ruby-saml 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- data/README.rdoc +10 -12
- data/VERSION +1 -1
- data/lib/onelogin/saml/authrequest.rb +8 -3
- data/ruby-saml.gemspec +2 -2
- data/test/ruby-saml_test.rb +11 -1
- data/test/xml_security_test.rb +1 -1
- metadata +4 -4
data/README.rdoc
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
The Ruby SAML library is for implementing the client side of a SAML authorization, i.e. it provides a means for managing authorization initialization and confirmation requests from identity providers.
|
|
4
4
|
|
|
5
|
-
SAML authorization is a two step process and you are expected to implement support for both.
|
|
5
|
+
SAML authorization is a two step process and you are expected to implement support for both.
|
|
6
6
|
|
|
7
7
|
== The initialization phase
|
|
8
8
|
|
|
@@ -27,7 +27,7 @@ Once you've redirected back to the identity provider, it will ensure that the us
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
In the above there are a few assumptions in place, one being that the response.name_id is an email address. This is all handled with how you specify the settings that are in play via the saml_settings method. That could be implemented along the lines of this:
|
|
30
|
-
|
|
30
|
+
|
|
31
31
|
def saml_settings
|
|
32
32
|
settings = Onelogin::Saml::Settings.new
|
|
33
33
|
|
|
@@ -48,29 +48,29 @@ What's left at this point, is to wrap it all up in a controller and point the in
|
|
|
48
48
|
request = Onelogin::Saml::Authrequest.new
|
|
49
49
|
redirect_to(request.create(saml_settings))
|
|
50
50
|
end
|
|
51
|
-
|
|
51
|
+
|
|
52
52
|
def consume
|
|
53
53
|
response = Onelogin::Saml::Response.new(params[:SAMLResponse])
|
|
54
54
|
response.settings = saml_settings
|
|
55
|
-
|
|
55
|
+
|
|
56
56
|
if response.is_valid? && user = current_account.users.find_by_email(response.name_id)
|
|
57
57
|
authorize_success(user)
|
|
58
58
|
else
|
|
59
59
|
authorize_failure(user)
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
|
-
|
|
62
|
+
|
|
63
63
|
private
|
|
64
|
-
|
|
64
|
+
|
|
65
65
|
def saml_settings
|
|
66
66
|
settings = Onelogin::Saml::Settings.new
|
|
67
|
-
|
|
67
|
+
|
|
68
68
|
settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
|
|
69
69
|
settings.issuer = request.host
|
|
70
70
|
settings.idp_sso_target_url = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
|
|
71
71
|
settings.idp_cert_fingerprint = OneLoginAppCertFingerPrint
|
|
72
72
|
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
|
73
|
-
|
|
73
|
+
|
|
74
74
|
settings
|
|
75
75
|
end
|
|
76
76
|
end
|
|
@@ -81,12 +81,10 @@ What's left at this point, is to wrap it all up in a controller and point the in
|
|
|
81
81
|
Please check https://github.com/onelogin/ruby-saml-example for a very basic sample Rails application using this gem.
|
|
82
82
|
|
|
83
83
|
== Note on Patches/Pull Requests
|
|
84
|
-
|
|
84
|
+
|
|
85
85
|
* Fork the project.
|
|
86
86
|
* Make your feature addition or bug fix.
|
|
87
87
|
* Add tests for it. This is important so I don't break it in a
|
|
88
88
|
future version unintentionally.
|
|
89
|
-
* Commit, do not mess with rakefile, version, or history.
|
|
90
|
-
(if you want to have your own version, that is fine but
|
|
91
|
-
bump version in a commit by itself I can ignore when I pull)
|
|
89
|
+
* Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
|
92
90
|
* Send me a pull request. Bonus points for topic branches.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.2.
|
|
1
|
+
0.2.3
|
|
@@ -5,9 +5,9 @@ require "cgi"
|
|
|
5
5
|
|
|
6
6
|
module Onelogin::Saml
|
|
7
7
|
class Authrequest
|
|
8
|
-
def create(settings)
|
|
8
|
+
def create(settings, params = {})
|
|
9
9
|
uuid = UUID.new.generate
|
|
10
|
-
time = Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")
|
|
10
|
+
time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
|
|
11
11
|
|
|
12
12
|
request =
|
|
13
13
|
"<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
|
|
@@ -20,8 +20,13 @@ module Onelogin::Saml
|
|
|
20
20
|
deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
|
|
21
21
|
base64_request = Base64.encode64(deflated_request)
|
|
22
22
|
encoded_request = CGI.escape(base64_request)
|
|
23
|
+
request_params = "?SAMLRequest=" + encoded_request
|
|
23
24
|
|
|
24
|
-
|
|
25
|
+
params.each_pair do |key, value|
|
|
26
|
+
request_params << "&#{key}=#{CGI.escape(value.to_s)}"
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
settings.idp_sso_target_url + request_params
|
|
25
30
|
end
|
|
26
31
|
|
|
27
32
|
end
|
data/ruby-saml.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{ruby-saml}
|
|
8
|
-
s.version = "0.2.
|
|
8
|
+
s.version = "0.2.3"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["OneLogin LLC"]
|
|
12
|
-
s.date = %q{2011-02-
|
|
12
|
+
s.date = %q{2011-02-21}
|
|
13
13
|
s.description = %q{SAML toolkit for Ruby on Rails}
|
|
14
14
|
s.email = %q{support@onelogin.com}
|
|
15
15
|
s.extra_rdoc_files = [
|
data/test/ruby-saml_test.rb
CHANGED
|
@@ -77,6 +77,16 @@ class RubySamlTest < Test::Unit::TestCase
|
|
|
77
77
|
assert auth_url =~ /^http:\/\/stuff\.com\?SAMLRequest=/
|
|
78
78
|
payload = CGI.unescape(auth_url.split("=").last)
|
|
79
79
|
end
|
|
80
|
-
end
|
|
81
80
|
|
|
81
|
+
should "accept extra parameters" do
|
|
82
|
+
settings = Onelogin::Saml::Settings.new
|
|
83
|
+
settings.idp_sso_target_url = "http://stuff.com"
|
|
84
|
+
|
|
85
|
+
auth_url = Onelogin::Saml::Authrequest.new.create(settings, { :hello => "there" })
|
|
86
|
+
assert auth_url =~ /&hello=there$/
|
|
87
|
+
|
|
88
|
+
auth_url = Onelogin::Saml::Authrequest.new.create(settings, { :hello => nil })
|
|
89
|
+
assert auth_url =~ /&hello=$/
|
|
90
|
+
end
|
|
91
|
+
end
|
|
82
92
|
end
|
data/test/xml_security_test.rb
CHANGED
|
@@ -8,7 +8,7 @@ class XmlSecurityTest < Test::Unit::TestCase
|
|
|
8
8
|
@document = XMLSecurity::SignedDocument.new(Base64.decode64(response_document))
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
should "should
|
|
11
|
+
should "should run validate without throwing NS related exceptions" do
|
|
12
12
|
base64cert = @document.elements["//ds:X509Certificate"].text
|
|
13
13
|
@document.validate_doc(base64cert, nil)
|
|
14
14
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 2
|
|
9
|
-
-
|
|
10
|
-
version: 0.2.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.2.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- OneLogin LLC
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-02-
|
|
18
|
+
date: 2011-02-21 00:00:00 +01:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|