ruby-saml 1.12.0 → 1.12.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +9 -3
- data/changelog.md +7 -0
- data/lib/onelogin/ruby-saml/attributes.rb +1 -1
- data/lib/onelogin/ruby-saml/logoutrequest.rb +4 -4
- data/lib/onelogin/ruby-saml/response.rb +1 -1
- data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +5 -4
- data/lib/onelogin/ruby-saml/utils.rb +3 -3
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 25c4115dff650511c702291e7e6e3277a2c50c43b603c4cf68ae1473b3c061b5
|
|
4
|
+
data.tar.gz: 375b631e4059b50e112f4fc5b890e48c000ddae894fdef7cc665b9a58bad5b7a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1207da19dae7cb853704a0dbbd1d55791156d6703a5d3162adaa4d47ea1e645e4806687392db53c8c3e9c0a51b2fbb45772b8202975565f9157d32b707fd56a1
|
|
7
|
+
data.tar.gz: 9a4a9ba94e5ffd0eb24ef08e4a45435dec63333b2cbf1a0f0ecc164ce0569bb8720941c88874d64aef8524bebb5209bd70299e0e5bbdc953b7546aa055da58be
|
data/README.md
CHANGED
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
Version `1.12.0` adds support for gcm algorithm and
|
|
5
5
|
change/adds specific error messages for signature validations
|
|
6
6
|
|
|
7
|
+
`idp_sso_target_url` and `idp_slo_target_url` attributes of the Settings class deprecated in favor of `idp_sso_service_url` and `idp_slo_service_url`.
|
|
8
|
+
In IDPMetadataParser, `parse`, `parse_to_hash` and `parse_to_array` methods now retrieve SSO URL and SLO URL endpoints with
|
|
9
|
+
`idp_sso_service_url` and `idp_slo_service_url` (previously `idp_sso_target_url` and `idp_slo_target_url` respectively).
|
|
10
|
+
|
|
7
11
|
## Updating from 1.10.x to 1.11.0
|
|
8
12
|
Version `1.11.0` deprecates the use of `settings.issuer` in favour of `settings.sp_entity_id`.
|
|
9
13
|
There are two new security settings: `settings.security[:check_idp_cert_expiration]` and `settings.security[:check_sp_cert_expiration]` (both false by default) that check if the IdP or SP X.509 certificate has expired, respectively.
|
|
@@ -120,9 +124,11 @@ We created a demo project for Rails4 that uses the latest version of this librar
|
|
|
120
124
|
* 2.5.x
|
|
121
125
|
* 2.6.x
|
|
122
126
|
* 2.7.x
|
|
123
|
-
*
|
|
124
|
-
* JRuby
|
|
125
|
-
* JRuby 9.
|
|
127
|
+
* 3.0.x
|
|
128
|
+
* JRuby 1.7.x
|
|
129
|
+
* JRuby 9.0.x
|
|
130
|
+
* JRuby 9.1.x
|
|
131
|
+
* JRuby 9.2.x
|
|
126
132
|
|
|
127
133
|
## Adding Features, Pull Requests
|
|
128
134
|
* Fork the repository
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
2
|
|
|
3
|
+
### 1.12.2 (Apr 08, 2022)
|
|
4
|
+
* [575](https://github.com/onelogin/ruby-saml/pull/575) Fix SloLogoutresponse bug on LogoutRequest
|
|
5
|
+
|
|
6
|
+
### 1.12.1 (Apr 05, 2022)
|
|
7
|
+
* Fix XPath typo incompatible with Rexml 3.2.5
|
|
8
|
+
* Refactor GCM support
|
|
9
|
+
|
|
3
10
|
### 1.12.0 (Feb 18, 2021)
|
|
4
11
|
* Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
|
|
5
12
|
* Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
|
|
@@ -124,7 +124,7 @@ module OneLogin
|
|
|
124
124
|
def fetch(name)
|
|
125
125
|
attributes.each_key do |attribute_key|
|
|
126
126
|
if name.is_a?(Regexp)
|
|
127
|
-
if name.
|
|
127
|
+
if name.respond_to? :match?
