saml2 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml2/authn_request.rb +15 -0
- data/lib/saml2/bindings/http_post.rb +7 -0
- data/lib/saml2/endpoint.rb +4 -3
- data/lib/saml2/indexed_object.rb +17 -8
- data/lib/saml2/service_provider.rb +2 -2
- data/lib/saml2/version.rb +1 -1
- data/spec/lib/authn_request_spec.rb +2 -5
- data/spec/lib/service_provider_spec.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d7d5c5444ba487bb6a231a2b42b51032497a4676
|
|
4
|
+
data.tar.gz: 8851a491f0846b07d16522c7511336e416e3636d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 26d24e54a21ece33cc931f2534be59b53dc66707688d96f19913313a50c75276822daf6e80f587549a958b3ae44b1f73b82b65e526eb55059a17e106db5e09e0
|
|
7
|
+
data.tar.gz: 54265e05b0d014b86ae07199cf9cc90f33b78decaed88218e9e923bda9048a523fccb92f365c74832d598a2dfd066e35a38c1cd236c35aada156eb0991c4cd9f
|
data/lib/saml2/authn_request.rb
CHANGED
|
@@ -31,6 +31,21 @@ module SAML2
|
|
|
31
31
|
:protocol_binding
|
|
32
32
|
attr_accessor :requested_authn_context
|
|
33
33
|
|
|
34
|
+
def self.initiate(issuer, identity_provider = nil,
|
|
35
|
+
assertion_consumer_service: nil,
|
|
36
|
+
service_provider: nil)
|
|
37
|
+
authn_request = new
|
|
38
|
+
authn_request.issuer = issuer
|
|
39
|
+
authn_request.destination = identity_provider.single_sign_on_services.first.location if identity_provider
|
|
40
|
+
authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED)
|
|
41
|
+
assertion_consumer_service ||= service_provider.assertion_consumer_services.default if service_provider
|
|
42
|
+
if assertion_consumer_service
|
|
43
|
+
authn_request.protocol_binding = assertion_consumer_service.binding
|
|
44
|
+
authn_request.assertion_consumer_service_url = assertion_consumer_service.location
|
|
45
|
+
end
|
|
46
|
+
authn_request
|
|
47
|
+
end
|
|
48
|
+
|
|
34
49
|
def valid_web_browser_sso_profile?
|
|
35
50
|
return false unless issuer
|
|
36
51
|
return false if issuer.format && issuer.format != NameID::Format::ENTITY
|
data/lib/saml2/endpoint.rb
CHANGED
|
@@ -1,15 +1,16 @@
|
|
|
1
1
|
require 'saml2/bindings/http_redirect'
|
|
2
|
+
require 'saml2/bindings/http_post'
|
|
2
3
|
|
|
3
4
|
module SAML2
|
|
4
5
|
class Endpoint < Base
|
|
5
6
|
module Bindings
|
|
6
|
-
HTTP_POST =
|
|
7
|
+
HTTP_POST = ::SAML2::Bindings::HTTP_POST::URN
|
|
7
8
|
HTTP_REDIRECT = ::SAML2::Bindings::HTTPRedirect::URN
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
attr_reader :location, :binding
|
|
11
12
|
|
|
12
|
-
def initialize(location = nil, binding = Bindings::HTTP_POST)
|
|
13
|
+
def initialize(location = nil, binding = ::SAML2::Bindings::HTTP_POST::URN)
|
|
13
14
|
@location, @binding = location, binding
|
|
14
15
|
end
|
|
15
16
|
|
|
@@ -30,7 +31,7 @@ module SAML2
|
|
|
30
31
|
class Indexed < Endpoint
|
|
31
32
|
include IndexedObject
|
|
32
33
|
|
|
33
|
-
def initialize(location = nil, index = nil, is_default = nil, binding = Bindings::HTTP_POST)
|
|
34
|
+
def initialize(location = nil, index = nil, is_default = nil, binding = ::SAML2::Bindings::HTTP_POST::URN)
|
|
34
35
|
super(location, binding)
|
|
35
36
|
@index, @is_default = index, is_default
|
|
36
37
|
end
|
data/lib/saml2/indexed_object.rb
CHANGED
|
@@ -33,16 +33,12 @@ module SAML2
|
|
|
33
33
|
attr_reader :default
|
|
34
34
|
|
|
35
35
|
def self.from_xml(nodes)
|
|
36
|
-
new(nodes.map { |node| name.split('::')[1..-2].inject(SAML2) { |mod, klass| mod.const_get(klass) }.from_xml(node) })
|
|
36
|
+
new(nodes.map { |node| name.split('::')[1..-2].inject(SAML2) { |mod, klass| mod.const_get(klass) }.from_xml(node) }).freeze
