saml-kit 1.0.15 → 1.0.16

data/lib/saml/kit/builders.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'saml/kit/xml_templatable'
 require 'saml/kit/builders/assertion'
 require 'saml/kit/builders/authentication_request'
 require 'saml/kit/builders/encrypted_assertion'

data/lib/saml/kit/composite_metadata.rb

@@ -9,6 +9,7 @@ module Saml
     # and SPSSODescriptor element.
     class CompositeMetadata < Metadata # :nodoc:
       include Enumerable
+
       attr_reader :service_provider, :identity_provider
 
       def initialize(xml)
@@ -19,8 +20,22 @@ module Saml
         ]
       end
 
+      def organization
+        find { |x| x.organization.present? }.try(:organization)
+      end
+
+      def organization_name
+        organization.name
+      end
+
+      def organization_url
+        organization.url
+      end
+
       def services(type)
-        xpath = map { |xxx| "//md:EntityDescriptor/md:#{xxx.name}/md:#{type}" }.join('|')
+        xpath = map do |x|
+          "//md:EntityDescriptor/md:#{x.name}/md:#{type}"
+        end.join('|')
         search(xpath).map do |item|
           binding = item.attribute('Binding').value
           location = item.attribute('Location').value
@@ -37,7 +52,7 @@ module Saml
       end
 
       def method_missing(name, *args)
-        if (target = find { |xxx| xxx.respond_to?(name) })
+        if (target = find { |x| x.respond_to?(name) })
           target.public_send(name, *args)
         else
           super
@@ -45,7 +60,7 @@ module Saml
       end
 
       def respond_to_missing?(method, *)
-        find { |xxx| xxx.respond_to?(method) }
+        find { |x| x.respond_to?(method) }
       end
     end
   end

data/lib/saml/kit/{trustable.rb → concerns/trustable.rb}

@@ -9,14 +9,15 @@ module Saml
       extend ActiveSupport::Concern
 
       included do
-        validate :must_have_valid_signature, unless: :signature_manually_verified
+        validate :must_have_valid_signature, unless: :signature_verified
         validate :must_be_registered
         validate :must_be_trusted
       end
 
-      # Returns true when the document has an embedded XML Signature or has been verified externally.
+      # Returns true when the document has an embedded XML Signature or has
+      # been verified externally.
       def signed?
-        signature_manually_verified || signature.present?
+        signature_verified || signature.present?
       end
 
       # @!visibility private
@@ -24,9 +25,10 @@ module Saml
         @signature ||= Signature.new(at_xpath("/samlp:#{name}/ds:Signature"))
       end
 
-      # Returns true when documents is signed and the signing certificate belongs to a known service entity.
+      # Returns true when documents is signed and the signing certificate
+      # belongs to a known service entity.
       def trusted?
-        return true if signature_manually_verified
+        return true if signature_verified
         return false unless signed?
         signature.trusted?(provider)
       end
@@ -38,12 +40,12 @@ module Saml
 
       # @!visibility private
       def signature_verified!
-        @signature_manually_verified = true
+        @signature_verified = true
       end
 
       private
 
-      attr_reader :signature_manually_verified
+      attr_reader :signature_verified
 
       def must_have_valid_signature
         return if to_xml.blank?