|
|
128
128
|
return self[attribute_key] if name.match?(attribute_key)
|
|
129
129
|
else
|
|
130
130
|
return self[attribute_key] if name.match(attribute_key)
|
|
@@ -32,14 +32,14 @@ module OneLogin
|
|
|
32
32
|
#
|
|
33
33
|
def create(settings, params={})
|
|
34
34
|
params = create_params(settings, params)
|
|
35
|
-
params_prefix = (settings.
|
|
35
|
+
params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
|
|
36
36
|
saml_request = CGI.escape(params.delete("SAMLRequest"))
|
|
37
37
|
request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
|
|
38
38
|
params.each_pair do |key, value|
|
|
39
39
|
request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
|
|
40
40
|
end
|
|
41
|
-
raise SettingError.new "Invalid settings,
|
|
42
|
-
@logout_url = settings.
|
|
41
|
+
raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
|
|
42
|
+
@logout_url = settings.idp_slo_service_url + request_params
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
# Creates the Get parameters for the logout request.
|
|
@@ -109,7 +109,7 @@ module OneLogin
|
|
|
109
109
|
root.attributes['ID'] = uuid
|
|
110
110
|
root.attributes['IssueInstant'] = time
|
|
111
111
|
root.attributes['Version'] = "2.0"
|
|
112
|
-
root.attributes['Destination'] = settings.
|
|
112
|
+
root.attributes['Destination'] = settings.idp_slo_service_url unless settings.idp_slo_service_url.nil? or settings.idp_slo_service_url.empty?
|
|
113
113
|
|
|
114
114
|
if settings.sp_entity_id
|
|
115
115
|
issuer = root.add_element "saml:Issuer"
|
|
@@ -828,7 +828,7 @@ module OneLogin
|
|
|
828
828
|
# otherwise, review if the decrypted assertion contains a signature
|
|
829
829
|
sig_elements = REXML::XPath.match(
|
|
830
830
|
document,
|
|
831
|
-
"/p:Response[@ID=$id]/ds:Signature
|
|
831
|
+
"/p:Response[@ID=$id]/ds:Signature",
|
|
832
832
|
{ "p" => PROTOCOL, "ds" => DSIG },
|
|
833
833
|
{ 'id' => document.signed_element_id }
|
|
834
834
|
)
|
|
@@ -36,15 +36,15 @@ module OneLogin
|
|
|
36
36
|
#
|
|
37
37
|
def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
|
|
38
38
|
params = create_params(settings, request_id, logout_message, params, logout_status_code)
|
|
39
|
-
params_prefix = (settings.
|
|
40
|
-
url = settings.idp_slo_response_service_url || settings.
|
|
39
|
+
params_prefix = (settings.idp_slo_service_url =~ /\?/) ? '&' : '?'
|
|
40
|
+
url = settings.idp_slo_response_service_url || settings.idp_slo_service_url
|
|
41
41
|
saml_response = CGI.escape(params.delete("SAMLResponse"))
|
|
42
42
|
response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
|
|
43
43
|
params.each_pair do |key, value|
|
|
44
44
|
response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
-
raise SettingError.new "Invalid settings,
|
|
47
|
+
raise SettingError.new "Invalid settings, idp_slo_service_url is not set!" if url.nil? or url.empty?
|
|
48
48
|
@logout_url = url + response_params
|
|
49
49
|
end
|
|
50
50
|
|
|
@@ -117,7 +117,8 @@ module OneLogin
|
|
|
117
117
|
response_doc = XMLSecurity::Document.new
|
|
118
118
|
response_doc.uuid = uuid
|
|
119
119
|
|
|
120
|
-
destination = settings.idp_slo_response_service_url || settings.
|
|
120
|
+
destination = settings.idp_slo_response_service_url || settings.idp_slo_service_url
|
|
121
|
+
|
|
121
122
|
|
|
122
123
|
root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
|
|
123
124
|
root.attributes['ID'] = uuid
|
|
@@ -296,9 +296,9 @@ module OneLogin
|
|
|
296
296
|
when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
|
|
297
297
|
when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
|
|
298
298
|
when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
|
|
299
|
-
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
300
|
-
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
301
|
-
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
299
|
+
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
|
|
300
|
+
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(192, :GCM).decrypt
|
|
301
|
+
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(256, :GCM).decrypt
|
|
302
302
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
|
|
303
303
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
|
|
304
304
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.12.
|
|
4
|
+
version: 1.12.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|