ruby-saml 1.12.0 → 1.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +9 -3
- data/changelog.md +4 -0
- data/lib/onelogin/ruby-saml/attributes.rb +1 -1
- data/lib/onelogin/ruby-saml/response.rb +1 -1
- data/lib/onelogin/ruby-saml/utils.rb +3 -3
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ac80594648fe4830b965c65366f8bb261a4edfe148c9e929f352b39a1b3428f
|
|
4
|
+
data.tar.gz: b6379aa66a89f2074f434e8c97163022d533e1cdc30c20555135c2e4c82353b4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b1a380101d7684431209f4e8cc2704c8118621465c3b0a8efc623d573377e14706a4368eae6ea9ef1666da4c36e5e6a61ccae845d9f87e1bab98fbf2cd626ad6
|
|
7
|
+
data.tar.gz: e251b75351483f04d21bc4228af9752cab4d0cc4568952835960363671c28f9e38e62f9b727bde5d62b3a39e095593041e1e7dea9d93084fe6a87aef45a0f8ab
|
data/README.md
CHANGED
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
Version `1.12.0` adds support for gcm algorithm and
|
|
5
5
|
change/adds specific error messages for signature validations
|
|
6
6
|
|
|
7
|
+
`idp_sso_target_url` and `idp_slo_target_url` attributes of the Settings class deprecated in favor of `idp_sso_service_url` and `idp_slo_service_url`.
|
|
8
|
+
In IDPMetadataParser, `parse`, `parse_to_hash` and `parse_to_array` methods now retrieve SSO URL and SLO URL endpoints with
|
|
9
|
+
`idp_sso_service_url` and `idp_slo_service_url` (previously `idp_sso_target_url` and `idp_slo_target_url` respectively).
|
|
10
|
+
|
|
7
11
|
## Updating from 1.10.x to 1.11.0
|
|
8
12
|
Version `1.11.0` deprecates the use of `settings.issuer` in favour of `settings.sp_entity_id`.
|
|
9
13
|
There are two new security settings: `settings.security[:check_idp_cert_expiration]` and `settings.security[:check_sp_cert_expiration]` (both false by default) that check if the IdP or SP X.509 certificate has expired, respectively.
|
|
@@ -120,9 +124,11 @@ We created a demo project for Rails4 that uses the latest version of this librar
|
|
|
120
124
|
* 2.5.x
|
|
121
125
|
* 2.6.x
|
|
122
126
|
* 2.7.x
|
|
123
|
-
*
|
|
124
|
-
* JRuby
|
|
125
|
-
* JRuby 9.
|
|
127
|
+
* 3.0.x
|
|
128
|
+
* JRuby 1.7.x
|
|
129
|
+
* JRuby 9.0.x
|
|
130
|
+
* JRuby 9.1.x
|
|
131
|
+
* JRuby 9.2.x
|
|
126
132
|
|
|
127
133
|
## Adding Features, Pull Requests
|
|
128
134
|
* Fork the repository
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# RubySaml Changelog
|
|
2
2
|
|
|
3
|
+
### 1.12.1 (Apr 05, 2022)
|
|
4
|
+
* Fix XPath typo incompatible with Rexml 3.2.5
|
|
5
|
+
* Refactor GCM support
|
|
6
|
+
|
|
3
7
|
### 1.12.0 (Feb 18, 2021)
|
|
4
8
|
* Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
|
|
5
9
|
* Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
|
|
@@ -124,7 +124,7 @@ module OneLogin
|
|
|
124
124
|
def fetch(name)
|
|
125
125
|
attributes.each_key do |attribute_key|
|
|
126
126
|
if name.is_a?(Regexp)
|
|
127
|
-
if name.
|
|
127
|
+
if name.respond_to? :match?
|
|
128
128
|
return self[attribute_key] if name.match?(attribute_key)
|
|
129
129
|
else
|
|
130
130
|
return self[attribute_key] if name.match(attribute_key)
|
|
@@ -828,7 +828,7 @@ module OneLogin
|
|
|
828
828
|
# otherwise, review if the decrypted assertion contains a signature
|
|
829
829
|
sig_elements = REXML::XPath.match(
|
|
830
830
|
document,
|
|
831
|
-
"/p:Response[@ID=$id]/ds:Signature
|
|
831
|
+
"/p:Response[@ID=$id]/ds:Signature",
|
|
832
832
|
{ "p" => PROTOCOL, "ds" => DSIG },
|
|
833
833
|
{ 'id' => document.signed_element_id }
|
|
834
834
|
)
|
|
@@ -296,9 +296,9 @@ module OneLogin
|
|
|
296
296
|
when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
|
|
297
297
|
when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
|
|
298
298
|
when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
|
|
299
|
-
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
300
|
-
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
301
|
-
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new(
|
|
299
|
+
when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
|
|
300
|
+
when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(192, :GCM).decrypt
|
|
301
|
+
when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher::AES.new(256, :GCM).decrypt
|
|
302
302
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
|
|
303
303
|
when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
|
|
304
304
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.12.
|
|
4
|
+
version: 1.12.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OneLogin LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|