saml2 3.0.6 → 3.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/saml2/entity.rb +2 -2
- data/lib/saml2/response.rb +2 -0
- data/lib/saml2/schemas.rb +1 -5
- data/lib/saml2/service_provider.rb +2 -0
- data/lib/saml2/signable.rb +5 -5
- data/lib/saml2/version.rb +1 -1
- data/schemas/metadata_combined.xsd +13 -0
- data/schemas/sstc-saml-metadata-ext-query.xsd +66 -0
- data/spec/fixtures/identity_provider.xml +1 -1
- data/spec/fixtures/response_assertion_signed_reffed_from_response.xml +6 -0
- data/spec/fixtures/service_provider.xml +1 -1
- data/spec/lib/attribute_consuming_service_spec.rb +2 -0
- data/spec/lib/attribute_spec.rb +2 -0
- data/spec/lib/authn_request_spec.rb +2 -0
- data/spec/lib/bindings/http_redirect_spec.rb +4 -2
- data/spec/lib/conditions_spec.rb +2 -0
- data/spec/lib/entity_spec.rb +2 -0
- data/spec/lib/identity_provider_spec.rb +6 -0
- data/spec/lib/indexed_object_spec.rb +2 -0
- data/spec/lib/key_spec.rb +2 -0
- data/spec/lib/logout_request_spec.rb +2 -0
- data/spec/lib/logout_response_spec.rb +2 -0
- data/spec/lib/message_spec.rb +2 -0
- data/spec/lib/response_spec.rb +16 -0
- data/spec/lib/service_provider_spec.rb +7 -0
- data/spec/spec_helper.rb +2 -0
- metadata +14 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 953f52449cc1cbab86280c3265ecf74cde4eb8db37946a99aa2d85f59d7a4754
|
|
4
|
+
data.tar.gz: f211ab22f71726b292c5182fba1b5040284c4a243f03458b84f33983f95dadbc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 271dd3d0bd8325c59b61ed416fd0ed16d1cbc284d957593220f905c3f5c5f8d001bdcc125fcd96e1d28ffe3ad2ec22a6fec027c768df82ddb5dca609ba435c58
|
|
7
|
+
data.tar.gz: 87337ae1fd36828023da486e932582009b76f666e04fd336e4d4b4e0a244366c62c7491255b320b2575c6439d56c856200f883a2087fdc70b82f746927fef8db
|
data/lib/saml2/entity.rb
CHANGED
|
@@ -65,7 +65,7 @@ module SAML2
|
|
|
65
65
|
|
|
66
66
|
# (see Message#valid_schema?)
|
|
67
67
|
def valid_schema?
|
|
68
|
-
Schemas.
|
|
68
|
+
Schemas.metadata.valid?(xml.document)
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
# (see Message#id)
|
|
@@ -101,7 +101,7 @@ module SAML2
|
|
|
101
101
|
|
|
102
102
|
# (see Message#valid_schema?)
|
|
103
103
|
def valid_schema?
|
|
104
|
-
Schemas.
|
|
104
|
+
Schemas.metadata.valid?(xml.document)
