saml-kit 1.0.28 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +149 -0
- data/Gemfile.lock +128 -0
- data/LICENSE.txt +1 -1
- data/README.md +4 -8
- data/Rakefile +0 -1
- data/lib/saml/kit/assertion.rb +3 -3
- data/lib/saml/kit/authentication_request.rb +5 -0
- data/lib/saml/kit/bindings.rb +4 -4
- data/lib/saml/kit/builders/authentication_request.rb +3 -4
- data/lib/saml/kit/builders/templates/encrypted_assertion.builder +1 -1
- data/lib/saml/kit/builders/templates/logout_request.builder +1 -1
- data/lib/saml/kit/concerns/respondable.rb +1 -1
- data/lib/saml/kit/concerns/trustable.rb +3 -3
- data/lib/saml/kit/concerns/xsd_validatable.rb +1 -1
- data/lib/saml/kit/deprecated/metadata.rb +2 -0
- data/lib/saml/kit/document.rb +2 -2
- data/lib/saml/kit/invalid_document.rb +1 -1
- data/lib/saml/kit/metadata.rb +2 -2
- data/lib/saml/kit/namespaces.rb +25 -25
- data/lib/saml/kit/null_assertion.rb +1 -1
- data/lib/saml/kit/organization.rb +2 -0
- data/lib/saml/kit/response.rb +2 -2
- data/lib/saml/kit/signature.rb +1 -1
- data/lib/saml/kit/version.rb +1 -1
- data/saml-kit.gemspec +7 -7
- metadata +22 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d77013b5cfdff5bcf857a48182eacafc9a8683cb0171c4cd383a8d53f522f5ea
|
|
4
|
+
data.tar.gz: 4a56b20855f4e83f47545b7fce9c31f47216b0bdc51bacdab6a29ba1e410f3d9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f7eed807fd7d0a00de9fa669e6b52ae65f5487bcc1b408065d3c510d6323a7879d4412c67abe2a79a5fe7a08a38fa17296112586b4cd960dd4c13e1ca30ba7fa
|
|
7
|
+
data.tar.gz: 2832e9ba9fc7453ea1db370b69153db556b72cb2d0e0990e3216412669fb6212c73145654ae4edd0f2c4d04b5b464979a342a11343bc3c2bff4963b877379590
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
Version 1.2.0
|
|
2
|
+
|
|
3
|
+
# Changelog
|
|
4
|
+
All notable changes to this project will be documented in this file.
|
|
5
|
+
|
|
6
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
7
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
8
|
+
|
|
9
|
+
## [Unreleased]
|
|
10
|
+
|
|
11
|
+
## [1.2.0] - 2021-02-04
|
|
12
|
+
### Changed
|
|
13
|
+
- Use [ActiveModel::Errors#add](https://www.rubydoc.info/docs/rails/ActiveModel%2FErrors:add)
|
|
14
|
+
- Update minimum activemodel version to `5.1`.
|
|
15
|
+
|
|
16
|
+
## [1.1.0] - 2019-04-30
|
|
17
|
+
### Added
|
|
18
|
+
- Add support for ForceAuthn attribute on AuthnRequest
|
|
19
|
+
|
|
20
|
+
### Removed
|
|
21
|
+
- Drop support for ruby 2.2
|
|
22
|
+
- Drop support for ruby 2.3
|
|
23
|
+
|
|
24
|
+
### Changed
|
|
25
|
+
- Rescue from invalid signature validation
|
|
26
|
+
- Change minimum ruby version to 2.4
|
|
27
|
+
- Change minimum bundler to 2.0
|
|
28
|
+
|
|
29
|
+
## [1.0.31] - 2019-04-17
|
|
30
|
+
### Changed
|
|
31
|
+
- Rescue from all decryption errors
|
|
32
|
+
|
|
33
|
+
## [1.0.30] - 2019-04-07
|
|
34
|
+
### Changed
|
|
35
|
+
- change xml-kit dependency to minimum 0.3.0
|
|
36
|
+
- use `encrypt_data_for` instead of `encryption_for`.
|
|
37
|
+
|
|
38
|
+
## [1.0.29] - 2018-12-04
|
|
39
|
+
### Changed
|
|
40
|
+
- change xml-kit dependency to ~> 0.2.
|
|
41
|
+
|
|
42
|
+
## [1.0.28] - 2018-12-04
|
|
43
|
+
### Changed
|
|
44
|
+
- Parse attribute arrays from SAML assertion.
|
|
45
|
+
|
|
46
|
+
## [1.0.27] - 2018-11-08
|
|
47
|
+
### Changed
|
|
48
|
+
- Evict expired key pairs from configuration.
|
|
49
|
+
|
|
50
|
+
## [1.0.26] - 2018-10-22
|
|
51
|
+
### Changed
|
|
52
|
+
- Forward destination, issuer, now, embed\_signature to assertion.
|
|
53
|
+
|
|
54
|
+
## [1.0.25] - 2018-10-17
|
|
55
|
+
### Changed
|
|
56
|
+
- Allow multi valued attributes in response assertion.
|
|
57
|
+
|
|
58
|
+
## [1.0.24] - 2018-09-18
|
|
59
|
+
### Added
|
|
60
|
+
- Parse ID from assertion.
|
|
61
|
+
- Parse version from assertion.
|
|
62
|
+
- Parse version from assertion.
|
|
63
|
+
- Add missing English translations.
|
|
64
|
+
|
|
65
|
+
### Changed
|
|
66
|
+
- Moved backing fields from response builder to assertion.
