saml2 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml2/assertion.rb +4 -0
- data/lib/saml2/key.rb +1 -1
- data/lib/saml2/response.rb +0 -1
- data/lib/saml2/version.rb +1 -1
- data/spec/fixtures/response_signed.xml +9 -9
- data/spec/fixtures/response_with_attribute_signed.xml +9 -9
- data/spec/lib/response_spec.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b7d46d26e196c43de38dbea14bf3be6bbd0e212
|
|
4
|
+
data.tar.gz: 4eb34e5bec906dff3f6ebb748ec13f4aeee113da
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 22b0948988e9aa48b0919f9df1e1831e84bc6f15cedd8a820e3e844232302e1a7e538b4a576d067048c3bb5ba8ec314a6eec54422eb80d76c5c2aa050da7f311
|
|
7
|
+
data.tar.gz: 4564507cda91f5aea94e4b7102ac433c27b80de8b889416e0a8c5b9f94ed1c99aab5dc87880a6b289e84ba86249bb7d89d2d4669eae8ad7797175134c7d34f8d
|
data/lib/saml2/assertion.rb
CHANGED
|
@@ -14,6 +14,10 @@ module SAML2
|
|
|
14
14
|
|
|
15
15
|
@xml.set_id_attribute('ID')
|
|
16
16
|
@xml.sign!(cert: x509_certificate, key: private_key, digest_alg: algorithm_name.to_s, signature_alg: "rsa-#{algorithm_name}", uri: "##{id}")
|
|
17
|
+
# the Signature element must be right after the Issuer, so put it there
|
|
18
|
+
issuer = @xml.at_xpath("saml:Issuer", Namespaces::ALL)
|
|
19
|
+
signature = @xml.at_xpath("dsig:Signature", Namespaces::ALL)
|
|
20
|
+
issuer.add_next_sibling(signature)
|
|
17
21
|
self
|
|
18
22
|
end
|
|
19
23
|
|
data/lib/saml2/key.rb
CHANGED
|
@@ -18,7 +18,7 @@ module SAML2
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def initialize(x509, use = nil, encryption_methods = [])
|
|
21
|
-
@use, @x509, @encryption_methods = use, x509, encryption_methods
|
|
21
|
+
@use, @x509, @encryption_methods = use, x509.gsub(/\w*-+(BEGIN|END) CERTIFICATE-+\w*/, "").strip, encryption_methods
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def encryption?
|
data/lib/saml2/response.rb
CHANGED
|
@@ -39,7 +39,6 @@ module SAML2
|
|
|
39
39
|
assertion.subject.name_id = name_id
|
|
40
40
|
assertion.subject.confirmation = Subject::Confirmation.new
|
|
41
41
|
assertion.subject.confirmation.method = Subject::Confirmation::Methods::BEARER
|
|
42
|
-
assertion.subject.confirmation.not_before = Time.now.utc
|
|
43
42
|
assertion.subject.confirmation.not_on_or_after = Time.now.utc + 30
|
|
44
43
|
assertion.subject.confirmation.recipient = response.destination if response.destination
|
|
45
44
|
assertion.issuer = issuer
|
data/lib/saml2/version.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><
|
|
2
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
3
3
|
<SignedInfo>
|
|
4
4
|
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
5
5
|
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
|
@@ -9,15 +9,15 @@
|
|
|
9
9
|
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
10
10
|
</Transforms>
|
|
11
11
|
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
|
12
|
-
<DigestValue>
|
|
12
|
+
<DigestValue>dRjiJ4yQ4ujjWB87gOoYZ5sYaUVJc0SSH2YzWwH+Z4Y=</DigestValue>
|
|
13
13
|
</Reference>
|
|
14
14
|
</SignedInfo>
|
|
15
|
-
<SignatureValue>
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
15
|
+
<SignatureValue>jJYv2J8bXQSnDT48bb3/K2iV/gIUDGC5w+Q4HJ9MAPBuyhupHDTCb1XwrjJHurx0
|
|
16
|
+
QLxo8RqgIeZKDj0bKiy8zdVn2+9SX6bHYOl4Ca0lNVHE0vum2nlZwsfLALf2oBpo
|
|
17
|
+
fr11sln9SXlHbI+6tcd9j49uUjIj5jpPWdY6jEwoOTLMcsVdrxwpxAF1USDSGEpI
|
|
18
|
+
omFtlxj0sdfo+0VwjPkdlDL3Cl66uTa2t1ZXJxY4dXqzyFyuRsfEBe4FtXYvo0g9
|
|
19
|
+
GuAW2UCuMhXzGl+CJHAfIG9yYPe+YTE7HOy8t+OteHkN6ZalI5CW53zmGQs3oMWQ
|
|
20
|
+
QOgTrVgJMSDhFZqpoIvVLg==</SignatureValue>
|
|
21
21
|
<KeyInfo>
|
|
22
22
|
<X509Data>
|
|
23
23
|
<X509Certificate>MIID+jCCAuKgAwIBAgIJAIz/He5UafnhMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
|
|
@@ -44,4 +44,4 @@ Cg8Yo62X9vWW6PaKXHs3N+g1Ig16NwjdVIYvcxLc2KY0vrqu/R5c8RbmCxMZyss9
|
|
|
44
44
|
ZtltN+yN40INHGRWnHc=</X509Certificate>
