ruby-saml 0.8.7 → 0.8.8

checksums.yaml

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: 99b6868dbb0c85f62887107838735de63e1d9136
-  data.tar.gz: 15eeebe4a761be9840b5136dfe957fb966f9519d
-SHA512:
-  metadata.gz: 98a67ff93d0195daf43d1d4ecefea284be38566f85717314d2ec301d7fda271f14a1cbc60527d172fdc8314175f4ed67e30304ae9a2f840fa99988928c372745
-  data.tar.gz: e528f8945eea81bdbeedd9c2bf7bd9f66e466ca941852758b79d2ad84e05a59516057a9a173538de29336863f935bb649ca5083049e707f6f0bcb6a0b269ce3c
+--- 
+SHA512: 
+  metadata.gz: 4841fc584fcb21a2d195ca2a0a7a3835301b4888d6eb10a916db75aaae47baa2db3142ea816cced287cda13e0e94261e33096532888e0c4dbfb88f3e815a561c
+  data.tar.gz: e1c81d64bc9cd5d3c9930934b02bbbe0b974b6a2606aae95ac81a0934a445971692f5ee6d5575baa5ca118f113776d824c581829fbf6f493a93041c7c6f74752
+SHA256: 
+  metadata.gz: 660a02871864e652d4676233c6c3f9afb36b5584a30dc6c12db8d683a891f609
+  data.tar.gz: 317d540f0b08fc67e91d74e3d46f553a50634cf9b1d199084470d1f099b79b51

data/README.md

@@ -1,5 +1,8 @@
 # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml)
 
+# Updating from 0.8.7 to 0.8.8
+Version `0.8.8` adds support for ForceAuthn and Subjects on AuthNRequests by the new name_identifier_value_requested setting
+
 ## Note on versions 0.8.6 and 0.8.7
 Version `0.8.6` introduced an incompatibility with regards to manipulating the `OneLogin::RubySaml::Response#attributes` property; in this version 
 the `#attributes` property is a class (`OneLogin::RubySaml::Attributes`) which implements the `Enumerator` module, thus any non-overriden Hash method

data/lib/onelogin/ruby-saml/authrequest.rb

@@ -43,22 +43,35 @@ module OneLogin
         # Create AuthnRequest root element using REXML
         request_doc = REXML::Document.new
 
-        root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" }
+        root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
         root.attributes['ID'] = uuid
         root.attributes['IssueInstant'] = time
         root.attributes['Version'] = "2.0"
         root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
         root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
         root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
+        root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
 
         # Conditionally defined elements based on settings
         if settings.assertion_consumer_service_url != nil
           root.attributes["AssertionConsumerServiceURL"] = settings.assertion_consumer_service_url
         end
         if settings.issuer != nil
-          issuer = root.add_element "saml:Issuer", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+          issuer = root.add_element "saml:Issuer"
           issuer.text = settings.issuer
         end
+
+        if settings.name_identifier_value_requested != nil
+          subject = root.add_element "saml:Subject"
+
+          nameid = subject.add_element "saml:NameID"
+          nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
+          nameid.text = settings.name_identifier_value_requested
+
+          subject_confirmation = subject.add_element "saml:SubjectConfirmation"
+          subject_confirmation.attributes['Method'] = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
+        end
+
         if settings.name_identifier_format != nil
           root.add_element "samlp:NameIDPolicy", {
               "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",

data/lib/onelogin/ruby-saml/settings.rb

@@ -13,10 +13,12 @@ module OneLogin
       attr_accessor :authn_context
       attr_accessor :idp_slo_target_url
       attr_accessor :name_identifier_value
+      attr_accessor :name_identifier_value_requested
       attr_accessor :sessionindex
       attr_accessor :assertion_consumer_logout_service_url
       attr_accessor :compress_request
       attr_accessor :double_quote_xml_attribute_values
+      attr_accessor :force_authn
       attr_accessor :passive
       attr_accessor :protocol_binding
 

data/lib/onelogin/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '0.8.7'
+    VERSION = '0.8.8'
   end
 end

data/test/request_test.rb

@@ -63,6 +63,75 @@ class RequestTest < Test::Unit::TestCase
       assert_match /<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated
     end
 