|
|
67
|
+
|
|
68
|
+
## [1.0.23] - 2018-08-23
|
|
69
|
+
### Added
|
|
70
|
+
- Add NotOnOrAfter attribute to SubjectConfirmationData.
|
|
71
|
+
|
|
72
|
+
## [1.0.22] - 2018-08-13
|
|
73
|
+
### Added
|
|
74
|
+
- Allow using a custom NameID Format in Assertion.
|
|
75
|
+
|
|
76
|
+
## [1.0.21] - 2018-08-13
|
|
77
|
+
### Changed
|
|
78
|
+
- Use net/hippie instead of net/http.
|
|
79
|
+
|
|
80
|
+
### Removed
|
|
81
|
+
- remove optional NotOnOrAfter attribute from SubjectConfirmationData.
|
|
82
|
+
|
|
83
|
+
## [1.0.20] - 2018-08-11
|
|
84
|
+
### Changed
|
|
85
|
+
- Synchronize NotOnOrAfter between AuthnStatement and SubjectConfirmationData.
|
|
86
|
+
|
|
87
|
+
### Removed
|
|
88
|
+
- Removed optional SessionNotOnOrAfter attribute from AuthnStatement.
|
|
89
|
+
|
|
90
|
+
[Unreleased]: https://github.com/xlgmokha/saml-kit/compare/v1.2.0...HEAD
|
|
91
|
+
[1.2.0]: https://github.com/xlgmokha/saml-kit/compare/v1.1.0...v1.2.0
|
|
92
|
+
[1.1.0]: https://github.com/xlgmokha/saml-kit/compare/v1.0.31...v1.1.0
|
|
93
|
+
[1.0.31]: https://github.com/xlgmokha/saml-kit/compare/v1.0.30...v1.0.31
|
|
94
|
+
[1.0.30]: https://github.com/xlgmokha/saml-kit/compare/v1.0.29...v1.0.30
|
|
95
|
+
[1.0.29]: https://github.com/xlgmokha/saml-kit/compare/v1.0.28...v1.0.29
|
|
96
|
+
[1.0.28]: https://github.com/xlgmokha/saml-kit/compare/v1.0.27...v1.0.28
|
|
97
|
+
[1.0.27]: https://github.com/xlgmokha/saml-kit/compare/v1.0.26...v1.0.27
|
|
98
|
+
[1.0.26]: https://github.com/xlgmokha/saml-kit/compare/v1.0.25...v1.0.26
|
|
99
|
+
[1.0.25]: https://github.com/xlgmokha/saml-kit/compare/v1.0.24...v1.0.25
|
|
100
|
+
[1.0.24]: https://github.com/xlgmokha/saml-kit/compare/v1.0.23...v1.0.24
|
|
101
|
+
[1.0.23]: https://github.com/xlgmokha/saml-kit/compare/v1.0.22...v1.0.23
|
|
102
|
+
[1.0.22]: https://github.com/xlgmokha/saml-kit/compare/v1.0.21...v1.0.22
|
|
103
|
+
[1.0.21]: https://github.com/xlgmokha/saml-kit/compare/v1.0.20...v1.0.21
|
|
104
|
+
[1.0.20]: https://github.com/xlgmokha/saml-kit/compare/v1.0.19...v1.0.20
|
|
105
|
+
[1.0.19]: https://github.com/xlgmokha/saml-kit/compare/v1.0.18...v1.0.19
|
|
106
|
+
[1.0.18]: https://github.com/xlgmokha/saml-kit/compare/v1.0.17...v1.0.18
|
|
107
|
+
[1.0.17]: https://github.com/xlgmokha/saml-kit/compare/v1.0.16...v1.0.17
|
|
108
|
+
[1.0.16]: https://github.com/xlgmokha/saml-kit/compare/v1.0.15...v1.0.16
|
|
109
|
+
[1.0.15]: https://github.com/xlgmokha/saml-kit/compare/v1.0.14...v1.0.15
|
|
110
|
+
[1.0.14]: https://github.com/xlgmokha/saml-kit/compare/v1.0.13...v1.0.14
|
|
111
|
+
[1.0.13]: https://github.com/xlgmokha/saml-kit/compare/v1.0.12...v1.0.13
|
|
112
|
+
[1.0.12]: https://github.com/xlgmokha/saml-kit/compare/v1.0.11...v1.0.12
|
|
113
|
+
[1.0.11]: https://github.com/xlgmokha/saml-kit/compare/v1.0.10...v1.0.11
|
|
114
|
+
[1.0.10]: https://github.com/xlgmokha/saml-kit/compare/v1.0.9...v1.0.10
|
|
115
|
+
[1.0.9]: https://github.com/xlgmokha/saml-kit/compare/v1.0.8...v1.0.9
|
|
116
|
+
[1.0.8]: https://github.com/xlgmokha/saml-kit/compare/v1.0.7...v1.0.8
|
|
117
|
+
[1.0.7]: https://github.com/xlgmokha/saml-kit/compare/v1.0.6...v1.0.7
|
|
118
|
+
[1.0.6]: https://github.com/xlgmokha/saml-kit/compare/v1.0.5...v1.0.6