data/lib/saml/kit/concerns/xml_parseable.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'saml/kit/namespaces'
+
+module Saml
+  module Kit
+    module XmlParseable
+      NAMESPACES = {
+        NameFormat: ::Saml::Kit::Namespaces::ATTR_SPLAT,
+        ds: ::Xml::Kit::Namespaces::XMLDSIG,
+        md: ::Saml::Kit::Namespaces::METADATA,
+        saml: ::Saml::Kit::Namespaces::ASSERTION,
+        samlp: ::Saml::Kit::Namespaces::PROTOCOL,
+        xmlenc: ::Xml::Kit::Namespaces::XMLENC,
+      }.freeze
+
+      # Returns the SAML document returned as a Hash.
+      def to_h
+        @to_h ||= Hash.from_xml(to_s) || {}
+      end
+
+      # Returns the XML document as a String.
+      #
+      # @param pretty [Boolean] true to return a human friendly version
+      # of the XML.
+      def to_xml(pretty: nil)
+        pretty ? to_nokogiri.to_xml(indent: 2) : to_s
+      end
+
+      # Returns the SAML document as an XHTML string.
+      # This is useful for rendering in a web page.
+      def to_xhtml
+        Nokogiri::XML(to_xml, &:noblanks).to_xhtml
+      end
+
+      def present?
+        to_s.present?
+      end
+
+      # @!visibility private
+      def to_nokogiri
+        @to_nokogiri ||= Nokogiri::XML(to_s)
+      end
+
+      # @!visibility private
+      def at_xpath(xpath)
+        return unless present?
+        to_nokogiri.at_xpath(xpath, NAMESPACES)
+      end
+
+      # @!visibility private
+      def search(xpath)
+        to_nokogiri.search(xpath, NAMESPACES)
+      end
+
+      # Returns the XML document as a [String].
+      def to_s
+        content
+      end
+    end
+  end
+end

data/lib/saml/kit/{xml_templatable.rb → concerns/xml_templatable.rb}

@@ -5,7 +5,7 @@ module Saml
     # This module is responsible for
     # generating converting templates to xml.
     module XmlTemplatable
-      TEMPLATES_DIR = Pathname.new(File.join(__dir__, 'builders/templates/'))
+      TEMPLATES_DIR = Pathname.new(File.join(__dir__, '../builders/templates/'))
       include ::Xml::Kit::Templatable
 
       def template_path
@@ -16,7 +16,8 @@ module Saml
         "#{self.class.name.split('::').last.underscore}.builder"
       end
 
-      # Returns true if an embedded signature is requested and at least one signing certificate is available via the configuration.
+      # Returns true if an embedded signature is requested and at least one
+      # signing certificate is available via the configuration.
       def sign?
         return configuration.sign? if embed_signature.nil?
         (embed_signature && configuration.sign?) ||

data/lib/saml/kit/{xsd_validatable.rb → concerns/xsd_validatable.rb}

@@ -5,8 +5,18 @@ module Saml
     # This module is responsible for validating
     # xml documents against the SAML XSD's
     module XsdValidatable
+      PROTOCOL_XSD = File.expand_path(
+        '../xsd/saml-schema-protocol-2.0.xsd', File.dirname(__FILE__)
+      ).freeze
+
+      METADATA_XSD = File.expand_path(
+        '../xsd/saml-schema-metadata-2.0.xsd', File.dirname(__FILE__)
+      ).freeze
+
       # @!visibility private
       def matches_xsd?(xsd)
+        return unless to_nokogiri.present?
+
         Dir.chdir(File.dirname(xsd)) do
           xsd = Nokogiri::XML::Schema(IO.read(xsd))
           xsd.validate(to_nokogiri).each do |error|

data/lib/saml/kit/conditions.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    class Conditions
+      include XmlParseable
+
+      attr_reader :content
+
+      def initialize(node)
+        @to_nokogiri = node
+        @content = node.to_s
+      end
+
+      def started_at
+        parse_iso8601(at_xpath('./@NotBefore').try(:value))
+      end
+
+      def expired_at
+        parse_iso8601(at_xpath('./@NotOnOrAfter').try(:value))
+      end
+
+      def audiences
+        search('./saml:AudienceRestriction/saml:Audience').map(&:text)
+      end
+
+      private
+
+      def parse_iso8601(value)
+        DateTime.parse(value)
+      rescue StandardError => error
+        Saml::Kit.logger.error(error)
+        Time.at(0).to_datetime
+      end
+    end
+  end
+end

