ruby-saml 1.12.0 → 1.12.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43bc92cf8a14835577d9bb32d1bdcef71fd5ffccb351dd41ac9b56863fb173c7
4
- data.tar.gz: e7975fcf413d9c64801f7b5190246685548205034dc74315bc169738697e1006
3
+ metadata.gz: 25c4115dff650511c702291e7e6e3277a2c50c43b603c4cf68ae1473b3c061b5
4
+ data.tar.gz: 375b631e4059b50e112f4fc5b890e48c000ddae894fdef7cc665b9a58bad5b7a
5
5
  SHA512:
6
- metadata.gz: 0a09fcb8777969eb6d54b29d20520c7e17e3f7dc128cfc81475eba8c9b31f5926f2b64d308b18268762b43fb60cf7956f6e266c1f5343d2b9d58e545be0c3392
7
- data.tar.gz: 8e9008647a610935764b2f578b76c5eb72d09be482d76b5f4d8ab51fd29d4569a3ba2e2db61f63fbdde27bd1be14bf4afdeffe1c7f699afc0b7d5e1c85d0fe09
6
+ metadata.gz: 1207da19dae7cb853704a0dbbd1d55791156d6703a5d3162adaa4d47ea1e645e4806687392db53c8c3e9c0a51b2fbb45772b8202975565f9157d32b707fd56a1
7
+ data.tar.gz: 9a4a9ba94e5ffd0eb24ef08e4a45435dec63333b2cbf1a0f0ecc164ce0569bb8720941c88874d64aef8524bebb5209bd70299e0e5bbdc953b7546aa055da58be
data/README.md CHANGED
@@ -4,6 +4,10 @@
4
4
  Version `1.12.0` adds support for gcm algorithm and
5
5
  change/adds specific error messages for signature validations
6
6
 
7
+ `idp_sso_target_url` and `idp_slo_target_url` attributes of the Settings class deprecated in favor of `idp_sso_service_url` and `idp_slo_service_url`.
8
+ In IDPMetadataParser, `parse`, `parse_to_hash` and `parse_to_array` methods now retrieve SSO URL and SLO URL endpoints with
9
+ `idp_sso_service_url` and `idp_slo_service_url` (previously `idp_sso_target_url` and `idp_slo_target_url` respectively).
10
+
7
11
  ## Updating from 1.10.x to 1.11.0
8
12
  Version `1.11.0` deprecates the use of `settings.issuer` in favour of `settings.sp_entity_id`.
9
13
  There are two new security settings: `settings.security[:check_idp_cert_expiration]` and `settings.security[:check_sp_cert_expiration]` (both false by default) that check if the IdP or SP X.509 certificate has expired, respectively.
@@ -120,9 +124,11 @@ We created a demo project for Rails4 that uses the latest version of this librar
120
124
  * 2.5.x
121
125
  * 2.6.x
122
126
  * 2.7.x
123
- * JRuby 1.7.19
124
- * JRuby 9.0.0.0
125
- * JRuby 9.2.0.0
127
+ * 3.0.x
128
+ * JRuby 1.7.x
129
+ * JRuby 9.0.x
130
+ * JRuby 9.1.x
131
+ * JRuby 9.2.x
126
132
 
127
133
  ## Adding Features, Pull Requests
128
134
  * Fork the repository
data/changelog.md CHANGED
@@ -1,5 +1,12 @@
1
1
  # RubySaml Changelog
2
2
 