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
# @return [String]
|
data/lib/saml2/response.rb
CHANGED
|
@@ -13,6 +13,8 @@ module SAML2
|
|
|
13
13
|
attr_reader :assertions
|
|
14
14
|
|
|
15
15
|
# Respond to an {AuthnRequest}
|
|
16
|
+
#
|
|
17
|
+
# {AuthnRequest#resolve} needs to have been previously called on the {AuthnRequest}.
|
|
16
18
|
# @param authn_request [AuthnRequest]
|
|
17
19
|
# @param issuer [NameID]
|
|
18
20
|
# @param name_id [NameID] The Subject
|
data/lib/saml2/schemas.rb
CHANGED
|
@@ -2,12 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
module SAML2
|
|
4
4
|
module Schemas
|
|
5
|
-
def self.federation
|
|
6
|
-
@federation ||= schema('ws-federation.xsd')
|
|
7
|
-
end
|
|
8
|
-
|
|
9
5
|
def self.metadata
|
|
10
|
-
@metadata ||= schema('
|
|
6
|
+
@metadata ||= schema('metadata_combined.xsd')
|
|
11
7
|
end
|
|
12
8
|
|
|
13
9
|
def self.protocol
|
data/lib/saml2/signable.rb
CHANGED
|
@@ -7,16 +7,16 @@ module SAML2
|
|
|
7
7
|
# @return [Nokogiri::XML::Element, nil]
|
|
8
8
|
def signature
|
|
9
9
|
unless instance_variable_defined?(:@signature)
|
|
10
|
-
@signature = xml.
|
|
11
|
-
|
|
12
|
-
signed_node = @signature.at_xpath('dsig:SignedInfo/dsig:Reference', Namespaces::ALL)['URI']
|
|
10
|
+
@signature = xml.xpath('//dsig:Signature', Namespaces::ALL).find do |signature|
|
|
11
|
+
signed_node = signature.at_xpath('dsig:SignedInfo/dsig:Reference', Namespaces::ALL)['URI']
|
|
13
12
|
if signed_node == ''
|
|
14
|
-
|
|
13
|
+
true if xml == xml.document.root
|
|
15
14
|
elsif signed_node != "##{xml['ID']}"
|
|
16
|
-
|
|
15
|
+
false
|
|
17
16
|
else
|
|
18
17
|
# validating the schema will automatically add ID attributes, so check that first
|
|
19
18
|
xml.set_id_attribute('ID') unless xml.document.get_id(xml['ID'])
|
|
19
|
+
true
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
end
|
data/lib/saml2/version.rb
CHANGED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
|
|
3
|
+
<schema
|
|
4
|
+
targetNamespace="https://www.instructure.com/ruby-saml2/metadata-combined"
|
|
5
|
+
xmlns="http://www.w3.org/2001/XMLSchema"
|
|
6
|
+
version="2.0">
|
|
7
|
+
|
|
8
|
+
<import namespace="http://docs.oasis-open.org/wsfed/federation/200706"
|
|
9
|
+
schemaLocation="ws-federation.xsd"/>
|
|
10
|
+
<import namespace="urn:oasis:names:tc:SAML:metadata:ext:query"
|
|
11
|
+
schemaLocation="sstc-saml-metadata-ext-query.xsd"/>
|
|
12
|
+
|
|
13
|
+
</schema>
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
|
|
3
|
+
<schema
|
|
4
|
+
targetNamespace="urn:oasis:names:tc:SAML:metadata:ext:query"
|
|
5
|
+
xmlns="http://www.w3.org/2001/XMLSchema"
|
|
6
|
+
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
|
7
|
+
xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query"
|
|
8
|
+
elementFormDefault="unqualified"
|
|
9
|
+
attributeFormDefault="unqualified"
|
|
10
|
+
blockDefault="substitution"
|
|
11
|
+
version="2.0">
|
|
12
|
+
|
|
13
|
+
<annotation>
|
|
14
|
+
<documentation>
|
|
15
|
+
Document title: SAML Metadata Extension Schema for SAML V2.0 and V1.x Query Requesters
|
|
16
|
+
Document identifier: sstc-saml-metadata-ext-query.xsd
|
|
17
|
+
Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security
|
|
18
|
+
Revision history:
|
|
19
|
+
V1.0 (May 2007):
|
|
20
|
+
Initial version.