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
def initialize(objects)
|
|
40
|
-
replace(objects.sort_by { |object| object.index || 0 })
|
|
41
|
-
|
|
42
|
-
each { |object| @index[object.index] = object }
|
|
43
|
-
@default = find { |object| object.default? } || first
|
|
44
|
-
|
|
45
|
-
freeze
|
|
39
|
+
def initialize(objects = nil)
|
|
40
|
+
replace(objects.sort_by { |object| object.index || 0 }) if objects
|
|
41
|
+
re_index
|
|
46
42
|
end
|
|
47
43
|
|
|
48
44
|
def [](index)
|
|
@@ -52,6 +48,19 @@ module SAML2
|
|
|
52
48
|
def resolve(index)
|
|
53
49
|
index ? self[index] : default
|
|
54
50
|
end
|
|
51
|
+
|
|
52
|
+
def <<(value)
|
|
53
|
+
super
|
|
54
|
+
re_index
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
protected
|
|
58
|
+
|
|
59
|
+
def re_index
|
|
60
|
+
@index = {}
|
|
61
|
+
each { |object| @index[object.index] = object }
|
|
62
|
+
@default = find { |object| object.default? } || first
|
|
63
|
+
end
|
|
55
64
|
end
|
|
56
65
|
|
|
57
66
|
def build(builder, *)
|
|
@@ -7,8 +7,8 @@ module SAML2
|
|
|
7
7
|
class ServiceProvider < SSO
|
|
8
8
|
def initialize
|
|
9
9
|
super
|
|
10
|
-
@assertion_consumer_services =
|
|
11
|
-
@attribute_consuming_services =
|
|
10
|
+
@assertion_consumer_services = Endpoint::Indexed::Array.new
|
|
11
|
+
@attribute_consuming_services = AttributeConsumingService::Array.new
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def from_xml(node)
|
data/lib/saml2/version.rb
CHANGED
|
@@ -52,11 +52,8 @@ module SAML2
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
it 'serializes valid XML' do
|
|
55
|
-
authn_request = AuthnRequest.new
|
|
56
|
-
|
|
57
|
-
authn_request.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
58
|
-
authn_request.assertion_consumer_service_url = 'https://somewhere/'
|
|
59
|
-
authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED)
|
|
55
|
+
authn_request = AuthnRequest.initiate(NameID.new("entity"),
|
|
56
|
+
assertion_consumer_service: Endpoint.new('https://somewhere/'))
|
|
60
57
|
authn_request.requested_authn_context = RequestedAuthnContext.new
|
|
61
58
|
authn_request.requested_authn_context.class_ref = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
|
62
59
|
authn_request.requested_authn_context.comparison = :exact
|
|
@@ -13,7 +13,7 @@ module SAML2
|
|
|
13
13
|
|
|
14
14
|
sp = ServiceProvider.new
|
|
15
15
|
sp.single_logout_services << Endpoint.new('https://sso.canvaslms.com/SAML2/Logout',
|
|
16
|
-
|
|
16
|
+
Bindings::HTTPRedirect::URN)
|
|
17
17
|
sp.assertion_consumer_services << Endpoint::Indexed.new('https://sso.canvaslms.com/SAML2/Login1', 0)
|
|
18
18
|
sp.assertion_consumer_services << Endpoint::Indexed.new('https://sso.canvaslms.com/SAML2/Login2', 1)
|
|
19
19
|
sp.keys << Key.new('somedata', Key::Type::ENCRYPTION, [Key::EncryptionMethod.new])
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cody Cutrer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -137,6 +137,7 @@ files:
|
|
|
137
137
|
- lib/saml2/authn_statement.rb
|
|
138
138
|
- lib/saml2/base.rb
|
|
139
139
|
- lib/saml2/bindings.rb
|
|
140
|
+
- lib/saml2/bindings/http_post.rb
|
|
140
141
|
- lib/saml2/bindings/http_redirect.rb
|
|
141
142
|
- lib/saml2/conditions.rb
|
|
142
143
|
- lib/saml2/contact.rb
|
|
@@ -220,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
220
221
|
version: '0'
|
|
221
222
|
requirements: []
|
|
222
223
|
rubyforge_project:
|
|
223
|
-
rubygems_version: 2.6.
|
|
224
|
+
rubygems_version: 2.6.10
|
|
224
225
|
signing_key:
|
|
225
226
|
specification_version: 4
|
|
226
227
|
summary: SAML 2.0 Library
|