|
|
119
|
+
[1.0.5]: https://github.com/xlgmokha/saml-kit/compare/v1.0.4...v1.0.5
|
|
120
|
+
[1.0.4]: https://github.com/xlgmokha/saml-kit/compare/v1.0.3...v1.0.4
|
|
121
|
+
[1.0.3]: https://github.com/xlgmokha/saml-kit/compare/v1.0.2...v1.0.3
|
|
122
|
+
[1.0.2]: https://github.com/xlgmokha/saml-kit/compare/v1.0.1...v1.0.2
|
|
123
|
+
[1.0.1]: https://github.com/xlgmokha/saml-kit/compare/v1.0.0...v1.0.1
|
|
124
|
+
[1.0.0]: https://github.com/xlgmokha/saml-kit/compare/v0.3.6...v1.0.0
|
|
125
|
+
[0.3.6]: https://github.com/xlgmokha/saml-kit/compare/v0.3.5...v0.3.6
|
|
126
|
+
[0.3.5]: https://github.com/xlgmokha/saml-kit/compare/v0.3.4...v0.3.5
|
|
127
|
+
[0.3.4]: https://github.com/xlgmokha/saml-kit/compare/v0.3.3...v0.3.4
|
|
128
|
+
[0.3.3]: https://github.com/xlgmokha/saml-kit/compare/v0.3.2...v0.3.3
|
|
129
|
+
[0.3.2]: https://github.com/xlgmokha/saml-kit/compare/v0.3.1...v0.3.2
|
|
130
|
+
[0.3.1]: https://github.com/xlgmokha/saml-kit/compare/v0.3.0...v0.3.1
|
|
131
|
+
[0.3.0]: https://github.com/xlgmokha/saml-kit/compare/v0.2.18...v0.3.0
|
|
132
|
+
[0.2.18]: https://github.com/xlgmokha/saml-kit/compare/v0.2.17...v0.2.18
|
|
133
|
+
[0.2.17]: https://github.com/xlgmokha/saml-kit/compare/v0.2.16...v0.2.17
|
|
134
|
+
[0.2.16]: https://github.com/xlgmokha/saml-kit/compare/v0.2.15...v0.2.16
|
|
135
|
+
[0.2.15]: https://github.com/xlgmokha/saml-kit/compare/v0.2.14...v0.2.15
|
|
136
|
+
[0.2.14]: https://github.com/xlgmokha/saml-kit/compare/v0.2.13...v0.2.14
|
|
137
|
+
[0.2.13]: https://github.com/xlgmokha/saml-kit/compare/v0.2.12...v0.2.13
|
|
138
|
+
[0.2.12]: https://github.com/xlgmokha/saml-kit/compare/v0.2.11...v0.2.12
|
|
139
|
+
[0.2.11]: https://github.com/xlgmokha/saml-kit/compare/v0.2.10...v0.2.11
|
|
140
|
+
[0.2.10]: https://github.com/xlgmokha/saml-kit/compare/v0.2.9...v0.2.10
|
|
141
|
+
[0.2.9]: https://github.com/xlgmokha/saml-kit/compare/v0.2.8...v0.2.9
|
|
142
|
+
[0.2.8]: https://github.com/xlgmokha/saml-kit/compare/v0.2.7...v0.2.8
|
|
143
|
+
[0.2.7]: https://github.com/xlgmokha/saml-kit/compare/v0.2.6...v0.2.7
|
|
144
|
+
[0.2.6]: https://github.com/xlgmokha/saml-kit/compare/v0.2.5...v0.2.6
|
|
145
|
+
[0.2.5]: https://github.com/xlgmokha/saml-kit/compare/v0.2.4...v0.2.5
|
|
146
|
+
[0.2.4]: https://github.com/xlgmokha/saml-kit/compare/v0.2.3...v0.2.4
|
|
147
|
+
[0.2.3]: https://github.com/xlgmokha/saml-kit/compare/v0.2.2...v0.2.3
|
|
148
|
+
[0.2.2]: https://github.com/xlgmokha/saml-kit/compare/v0.2.1...v0.2.2
|
|
149
|
+
[0.2.1]: https://github.com/xlgmokha/saml-kit/compare/v0.1.0...v0.2.1
|
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
saml-kit (1.2.0)
|
|
5
|
+
activemodel (~> 5.1)
|
|
6
|
+
net-hippie (~> 0.1)
|
|
7
|
+
xml-kit (~> 0.4)
|
|
8
|
+
|
|
9
|
+
GEM
|
|
10
|
+
remote: https://rubygems.org/
|
|
11
|
+
specs:
|
|
12
|
+
activemodel (5.2.4.4)
|
|
13
|
+
activesupport (= 5.2.4.4)
|
|
14
|
+
activesupport (5.2.4.4)
|
|
15
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
16
|
+
i18n (>= 0.7, < 2)
|
|
17
|
+
minitest (~> 5.1)
|
|
18
|
+
tzinfo (~> 1.1)
|
|
19
|
+
addressable (2.7.0)
|
|
20
|
+
public_suffix (>= 2.0.2, < 5.0)
|
|
21
|
+
ast (2.4.2)
|
|
22
|
+
