ruby-saml 1.4.2 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +70 -13
- data/changelog.md +14 -1
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +209 -97
- data/lib/onelogin/ruby-saml/logoutrequest.rb +2 -1
- data/lib/onelogin/ruby-saml/logoutresponse.rb +31 -8
- data/lib/onelogin/ruby-saml/metadata.rb +20 -14
- data/lib/onelogin/ruby-saml/response.rb +32 -15
- data/lib/onelogin/ruby-saml/saml_message.rb +1 -2
- data/lib/onelogin/ruby-saml/settings.rb +39 -1
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +29 -7
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/schemas/xmldsig-core-schema.xsd +1 -1
- data/lib/xml_security.rb +25 -0
- data/test/certificates/ruby-saml-2.crt +15 -0
- data/test/idp_metadata_parser_test.rb +211 -15
- data/test/logoutresponse_test.rb +60 -0
- data/test/metadata/idp_descriptor.xml +26 -0
- data/test/metadata/idp_descriptor_2.xml +56 -0
- data/test/metadata/idp_descriptor_3.xml +14 -0
- data/test/metadata/idp_multiple_descriptors.xml +53 -0
- data/test/metadata_test.rb +70 -2
- data/test/response_test.rb +289 -243
- data/test/settings_test.rb +105 -22
- data/test/slo_logoutrequest_test.rb +66 -0
- data/test/test_helper.rb +23 -3
- metadata +13 -5
- data/test/responses/idp_descriptor.xml +0 -3
data/test/settings_test.rb
CHANGED
@@ -11,8 +11,9 @@ class SettingsTest < Minitest::Test
|
|
11
11
|
|
12
12
|
it "should provide getters and settings" do
|
13
13
|
accessors = [
|
14
|
-
:idp_entity_id, :idp_sso_target_url, :idp_slo_target_url,
|
15
|
-
:
|
14
|
+
:idp_entity_id, :idp_sso_target_url, :idp_slo_target_url,
|
15
|
+
:idp_cert, :idp_cert_fingerprint, :idp_cert_fingerprint_algorithm, :idp_cert_multi,
|
16
|
+
:idp_attribute_names, :issuer, :assertion_consumer_service_url, :assertion_consumer_service_binding,
|
16
17
|
:single_logout_service_url, :single_logout_service_binding,
|
17
18
|
:sp_name_qualifier, :name_identifier_format, :name_identifier_value,
|
18
19
|
:sessionindex, :attributes_index, :passive, :force_authn,
|
@@ -52,7 +53,6 @@ class SettingsTest < Minitest::Test
|
|
52
53
|
end
|
53
54
|
|
54
55
|
it "configure attribute service attributes correctly" do
|
55
|
-
@settings = OneLogin::RubySaml::Settings.new
|
56
56
|
@settings.attribute_consuming_service.configure do
|
57
57
|
service_name "Test Service"
|
58
58
|
add_attribute :name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name"
|
@@ -79,37 +79,34 @@ class SettingsTest < Minitest::Test
|
|
79
79
|
|
80
80
|
describe "#single_logout_service_url" do
|
81
81
|
it "when single_logout_service_url is nil but assertion_consumer_logout_service_url returns its value" do
|
82
|
-
settings.single_logout_service_url = nil
|
83
|
-
settings.assertion_consumer_logout_service_url = "http://app.muda.no/sls"
|
82
|
+
@settings.single_logout_service_url = nil
|
83
|
+
@settings.assertion_consumer_logout_service_url = "http://app.muda.no/sls"
|
84
84
|
|
85
|
-
assert_equal "http://app.muda.no/sls", settings.single_logout_service_url
|
85
|
+
assert_equal "http://app.muda.no/sls", @settings.single_logout_service_url
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
89
|
describe "#single_logout_service_binding" do
|
90
90
|
it "when single_logout_service_binding is nil but assertion_consumer_logout_service_binding returns its value" do
|
91
|
-
settings.single_logout_service_binding = nil
|
92
|
-
settings.assertion_consumer_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
91
|
+
@settings.single_logout_service_binding = nil
|
92
|
+