|
|
45
45
|
</X509Data>
|
|
46
46
|
</KeyInfo>
|
|
47
|
-
</Signature></saml:Assertion></samlp:Response>
|
|
47
|
+
</Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">jacob</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2015-02-12T22:54:29Z" Recipient="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"/></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2015-02-12T22:51:29Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><
|
|
2
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
3
3
|
<SignedInfo>
|
|
4
4
|
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
5
5
|
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
|
@@ -9,15 +9,15 @@
|
|
|
9
9
|
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
10
10
|
</Transforms>
|
|
11
11
|
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
|
12
|
-
<DigestValue>
|
|
12
|
+
<DigestValue>cNsW8tqrcA6HB+H8gOA5bAswPLLyN8tH9j53exrhfjU=</DigestValue>
|
|
13
13
|
</Reference>
|
|
14
14
|
</SignedInfo>
|
|
15
|
-
<SignatureValue>
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
15
|
+
<SignatureValue>JuL8PNrAiqNODwMa94qvvJMPEpjFG0yAbd58Rj7iUTeiAYE+26k9xRvYTsF3z3Va
|
|
16
|
+
Xt3yOBZFoOt40AwKiZ3sqPnCM5GrBtrApcRcBoxBYwr/2bSGfhoIxO1Y51VHBOTM
|
|
17
|
+
SoBkLUNJAPI6YJtJF2CZJA1Gv92/n/PMvQFDK2LHN/0Jbcy8ebvg1q/Wu9vJIgcY
|
|
18
|
+
TIan4wrByBQHX16CNR+JDrdBIxe/GKI+6GzGsRr+V9CgLRdyvpevFLYFmmn1gOx7
|
|
19
|
+
gLypwLteGo0eX5nclwVD0N6GjqUpW8eYGPFUiErgZp36DZBXy9sCT8Pz1h35daXs
|
|
20
|
+
8dfw7cO59iYT4vSDFqIE6A==</SignatureValue>
|
|
21
21
|
<KeyInfo>
|
|
22
22
|
<X509Data>
|
|
23
23
|
<X509Certificate>MIID+jCCAuKgAwIBAgIJAIz/He5UafnhMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
|
|
@@ -44,4 +44,4 @@ Cg8Yo62X9vWW6PaKXHs3N+g1Ig16NwjdVIYvcxLc2KY0vrqu/R5c8RbmCxMZyss9
|
|
|
44
44
|
ZtltN+yN40INHGRWnHc=</X509Certificate>
|
|
45
45
|
</X509Data>
|
|
46
46
|
</KeyInfo>
|
|
47
|
-
</Signature></saml:Assertion></samlp:Response>
|
|
47
|
+
</Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">jacob</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2015-02-12T22:54:29Z" Recipient="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"/></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2015-02-12T22:51:29Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" Name="urn:oid:2.5.4.42" FriendlyName="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" x500:Encoding="LDAP"><saml:AttributeValue xsi:type="xsd:string">cody</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
data/spec/lib/response_spec.rb
CHANGED
|
@@ -30,7 +30,6 @@ module SAML2
|
|
|
30
30
|
assertion.instance_variable_set(:@issue_instant, Time.parse("2015-02-12T22:51:29Z"))
|
|
31
31
|
assertion.statements.first.authn_instant = Time.parse("2015-02-12T22:51:29Z")
|
|
32
32
|
confirmation = assertion.subject.confirmation
|
|
33
|
-
confirmation.not_before = Time.parse("2015-02-12T22:51:29Z")
|
|
34
33
|
confirmation.not_on_or_after = Time.parse("2015-02-12T22:54:29Z")
|
|
35
34
|
confirmation.recipient = response.destination
|
|
36
35
|
confirmation.in_response_to = response.in_response_to
|
|
@@ -39,6 +38,7 @@ module SAML2
|
|
|
39
38
|
it "should generate a valid signature" do
|
|
40
39
|
freeze_response
|
|
41
40
|
response.sign(fixture('certificate.pem'), fixture('privatekey.key'))
|
|
41
|
+
Schemas.protocol.validate(response.to_xml).must_equal []
|
|
42
42
|
# verifiable on the command line with:
|
|
43
43
|
# xmlsec1 --verify --pubkey-cert-pem certificate.pem --privkey-pem privatekey.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion response_signed.xml
|
|
44
44
|
response.to_s.must_equal fixture('response_signed.xml')
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cody Cutrer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-03-
|
|
11
|
+
date: 2015-03-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|