benchmark-malloc (0.2.0)
|
|
23
|
+
benchmark-perf (0.6.0)
|
|
24
|
+
benchmark-trend (0.4.0)
|
|
25
|
+
builder (3.2.4)
|
|
26
|
+
bundler-audit (0.7.0.1)
|
|
27
|
+
bundler (>= 1.2.0, < 3)
|
|
28
|
+
thor (>= 0.18, < 2)
|
|
29
|
+
concurrent-ruby (1.1.8)
|
|
30
|
+
crack (0.4.5)
|
|
31
|
+
rexml
|
|
32
|
+
diff-lcs (1.4.4)
|
|
33
|
+
docile (1.3.5)
|
|
34
|
+
ffaker (2.17.0)
|
|
35
|
+
hashdiff (1.0.1)
|
|
36
|
+
i18n (1.8.8)
|
|
37
|
+
concurrent-ruby (~> 1.0)
|
|
38
|
+
minitest (5.14.3)
|
|
39
|
+
net-hippie (0.3.2)
|
|
40
|
+
nokogiri (1.11.1-x86_64-linux)
|
|
41
|
+
racc (~> 1.4)
|
|
42
|
+
parallel (1.20.1)
|
|
43
|
+
parser (3.0.0.0)
|
|
44
|
+
ast (~> 2.4.1)
|
|
45
|
+
public_suffix (4.0.6)
|
|
46
|
+
racc (1.5.2)
|
|
47
|
+
rainbow (3.0.0)
|
|
48
|
+
rake (13.0.3)
|
|
49
|
+
regexp_parser (2.0.3)
|
|
50
|
+
rexml (3.2.4)
|
|
51
|
+
rspec (3.10.0)
|
|
52
|
+
rspec-core (~> 3.10.0)
|
|
53
|
+
rspec-expectations (~> 3.10.0)
|
|
54
|
+
rspec-mocks (~> 3.10.0)
|
|
55
|
+
rspec-benchmark (0.6.0)
|
|
56
|
+
benchmark-malloc (~> 0.2)
|
|
57
|
+
benchmark-perf (~> 0.6)
|
|
58
|
+
benchmark-trend (~> 0.4)
|
|
59
|
+
rspec (>= 3.0)
|
|
60
|
+
rspec-core (3.10.1)
|
|
61
|
+
rspec-support (~> 3.10.0)
|
|
62
|
+
rspec-expectations (3.10.1)
|
|
63
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
64
|
+
rspec-support (~> 3.10.0)
|
|
65
|
+
rspec-mocks (3.10.2)
|
|
66
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
|
67
|
+
rspec-support (~> 3.10.0)
|
|
68
|
+
rspec-support (3.10.2)
|
|
69
|
+
rubocop (0.93.1)
|
|
70
|
+
parallel (~> 1.10)
|
|
71
|
+
parser (>= 2.7.1.5)
|
|
72
|
+
rainbow (>= 2.2.2, < 4.0)
|
|
73
|
+
regexp_parser (>= 1.8)
|
|
74
|
+
rexml
|
|
75
|
+
rubocop-ast (>= 0.6.0)
|
|
76
|
+
ruby-progressbar (~> 1.7)
|
|
77
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
|
78
|
+
rubocop-ast (1.4.1)
|
|
79
|
+
parser (>= 2.7.1.5)
|
|
80
|
+
rubocop-rspec (1.44.1)
|
|
81
|
+
rubocop (~> 0.87)
|
|
82
|
+
rubocop-ast (>= 0.7.1)
|
|
83
|
+
ruby-prof (1.4.2)
|
|
84
|
+
ruby-progressbar (1.11.0)
|
|
85
|
+
simplecov (0.21.2)
|
|
86
|
+
docile (~> 1.1)
|
|
87
|
+
simplecov-html (~> 0.11)
|
|
88
|
+
simplecov_json_formatter (~> 0.1)
|
|
89
|
+
simplecov-html (0.12.3)
|
|
90
|
+
simplecov_json_formatter (0.1.2)
|
|
91
|
+
thor (1.1.0)
|
|
92
|
+
thread_safe (0.3.6)
|
|
93
|
+
tilt (2.0.10)
|
|
94
|
+
tzinfo (1.2.9)
|
|
95
|
+
thread_safe (~> 0.1)
|
|
96
|
+
unicode-display_width (1.7.0)
|
|
97
|
+
webmock (3.11.2)
|
|
98
|
+
addressable (>= 2.3.6)
|
|
99
|
+
crack (>= 0.3.2)
|
|
100
|
+
hashdiff (>= 0.4.0, < 2.0.0)
|
|
101
|
+
xml-kit (0.5.0)
|
|
102
|
+
activemodel (>= 4.2.0)
|
|
103
|
+
builder (~> 3.2)
|
|
104
|
+
nokogiri (~> 1.10)
|
|
105
|
+
tilt (>= 1.4.1)
|
|
106
|
+
xmldsig (~> 0.6)
|
|
107
|
+
xmldsig (0.6.6)
|
|
108
|
+
nokogiri (>= 1.6.8, < 2.0.0)
|
|
109
|
+
|
|
110
|
+
PLATFORMS
|
|
111
|
+
ruby
|
|
112
|
+
|
|
113
|
+
DEPENDENCIES
|
|
114
|
+
bundler (~> 2.0)
|
|
115
|
+
bundler-audit (~> 0.6)
|
|
116
|
+
ffaker (~> 2.7)
|
|
117
|
+
rake (~> 13.0)
|
|
118
|
+
rspec (~> 3.0)
|
|
119
|
+
rspec-benchmark (~> 0.3)
|
|
120
|
+
rubocop (~> 0.52)
|
|
121
|
+
rubocop-rspec (~> 1.22)
|
|
122
|
+
ruby-prof
|
|
123
|
+
saml-kit!
