ruby-saml 0.9 → 0.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2a74680083b8b3cd4e4145de5e3358addac4fce7
-  data.tar.gz: 7fc603140154d73be347544795a7616ba1fb246e
+  metadata.gz: 472b9871eb65dc7e7290cd0eeefbe32299062339
+  data.tar.gz: 6275d19b96066aa9f17502b4e521b2c3d30626a3
 SHA512:
-  metadata.gz: 3fbdd9922622ff8c2e62ab0956d319db1bc13311da52c969ff5307d53d2d2ed5eb6c2a6900452a3976478b552b7085af6b9338db2bcea4958be0dd809f412f34
-  data.tar.gz: 071f1f8f248e724b60b9870d5c1a4c7c3b9f2630cb289f762b11911392aa0d9d471c1f1fbf5c2e0cfe4e1d5eaf8c29a82eeee7a52845f1bcc77c10e2d75941d4
+  metadata.gz: b2f4796bb5f8ee71f40fdf18f28552038c0c9b6ac85f626452a2614a898f60775fdf482eab044f8643c178da126ea3d640eb3b72427c86e59b935418649ae5b8
+  data.tar.gz: 96050fa0bfb1451640fe4e1fa799b60fffee4f33622832e9f2a3c0bee20b085c8f99d087b1541d60277de4c4a88c01890206dca8b16c29f4d2dbbe5106b4666f

data/.travis.yml

@@ -2,5 +2,6 @@ language: ruby
 rvm:
   - 1.8.7
   - 1.9.3
-  - 2.1.1
+  - 2.0.0
+  - 2.1.5
   - ree

data/Gemfile

@@ -4,24 +4,3 @@
 source 'http://rubygems.org'
 
 gemspec
-
-group :test do
-  if RUBY_VERSION < '1.9'
-    gem 'nokogiri',   '~> 1.5.0'
-    gem 'ruby-debug', '~> 0.10.4'
-  elsif RUBY_VERSION < '2.0'
-    gem 'debugger-linecache', '~> 1.2.0'
-    gem 'debugger', '~> 1.6.4'
-  elsif RUBY_VERSION < '2.1'
-    gem 'byebug',   '~> 2.1.1'
-  else
-    gem 'pry-byebug'
-  end
-
-  gem 'mocha',     '~> 0.14',  :require => false
-  gem 'rake',      '~> 10'
-  gem 'shoulda',   '~> 2.11'
-  gem 'systemu',   '~> 2'
-  gem 'test-unit', '~> 3'
-  gem 'timecop',   '<= 0.6.0'
-end

data/README.md

@@ -1,6 +1,6 @@
 # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml)
 
-## Updating from 0.8.x to 0.9
+## Updating from 0.8.x to 0.9.x
 Version `0.9` adds many new features and improvements. It is a recommended update for all Ruby SAML users. For more details, please review [the changelog](changelog.md)
 
 ## Updating from 0.7.x to 0.8.x
@@ -14,6 +14,12 @@ SAML authorization is a two step process and you are expected to implement suppo
 
 We created a demo project for Rails4 that uses the latest version of this library: [ruby-saml-example](https://github.com/onelogin/ruby-saml-example)
 