@settings.assertion_consumer_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
93
93
|
|
94
|
-
assert_equal "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", settings.single_logout_service_binding
|
94
|
+
assert_equal "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", @settings.single_logout_service_binding
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
98
98
|
describe "#get_idp_cert" do
|
99
99
|
it "returns nil when the cert is an empty string" do
|
100
|
-
@settings = OneLogin::RubySaml::Settings.new
|
101
100
|
@settings.idp_cert = ""
|
102
101
|
assert_nil @settings.get_idp_cert
|
103
102
|
end
|
104
103
|
|
105
104
|
it "returns nil when the cert is nil" do
|
106
|
-
@settings = OneLogin::RubySaml::Settings.new
|
107
105
|
@settings.idp_cert = nil
|
108
106
|
assert_nil @settings.get_idp_cert
|
109
107
|
end
|
110
108
|
|
111
109
|
it "returns the certificate when it is valid" do
|
112
|
-
@settings = OneLogin::RubySaml::Settings.new
|
113
110
|
@settings.idp_cert = ruby_saml_cert_text
|
114
111
|
assert @settings.get_idp_cert.kind_of? OpenSSL::X509::Certificate
|
115
112
|
end
|
@@ -123,21 +120,88 @@ class SettingsTest < Minitest::Test
|
|
123
120
|
end
|
124
121
|
end
|
125
122
|
|
123
|
+
describe "#get_idp_cert_multi" do
|
124
|
+
it "returns nil when the value is empty" do
|
125
|
+
@settings.idp_cert = {}
|
126
|
+
assert_nil @settings.get_idp_cert_multi
|
127
|
+
end
|
128
|
+
|
129
|
+
it "returns nil when the idp_cert_multi is nil or empty" do
|
130
|
+
@settings.idp_cert_multi = nil
|
131
|
+
assert_nil @settings.get_idp_cert_multi
|
132
|
+
end
|
133
|
+
|
134
|
+
it "returns partial hash when contains some values" do
|
135
|
+
empty_multi = {
|
136
|
+
:signing => [],
|
137
|
+
:encryption => []
|
138
|
+
}
|
139
|
+
|
140
|
+
@settings.idp_cert_multi = {
|
141
|
+
:signing => []
|
142
|
+
}
|
143
|
+
assert_equal empty_multi, @settings.get_idp_cert_multi
|
144
|
+
|
145
|
+
@settings.idp_cert_multi = {
|
146
|
+
:encryption => []
|
147
|
+
}
|
148
|
+
assert_equal empty_multi, @settings.get_idp_cert_multi
|
149
|
+
|
150
|
+
@settings.idp_cert_multi = {
|
151
|
+
:signing => [],
|
152
|
+
:encryption => []
|
153
|
+
}
|
154
|
+
assert_equal empty_multi, @settings.get_idp_cert_multi
|
155
|
+
|
156
|
+
@settings.idp_cert_multi = {
|
157
|
+
:yyy => [],
|
158
|
+
:zzz => []
|
159
|
+
}
|
160
|
+
assert_equal empty_multi, @settings.get_idp_cert_multi
|
161
|
+
end
|
162
|
+
|
163
|
+
it "returns the hash with certificates when values were valid" do
|
164
|
+
certificates = ruby_saml_cert_text
|
165
|
+
@settings.idp_cert_multi = {
|
166
|
+
:signing => [ruby_saml_cert_text],
|
167
|
+
:encryption => [ruby_saml_cert_text],
|
168
|
+
}
|
169
|
+
|
170
|
+
assert @settings.get_idp_cert_multi.kind_of? Hash
|
171
|
+
assert @settings.get_idp_cert_multi[:signing].kind_of? Array
|
172
|
+
assert @settings.get_idp_cert_multi[:encryption].kind_of? Array
|
173
|
+
assert @settings.get_idp_cert_multi[:signing][0].kind_of? OpenSSL::X509::Certificate
|
174
|
+
assert @settings.get_idp_cert_multi[:encryption][0].kind_of? OpenSSL::X509::Certificate
|
175
|
+
end
|
176
|
+
|
177
|
+
it "raises when there is a cert in idp_cert_multi not valid" do
|
178
|
+
certificate = read_certificate("formatted_certificate")
|
179
|
+
|
180
|
+
@settings.idp_cert_multi = {
|
181
|
+
:signing => [],
|
182
|
+
:encryption => []
|
183
|
+
}
|
184
|
+
@settings.idp_cert_multi[:signing].push(certificate)
|
185
|
+
@settings.idp_cert_multi[:encryption].push(certificate)