|
|
124
|
+
simplecov (~> 0.15)
|
|
125
|
+
webmock (~> 3.1)
|
|
126
|
+
|
|
127
|
+
BUNDLED WITH
|
|
128
|
+
2.1.4
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -1,17 +1,13 @@
|
|
|
1
|
-
|
|
2
2
|
|
|
3
3
|
*Logo courtesy of [@speasley](https://github.com/speasley)*
|
|
4
4
|
|
|
5
|
-
[](https://travis-ci.org/saml-kit/saml-kit)
|
|
6
|
-
[](https://codeclimate.com/github/saml-kit/saml-kit)
|
|
7
5
|
[](https://rubygems.org/gems/saml-kit)
|
|
8
|
-
[](https://hakiri.io/github/saml-kit/saml-kit/master)
|
|
9
|
-
[](https://codeclimate.com/github/saml-kit/saml-kit/test_coverage)
|
|
10
6
|
|
|
11
7
|
Saml::Kit is a library with the purpose of creating and consuming SAML
|
|
12
8
|
documents. It supports the HTTP Post and HTTP Redirect bindings. It can
|
|
13
9
|
create Service Provider Metadata, Identity Provider Metadata,
|
|
14
|
-
AuthnRequest, Response, LogoutRequest, LogoutResponse documents.
|
|
10
|
+
AuthnRequest, Response, LogoutRequest, LogoutResponse documents.
|
|
15
11
|
It also supports generating signed and encrypted assertions.
|
|
16
12
|
|
|
17
13
|
## Installation
|
|
@@ -249,13 +245,13 @@ puts [url, saml_params].inspect
|
|
|
249
245
|
|
|
250
246
|
## Development
|
|
251
247
|
|
|
252
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then, run `
|
|
248
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
253
249
|
|
|
254
250
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
255
251
|
|
|
256
252
|
## Contributing
|
|
257
253
|
|
|
258
|
-
Bug reports and pull requests are welcome on Github at https://github.com/
|
|
254
|
+
Bug reports and pull requests are welcome on Github at https://github.com/xlgmokha/saml-kit.
|
|
259
255
|
|
|
260
256
|
## License
|
|
261
257
|
|
data/Rakefile
CHANGED
data/lib/saml/kit/assertion.rb
CHANGED
|
@@ -106,7 +106,7 @@ module Saml
|
|
|
106
106
|
return unless @encrypted
|
|
107
107
|
|
|
108
108
|
@to_nokogiri = decryptor.decrypt_node(encrypted_assertion)
|
|
109
|
-
rescue
|
|
109
|
+
rescue StandardError => error
|
|
110
110
|
@cannot_decrypt = true
|
|
111
111
|
Saml::Kit.logger.error(error)
|
|
112
112
|
end
|
|
@@ -114,13 +114,13 @@ module Saml
|
|
|
114
114
|
def must_match_issuer
|
|
115
115
|
return if audiences.empty? || audiences.include?(configuration.entity_id)
|
|
116
116
|
|
|
117
|
-
errors
|
|
117
|
+
errors.add(:audience, error_message(:must_match_issuer))
|
|
118
118
|
end
|
|
119
119
|
|
|
120
120
|
def must_be_active_session
|
|
121
121
|
return if active?
|
|
122
122
|
|
|
123
|
-
errors
|
|
123
|
+
errors.add(:base, error_message(:expired))
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
def must_have_valid_signature
|
|
@@ -47,6 +47,11 @@ module Saml
|
|
|
47
47
|
at_xpath('./*/@AssertionConsumerServiceURL').try(:value)
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
+
# Returns the ForceAuthn attribute as a boolean.
|
|
51
|
+
def force_authn
|
|
52
|
+
at_xpath('./*/@ForceAuthn').try(:value) == 'true'
|
|
53
|
+
end
|
|
54
|
+
|
|
50
55
|
def name_id_format
|
|
51
56
|
name_id_policy
|
|
52
57
|
end
|
data/lib/saml/kit/bindings.rb
CHANGED
|
@@ -11,10 +11,10 @@ module Saml
|
|
|
11
11
|
# the different SAML bindings that are
|
|
12
12
|
# supported by this gem.
|
|
13
13
|
module Bindings
|
|
14
|
-
BINDINGS_2_0 = 'urn:oasis:names:tc:SAML:2.0:bindings'
|
|
15
|
-
HTTP_ARTIFACT = "#{BINDINGS_2_0}:HTTP-Artifact"
|
|
16
|
-
HTTP_POST = "#{BINDINGS_2_0}:HTTP-POST"
|
|
17
|
-
HTTP_REDIRECT = "#{BINDINGS_2_0}:HTTP-Redirect"
|
|
14
|
+
BINDINGS_2_0 = 'urn:oasis:names:tc:SAML:2.0:bindings'
|
|
15
|
+
HTTP_ARTIFACT = "#{BINDINGS_2_0}:HTTP-Artifact"
|
|
16
|
+
HTTP_POST = "#{BINDINGS_2_0}:HTTP-POST"
|
|
17
|
+
HTTP_REDIRECT = "#{BINDINGS_2_0}:HTTP-Redirect"
|
|
18
18
|
ALL = {
|
|
19
19
|
http_post: HTTP_POST,
|
|
20
20
|
http_redirect: HTTP_REDIRECT,
|
|
@@ -10,6 +10,7 @@ module Saml
|
|
|
10
10
|
attr_accessor :id, :now, :issuer, :assertion_consumer_service_url
|
|
11
11
|
attr_accessor :name_id_format, :destination
|
|
12
12
|
attr_accessor :version
|
|
13
|
+
attr_accessor :force_authn
|
|
13
14
|
attr_reader :configuration
|
|
14
15
|
|
|
15
16
|
def initialize(configuration: Saml::Kit.configuration)
|
|
@@ -36,10 +37,8 @@ module Saml
|
|
|
36
37
|
IssueInstant: now.utc.iso8601,
|
|
37
38
|
Destination: destination,
|
|
38
39
|
}
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
assertion_consumer_service_url
|
|
42
|
-
end
|
|
40
|
+
options[:ForceAuthn] = force_authn unless force_authn.nil?