+### Supported versions of Ruby
+* 1.8.7
+* 1.9.x
+* 2.1.x
+* 2.2 (not yet officially supported)
+
 ## Adding Features, Pull Requests
 * Fork the repository
 * Make your feature addition or bug fix
@@ -29,7 +35,7 @@ Using `Gemfile`
 
 ```ruby
 # latest stable
-gem 'ruby-saml', '~> 0.9'
+gem 'ruby-saml', '~> 0.9.1'
 
 # or track master for bleeding-edge
 gem 'ruby-saml', :github => 'onelogin/ruby-saml'

data/changelog.md

@@ -1,4 +1,8 @@
 # RubySaml Changelog
+### 0.9.1 (Feb 10, 2015)
+* [#194](https://github.com/onelogin/ruby-saml/pull/194) Relax nokogiri gem requirements
+* [#191](https://github.com/onelogin/ruby-saml/pull/191) Use Minitest instead of Test::Unit
+
 ### 0.9 (Jan 26, 2015)
 * [#169](https://github.com/onelogin/ruby-saml/pull/169) WantAssertionSigned should be either true or false
 * [#167](https://github.com/onelogin/ruby-saml/pull/167) (doc update) make unit of clock drift obvious

data/lib/onelogin/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '0.9'
+    VERSION = '0.9.1'
   end
 end

data/ruby-saml.gemspec

@@ -21,9 +21,37 @@ Gem::Specification.new do |s|
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.3.7}
+  s.required_ruby_version = '>= 1.8.7'
   s.summary = %q{SAML Ruby Tookit}
   s.test_files = `git ls-files test/*`.split("\n")
 
-  s.add_runtime_dependency("uuid", ["~> 2.3"])
-  s.add_runtime_dependency("nokogiri", [">= 1.5.0"])
+  s.add_runtime_dependency('uuid', '~> 2.3')
+  if RUBY_VERSION < '1.9'
+    # 1.8.7
+    s.add_runtime_dependency('nokogiri', '~> 1.5.10')
+  else
+    s.add_runtime_dependency('nokogiri', '~> 1.6.0')
+  end
+
+  s.add_development_dependency('minitest', '~> 5.5')
+  s.add_development_dependency('mocha',    '~> 0.14')
+  s.add_development_dependency('rake',     '~> 10')
+  s.add_development_dependency('shoulda',  '~> 2.11')
+  s.add_development_dependency('systemu',  '~> 2')
+  s.add_development_dependency('timecop',  '<= 0.6.0')
+
+  if RUBY_VERSION < '1.9'
+    # 1.8.7
+    s.add_development_dependency('ruby-debug', '~> 0.10.4')
+  elsif RUBY_VERSION < '2.0'
+    # 1.9.x
+    s.add_development_dependency('debugger-linecache', '~> 1.2.0')
+    s.add_development_dependency('debugger', '~> 1.6.4')
+  elsif RUBY_VERSION < '2.1'
+    # 2.0.x
+    s.add_development_dependency('byebug', '~> 2.1.1')
+  else
+    # 2.1.x, 2.2.x
+    s.add_development_dependency('pry-byebug')
+  end
 end

data/test/idp_metadata_parser_test.rb

@@ -2,14 +2,14 @@ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 require 'net/http'
 require 'net/https'
 
-class IdpMetadataParserTest < Test::Unit::TestCase
+class IdpMetadataParserTest < Minitest::Test
 
   class MockResponse
     attr_accessor :body
   end
 
-  context "parsing an IdP descriptor file" do
-    should "extract settings details from xml" do
+  describe "parsing an IdP descriptor file" do
+    it "extract settings details from xml" do
       idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
 
       settings = idp_metadata_parser.parse(idp_metadata)
@@ -20,8 +20,8 @@ class IdpMetadataParserTest < Test::Unit::TestCase
     end
   end
 
-  context "download and parse IdP descriptor file" do
-    setup do
+  describe "download and parse IdP descriptor file" do
+    before do
       mock_response = MockResponse.new
       mock_response.body = idp_metadata
       @url = "https://example.com"
@@ -33,7 +33,7 @@ class IdpMetadataParserTest < Test::Unit::TestCase
     end
 
 
-    should "extract settings from remote xml" do
+    it "extract settings from remote xml" do
       idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
       settings = idp_metadata_parser.parse_remote(@url)
 
@@ -43,7 +43,7 @@ class IdpMetadataParserTest < Test::Unit::TestCase
       assert_equal OpenSSL::SSL::VERIFY_PEER, @http.verify_mode
     end
 
-    should "accept self signed certificate if insturcted" do
+    it "accept self signed certificate if insturcted" do
       idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
       settings = idp_metadata_parser.parse_remote(@url, false)
 

data/test/logoutrequest_test.rb

@@ -1,11 +1,11 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
-class RequestTest < Test::Unit::TestCase
+class RequestTest < Minitest::Test
 
-  context "Logoutrequest" do
-    settings = OneLogin::RubySaml::Settings.new
+  describe "Logoutrequest" do
+    let(:settings) { OneLogin::RubySaml::Settings.new }
 
-    should "create the deflated SAMLRequest URL parameter" do
+    it "create the deflated SAMLRequest URL parameter" do