|
|
21
|
+
</documentation>
|
|
22
|
+
</annotation>
|
|
23
|
+
|
|
24
|
+
<import namespace="urn:oasis:names:tc:SAML:2.0:metadata"
|
|
25
|
+
schemaLocation="saml-schema-metadata-2.0.xsd"/>
|
|
26
|
+
|
|
27
|
+
<complexType name="QueryDescriptorType" abstract="true">
|
|
28
|
+
<complexContent>
|
|
29
|
+
<extension base="md:RoleDescriptorType">
|
|
30
|
+
<sequence>
|
|
31
|
+
<element ref="md:NameIDFormat" minOccurs="0" maxOccurs="unbounded"/>
|
|
32
|
+
</sequence>
|
|
33
|
+
<attribute name="WantAssertionsSigned" type="boolean" use="optional"/>
|
|
34
|
+
</extension>
|
|
35
|
+
</complexContent>
|
|
36
|
+
</complexType>
|
|
37
|
+
|
|
38
|
+
<complexType name="AuthnQueryDescriptorType">
|
|
39
|
+
<complexContent>
|
|
40
|
+
<extension base="query:QueryDescriptorType"/>
|
|
41
|
+
</complexContent>
|
|
42
|
+
</complexType>
|
|
43
|
+
|
|
44
|
+
<complexType name="AttributeQueryDescriptorType">
|
|
45
|
+
<complexContent>
|
|
46
|
+
<extension base="query:QueryDescriptorType">
|
|
47
|
+
<sequence>
|
|
48
|
+
<element ref="md:AttributeConsumingService" minOccurs="0" maxOccurs="unbounded"/>
|
|
49
|
+
</sequence>
|
|
50
|
+
</extension>
|
|
51
|
+
</complexContent>
|
|
52
|
+
</complexType>
|
|
53
|
+
|
|
54
|
+
<element name="ActionNamespace" type="anyURI"/>
|
|
55
|
+
|
|
56
|
+
<complexType name="AuthzDecisionQueryDescriptorType">
|
|
57
|
+
<complexContent>
|
|
58
|
+
<extension base="query:QueryDescriptorType">
|
|
59
|
+
<sequence>
|
|
60
|
+
<element ref="query:ActionNamespace" minOccurs="0" maxOccurs="unbounded"/>
|
|
61
|
+
</sequence>
|
|
62
|
+
</extension>
|
|
63
|
+
</complexContent>
|
|
64
|
+
</complexType>
|
|
65
|
+
|
|
66
|
+
</schema>
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
2
|
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://sso.school.edu/idp/shibboleth">
|
|
3
|
-
<IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
|
|
3
|
+
<IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
|
|
4
4
|
<KeyDescriptor use="signing">
|
|
5
5
|
<ds:KeyInfo>
|
|
6
6
|
<ds:X509Data>
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
<samlp:Response ID="eppcgfbmldefddomokfgiljnkflhppmoflakahld" IssueInstant="2020-08-11T18:19:49Z" Destination="https://wscc.instructure.com/login/saml" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#enmnbnkdhfhnbjeifihomffcoanmnjdaocnhgnhc"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>cyBkaF5MxEOSX9hLm0g/BWMJpQA=</DigestValue></Reference></SignedInfo><SignatureValue>BqXuyorfBboZI3sSSi4PC3GnJMKyLSQ/897M1RYmgVHx8Pbg1ANy75mpjRQQxGOIz/nSTh6eTPkkFEAT34nhxBSd+JfHof0RfLl/lBI1klSmpi/YoHCKLdVt+iwAemmBNw5Rxw59EepgrbcVtgjsjWISdvMyY7Wqb3nyJDwTGWw=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>yPxoJ9DLOTzn9j91xlqGTX/8Hs5hxjImPalS9qTOc6BYJgXSC7HtxBLMc0usJG58/OaHgWFlaDi4HSBlZe2vLzecaWL1HYxJtW6s+UpD5i+uoxGTPM1ITNlZudGQblh3XTUESrPUZVwSt1N+Vqd4AUHux0E078meTqj9+EMcgsk=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue><X509Data><X509Certificate>MIIB4TCCAU6gAwIBAgIQhv64tDcg/45BI6qmDbJfKDAJBgUrDgMCHQUAMA8xDTALBgNVBAMTBFRFU1QwIBcNMjAwMTI3MTkxNzMxWhgPMjA4MDEyMzEwNTAwMDBaMA8xDTALBgNVBAMTBFRFU1QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMj8aCfQyzk85/Y/dcZahk1//B7OYcYyJj2pUvakznOgWCYF0gux7cQSzHNLrCRufPzmh4FhZWg4uB0gZWXtry83nGli9R2MSbVurPlKQ+YvrqMRkzzNSEzZWbnRkG5Yd101BEqz1GVcErdTflaneAFB7sdBNO/Jnk6o/fhDHILJAgMBAAGjRDBCMEAGA1UdAQQ5MDeAEFm8dl7/zBigioh82gZb6WGhETAPMQ0wCwYDVQQDEwRURVNUghCG/ri0NyD/jkEjqqYNsl8oMAkGBSsOAwIdBQADgYEAotOROUrAiZr7oA3iaZLxq+B6sN+JdWSBquvDUzaMgIWRvUBZPqmOKpXK0+XSLXChgklpVXBXAo78Juy0zza/ZAMyGPbYlSZSME6GlApjp8hi6wi0ti/usi/D8SQSJ9ephwz2JAvI5WP16PzIruYUlf3uI72hKT0NW8Pl3PhT8z8=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><Assertion ID="enmnbnkdhfhnbjeifihomffcoanmnjdaocnhgnhc" IssueInstant="2020-08-11T18:19:49Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>
|
|
2
|
+
https://my.wscc.edu/idp
|
|
3
|
+
</Issuer><Subject><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">narnold@wscc.edu</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData Recipient="" NotOnOrAfter="2020-08-11T18:29:49Z" InResponseTo="_bd878908-34c0-4e6e-b429-90cc8bfae27c" /></SubjectConfirmation></Subject><Conditions NotBefore="2020-08-11T18:14:49Z" NotOnOrAfter="2020-08-11T18:29:49Z"><AudienceRestriction><Audience>http://wscc.instructure.com/saml2</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="email"><AttributeValue>narnold@wscc.edu</AttributeValue></Attribute><Attribute Name="display_name"><AttributeValue>Nicholas Arnold</AttributeValue></Attribute><Attribute Name="given_name"><AttributeValue>Nicholas</AttributeValue></Attribute><Attribute Name="integration_id"><AttributeValue>Ed18RSTYO0ivqnZuzQPehQ==</AttributeValue></Attribute><Attribute Name="sis_user_id"><AttributeValue>0097365</AttributeValue></Attribute><Attribute Name="sortable_name"><AttributeValue>Arnold, Nicholas</AttributeValue></Attribute><Attribute Name="surname"><AttributeValue>Arnold</AttributeValue></Attribute><Attribute Name="time_zone"><AttributeValue>US/Eastern</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2020-08-11T18:19:49Z"><AuthnContext><AuthnContextClassRef>
|
|
4
|
+
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
|
|
5
|
+
</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
|
|
6
|
+
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
2
|
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://siteadmin.instructure.com/saml2" ID="unique">
|
|
3
|
-
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
3
|
+
<SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
4
4
|
|
|
5
5
|
<KeyDescriptor use="encryption">
|
|
6
6
|
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
|
data/spec/lib/attribute_spec.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require_relative '../../spec_helper'
|
|
2
4
|
|
|
3
5
|
require 'openssl'
|
|
@@ -86,10 +88,10 @@ module SAML2
|
|
|
86
88
|
end
|
|
87
89
|
|
|
88
90
|
it "raises on unsupported signature algorithm" do
|
|
89
|
-
x = url
|
|
91
|
+
x = url.dup
|
|
90
92
|
# SigAlg is now sha10
|
|
91
93
|
x << "0"
|
|
92
|
-
expect { Bindings::HTTPRedirect.decode(
|
|
94
|
+
expect { Bindings::HTTPRedirect.decode(x, public_key: certificate) }.to raise_error(UnsupportedSignatureAlgorithm)
|
|
93
95
|
end
|
|
94
96
|
|
|
95
97
|
it "allows the caller to detect an unsigned message" do
|
data/spec/lib/conditions_spec.rb
CHANGED
data/spec/lib/entity_spec.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require_relative '../spec_helper'
|
|
2
4
|
|
|
3
5
|
module SAML2
|
|
@@ -32,6 +34,10 @@ module SAML2
|
|
|
32
34
|
it "should find the signing certificate" do
|
|
33
35
|
expect(idp.keys.first.x509).to match(/MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD/)
|
|
34
36
|
end
|
|
37
|
+
|
|
38
|
+
it "loads identity provider attributes" do
|
|
39
|
+
expect(idp.want_authn_requests_signed?).to be_truthy
|
|
40
|
+
end
|
|
35
41
|
end
|
|
36
42
|
end
|
|
37
43
|
end
|
data/spec/lib/key_spec.rb
CHANGED
data/spec/lib/message_spec.rb
CHANGED
data/spec/lib/response_spec.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require_relative '../spec_helper'
|
|
2
4
|
|
|
3
5
|
module SAML2
|
|
@@ -272,6 +274,20 @@ MIIB/jCCAWegAwIBAgIBCjANBgkqhkiG9w0BAQQFADAkMSIwIAYDVQQDExlhZGRlcjEuaXRzLnVuaW1l
|
|
|
272
274
|
expect(response.errors).to eq []
|
|
273
275
|
expect(response.assertions.first.subject.name_id.id).to eq 'testuserint.sso@staff.oimtest.unimelb.edu.au'
|
|
274
276
|
end
|
|
277
|
+
|
|
278
|
+
it "finds signatures the sign the assertion, not inside the assertion" do
|
|
279
|
+
response = Response.parse(fixture("response_assertion_signed_reffed_from_response.xml"))
|
|
280
|
+
sp_entity.entity_id = 'http://wscc.instructure.com/saml2'
|
|
281
|
+
idp_entity.entity_id = 'https://my.wscc.edu/idp'
|
|
282
|
+
idp_entity.identity_providers.first.keys.clear
|
|
283
|
+
idp_entity.identity_providers.first.fingerprints << "c4f473274116a3cbc295c3abf77c7ed1ade9b904"
|
|
284
|
+
|
|
285
|
+
sp_entity.valid_response?(response, idp_entity, verification_time: response.issue_instant)
|
|
286
|
+
expect(response.errors).to eq []
|
|
287
|
+
expect(response.assertions.first.subject.name_id.id).to eq 'narnold@wscc.edu'
|
|
288
|
+
expect(response).not_to be_signed
|
|
289
|
+
expect(response.assertions.first).to be_signed
|
|
290
|
+
end
|
|
275
291
|
end
|
|
276
292
|
end
|
|
277
293
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require_relative '../spec_helper'
|
|
2
4
|
|
|
3
5
|
module SAML2
|
|
@@ -64,6 +66,11 @@ module SAML2
|
|
|
64
66
|
expect(sp.keys.first.encryption_methods.first.algorithm).to eq KeyDescriptor::EncryptionMethod::Algorithm::AES128_CBC
|
|
65
67
|
expect(sp.keys.first.encryption_methods.first.key_size).to eq 128
|
|
66
68
|
end
|
|
69
|
+
|
|
70
|
+
it "loads service provider attributes" do
|
|
71
|
+
expect(sp.authn_requests_signed?).to be_truthy
|
|
72
|
+
expect(sp.want_assertions_signed?).to be_truthy
|
|
73
|
+
end
|
|
67
74
|
end
|
|
68
75
|
end
|
|
69
76
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cody Cutrer
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -19,7 +19,7 @@ dependencies:
|
|
|
19
19
|
version: 1.5.8
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version: '1.