|
|
41
|
+
options[:AssertionConsumerServiceURL] = assertion_consumer_service_url if assertion_consumer_service_url.present?
|
|
43
42
|
options
|
|
44
43
|
end
|
|
45
44
|
end
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
xml.instruct!
|
|
4
4
|
xml.LogoutRequest logout_request_options do
|
|
5
|
-
xml.Issuer(
|
|
5
|
+
xml.Issuer(issuer, xmlns: Saml::Kit::Namespaces::ASSERTION)
|
|
6
6
|
signature_for(reference_id: id, xml: xml)
|
|
7
7
|
xml.NameID name_id_options, user.name_id_for(name_id_format)
|
|
8
8
|
end
|
|
@@ -54,7 +54,7 @@ module Saml
|
|
|
54
54
|
|
|
55
55
|
signature.valid?
|
|
56
56
|
signature.errors.each do |attribute, error|
|
|
57
|
-
errors
|
|
57
|
+
errors.add(attribute, error)
|
|
58
58
|
end
|
|
59
59
|
end
|
|
60
60
|
|
|
@@ -62,14 +62,14 @@ module Saml
|
|
|
62
62
|
return unless expected_type?
|
|
63
63
|
return if provider.present?
|
|
64
64
|
|
|
65
|
-
errors
|
|
65
|
+
errors.add(:provider, error_message(:unregistered))
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
def must_be_trusted
|
|
69
69
|
return if trusted?
|
|
70
70
|
return if provider.present? && !signed?
|
|
71
71
|
|
|
72
|
-
errors
|
|
72
|
+
errors.add(:fingerprint, error_message(:invalid_fingerprint))
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
end
|
data/lib/saml/kit/document.rb
CHANGED
|
@@ -101,7 +101,7 @@ module Saml
|
|
|
101
101
|
end
|
|
102
102
|
|
|
103
103
|
def must_be_expected_type
|
|
104
|
-
errors
|
|
104
|
+
errors.add(:base, error_message(:invalid)) unless expected_type?
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
def expected_type?
|
|
@@ -112,7 +112,7 @@ module Saml
|
|
|
112
112
|
return unless expected_type?
|
|
113
113
|
return if version == '2.0'
|
|
114
114
|
|
|
115
|
-
errors
|
|
115
|
+
errors.add(:version, error_message(:invalid_version))
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
118
|
end
|
|
@@ -7,7 +7,7 @@ module Saml
|
|
|
7
7
|
# {include:file:spec/saml/kit/invalid_document_spec.rb}
|
|
8
8
|
class InvalidDocument < Document
|
|
9
9
|
validate do |model|
|
|
10
|
-
model.errors
|
|
10
|
+
model.errors.add(:base, model.error_message(:invalid))
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def initialize(xml, *)
|
data/lib/saml/kit/metadata.rb
CHANGED
|
@@ -182,7 +182,7 @@ module Saml
|
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
def must_contain_descriptor
|
|
185
|
-
errors
|
|
185
|
+
errors.add(:base, error_message(:invalid)) unless metadata
|
|
186
186
|
end
|
|
187
187
|
|
|
188
188
|
def must_match_xsd
|
|
@@ -193,7 +193,7 @@ module Saml
|
|
|
193
193
|
return if !signature.present? || signature.valid?
|
|
194
194
|
|
|
195
195
|
signature.errors.each do |attribute, error|
|
|
196
|
-
errors
|
|
196
|
+
errors.add(attribute, error)
|
|
197
197
|
end
|
|
198
198
|
end
|
|
199
199
|
end
|
data/lib/saml/kit/namespaces.rb
CHANGED
|
@@ -3,33 +3,33 @@
|
|
|
3
3
|
module Saml
|
|
4
4
|
module Kit
|
|
5
5
|
module Namespaces
|
|
6
|
-
SAML_2_0 = 'urn:oasis:names:tc:SAML:2.0'
|
|
7
|
-
SAML_1_1 = 'urn:oasis:names:tc:SAML:1.1'
|
|
8
|
-
ATTR_NAME_FORMAT = "#{SAML_2_0}:attrname-format"
|
|
9
|
-
NAME_ID_FORMAT_1_1 = "#{SAML_1_1}:nameid-format"
|
|
10
|
-
NAME_ID_FORMAT_2_0 = "#{SAML_2_0}:nameid-format"
|
|
11
|
-
STATUS = "#{SAML_2_0}:status"
|
|
6
|
+
SAML_2_0 = 'urn:oasis:names:tc:SAML:2.0'