|
186
|
+
|
187
|
+
assert_raises(OpenSSL::X509::CertificateError) {
|
188
|
+
@settings.get_idp_cert_multi
|
189
|
+
}
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
126
193
|
describe "#get_sp_cert" do
|
127
194
|
it "returns nil when the cert is an empty string" do
|
128
|
-
@settings = OneLogin::RubySaml::Settings.new
|
129
195
|
@settings.certificate = ""
|
130
196
|
assert_nil @settings.get_sp_cert
|
131
197
|
end
|
132
198
|
|
133
199
|
it "returns nil when the cert is nil" do
|
134
|
-
@settings = OneLogin::RubySaml::Settings.new
|
135
200
|
@settings.certificate = nil
|
136
201
|
assert_nil @settings.get_sp_cert
|
137
202
|
end
|
138
203
|
|
139
204
|
it "returns the certificate when it is valid" do
|
140
|
-
@settings = OneLogin::RubySaml::Settings.new
|
141
205
|
@settings.certificate = ruby_saml_cert_text
|
142
206
|
assert @settings.get_sp_cert.kind_of? OpenSSL::X509::Certificate
|
143
207
|
end
|
@@ -152,21 +216,44 @@ class SettingsTest < Minitest::Test
|
|
152
216
|
|
153
217
|
end
|
154
218
|
|
219
|
+
describe "#get_sp_cert_new" do
|
220
|
+
it "returns nil when the cert is an empty string" do
|
221
|
+
@settings.certificate_new = ""
|
222
|
+
assert_nil @settings.get_sp_cert_new
|
223
|
+
end
|
224
|
+
|
225
|
+
it "returns nil when the cert is nil" do
|
226
|
+
@settings.certificate_new = nil
|
227
|
+
assert_nil @settings.get_sp_cert_new
|
228
|
+
end
|
229
|
+
|
230
|
+
it "returns the certificate when it is valid" do
|
231
|
+
@settings.certificate_new = ruby_saml_cert_text
|
232
|
+
assert @settings.get_sp_cert_new.kind_of? OpenSSL::X509::Certificate
|
233
|
+
end
|
234
|
+
|
235
|
+
it "raises when the certificate is not valid" do
|
236
|
+
# formatted but invalid cert
|
237
|
+
@settings.certificate_new = read_certificate("formatted_certificate")
|
238
|
+
assert_raises(OpenSSL::X509::CertificateError) {
|
239
|
+
@settings.get_sp_cert_new
|
240
|
+
}
|
241
|
+
end
|
242
|
+
|
243
|
+
end
|
244
|
+
|
155
245
|
describe "#get_sp_key" do
|
156
246
|
it "returns nil when the private key is an empty string" do
|
157
|
-
@settings = OneLogin::RubySaml::Settings.new
|
158
247
|
@settings.private_key = ""
|
159
248
|
assert_nil @settings.get_sp_key
|
160
249
|
end
|
161
250
|
|
162
251
|
it "returns nil when the private key is nil" do
|
163
|
-
@settings = OneLogin::RubySaml::Settings.new
|
164
252
|
@settings.private_key = nil
|
165
253
|
assert_nil @settings.get_sp_key
|
166
254
|
end
|
167
255
|
|
168
256
|
it "returns the private key when it is valid" do
|
169
|
-
@settings = OneLogin::RubySaml::Settings.new
|
170
257
|
@settings.private_key = ruby_saml_key_text
|
171
258
|
assert @settings.get_sp_key.kind_of? OpenSSL::PKey::RSA
|
172
259
|
end
|
@@ -183,7 +270,6 @@ class SettingsTest < Minitest::Test
|
|
183
270
|
|
184
271
|
describe "#get_fingerprint" do
|
185
272
|
it "get the fingerprint value when cert and fingerprint in settings are nil" do
|
186
|
-
@settings = OneLogin::RubySaml::Settings.new
|
187
273
|
@settings.idp_cert_fingerprint = nil
|
188
274
|
@settings.idp_cert = nil
|
189
275
|
fingerprint = @settings.get_fingerprint
|
@@ -191,7 +277,6 @@ class SettingsTest < Minitest::Test
|
|
191
277
|
end
|
192
278
|
|
193
279
|
it "get the fingerprint value when there is a cert at the settings" do
|
194
|
-
@settings = OneLogin::RubySaml::Settings.new
|
195
280
|
@settings.idp_cert_fingerprint = nil
|
196
281
|
@settings.idp_cert = ruby_saml_cert_text
|
197
282
|
fingerprint = @settings.get_fingerprint
|
