ruby-samlnechotech 0.7.31 → 0.7.32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/onelogin/ruby-samlnechotech/authrequest.rb +7 -7
- data/lib/onelogin/ruby-samlnechotech/metadata.rb +2 -2
- data/lib/onelogin/ruby-samlnechotech/response.rb +7 -3
- data/lib/onelogin/ruby-samlnechotech/settings.rb +1 -1
- data/lib/onelogin/ruby-samlnechotech/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2bb37f4e246d9b31c8bfe72acf8731e8c6ac55ea
|
4
|
+
data.tar.gz: 6c08d064ce2b17103ef948a626e4e143debdbdf9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1e0b8c88e5f78181a49990abffca12800aa7bbeac02207a5127172b086c5a96cca0c507d6c4a1fb50254fd266c1d42335f46728376f11c3ae6a7097b266bad77
|
7
|
+
data.tar.gz: b09a66df1703f9cdd6e8397c32f5625428e7b9e9f27da59589e3e2e6f5fa0c4da9b520906aa488a52b73257553eee4ec13f1f5e6ef07543024475cc426f63ce9
|
@@ -18,7 +18,7 @@ module Onelogin
|
|
18
18
|
request = ""
|
19
19
|
request_doc.write(request)
|
20
20
|
|
21
|
-
Logging.debug "Created AuthnRequest
|
21
|
+
Logging.debug "Created AuthnRequest:\n#{request}\n"
|
22
22
|
|
23
23
|
request = Zlib::Deflate.deflate(request, 9)[2..-5] if settings.compress_request
|
24
24
|
base64_request = Base64.encode64(request)
|
@@ -36,7 +36,7 @@ module Onelogin
|
|
36
36
|
def create_authentication_xml_doc(settings)
|
37
37
|
uuid = "_" + UUID.new.generate
|
38
38
|
time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
|
39
|
-
# Create AuthnRequest root element using REXML
|
39
|
+
# Create AuthnRequest root element using REXML
|
40
40
|
request_doc = REXML::Document.new
|
41
41
|
|
42
42
|
root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" }
|
@@ -45,7 +45,7 @@ module Onelogin
|
|
45
45
|
root.attributes['Version'] = "2.0"
|
46
46
|
root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
|
47
47
|
root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
|
48
|
-
root.attributes['
|
48
|
+
root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
|
49
49
|
|
50
50
|
# Conditionally defined elements based on settings
|
51
51
|
if settings.assertion_consumer_service_url != nil
|
@@ -56,7 +56,7 @@ module Onelogin
|
|
56
56
|
issuer.text = settings.issuer
|
57
57
|
end
|
58
58
|
if settings.name_identifier_format != nil
|
59
|
-
root.add_element "samlp:NameIDPolicy", {
|
59
|
+
root.add_element "samlp:NameIDPolicy", {
|
60
60
|
"xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
61
61
|
# Might want to make AllowCreate a setting?
|
62
62
|
"AllowCreate" => "true",
|
@@ -65,14 +65,14 @@ module Onelogin
|
|
65
65
|
end
|
66
66
|
|
67
67
|
# BUG fix here -- if an authn_context is defined, add the tags with an "exact"
|
68
|
-
# match required for authentication to succeed. If this is not defined,
|
68
|
+
# match required for authentication to succeed. If this is not defined,
|
69
69
|
# the IdP will choose default rules for authentication. (Shibboleth IdP)
|
70
70
|
if settings.authn_context != nil
|
71
|
-
requested_context = root.add_element "samlp:RequestedAuthnContext", {
|
71
|
+
requested_context = root.add_element "samlp:RequestedAuthnContext", {
|
72
72
|
"xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
73
73
|
"Comparison" => "exact",
|
74
74
|
}
|
75
|
-
class_ref = requested_context.add_element "saml:AuthnContextClassRef", {
|
75
|
+
class_ref = requested_context.add_element "saml:AuthnContextClassRef", {
|
76
76
|
"xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion",
|
77
77
|
}
|
78
78
|
class_ref.text = settings.authn_context
|
@@ -3,7 +3,7 @@ require "rexml/xpath"
|
|
3
3
|
require "uri"
|
4
4
|
|
5
5
|
# Class to return SP metadata based on the settings requested.
|
6
|
-
# Return this XML in a controller, then give that URL to the the
|
6
|
+
# Return this XML in a controller, then give that URL to the the
|
7
7
|
# IdP administrator. The IdP will poll the URL and your settings
|
8
8
|
# will be updated automatically
|
9
9
|
module Onelogin
|
@@ -57,7 +57,7 @@ module Onelogin
|
|
57
57
|
# pretty print the XML so IdP administrators can easily see what the SP supports
|
58
58
|
meta_doc.write(ret, 1)
|
59
59
|
|
60
|
-
Logging.debug "Generated metadata:\n#{ret}"
|
60
|
+
Logging.debug "Generated metadata:\n#{ret}\n"
|
61
61
|
|
62
62
|
ret
|
63
63
|
end
|
@@ -35,15 +35,14 @@ module Onelogin
|
|
35
35
|
base64_cert = document.elements["//ds:X509Certificate"].text
|
36
36
|
cert_text = Base64.decode64(base64_cert)
|
37
37
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
38
|
-
r_logger = Rails.logger rescue nil
|
39
38
|
# check cert matches registered idp cert
|
40
39
|
fingerprint = Digest::SHA1.hexdigest(cert.to_der)
|
41
|
-
|
40
|
+
Logging.debug "Fingerprint:\n#{fingerprint}\n"
|
42
41
|
valid_flag = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase
|
43
42
|
|
44
43
|
return valid_flag if !valid_flag
|
45
44
|
|
46
|
-
document.validate_doc(base64_cert,
|
45
|
+
document.validate_doc(base64_cert, Logging)
|
47
46
|
end
|
48
47
|
|
49
48
|
def validate!
|
@@ -99,6 +98,7 @@ module Onelogin
|
|
99
98
|
# Checks the status of the response for a "Success" code
|
100
99
|
# (nechotech: ...or a "NoPassive" secondary status code)
|
101
100
|
def success?
|
101
|
+
log()
|
102
102
|
@status_code ||= begin
|
103
103
|
node = REXML::XPath.first(document, "/p:Response/p:Status/p:StatusCode", { "p" => PROTOCOL, "a" => ASSERTION })
|
104
104
|
primary_status = node.attributes["Value"]
|
@@ -127,6 +127,10 @@ module Onelogin
|
|
127
127
|
end
|
128
128
|
end
|
129
129
|
|
130
|
+
def log
|
131
|
+
Logging.debug "SAML Response:\n#{document}\n"
|
132
|
+
end
|
133
|
+
|
130
134
|
private
|
131
135
|
|
132
136
|
def validation_error(message)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-samlnechotech
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.32
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OneLogin LLC, beekermememe
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-05
|
11
|
+
date: 2013-06-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: canonix
|