       settings.idp_slo_target_url = "http://unauth.com/logout"
       settings.name_identifier_value = "f00f00"
 
@@ -17,8 +17,8 @@ class RequestTest < Test::Unit::TestCase
       assert_match /^<samlp:LogoutRequest/, inflated
     end
 
-    should "support additional params" do
-
+    it "support additional params" do
+      settings.idp_slo_target_url = "http://example.com"
       unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :hello => nil })
       assert unauth_url =~ /&hello=$/
 
@@ -26,7 +26,7 @@ class RequestTest < Test::Unit::TestCase
       assert unauth_url =~ /&foo=bar$/
     end
 
-    should "set sessionindex" do
+    it "set sessionindex" do
       settings.idp_slo_target_url = "http://example.com"
       sessionidx = UUID.new.generate
       settings.sessionindex = sessionidx
@@ -38,7 +38,7 @@ class RequestTest < Test::Unit::TestCase
       assert_match %r(#{sessionidx}</samlp:SessionIndex>), inflated
     end
 
-    should "set name_identifier_value" do
+    it "set name_identifier_value" do
       settings = OneLogin::RubySaml::Settings.new
       settings.idp_slo_target_url = "http://example.com"
       settings.name_identifier_format = "transient"
@@ -52,8 +52,8 @@ class RequestTest < Test::Unit::TestCase
       assert_match %r(#{name_identifier_value}</saml:NameID>), inflated
     end
 
-    context "when the target url doesn't contain a query string" do
-      should "create the SAMLRequest parameter correctly" do
+    describe "when the target url doesn't contain a query string" do
+      it "create the SAMLRequest parameter correctly" do
         settings = OneLogin::RubySaml::Settings.new
         settings.idp_slo_target_url = "http://example.com"
         settings.name_identifier_value = "f00f00"
@@ -63,8 +63,8 @@ class RequestTest < Test::Unit::TestCase
       end
     end
 
-    context "when the target url contains a query string" do
-      should "create the SAMLRequest parameter correctly" do
+    describe "when the target url contains a query string" do
+      it "create the SAMLRequest parameter correctly" do
         settings = OneLogin::RubySaml::Settings.new
         settings.idp_slo_target_url = "http://example.com?field=value"
         settings.name_identifier_value = "f00f00"
@@ -74,8 +74,8 @@ class RequestTest < Test::Unit::TestCase
       end
     end
 
-    context "consumation of logout may need to track the transaction" do
-      should "have access to the request uuid" do
+    describe "consumation of logout may need to track the transaction" do
+      it "have access to the request uuid" do
         settings = OneLogin::RubySaml::Settings.new
         settings.idp_slo_target_url = "http://example.com?field=value"
         settings.name_identifier_value = "f00f00"
@@ -88,8 +88,8 @@ class RequestTest < Test::Unit::TestCase
       end
     end
 
-    context "when the settings indicate to sign (embebed) the logout request" do
-      should "created a signed logout request" do
+    describe "when the settings indicate to sign (embebed) the logout request" do
+      it "created a signed logout request" do
         settings = OneLogin::RubySaml::Settings.new
         settings.idp_slo_target_url = "http://example.com?field=value"
         settings.name_identifier_value = "f00f00"
@@ -106,7 +106,7 @@ class RequestTest < Test::Unit::TestCase
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
       end
 
-      should "create a signed logout request with 256 digest and signature methods" do
+      it "create a signed logout request with 256 digest and signature methods" do
         settings = OneLogin::RubySaml::Settings.new
         settings.compress_request = false
         settings.idp_slo_target_url = "http://example.com?field=value"
@@ -128,8 +128,8 @@ class RequestTest < Test::Unit::TestCase
       end
     end
 
-    context "when the settings indicate to sign the logout request" do
-      should "create a signature parameter" do
+    describe "when the settings indicate to sign the logout request" do
+      it "create a signature parameter" do
         settings = OneLogin::RubySaml::Settings.new
         settings.compress_request = false
         settings.idp_slo_target_url = "http://example.com?field=value"
@@ -153,16 +153,4 @@ class RequestTest < Test::Unit::TestCase
     end
 
   end
-
-  def decode_saml_request_payload(unauth_url)
-    payload = CGI.unescape(unauth_url.split("SAMLRequest=").last)
-    decoded = Base64.decode64(payload)
-