|
|
22
|
+
version: '1.12'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -29,7 +29,7 @@ dependencies:
|
|
|
29
29
|
version: 1.5.8
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: '1.
|
|
32
|
+
version: '1.12'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: nokogiri-xmlsec-instructure
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -59,7 +59,7 @@ dependencies:
|
|
|
59
59
|
version: '3.2'
|
|
60
60
|
- - "<"
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
|
-
version: '
|
|
62
|
+
version: '6.2'
|
|
63
63
|
type: :runtime
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -69,7 +69,7 @@ dependencies:
|
|
|
69
69
|
version: '3.2'
|
|
70
70
|
- - "<"
|
|
71
71
|
- !ruby/object:Gem::Version
|
|
72
|
-
version: '
|
|
72
|
+
version: '6.2'
|
|
73
73
|
- !ruby/object:Gem::Dependency
|
|
74
74
|
name: byebug
|
|
75
75
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -168,11 +168,13 @@ files:
|
|
|
168
168
|
- lib/saml2/subject.rb
|
|
169
169
|
- lib/saml2/version.rb
|
|
170
170
|
- schemas/MetadataExchange.xsd
|
|
171
|
+
- schemas/metadata_combined.xsd
|
|
171
172
|
- schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd
|
|
172
173
|
- schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd
|
|
173
174
|
- schemas/saml-schema-assertion-2.0.xsd
|
|
174
175
|
- schemas/saml-schema-metadata-2.0.xsd
|
|
175
176
|
- schemas/saml-schema-protocol-2.0.xsd
|
|
177
|
+
- schemas/sstc-saml-metadata-ext-query.xsd
|
|
176
178
|
- schemas/ws-addr.xsd
|
|
177
179
|
- schemas/ws-authorization.xsd
|
|
178
180
|
- schemas/ws-federation.xsd
|
|
@@ -189,6 +191,7 @@ files:
|
|
|
189
191
|
- spec/fixtures/noconditions_response.xml
|
|
190
192
|
- spec/fixtures/othercertificate.pem
|
|
191
193
|
- spec/fixtures/privatekey.key
|
|
194
|
+
- spec/fixtures/response_assertion_signed_reffed_from_response.xml
|
|
192
195
|
- spec/fixtures/response_signed.xml
|
|
193
196
|
- spec/fixtures/response_tampered_certificate.xml
|
|
194
197
|
- spec/fixtures/response_tampered_signature.xml
|
|
@@ -224,7 +227,7 @@ homepage: https://github.com/instructure/ruby-saml2
|
|
|
224
227
|
licenses:
|
|
225
228
|
- MIT
|
|
226
229
|
metadata: {}
|
|
227
|
-
post_install_message:
|
|
230
|
+
post_install_message:
|
|
228
231
|
rdoc_options: []
|
|
229
232
|
require_paths:
|
|
230
233
|
- lib
|
|
@@ -239,8 +242,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
239
242
|
- !ruby/object:Gem::Version
|
|
240
243
|
version: '0'
|
|
241
244
|
requirements: []
|
|
242
|
-
rubygems_version: 3.
|
|
243
|
-
signing_key:
|
|
245
|
+
rubygems_version: 3.1.4
|
|
246
|
+
signing_key:
|
|
244
247
|
specification_version: 4
|
|
245
248
|
summary: SAML 2.0 Library
|
|
246
249
|
test_files:
|
|
@@ -269,6 +272,7 @@ test_files:
|
|
|
269
272
|
- spec/fixtures/certificate.pem
|
|
270
273
|
- spec/fixtures/noconditions_response.xml
|
|
271
274
|
- spec/fixtures/entities.xml
|
|
275
|
+
- spec/fixtures/response_assertion_signed_reffed_from_response.xml
|
|
272
276
|
- spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml
|
|
273
277
|
- spec/fixtures/response_without_keyinfo.xml
|
|
274
278
|
- spec/fixtures/response_with_signed_assertion_and_encrypted_subject.xml
|