3
10
|
### 1.12.0 (Feb 18, 2021)
|
|
4
11
|
* Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
|
|
5
12
|
* Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
|
|
@@ -124,7 +124,7 @@ module OneLogin
|
|
|
124
124
|
def fetch(name)
|
|
125
125
|
attributes.each_key do |attribute_key|
|
|
126
126
|
if name.is_a?(Regexp)
|
|
127
|
-
if name.
|
|
127
|
+
if name.respond_to? :match?
|
|
128
128
|
return self[attribute_key] if name.match?(attribute_key)
|
|
129
129
|
else
|
|
130
130
|
return self[attribute_key] if name.match(attribute_key)
|
|
@@ -32,14 +32,14 @@ module OneLogin
|
|
|
32
32
|
#
|
|
33
33
|
def create(settings, params={})
|
|
34
34
|
params = create_params(settings, params)
|
|
35
|
-
params_prefix = (settings.
|
|
35
|
+
params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
|
|
36
36
|
saml_request = CGI.escape(params.delete("SAMLRequest"))
|
|
37
37
|
request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
|
|
38
38
|
params.each_pair do |key, value|
|
|
39
39
|
request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
|
|
40
40
|
end
|
|
41
|
-
raise SettingError.new "Invalid settings,
|
|
42
|
-
@logout_url = settings.
|
|
41
|
+
raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
|
|
42
|
+
@logout_url = settings.idp_slo_service_url + request_params
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
# Creates the Get parameters for the logout request.
|
|
@@ -109,7 +109,7 @@ module OneLogin
|
|
|
109
109
|
root.attributes['ID'] = uuid
|
|
110
110
|
root.attributes['IssueInstant'] = time
|
|
111
111
|
root.attributes['Version'] = "2.0"
|
|
112
|
-
root.attributes['Destination'] = settings.
|
|
112
|
+
root.attributes['Destination'] = settings.idp_slo_service_url unless settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
|
|
113
113
|
|
|
114
114
|
if settings.sp_entity_id
|
|
115
115
|
issuer = root.add_element "saml:Issuer"
|
|
@@ -828,7 +828,7 @@ module OneLogin
|
|
|
828
828
|
# otherwise, review if the decrypted assertion contains a signature
|
|
829
829
|
sig_elements = REXML::XPath.match(
|
|
830
830
|
document,
|
|
831
|
-
"/p:Response[@ID=$id]/ds:Signature
|
|
831
|
+
"/p:Response[@ID=$id]/ds:Signature",
|
|
832
832
|
{ "p" => PROTOCOL, "ds" => DSIG },
|
|
833
833
|
{ 'id' => document.signed_element_id }
|
|
834
834
|
)
|
|
@@ -36,15 +36,15 @@ module OneLogin
|
|
|
36
36
|
#
|
|
37
37
|
def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
|
|
38
38
|
params = create_params(settings, request_id, logout_message, params, logout_status_code)
|
|
39
|
-
params_prefix = (settings.
|
|
40
|
-
url = settings.idp_slo_response_service_url || settings.
|
|
39
|
+
params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
|
|
40
|
+
url = settings.idp_slo_response_service_url || settings.idp_slo_service_url
|
|
41
41
|
saml_response = CGI.escape(params.delete("SAMLResponse"))
|
|
42
42
|
response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
|
|
43
43
|
params.each_pair do |key, value|
|
|
44
44
|
response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
-
raise SettingError.new "Invalid settings,
|
|
47
|
+
raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if url.nil? or url.empty?
|
|
48
48
|
@logout_url = url + response_params
|
|
49
49
|
end
|
|
50
50
|
|
|
@@ -117,7 +117,8 @@ module OneLogin
|
|
|
117
117
|
response_doc = XMLSecurity::Document.new
|
|
118
118
|
response_doc.uuid = uuid
|
|
119
119
|
|
|
120
|
-
destination = settings.idp_slo_response_service_url || settings.
|
|
120
|
+
destination = settings.idp_slo_response_service_url || settings.idp_slo_service_url
|
|
121
|
+
|
|
121
122
|
|
|
122
123
|
root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
|
|
123
124
|
root.attributes['ID'] = uuid
|
|
@@ -296,9 +296,9 @@ module OneLogin
|
|
|
296
296
|
when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
|
|
297
297
|
when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
|
|
298
298
|
when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
|
|
299
|
-
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
300
|
-
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
301
|
-
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
299
|
+
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
|
|
300
|
+
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(192, :GCM).decrypt
|
|
301
|
+
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(256, :GCM).decrypt
|
|
302
302
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
|
|
303
303
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
|
|
304
304
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.12.
|
|
4
|
+
version: 1.12.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|