data/lib/saml/kit/configuration.rb

@@ -2,7 +2,8 @@
 
 module Saml
   module Kit
-    # This class represents the main configuration that is use for generating SAML documents.
+    # This class represents the main configuration that is use for generating
+    # SAML documents.
     #
     #   Saml::Kit::Configuration.new do |config|
     #     config.entity_id = "com:saml:kit"
@@ -19,17 +20,25 @@ module Saml
     #   Saml::Kit.configure do |configuration|
     #     configuration.entity_id = "https://www.example.com/saml/metadata"
     #     configuration.generate_key_pair_for(use: :signing)
-    #     configuration.add_key_pair(ENV["X509_CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PRIVATE_KEY_PASSPHRASE'], use: :encryption)
+    #     configuration.add_key_pair(
+    #       ENV["X509_CERTIFICATE"],
+    #         ENV["PRIVATE_KEY"],
+    #         passphrase: ENV['PRIVATE_KEY_PASSPHRASE'],
+    #         use: :encryption
+    #     )
     #   end
     class Configuration
       USES = %i[signing encryption].freeze
       # The issuer to use in requests or responses from this entity to use.
       attr_accessor :entity_id
-      # The signature method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
+      # The signature method to use when generating signatures
+      # (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
       attr_accessor :signature_method
-      # The digest method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::DIGEST_METHODS})
+      # The digest method to use when generating signatures
+      # (See {Saml::Kit::Builders::XmlSignature::DIGEST_METHODS})
       attr_accessor :digest_method
-      # The metadata registry to use for searching for metadata associated with an issuer.
+      # The metadata registry to use for searching for metadata associated
+      # with an issuer.
       attr_accessor :registry
       # The session timeout to use when generating an Assertion.
       attr_accessor :session_timeout
@@ -57,7 +66,11 @@ module Saml
       # @param use [Symbol] the type of key pair, `:signing` or `:encryption`
       def add_key_pair(certificate, private_key, passphrase: nil, use: :signing)
         ensure_proper_use(use)
-        @key_pairs.push(::Xml::Kit::KeyPair.new(certificate, private_key, passphrase, use.to_sym))
+        @key_pairs.push(
+          ::Xml::Kit::KeyPair.new(
+            certificate, private_key, passphrase, use.to_sym
+          )
+        )
       end
 
       # Generates a unique key pair that can be used for signing or encryption.
@@ -66,27 +79,32 @@ module Saml
       # @param passphrase [String] the private key passphrase to use.
       def generate_key_pair_for(use:, passphrase: SecureRandom.uuid)
         ensure_proper_use(use)
-        certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
+        certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(
+          passphrase: passphrase
+        )
         add_key_pair(certificate, private_key, passphrase: passphrase, use: use)
       end
 
       # Return each key pair for a specific use.
       #
-      # @param use [Symbol] the type of key pair to return `nil`, `:signing` or `:encryption`
+      # @param use [Symbol] the type of key pair to return
+      # `nil`, `:signing` or `:encryption`
       def key_pairs(use: nil)
         use.present? ? @key_pairs.find_all { |xxx| xxx.for?(use) } : @key_pairs
       end
 
       # Return each certificate for a specific use.
       #
-      # @param use [Symbol] the type of key pair to return `nil`, `:signing` or `:encryption`
+      # @param use [Symbol] the type of key pair to return
+      # `nil`, `:signing` or `:encryption`
       def certificates(use: nil)
         key_pairs(use: use).flat_map(&:certificate)
       end
 
       # Return each private for a specific use.
       #
-      # @param use [Symbol] the type of key pair to return `nil`, `:signing` or `:encryption`
+      # @param use [Symbol] the type of key pair to return
+      # `nil`, `:signing` or `:encryption`
       def private_keys(use: nil)
         key_pairs(use: use).flat_map(&:private_key)
       end

data/lib/saml/kit/default_registry.rb

@@ -2,8 +2,10 @@
 
 module Saml
   module Kit
-    # The default metadata registry is used to fetch the metadata associated with an issuer or entity id.
-    # The metadata associated with an issuer is used to verify trust for any SAML documents that are received.
+    # The default metadata registry is used to fetch the metadata associated
+    # with an issuer or entity id.
+    # The metadata associated with an issuer is used to verify trust for any
+    # SAML documents that are received.
     #
     # You can replace the default registry with your own at startup.
     #
@@ -41,12 +43,14 @@ module Saml
       #
       # @param metadata [Saml::Kit::Metadata] the metadata to register.
       def register(metadata)
+        ensure_valid_metadata(metadata)
         Saml::Kit.logger.debug(metadata.to_xml(pretty: true))
         @items[metadata.entity_id] = metadata
       end
 