3
+ ### 1.12.2 (Apr 08, 2022)
4
+ * [575](https://github.com/onelogin/ruby-saml/pull/575) Fix SloLogoutresponse bug on LogoutRequest
5
+
6
+ ### 1.12.1 (Apr 05, 2022)
7
+ * Fix XPath typo incompatible with Rexml 3.2.5
8
+ * Refactor GCM support
9
+
3
10
  ### 1.12.0 (Feb 18, 2021)
4
11
  * Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
5
12
  * Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
@@ -124,7 +124,7 @@ module OneLogin
124
124
  def fetch(name)
125
125
  attributes.each_key do |attribute_key|
126
126
  if name.is_a?(Regexp)
127
- if name.method_exists? :match?
127
+ if name.respond_to? :match?
128
128
  return self[attribute_key] if name.match?(attribute_key)
129
129
  else
130
130
  return self[attribute_key] if name.match(attribute_key)
@@ -32,14 +32,14 @@ module OneLogin
32
32
  #
33
33
  def create(settings, params={})
34
34
  params = create_params(settings, params)
35
- params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
35
+ params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
36
36
  saml_request = CGI.escape(params.delete("SAMLRequest"))
37
37
  request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
38
38
  params.each_pair do |key, value|
39
39
  request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
40
40
  end
41
- raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if settings.idp_slo_target_url.nil? or settings.idp_slo_target_url.empty?
42
- @logout_url = settings.idp_slo_target_url + request_params
41
+ raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
42
+ @logout_url = settings.idp_slo_service_url + request_params
43
43
  end
44
44
 
45
45
  # Creates the Get parameters for the logout request.
@@ -109,7 +109,7 @@ module OneLogin
109
109
  root.attributes['ID'] = uuid
110
110
  root.attributes['IssueInstant'] = time
111
111
  root.attributes['Version'] = "2.0"
112
- root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil? or settings.idp_slo_target_url.empty?
112
+ root.attributes['Destination'] = settings.idp_slo_service_url unless settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
113
113
 
114
114
  if settings.sp_entity_id
115
115
  issuer = root.add_element "saml:Issuer"
@@ -828,7 +828,7 @@ module OneLogin
828
828
  # otherwise, review if the decrypted assertion contains a signature
829
829
  sig_elements = REXML::XPath.match(
830
830
  document,
831
- "/p:Response[@ID=$id]/ds:Signature]",
831
+ "/p:Response[@ID=$id]/ds:Signature",
832
832
  { "p" => PROTOCOL, "ds" => DSIG },
833
833
  { 'id' => document.signed_element_id }
834
834
  )
@@ -36,15 +36,15 @@ module OneLogin
36
36
  #
37
37
  def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
38
38
  params = create_params(settings, request_id, logout_message, params, logout_status_code)
39
- params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
40
- url = settings.idp_slo_response_service_url || settings.idp_slo_target_url
39
+ params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
40
+ url = settings.idp_slo_response_service_url || settings.idp_slo_service_url
41
41
  saml_response = CGI.escape(params.delete("SAMLResponse"))
42
42
  response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
43
43
  params.each_pair do |key, value|
44
44
  response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
45
45
  end
46
46
 
47
- raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if url.nil? or url.empty?
47
+ raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if url.nil? or url.empty?
48
48
  @logout_url = url + response_params
49
49
  end
50
50
 
@@ -117,7 +117,8 @@ module OneLogin
117
117
  response_doc = XMLSecurity::Document.new
118
118
  response_doc.uuid = uuid
119
119
 
120
- destination = settings.idp_slo_response_service_url || settings.idp_slo_target_url
120
+ destination = settings.idp_slo_response_service_url || settings.idp_slo_service_url
121
+
121
122
 
122
123
  root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
123
124
  root.attributes['ID'] = uuid
@@ -296,9 +296,9 @@ module OneLogin
296
296
  when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
297
297
  when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
298
298
  when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
299
- when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
300
- when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-192-GCM').decrypt
301
- when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-256-GCM').decrypt
299
+ when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
300
+ when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(192, :GCM).decrypt
301
+ when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(256, :GCM).decrypt
302
302
  when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
303
303
  when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
304
304
  end
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '1.12.0'
3
+ VERSION = '1.12.2'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.12.0
4
+ version: 1.12.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-19 00:00:00.000000000 Z
11
+ date: 2021-04-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri