saml2 1.1.3 → 1.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/saml2/authn_request.rb +15 -0
- data/lib/saml2/bindings/http_post.rb +7 -0
- data/lib/saml2/endpoint.rb +4 -3
- data/lib/saml2/indexed_object.rb +17 -8
- data/lib/saml2/service_provider.rb +2 -2
- data/lib/saml2/version.rb +1 -1
- data/spec/lib/authn_request_spec.rb +2 -5
- data/spec/lib/service_provider_spec.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d7d5c5444ba487bb6a231a2b42b51032497a4676
|
4
|
+
data.tar.gz: 8851a491f0846b07d16522c7511336e416e3636d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26d24e54a21ece33cc931f2534be59b53dc66707688d96f19913313a50c75276822daf6e80f587549a958b3ae44b1f73b82b65e526eb55059a17e106db5e09e0
|
7
|
+
data.tar.gz: 54265e05b0d014b86ae07199cf9cc90f33b78decaed88218e9e923bda9048a523fccb92f365c74832d598a2dfd066e35a38c1cd236c35aada156eb0991c4cd9f
|
data/lib/saml2/authn_request.rb
CHANGED
@@ -31,6 +31,21 @@ module SAML2
|
|
31
31
|
:protocol_binding
|
32
32
|
attr_accessor :requested_authn_context
|
33
33
|
|
34
|
+
def self.initiate(issuer, identity_provider = nil,
|
35
|
+
assertion_consumer_service: nil,
|
36
|
+
service_provider: nil)
|
37
|
+
authn_request = new
|
38
|
+
authn_request.issuer = issuer
|
39
|
+
authn_request.destination = identity_provider.single_sign_on_services.first.location if identity_provider
|
40
|
+
authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED)
|
41
|
+
assertion_consumer_service ||= service_provider.assertion_consumer_services.default if service_provider
|
42
|
+
if assertion_consumer_service
|
43
|
+
authn_request.protocol_binding = assertion_consumer_service.binding
|
44
|
+
authn_request.assertion_consumer_service_url = assertion_consumer_service.location
|
45
|
+
end
|
46
|
+
authn_request
|
47
|
+
end
|
48
|
+
|
34
49
|
def valid_web_browser_sso_profile?
|
35
50
|
return false unless issuer
|
36
51
|
return false if issuer.format && issuer.format != NameID::Format::ENTITY
|
data/lib/saml2/endpoint.rb
CHANGED
@@ -1,15 +1,16 @@
|
|
1
1
|
require 'saml2/bindings/http_redirect'
|
2
|
+
require 'saml2/bindings/http_post'
|
2
3
|
|
3
4
|
module SAML2
|
4
5
|
class Endpoint < Base
|
5
6
|
module Bindings
|
6
|
-
HTTP_POST =
|
7
|
+
HTTP_POST = ::SAML2::Bindings::HTTP_POST::URN
|
7
8
|
HTTP_REDIRECT = ::SAML2::Bindings::HTTPRedirect::URN
|
8
9
|
end
|
9
10
|
|
10
11
|
attr_reader :location, :binding
|
11
12
|
|
12
|
-
def initialize(location = nil, binding = Bindings::HTTP_POST)
|
13
|
+
def initialize(location = nil, binding = ::SAML2::Bindings::HTTP_POST::URN)
|
13
14
|
@location, @binding = location, binding
|
14
15
|
end
|
15
16
|
|
@@ -30,7 +31,7 @@ module SAML2
|
|
30
31
|
class Indexed < Endpoint
|
31
32
|
include IndexedObject
|
32
33
|
|
33
|
-
def initialize(location = nil, index = nil, is_default = nil, binding = Bindings::HTTP_POST)
|
34
|
+
def initialize(location = nil, index = nil, is_default = nil, binding = ::SAML2::Bindings::HTTP_POST::URN)
|
34
35
|
super(location, binding)
|
35
36
|
@index, @is_default = index, is_default
|
36
37
|
end
|
data/lib/saml2/indexed_object.rb
CHANGED
@@ -33,16 +33,12 @@ module SAML2
|
|
33
33
|
attr_reader :default
|
34
34
|
|
35
35
|
def self.from_xml(nodes)
|
36
|
-
new(nodes.map { |node| name.split('::')[1..-2].inject(SAML2) { |mod, klass| mod.const_get(klass) }.from_xml(node) })
|
36
|
+
new(nodes.map { |node| name.split('::')[1..-2].inject(SAML2) { |mod, klass| mod.const_get(klass) }.from_xml(node) }).freeze
|
37
37
|
end
|
38
38
|
|
39
|
-
def initialize(objects)
|
40
|
-
replace(objects.sort_by { |object| object.index || 0 })
|
41
|
-
|
42
|
-
each { |object| @index[object.index] = object }
|
43
|
-
@default = find { |object| object.default? } || first
|
44
|
-
|
45
|
-
freeze
|
39
|
+
def initialize(objects = nil)
|
40
|
+
replace(objects.sort_by { |object| object.index || 0 }) if objects
|
41
|
+
re_index
|
46
42
|
end
|
47
43
|
|
48
44
|
def [](index)
|
@@ -52,6 +48,19 @@ module SAML2
|
|
52
48
|
def resolve(index)
|
53
49
|
index ? self[index] : default
|
54
50
|
end
|
51
|
+
|
52
|
+
def <<(value)
|
53
|
+
super
|
54
|
+
re_index
|
55
|
+
end
|
56
|
+
|
57
|
+
protected
|
58
|
+
|
59
|
+
def re_index
|
60
|
+
@index = {}
|
61
|
+
each { |object| @index[object.index] = object }
|
62
|
+
@default = find { |object| object.default? } || first
|
63
|
+
end
|
55
64
|
end
|
56
65
|
|
57
66
|
def build(builder, *)
|
@@ -7,8 +7,8 @@ module SAML2
|
|
7
7
|
class ServiceProvider < SSO
|
8
8
|
def initialize
|
9
9
|
super
|
10
|
-
@assertion_consumer_services =
|
11
|
-
@attribute_consuming_services =
|
10
|
+
@assertion_consumer_services = Endpoint::Indexed::Array.new
|
11
|
+
@attribute_consuming_services = AttributeConsumingService::Array.new
|
12
12
|
end
|
13
13
|
|
14
14
|
def from_xml(node)
|
data/lib/saml2/version.rb
CHANGED
@@ -52,11 +52,8 @@ module SAML2
|
|
52
52
|
end
|
53
53
|
|
54
54
|
it 'serializes valid XML' do
|
55
|
-
authn_request = AuthnRequest.new
|
56
|
-
|
57
|
-
authn_request.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
58
|
-
authn_request.assertion_consumer_service_url = 'https://somewhere/'
|
59
|
-
authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED)
|
55
|
+
authn_request = AuthnRequest.initiate(NameID.new("entity"),
|
56
|
+
assertion_consumer_service: Endpoint.new('https://somewhere/'))
|
60
57
|
authn_request.requested_authn_context = RequestedAuthnContext.new
|
61
58
|
authn_request.requested_authn_context.class_ref = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
62
59
|
authn_request.requested_authn_context.comparison = :exact
|
@@ -13,7 +13,7 @@ module SAML2
|
|
13
13
|
|
14
14
|
sp = ServiceProvider.new
|
15
15
|
sp.single_logout_services << Endpoint.new('https://sso.canvaslms.com/SAML2/Logout',
|
16
|
-
|
16
|
+
Bindings::HTTPRedirect::URN)
|
17
17
|
sp.assertion_consumer_services << Endpoint::Indexed.new('https://sso.canvaslms.com/SAML2/Login1', 0)
|
18
18
|
sp.assertion_consumer_services << Endpoint::Indexed.new('https://sso.canvaslms.com/SAML2/Login2', 1)
|
19
19
|
sp.keys << Key.new('somedata', Key::Type::ENCRYPTION, [Key::EncryptionMethod.new])
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cody Cutrer
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-11-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -137,6 +137,7 @@ files:
|
|
137
137
|
- lib/saml2/authn_statement.rb
|
138
138
|
- lib/saml2/base.rb
|
139
139
|
- lib/saml2/bindings.rb
|
140
|
+
- lib/saml2/bindings/http_post.rb
|
140
141
|
- lib/saml2/bindings/http_redirect.rb
|
141
142
|
- lib/saml2/conditions.rb
|
142
143
|
- lib/saml2/contact.rb
|
@@ -220,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
220
221
|
version: '0'
|
221
222
|
requirements: []
|
222
223
|
rubyforge_project:
|
223
|
-
rubygems_version: 2.6.
|
224
|
+
rubygems_version: 2.6.10
|
224
225
|
signing_key:
|
225
226
|
specification_version: 4
|
226
227
|
summary: SAML 2.0 Library
|