-    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
-    inflated = zstream.inflate(decoded)
-    zstream.finish
-    zstream.close
-    inflated
-  end
-
 end

data/test/logoutresponse_test.rb

@@ -1,26 +1,27 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 require 'rexml/document'
 require 'responses/logoutresponse_fixtures'
-class RubySamlTest < Test::Unit::TestCase
 
-  context "Logoutresponse" do
-    context "#new" do
-      should "raise an exception when response is initialized with nil" do
+class RubySamlTest < Minitest::Test
+
+  describe "Logoutresponse" do
+    describe "#new" do
+      it "raise an exception when response is initialized with nil" do
         assert_raises(ArgumentError) { OneLogin::RubySaml::Logoutresponse.new(nil) }
       end
-      should "default to empty settings" do
+      it "default to empty settings" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new( valid_response)
         assert_nil logoutresponse.settings
       end
-      should "accept constructor-injected settings" do
+      it "accept constructor-injected settings" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response, settings)
-        assert_not_nil logoutresponse.settings
+        refute_nil logoutresponse.settings
       end
-      should "accept constructor-injected options" do
+      it "accept constructor-injected options" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response, nil, { :foo => :bar} )
         assert !logoutresponse.options.empty?
       end
-      should "support base64 encoded responses" do
+      it "support base64 encoded responses" do
         expected_response = valid_response
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(Base64.encode64(expected_response), settings)
 
@@ -28,8 +29,8 @@ class RubySamlTest < Test::Unit::TestCase
       end
     end
 
-    context "#validate" do
-      should "validate the response" do
+    describe "#validate" do
+      it "validate the response" do
         in_relation_to_request_id = random_id
 
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response({:uuid => in_relation_to_request_id}), settings)
@@ -42,7 +43,7 @@ class RubySamlTest < Test::Unit::TestCase
         assert logoutresponse.success?
       end
 
-      should "invalidate responses with wrong id when given option :matches_uuid" do
+      it "invalidate responses with wrong id when given option :matches_uuid" do
 
         expected_request_id = "_some_other_expected_uuid"
         opts = { :matches_request_id => expected_request_id}
@@ -50,10 +51,10 @@ class RubySamlTest < Test::Unit::TestCase
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response, settings, opts)
 
         assert !logoutresponse.validate
-        assert_not_equal expected_request_id, logoutresponse.in_response_to
+        refute_equal expected_request_id, logoutresponse.in_response_to
       end
 
-      should "invalidate responses with wrong request status" do
+      it "invalidate responses with wrong request status" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response, settings)
 
         assert !logoutresponse.validate
@@ -61,8 +62,8 @@ class RubySamlTest < Test::Unit::TestCase
       end
     end
 
-    context "#validate!" do
-      should "validates good responses" do
+    describe "#validate!" do
+      it "validates good responses" do
         in_relation_to_request_id = random_id
 
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(valid_response({:uuid => in_relation_to_request_id}), settings)
@@ -70,7 +71,7 @@ class RubySamlTest < Test::Unit::TestCase
         logoutresponse.validate!
       end
 
-      should "raises validation error when matching for wrong request id" do
+      it "raises validation error when matching for wrong request id" do
 
         expected_request_id = "_some_other_expected_id"
         opts = { :matches_request_id => expected_request_id}
@@ -80,37 +81,30 @@ class RubySamlTest < Test::Unit::TestCase
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise validation error for wrong request status" do
+      it "raise validation error for wrong request status" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response, settings)
 
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise validation error when in bad state" do
+      it "raise validation error when in bad state" do
         # no settings
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response)
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise validation error when in lack of issuer setting" do