       # Register metadata via a remote URL.
-      # This will attempt to connect to the remove URL to download the metadata and register it in the registry.
+      # This will attempt to connect to the remove URL to download the
+      # metadata and register it in the registry.
       #
       # @param url [String] the url to download the metadata from.
       # @param verify_ssl [Boolean] enable/disable SSL peer verification.
@@ -57,7 +61,8 @@ module Saml
 
       # Returns the metadata document associated with an issuer or entityID.
       #
-      # @param entity_id [String] the unique entityID/Issuer associated with metadata.
+      # @param entity_id [String] unique entityID/Issuer associated with
+      # metadata.
       def metadata_for(entity_id)
         @items[entity_id]
       end
@@ -69,6 +74,16 @@ module Saml
         end
       end
 
+      private
+
+      def ensure_valid_metadata(metadata)
+        error = ArgumentError.new('Cannot register invalid metadata')
+        raise error if
+          metadata.nil? ||
+          !metadata.respond_to?(:entity_id) ||
+          metadata.invalid?
+      end
+
       # This class is responsible for
       # making HTTP requests to fetch metadata
       # from remote locations.

data/lib/saml/kit/document.rb

@@ -5,19 +5,12 @@ module Saml
     # This class is a base class for SAML documents.
     class Document
       include ActiveModel::Validations
-      include XsdValidatable
+      include Buildable
       include Translatable
       include Trustable
-      include Buildable
-      PROTOCOL_XSD = File.expand_path('./xsd/saml-schema-protocol-2.0.xsd', File.dirname(__FILE__)).freeze
-      NAMESPACES = {
-        "NameFormat": ::Saml::Kit::Namespaces::ATTR_SPLAT,
-        "ds": ::Xml::Kit::Namespaces::XMLDSIG,
-        "md": ::Saml::Kit::Namespaces::METADATA,
-        "saml": ::Saml::Kit::Namespaces::ASSERTION,
-        "samlp": ::Saml::Kit::Namespaces::PROTOCOL,
-        'xmlenc' => ::Xml::Kit::Namespaces::XMLENC,
-      }.freeze
+      include XmlParseable
+      include XsdValidatable
+
       attr_accessor :registry
       attr_reader :name
       validates_presence_of :content
@@ -58,44 +51,13 @@ module Saml
         Time.parse(at_xpath('./*/@IssueInstant').try(:value))
       end
 