@@ -199,7 +284,6 @@ class SettingsTest < Minitest::Test
|
|
199
284
|
end
|
200
285
|
|
201
286
|
it "get the fingerprint value when there is a fingerprint at the settings" do
|
202
|
-
@settings = OneLogin::RubySaml::Settings.new
|
203
287
|
@settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
|
204
288
|
@settings.idp_cert = nil
|
205
289
|
fingerprint = @settings.get_fingerprint
|
@@ -207,7 +291,6 @@ class SettingsTest < Minitest::Test
|
|
207
291
|
end
|
208
292
|
|
209
293
|
it "get the fingerprint value when there are cert and fingerprint at the settings" do
|
210
|
-
@settings = OneLogin::RubySaml::Settings.new
|
211
294
|
@settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
|
212
295
|
@settings.idp_cert = ruby_saml_cert_text
|
213
296
|
fingerprint = @settings.get_fingerprint
|
@@ -247,6 +247,31 @@ class RubySamlTest < Minitest::Test
|
|
247
247
|
settings.idp_cert = ruby_saml_cert_text
|
248
248
|
end
|
249
249
|
|
250
|
+
it "return true when no idp_cert is provided and option :relax_signature_validation is present" do
|
251
|
+
settings.idp_cert = nil
|
252
|
+
settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
|
253
|
+
params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
|
254
|
+
params['RelayState'] = params[:RelayState]
|
255
|
+
options = {}
|
256
|
+
options[:get_params] = params
|
257
|
+
options[:relax_signature_validation] = true
|
258
|
+
logout_request_sign_test = OneLogin::RubySaml::SloLogoutrequest.new(params['SAMLRequest'], options)
|
259
|
+
logout_request_sign_test.settings = settings
|
260
|
+
assert logout_request_sign_test.send(:validate_signature)
|
261
|
+
end
|
262
|
+
|
263
|
+
it "return false when no idp_cert is provided and no option :relax_signature_validation is present" do
|
264
|
+
settings.idp_cert = nil
|
265
|
+
settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
|
266
|
+
params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
|
267
|
+
params['RelayState'] = params[:RelayState]
|
268
|
+
options = {}
|
269
|
+
options[:get_params] = params
|
270
|
+
logout_request_sign_test = OneLogin::RubySaml::SloLogoutrequest.new(params['SAMLRequest'], options)
|
271
|
+
logout_request_sign_test.settings = settings
|
272
|
+
assert !logout_request_sign_test.send(:validate_signature)
|
273
|
+
end
|
274
|
+
|
250
275
|
it "return true when valid RSA_SHA1 Signature" do
|
251
276
|
settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
|
252
277
|
params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
|
@@ -298,5 +323,46 @@ class RubySamlTest < Minitest::Test
|
|
298
323
|
end
|
299
324
|
end
|
300
325
|
end
|
326
|
+
|
327
|
+
describe "#validate_signature with multiple idp certs" do
|
328
|
+
before do
|
329
|
+
settings.idp_slo_target_url = "http://example.com?field=value"
|
330
|
+
settings.certificate = ruby_saml_cert_text
|
331
|
+
settings.private_key = ruby_saml_key_text
|
332
|
+
settings.idp_cert = nil
|
333
|
+
settings.security[:logout_requests_signed] = true
|
334
|
+
settings.security[:embed_sign] = false
|
335
|
+
settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
|
336
|
+
end
|
337
|
+
|
338
|
+
it "return true when at least a idp_cert is valid" do
|
339
|
+
params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
|
340
|
+
params['RelayState'] = params[:RelayState]
|
341
|
+
options = {}
|
342
|
+
options[:get_params] = params
|
343
|
+
logout_request_sign_test = OneLogin::RubySaml::SloLogoutrequest.new(params['SAMLRequest'], options)
|
344
|
+
settings.idp_cert_multi = {
|