+      it "raise validation error when in lack of issuer setting" do
         bad_settings = settings
         bad_settings.issuer = nil
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(unsuccessful_response, bad_settings)
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
 
-      should "raise error for invalid xml" do
+      it "raise error for invalid xml" do
         logoutresponse = OneLogin::RubySaml::Logoutresponse.new(invalid_xml_response, settings)
 
         assert_raises(OneLogin::RubySaml::ValidationError) { logoutresponse.validate! }
       end
     end
-
   end
-
-  # logoutresponse fixtures
-  def random_id
-    "_#{UUID.new.generate}"
-  end
-
 end

data/test/metadata_test.rb

@@ -1,87 +1,88 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
-class MetadataTest < Test::Unit::TestCase
-
-  def setup
-    @settings = OneLogin::RubySaml::Settings.new
-    @settings.issuer = "https://example.com"
-    @settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-    @settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-    @settings.security[:authn_requests_signed] = false
-  end
-
-  should "generate Service Provider Metadata with X509Certificate" do
-    @settings.security[:authn_requests_signed] = true
-    @settings.certificate = ruby_saml_cert_text
+class MetadataTest < Minitest::Test
+
+  describe 'Metadata' do
+    def setup
+      @settings = OneLogin::RubySaml::Settings.new
+      @settings.issuer = "https://example.com"
+      @settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+      @settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
+      @settings.security[:authn_requests_signed] = false
+    end
 
-    xml_text = OneLogin::RubySaml::Metadata.new.generate(@settings)
+    it "generates Service Provider Metadata with X509Certificate" do
+      @settings.security[:authn_requests_signed] = true
+      @settings.certificate = ruby_saml_cert_text
 
-    # assert xml_text can be parsed into an xml doc
-    xml_doc = REXML::Document.new(xml_text)
+      xml_text = OneLogin::RubySaml::Metadata.new.generate(@settings)
 
-    spsso_descriptor = REXML::XPath.first(xml_doc, "//md:SPSSODescriptor")
-    assert_equal "true", spsso_descriptor.attribute("AuthnRequestsSigned").value
+      # assert xml_text can be parsed into an xml doc
+      xml_doc = REXML::Document.new(xml_text)
 
-    cert_node = REXML::XPath.first(xml_doc, "//md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate", {
-      "md" => "urn:oasis:names:tc:SAML:2.0:metadata",
-      "ds" => "http://www.w3.org/2000/09/xmldsig#"
-    })
-    cert_text = cert_node.text
-    cert = OpenSSL::X509::Certificate.new(Base64.decode64(cert_text))
-    assert_equal ruby_saml_cert.to_der, cert.to_der
-  end
+      spsso_descriptor = REXML::XPath.first(xml_doc, "//md:SPSSODescriptor")
+      assert_equal "true", spsso_descriptor.attribute("AuthnRequestsSigned").value
 
-  should "should generate Service Provider Metadata" do
-    settings = OneLogin::RubySaml::Settings.new
-    settings.issuer = "https://example.com"
-    settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-    settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-    settings.security[:authn_requests_signed] = false
+      cert_node = REXML::XPath.first(xml_doc, "//md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate", {
+        "md" => "urn:oasis:names:tc:SAML:2.0:metadata",
+        "ds" => "http://www.w3.org/2000/09/xmldsig#"
+      })
+      cert_text = cert_node.text
+      cert = OpenSSL::X509::Certificate.new(Base64.decode64(cert_text))
+      assert_equal ruby_saml_cert.to_der, cert.to_der
+    end
 
-    xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
+    it "generates Service Provider Metadata" do
+      settings = OneLogin::RubySaml::Settings.new
+      settings.issuer = "https://example.com"
+      settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+      settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
+      settings.security[:authn_requests_signed] = false
 
-    # assert correct xml declaration
-    start = "<?xml version='1.0' encoding='UTF-8'?>\n<md:EntityDescriptor"
-    assert xml_text[0..start.length-1] == start
+      xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
 
-    # assert xml_text can be parsed into an xml doc
-    xml_doc = REXML::Document.new(xml_text)
+      # assert correct xml declaration
+      start = "<?xml version='1.0' encoding='UTF-8'?>\n<md:EntityDescriptor"