-      # Returns the SAML document returned as a Hash.
-      def to_h
-        @to_h ||= Hash.from_xml(content) || {}
-      end
-
-      # Returns the SAML document as an XML string.
-      #
-      # @param pretty [Boolean] formats the xml or returns the raw xml.
-      def to_xml(pretty: nil)
-        pretty ? to_nokogiri.to_xml(indent: 2) : to_s
-      end
-
-      # Returns the SAML document as an XHTML string.
-      # This is useful for rendering in a web page.
-      def to_xhtml
-        Nokogiri::XML(to_xml, &:noblanks).to_xhtml
-      end
-
-      # @!visibility private
-      def to_nokogiri
-        @to_nokogiri ||= Nokogiri::XML(to_s)
-      end
-
-      # @!visibility private
-      def at_xpath(xpath)
-        to_nokogiri.at_xpath(xpath, NAMESPACES)
-      end
-
-      # @!visibility private
-      def search(xpath)
-        to_nokogiri.search(xpath, NAMESPACES)
-      end
-
-      def to_s
-        content
-      end
-
       class << self
+        CONSTRUCTORS = {
+          'AuthnRequest' => -> { Saml::Kit::AuthenticationRequest },
+          'LogoutRequest' => -> { Saml::Kit::LogoutRequest },
+          'LogoutResponse' => -> { Saml::Kit::LogoutResponse },
+          'Response' => -> { Saml::Kit::Response },
+        }.freeze
         XPATH = [
           '/samlp:AuthnRequest',
           '/samlp:LogoutRequest',
@@ -106,14 +68,12 @@ module Saml
         # Returns the raw xml as a Saml::Kit SAML document.
         #
         # @param xml [String] the raw xml string.
-        # @param configuration [Saml::Kit::Configuration] the configuration to use for unpacking the document.
+        # @param configuration [Saml::Kit::Configuration] configuration to use
+        # for unpacking the document.
         def to_saml_document(xml, configuration: Saml::Kit.configuration)
-          constructor = {
-            'AuthnRequest' => Saml::Kit::AuthenticationRequest,
-            'LogoutRequest' => Saml::Kit::LogoutRequest,
-            'LogoutResponse' => Saml::Kit::LogoutResponse,
-            'Response' => Saml::Kit::Response,
-          }[Nokogiri::XML(xml).at_xpath(XPATH, "samlp": ::Saml::Kit::Namespaces::PROTOCOL).name] || InvalidDocument
+          namespaces = { samlp: Namespaces::PROTOCOL }
+          element = Nokogiri::XML(xml).at_xpath(XPATH, namespaces)
+          constructor = CONSTRUCTORS[element.name].try(:call) || InvalidDocument
           constructor.new(xml, configuration: configuration)
         rescue StandardError => error
           Saml::Kit.logger.error(error)
@@ -122,18 +82,12 @@ module Saml
 
         # @!visibility private
         def builder_class # :nodoc:
-          case name
-          when Saml::Kit::Response.to_s
-            Saml::Kit::Builders::Response
-          when Saml::Kit::LogoutResponse.to_s
-            Saml::Kit::Builders::LogoutResponse
-          when Saml::Kit::AuthenticationRequest.to_s
-            Saml::Kit::Builders::AuthenticationRequest
-          when Saml::Kit::LogoutRequest.to_s
-            Saml::Kit::Builders::LogoutRequest
-          else
-            raise ArgumentError, "Unknown SAML Document #{name}"
-          end
+          {
+            Response.to_s => Saml::Kit::Builders::Response,
+            LogoutResponse.to_s => Saml::Kit::Builders::LogoutResponse,
+            AuthenticationRequest.to_s => Saml::Kit::Builders::AuthenticationRequest,
+            LogoutRequest.to_s => Saml::Kit::Builders::LogoutRequest,
+          }[name] || (raise ArgumentError, "Unknown SAML Document #{name}")
         end
       end
 