|
|
7
|
+
SAML_1_1 = 'urn:oasis:names:tc:SAML:1.1'
|
|
8
|
+
ATTR_NAME_FORMAT = "#{SAML_2_0}:attrname-format"
|
|
9
|
+
NAME_ID_FORMAT_1_1 = "#{SAML_1_1}:nameid-format"
|
|
10
|
+
NAME_ID_FORMAT_2_0 = "#{SAML_2_0}:nameid-format"
|
|
11
|
+
STATUS = "#{SAML_2_0}:status"
|
|
12
12
|
|
|
13
|
-
ASSERTION = "#{SAML_2_0}:assertion"
|
|
14
|
-
ATTR_SPLAT = "#{ATTR_NAME_FORMAT}:*"
|
|
15
|
-
BASIC = "#{ATTR_NAME_FORMAT}:basic"
|
|
16
|
-
BEARER = "#{SAML_2_0}:cm:bearer"
|
|
17
|
-
EMAIL_ADDRESS = "#{NAME_ID_FORMAT_1_1}:emailAddress"
|
|
18
|
-
INVALID_NAME_ID_POLICY = "#{STATUS}:InvalidNameIDPolicy"
|
|
19
|
-
METADATA = "#{SAML_2_0}:metadata"
|
|
20
|
-
PASSWORD = "#{SAML_2_0}:ac:classes:Password"
|
|
13
|
+
ASSERTION = "#{SAML_2_0}:assertion"
|
|
14
|
+
ATTR_SPLAT = "#{ATTR_NAME_FORMAT}:*"
|
|
15
|
+
BASIC = "#{ATTR_NAME_FORMAT}:basic"
|
|
16
|
+
BEARER = "#{SAML_2_0}:cm:bearer"
|
|
17
|
+
EMAIL_ADDRESS = "#{NAME_ID_FORMAT_1_1}:emailAddress"
|
|
18
|
+
INVALID_NAME_ID_POLICY = "#{STATUS}:InvalidNameIDPolicy"
|
|
19
|
+
METADATA = "#{SAML_2_0}:metadata"
|
|
20
|
+
PASSWORD = "#{SAML_2_0}:ac:classes:Password"
|
|
21
21
|
PASSWORD_PROTECTED =
|
|
22
|
-
"#{SAML_2_0}:ac:classes:PasswordProtectedTransport"
|
|
23
|
-
PERSISTENT = "#{NAME_ID_FORMAT_2_0}:persistent"
|
|
24
|
-
PROTOCOL = "#{SAML_2_0}:protocol"
|
|
25
|
-
REQUESTER_ERROR = "#{STATUS}:Requester"
|
|
26
|
-
RESPONDER_ERROR = "#{STATUS}:Responder"
|
|
27
|
-
SUCCESS = "#{STATUS}:Success"
|
|
28
|
-
TRANSIENT = "#{NAME_ID_FORMAT_2_0}:transient"
|
|
29
|
-
UNSPECIFIED = "#{SAML_2_0}:consent:unspecified"
|
|
30
|
-
UNSPECIFIED_NAMEID = "#{NAME_ID_FORMAT_1_1}:unspecified"
|
|
31
|
-
URI = "#{ATTR_NAME_FORMAT}:uri"
|
|
32
|
-
VERSION_MISMATCH_ERROR = "#{STATUS}:VersionMismatch"
|
|
22
|
+
"#{SAML_2_0}:ac:classes:PasswordProtectedTransport"
|
|
23
|
+
PERSISTENT = "#{NAME_ID_FORMAT_2_0}:persistent"
|
|
24
|
+
PROTOCOL = "#{SAML_2_0}:protocol"
|
|
25
|
+
REQUESTER_ERROR = "#{STATUS}:Requester"
|
|
26
|
+
RESPONDER_ERROR = "#{STATUS}:Responder"
|
|
27
|
+
SUCCESS = "#{STATUS}:Success"
|
|
28
|
+
TRANSIENT = "#{NAME_ID_FORMAT_2_0}:transient"
|
|
29
|
+
UNSPECIFIED = "#{SAML_2_0}:consent:unspecified"
|
|
30
|
+
UNSPECIFIED_NAMEID = "#{NAME_ID_FORMAT_1_1}:unspecified"
|
|
31
|
+
URI = "#{ATTR_NAME_FORMAT}:uri"
|
|
32
|
+
VERSION_MISMATCH_ERROR = "#{STATUS}:VersionMismatch"
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
end
|
data/lib/saml/kit/response.rb
CHANGED
|
@@ -45,14 +45,14 @@ module Saml
|
|
|
45
45
|
assertion.valid?
|
|
46
46
|
assertion.errors.each do |attribute, error|
|
|
47
47
|
attribute = :assertion if attribute == :base
|
|
48
|
-
errors
|
|
48
|
+
errors.add(attribute, error)
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def must_contain_single_assertion
|
|
53
53
|
return if assertion_nodes.count <= 1
|
|
54
54
|
|
|
55
|
-
errors
|
|
55
|
+
errors.add(:base, error_message(:must_contain_single_assertion))
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
def assertion_nodes
|
data/lib/saml/kit/signature.rb
CHANGED
data/lib/saml/kit/version.rb
CHANGED
data/saml-kit.gemspec
CHANGED
|
@@ -12,9 +12,9 @@ Gem::Specification.new do |spec|
|
|
|
12
12
|
|
|
13
13
|
spec.summary = 'A simple toolkit for working with SAML.'
|
|
14
14
|
spec.description = 'A simple toolkit for working with SAML.'