345
|
+
:signing => [ruby_saml_cert_text2, ruby_saml_cert_text],
|
346
|
+
:encryption => []
|
347
|
+
}
|
348
|
+
logout_request_sign_test.settings = settings
|
349
|
+
assert logout_request_sign_test.send(:validate_signature)
|
350
|
+
end
|
351
|
+
|
352
|
+
it "return false when none cert on idp_cert_multi is valid" do
|
353
|
+
params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
|
354
|
+
params['RelayState'] = params[:RelayState]
|
355
|
+
options = {}
|
356
|
+
options[:get_params] = params
|
357
|
+
logout_request_sign_test = OneLogin::RubySaml::SloLogoutrequest.new(params['SAMLRequest'], options)
|
358
|
+
settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
|
359
|
+
settings.idp_cert_multi = {
|
360
|
+
:signing => [ruby_saml_cert_text2, ruby_saml_cert_text2],
|
361
|
+
:encryption => []
|
362
|
+
}
|
363
|
+
logout_request_sign_test.settings = settings
|
364
|
+
assert !logout_request_sign_test.send(:validate_signature)
|
365
|
+
end
|
366
|
+
end
|
301
367
|
end
|
302
368
|
end
|
data/test/test_helper.rb
CHANGED
@@ -129,7 +129,7 @@ class Minitest::Test
|
|
129
129
|
end
|
130
130
|
|
131
131
|
def unsigned_message_encrypted_unsigned_assertion
|
132
|
-
@unsigned_message_encrypted_unsigned_assertion ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'unsigned_message_encrypted_unsigned_assertion.xml.base64'))
|
132
|
+
@unsigned_message_encrypted_unsigned_assertion ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'unsigned_message_encrypted_unsigned_assertion.xml.base64'))
|
133
133
|
end
|
134
134
|
|
135
135
|
def response_document_encrypted_attrs
|
@@ -150,8 +150,20 @@ class Minitest::Test
|
|
150
150
|
@certificate_without_head_foot ||= read_certificate("certificate_without_head_foot")
|
151
151
|
end
|
152
152
|
|
153
|
-
def
|
154
|
-
@
|
153
|
+
def idp_metadata_descriptor
|
154
|
+
@idp_metadata_descriptor ||= File.read(File.join(File.dirname(__FILE__), 'metadata', 'idp_descriptor.xml'))
|
155
|
+
end
|
156
|
+
|
157
|
+
def idp_metadata_descriptor2
|
158
|
+
@idp_metadata_descriptor2 ||= File.read(File.join(File.dirname(__FILE__), 'metadata', 'idp_descriptor_2.xml'))
|
159
|
+
end
|
160
|
+
|
161
|
+
def idp_metadata_descriptor3
|
162
|
+
@idp_metadata_descriptor3 ||= File.read(File.join(File.dirname(__FILE__), 'metadata', 'idp_descriptor_3.xml'))
|
163
|
+
end
|
164
|
+
|
165
|
+
def idp_metadata_multiple_descriptors
|
166
|
+
@idp_metadata_multiple_descriptors ||= File.read(File.join(File.dirname(__FILE__), 'metadata', 'idp_multiple_descriptors.xml'))
|
155
167
|
end
|
156
168
|
|
157
169
|
def logout_request_document
|
@@ -188,6 +200,10 @@ class Minitest::Test
|
|
188
200
|
@ruby_saml_cert ||= OpenSSL::X509::Certificate.new(ruby_saml_cert_text)
|
189
201
|
end
|
190
202
|
|
203
|
+
def ruby_saml_cert2
|
204
|
+
@ruby_saml_cert2 ||= OpenSSL::X509::Certificate.new(ruby_saml_cert_text2)
|
205
|
+
end
|
206
|
+
|
191
207
|
def ruby_saml_cert_fingerprint
|
192
208
|
@ruby_saml_cert_fingerprint ||= Digest::SHA1.hexdigest(ruby_saml_cert.to_der).scan(/../).join(":")
|
193
209
|
end
|
@@ -196,6 +212,10 @@ class Minitest::Test
|
|
196
212
|
read_certificate("ruby-saml.crt")
|
197
213
|
end
|
198
214
|
|
215
|
+
def ruby_saml_cert_text2
|
216
|
+
read_certificate("ruby-saml-2.crt")
|
217
|
+
end
|
218
|
+
|
199
219
|
def ruby_saml_key
|
200
220
|
@ruby_saml_key ||= OpenSSL::PKey::RSA.new(ruby_saml_key_text)
|
201
221
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-saml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.4.