+    should "create the SAMLRequest URL parameter with ProtocolBinding" do
+      settings = OneLogin::RubySaml::Settings.new
+      settings.idp_sso_target_url = "http://example.com"
+      settings.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+      auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
+      assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
+      payload  = CGI.unescape(auth_url.split("=").last)
+      decoded  = Base64.decode64(payload)
+
+      zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+
+      assert_match /<samlp:AuthnRequest[^<]* ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'/, inflated
+    end
+
+    should "create the SAMLRequest URL parameter with ForceAuthn" do
+      settings = OneLogin::RubySaml::Settings.new
+      settings.idp_sso_target_url = "http://example.com"
+      settings.force_authn = true
+      auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
+      assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
+      payload  = CGI.unescape(auth_url.split("=").last)
+      decoded  = Base64.decode64(payload)
+
+      zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+      assert_match /<samlp:AuthnRequest[^<]* ForceAuthn='true'/, inflated
+    end
+
+    should "create the SAMLRequest URL parameter with NameID Format" do
+      settings = OneLogin::RubySaml::Settings.new
+      settings.idp_sso_target_url = "http://example.com"
+      settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+      auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
+      assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
+      payload = CGI.unescape(auth_url.split("=").last)
+      decoded = Base64.decode64(payload)
+      zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+
+      assert_match /<samlp:NameIDPolicy[^<]* AllowCreate='true'/, inflated
+      assert_match /<samlp:NameIDPolicy[^<]* Format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'/, inflated
+    end
+
+    should "create the SAMLRequest URL parameter with Subject" do
+      settings = OneLogin::RubySaml::Settings.new
+      settings.idp_sso_target_url = "http://example.com"
+      settings.name_identifier_value_requested = "testuser@example.com"
+      settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+      auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
+      assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
+      payload = CGI.unescape(auth_url.split("=").last)
+      decoded = Base64.decode64(payload)
+      zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+
+      assert inflated.include?('<saml:Subject>')
+      assert inflated.include?("<saml:NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'>testuser@example.com</saml:NameID>")
+      assert inflated.include?("<saml:SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'/>")
+    end
+
     should "accept extra parameters" do
       settings = OneLogin::RubySaml::Settings.new
       settings.idp_sso_target_url = "http://example.com"

data/test/settings_test.rb

@@ -10,9 +10,9 @@ class SettingsTest < Test::Unit::TestCase
       accessors = [
         :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
         :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
-        :idp_slo_target_url, :name_identifier_value, :sessionindex,
-        :assertion_consumer_logout_service_url,
-        :passive, :protocol_binding
+        :idp_slo_target_url, :name_identifier_value, :name_identifier_value_requested,
+        :sessionindex, :assertion_consumer_logout_service_url,
+        :passive, :force_authn, :protocol_binding
       ]
 
       accessors.each do |accessor|

metadata

@@ -1,54 +1,49 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: ruby-saml
-version: !ruby/object:Gem::Version
-  version: 0.8.7
+version: !ruby/object:Gem::Version 
+  version: 0.8.8
 platform: ruby
-authors:
+authors: 
 - OneLogin LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-13 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2019-03-21 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: uuid
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.3'
-  type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.3'
-- !ruby/object:Gem::Dependency
-  name: nokogiri
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.5.0
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "2.3"
   type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: nokogiri
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
     - - ">="
-      - !ruby/object:Gem::Version
+      - !ruby/object:Gem::Version 
         version: 1.5.0
+  type: :runtime
+  version_requirements: *id002
 description: SAML toolkit for Ruby on Rails
 email: support@onelogin.com
 executables: []
+
 extensions: []
-extra_rdoc_files:
+
+extra_rdoc_files: 
 - LICENSE
 - README.md
-files:
-- ".document"
-- ".gitignore"
-- ".travis.yml"
+files: 
+- .document
+- .gitignore
+- .travis.yml
 - Gemfile
 - LICENSE
 - README.md
@@ -106,29 +101,31 @@ files:
 - test/xml_security_test.rb
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
+
 metadata: {}
+
 post_install_message: 
-rdoc_options:
-- "--charset=UTF-8"
-require_paths:
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      version: '0'
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - &id003 
+    - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - *id003
 requirements: []
+
 rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 2.5.2.1
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: SAML Ruby Tookit
-test_files:
+test_files: 
 - test/certificates/certificate1
 - test/certificates/r1_certificate2_base64
 - test/logoutrequest_test.rb