data/lib/saml/kit/identity_provider_metadata.rb

@@ -2,16 +2,31 @@
 
 module Saml
   module Kit
-    # This class is used to parse the IDPSSODescriptor from a SAML metadata document.
+    # This class parses the IDPSSODescriptor from a SAML metadata document.
     #
     #  raw_xml = <<-XML
     #  <?xml version="1.0" encoding="UTF-8"?>
-    #  <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cfa24e2f-0ec0-4ee3-abb8-b2fcfe394c1c" entityID="">
-    #    <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    #      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/logout"/>
-    #      <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
-    #      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/login"/>
-    #      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/login"/>
+    #  <EntityDescriptor
+    #    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+    #    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    #    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    #    ID="_cfa24e2f-0ec0-4ee3-abb8-b2fcfe394c1c"
+    #    entityID="my-entity-id">
+    #    <IDPSSODescriptor
+    #      WantAuthnRequestsSigned="true"
+    #      protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    #      <SingleLogoutService
+    #        Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+    #        Location="https://www.example.com/logout" />
+    #      <NameIDFormat>
+    #        urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+    #      </NameIDFormat>
+    #      <SingleSignOnService
+    #        Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+    #        Location="https://www.example.com/login" />
+    #      <SingleSignOnService
+    #        Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+    #        Location="https://www.example.com/login" />
     #      <saml:Attribute Name="id"/>
     #    </IDPSSODescriptor>
     #  </EntityDescriptor>
@@ -70,14 +85,18 @@ module Saml
       # Creates a AuthnRequest document for the specified binding.
       #
       # @param binding [Symbol] `:http_post` or `:http_redirect`.
-      # @param relay_state [Object] The RelayState to include the returned SAML params.
-      # @param configuration [Saml::Kit::Configuration] the configuration to use for generating the request.
-      # @return [Array] The url and saml params encoded using the rules for the specified binding.
-      def login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration)
-        builder = Saml::Kit::AuthenticationRequest.builder(configuration: configuration) do |xxx|
-          xxx.embed_signature = want_authn_requests_signed
-          yield xxx if block_given?
-        end
+      # @param relay_state [Object] RelayState to include the returned params.
+      # @param configuration [Saml::Kit::Configuration] the configuration to
+      # use for generating the request.
+      # @return [Array] Url and params encoded using rules for binding.
+      def login_request_for(
+        binding:, relay_state: nil, configuration: Saml::Kit.configuration
+      )
+        builder =
+          AuthenticationRequest.builder(configuration: configuration) do |x|
+            x.embed_signature = want_authn_requests_signed
+            yield x if block_given?
+          end
         request_binding = single_sign_on_service_for(binding: binding)
         request_binding.serialize(builder, relay_state: relay_state)
       end

data/lib/saml/kit/invalid_document.rb

@@ -10,7 +10,7 @@ module Saml
         model.errors[:base] << model.error_message(:invalid)
       end
 
-      def initialize(xml, configuration: nil)
+      def initialize(xml, *)
         super(xml, name: 'InvalidDocument')
       end
 

data/lib/saml/kit/logout_request.rb

@@ -16,7 +16,8 @@ module Saml
     #
     # See {Saml::Kit::Builders::LogoutRequest} for a list of available settings.
     #
-    # This class can also be used to generate the correspondong LogoutResponse for a LogoutRequest.
+    # This class can also be used to generate the correspondong LogoutResponse
+    # for a LogoutRequest.
     #
     #   document = Saml::Kit::LogoutRequest.new(raw_xml)
     #   url, saml_params = document.response_for(binding: :http_post)
@@ -31,7 +32,7 @@ module Saml
       # A new instance of LogoutRequest
       #
       # @param xml [String] The raw xml string.
-      # @param configuration [Saml::Kit::Configuration] the configuration to use.
+      # @param configuration [Saml::Kit::Configuration] configuration to use.
       def initialize(xml, configuration: Saml::Kit.configuration)
         super(xml, name: 'LogoutRequest', configuration: configuration)
       end
@@ -45,11 +46,15 @@ module Saml
         at_xpath('./*/saml:NameID/@Format').try(:value)
       end
 
-      # Generates a Serialized LogoutResponse using the encoding rules for the specified binding.
+      # Generates a Serialized LogoutResponse using the encoding rules for
+      # the specified binding.
       #
-      # @param binding [Symbol] The binding to use `:http_redirect` or `:http_post`.
-      # @param relay_state [Object] The RelayState to include in the RelayState param.
-      # @return [Array] Returns an array with a url and Hash of parameters to return to the requestor.
+      # @param binding [Symbol] The binding to use `:http_redirect` or
+      # `:http_post`.
+      # @param relay_state [Object] The RelayState to include in the
+      # RelayState param.
+      # @return [Array] Returns an array with a url and Hash of parameters to
+      # return to the requestor.
       def response_for(binding:, relay_state: nil)
         builder = Saml::Kit::LogoutResponse.builder(self) do |xxx|
           yield xxx if block_given?

data/lib/saml/kit/logout_response.rb

@@ -10,7 +10,9 @@ module Saml
     class LogoutResponse < Document
       include Respondable
 
-      def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
+      def initialize(
+        xml, request_id: nil, configuration: Saml::Kit.configuration
+      )
         @request_id = request_id
         super(xml, name: 'LogoutResponse', configuration: configuration)
       end