|
4
|
+
version: 1.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OneLogin LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -201,6 +201,7 @@ files:
|
|
201
201
|
- test/certificates/invalid_rsa_private_key1
|
202
202
|
- test/certificates/invalid_rsa_private_key2
|
203
203
|
- test/certificates/invalid_rsa_private_key3
|
204
|
+
- test/certificates/ruby-saml-2.crt
|
204
205
|
- test/certificates/ruby-saml.crt
|
205
206
|
- test/certificates/ruby-saml.key
|
206
207
|
- test/idp_metadata_parser_test.rb
|
@@ -213,6 +214,10 @@ files:
|
|
213
214
|
- test/logout_responses/logoutresponse_fixtures.rb
|
214
215
|
- test/logoutrequest_test.rb
|
215
216
|
- test/logoutresponse_test.rb
|
217
|
+
- test/metadata/idp_descriptor.xml
|
218
|
+
- test/metadata/idp_descriptor_2.xml
|
219
|
+
- test/metadata/idp_descriptor_3.xml
|
220
|
+
- test/metadata/idp_multiple_descriptors.xml
|
216
221
|
- test/metadata_test.rb
|
217
222
|
- test/request_test.rb
|
218
223
|
- test/response_test.rb
|
@@ -222,7 +227,6 @@ files:
|
|
222
227
|
- test/responses/adfs_response_sha512.xml
|
223
228
|
- test/responses/adfs_response_xmlns.xml
|
224
229
|
- test/responses/attackxee.xml
|
225
|
-
- test/responses/idp_descriptor.xml
|
226
230
|
- test/responses/invalids/duplicated_attributes.xml.base64
|
227
231
|
- test/responses/invalids/empty_destination.xml.base64
|
228
232
|
- test/responses/invalids/empty_nameid.xml.base64
|
@@ -323,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
323
327
|
version: '0'
|
324
328
|
requirements: []
|
325
329
|
rubyforge_project: http://www.rubygems.org/gems/ruby-saml
|
326
|
-
rubygems_version: 2.
|
330
|
+
rubygems_version: 2.4.8
|
327
331
|
signing_key:
|
328
332
|
specification_version: 4
|
329
333
|
summary: SAML Ruby Tookit
|
@@ -342,6 +346,7 @@ test_files:
|
|
342
346
|
- test/certificates/invalid_rsa_private_key1
|
343
347
|
- test/certificates/invalid_rsa_private_key2
|
344
348
|
- test/certificates/invalid_rsa_private_key3
|
349
|
+
- test/certificates/ruby-saml-2.crt
|
345
350
|
- test/certificates/ruby-saml.crt
|
346
351
|
- test/certificates/ruby-saml.key
|
347
352
|
- test/idp_metadata_parser_test.rb
|
@@ -354,6 +359,10 @@ test_files:
|
|
354
359
|
- test/logout_responses/logoutresponse_fixtures.rb
|
355
360
|
- test/logoutrequest_test.rb
|
356
361
|
- test/logoutresponse_test.rb
|
362
|
+
- test/metadata/idp_descriptor.xml
|
363
|
+
- test/metadata/idp_descriptor_2.xml
|
364
|
+
- test/metadata/idp_descriptor_3.xml
|
365
|
+
- test/metadata/idp_multiple_descriptors.xml
|
357
366
|
- test/metadata_test.rb
|
358
367
|
- test/request_test.rb
|
359
368
|
- test/response_test.rb
|
@@ -363,7 +372,6 @@ test_files:
|
|
363
372
|
- test/responses/adfs_response_sha512.xml
|
364
373
|
- test/responses/adfs_response_xmlns.xml
|
365
374
|
- test/responses/attackxee.xml
|
366
|
-
- test/responses/idp_descriptor.xml
|
367
375
|
- test/responses/invalids/duplicated_attributes.xml.base64
|
368
376
|
- test/responses/invalids/empty_destination.xml.base64
|
369
377
|
- test/responses/invalids/empty_nameid.xml.base64
|
@@ -1,3 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<md:EntityDescriptor entityID="https://example.hello.com/access/saml/idp.xml" validUntil="2014-04-17T18:02:33.910Z" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
3
|
-
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.hello.com/access/saml/logout" ResponseLocation="https://example.hello.com/access/saml/logout"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.hello.com/access/saml/login"/><saml:Attribute Name="AuthToken" NameFormat="urn:oasis:names:tc:SAML:2.0:att rname-format:basic" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/><saml:Attribute Name="SSOStartPage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/></md:IDPSSODescriptor></md:EntityDescriptor>
|