+      assert xml_text[0..start.length-1] == start
 
-    assert_equal "https://example.com", REXML::XPath.first(xml_doc, "//md:EntityDescriptor").attribute("entityID").value
+      # assert xml_text can be parsed into an xml doc
+      xml_doc = REXML::Document.new(xml_text)
 
-    spsso_descriptor = REXML::XPath.first(xml_doc, "//md:SPSSODescriptor")
-    assert_equal "urn:oasis:names:tc:SAML:2.0:protocol", spsso_descriptor.attribute("protocolSupportEnumeration").value
-    assert_equal "false", spsso_descriptor.attribute("AuthnRequestsSigned").value
-    assert_equal "false", spsso_descriptor.attribute("WantAssertionsSigned").value
+      assert_equal "https://example.com", REXML::XPath.first(xml_doc, "//md:EntityDescriptor").attribute("entityID").value
 
-    assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", REXML::XPath.first(xml_doc, "//md:NameIDFormat").text.strip
+      spsso_descriptor = REXML::XPath.first(xml_doc, "//md:SPSSODescriptor")
+      assert_equal "urn:oasis:names:tc:SAML:2.0:protocol", spsso_descriptor.attribute("protocolSupportEnumeration").value
+      assert_equal "false", spsso_descriptor.attribute("AuthnRequestsSigned").value
+      assert_equal "false", spsso_descriptor.attribute("WantAssertionsSigned").value
 
-    acs = REXML::XPath.first(xml_doc, "//md:AssertionConsumerService")
-    assert_equal "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", acs.attribute("Binding").value
-    assert_equal "https://foo.example/saml/consume", acs.attribute("Location").value
-  end
+      assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", REXML::XPath.first(xml_doc, "//md:NameIDFormat").text.strip
 
-  should "generate attribute service if configured" do
-    settings = OneLogin::RubySaml::Settings.new
-    settings.issuer = "https://example.com"
-    settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-    settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-    settings.attribute_consuming_service.configure do
-      service_name "Test Service"
-      add_attribute(:name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name", :attribute_value => "Attribute Value")
+      acs = REXML::XPath.first(xml_doc, "//md:AssertionConsumerService")
+      assert_equal "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", acs.attribute("Binding").value
+      assert_equal "https://foo.example/saml/consume", acs.attribute("Location").value
     end
 
-    xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
-    xml_doc = REXML::Document.new(xml_text)
-    acs = REXML::XPath.first(xml_doc, "//md:AttributeConsumingService")
-    assert_equal "true", acs.attribute("isDefault").value
-    assert_equal "1", acs.attribute("index").value
-    assert_equal REXML::XPath.first(xml_doc, "//md:ServiceName").text.strip, "Test Service"
-    req_attr = REXML::XPath.first(xml_doc, "//md:RequestedAttribute")
-    assert_equal "Name", req_attr.attribute("Name").value
-    assert_equal "Name Format", req_attr.attribute("NameFormat").value
-    assert_equal "Friendly Name", req_attr.attribute("FriendlyName").value
-    assert_equal "Attribute Value", REXML::XPath.first(xml_doc, "//md:AttributeValue").text.strip
+    it "generates attribute service if configured" do
+      settings = OneLogin::RubySaml::Settings.new
+      settings.issuer = "https://example.com"
+      settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+      settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
+      settings.attribute_consuming_service.configure do
+        service_name "Test Service"
+        add_attribute(:name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name", :attribute_value => "Attribute Value")
+      end
+
+      xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
+      xml_doc = REXML::Document.new(xml_text)
+      acs = REXML::XPath.first(xml_doc, "//md:AttributeConsumingService")
+      assert_equal "true", acs.attribute("isDefault").value
+      assert_equal "1", acs.attribute("index").value
+      assert_equal REXML::XPath.first(xml_doc, "//md:ServiceName").text.strip, "Test Service"
+      req_attr = REXML::XPath.first(xml_doc, "//md:RequestedAttribute")
+      assert_equal "Name", req_attr.attribute("Name").value
+      assert_equal "Name Format", req_attr.attribute("NameFormat").value
+      assert_equal "Friendly Name", req_attr.attribute("FriendlyName").value
+      assert_equal "Attribute Value", REXML::XPath.first(xml_doc, "//md:AttributeValue").text.strip
+    end
   end
-
 end