|
|
15
|
-
spec.homepage = 'https://github.com/
|
|
15
|
+
spec.homepage = 'https://github.com/xlgmokha/saml-kit'
|
|
16
16
|
spec.license = 'MIT'
|
|
17
|
-
spec.required_ruby_version = '
|
|
17
|
+
spec.required_ruby_version = '~> 2.5'
|
|
18
18
|
|
|
19
19
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
20
20
|
(
|
|
@@ -28,13 +28,13 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
29
29
|
spec.require_paths = ['lib']
|
|
30
30
|
|
|
31
|
-
spec.add_dependency 'activemodel', '
|
|
32
|
-
spec.add_dependency 'net-hippie', '~> 0.1
|
|
33
|
-
spec.add_dependency 'xml-kit', '
|
|
34
|
-
spec.add_development_dependency 'bundler', '~>
|
|
31
|
+
spec.add_dependency 'activemodel', '~> 5.1'
|
|
32
|
+
spec.add_dependency 'net-hippie', '~> 0.1'
|
|
33
|
+
spec.add_dependency 'xml-kit', '~> 0.4'
|
|
34
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
|
35
35
|
spec.add_development_dependency 'bundler-audit', '~> 0.6'
|
|
36
36
|
spec.add_development_dependency 'ffaker', '~> 2.7'
|
|
37
|
-
spec.add_development_dependency 'rake', '~>
|
|
37
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
|
38
38
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
|
39
39
|
spec.add_development_dependency 'rspec-benchmark', '~> 0.3'
|
|
40
40
|
spec.add_development_dependency 'rubocop', '~> 0.52'
|
metadata
CHANGED
|
@@ -1,77 +1,71 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml-kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mo khan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activemodel
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '5.1'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '5.1'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: net-hippie
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.1
|
|
33
|
+
version: '0.1'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.1
|
|
40
|
+
version: '0.1'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: xml-kit
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - "
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.1.13
|
|
48
|
-
- - "<="
|
|
45
|
+
- - "~>"
|
|
49
46
|
- !ruby/object:Gem::Version
|
|
50
|
-
version:
|
|
47
|
+
version: '0.4'
|
|
51
48
|
type: :runtime
|
|
52
49
|
prerelease: false
|
|
53
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
54
51
|
requirements:
|
|
55
|
-
- - "
|
|
56
|
-
- !ruby/object:Gem::Version
|
|
57
|
-
version: 0.1.13
|
|
58
|
-
- - "<="
|
|
52
|
+
- - "~>"
|
|
59
53
|
- !ruby/object:Gem::Version
|
|
60
|
-
version:
|
|
54
|
+
version: '0.4'
|
|
61
55
|
- !ruby/object:Gem::Dependency
|
|
62
56
|
name: bundler
|
|
63
57
|
requirement: !ruby/object:Gem::Requirement
|
|
64
58
|
requirements:
|
|
65
59
|
- - "~>"
|
|
66
60
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: '
|
|
61
|
+
version: '2.0'
|
|
68
62
|
type: :development
|
|
69
63
|
prerelease: false
|
|
70
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
65
|
requirements:
|
|
72
66
|
- - "~>"
|
|
73
67
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: '
|
|
68
|
+
version: '2.0'
|
|
75
69
|
- !ruby/object:Gem::Dependency
|
|
76
70
|
name: bundler-audit
|
|
77
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,14 +100,14 @@ dependencies:
|
|
|
106
100
|
requirements:
|
|
107
101
|
- - "~>"
|
|
108
102
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: '
|
|
103
|
+
version: '13.0'
|
|
110
104
|
type: :development
|
|
111
105
|
prerelease: false
|
|
112
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
113
107
|
requirements:
|
|
114
108
|
- - "~>"
|
|
115
109
|
- !ruby/object:Gem::Version
|
|
116
|
-
version: '
|
|
110
|
+
version: '13.0'
|
|
117
111
|
- !ruby/object:Gem::Dependency
|
|
118
112
|
name: rspec
|
|
119
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -222,7 +216,9 @@ executables:
|
|
|
222
216
|
extensions: []
|
|
223
217
|
extra_rdoc_files: []
|
|
224
218
|
files:
|
|
219
|
+
- CHANGELOG.md
|
|
225
220
|
- Gemfile
|
|
221
|
+
- Gemfile.lock
|
|
226
222
|
- LICENSE.txt
|
|
227
223
|
- README.md
|
|
228
224
|
- Rakefile
|
|
@@ -321,7 +317,7 @@ files:
|
|
|
321
317
|
- spec/examples/response_spec.rb
|
|
322
318
|
- spec/examples/saml-kit.gif
|
|
323
319
|
- spec/examples/service_provider_metadata_spec.rb
|
|
324
|
-
homepage: https://github.com/
|
|
320
|
+
homepage: https://github.com/xlgmokha/saml-kit
|
|
325
321
|
licenses:
|
|
326
322
|
- MIT
|
|
327
323
|
metadata:
|
|
@@ -332,17 +328,16 @@ require_paths:
|
|
|
332
328
|
- lib
|
|
333
329
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
334
330
|
requirements:
|
|
335
|
-
- - "
|
|
331
|
+
- - "~>"
|
|
336
332
|
- !ruby/object:Gem::Version
|
|
337
|
-
version: 2.
|
|
333
|
+
version: '2.5'
|
|
338
334
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
339
335
|
requirements:
|
|
340
336
|
- - ">="
|
|
341
337
|
- !ruby/object:Gem::Version
|
|
342
338
|
version: '0'
|
|
343
339
|
requirements: []
|
|
344
|
-
|
|
345
|
-
rubygems_version: 2.7.6
|
|
340
|
+
rubygems_version: 3.1.4
|
|
346
341
|
signing_key:
|
|
347
342
|
specification_version: 4
|
|
348
343
|
summary: A simple toolkit for working with SAML.
|