saml2 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/saml2/assertion.rb +4 -0
- data/lib/saml2/key.rb +1 -1
- data/lib/saml2/response.rb +0 -1
- data/lib/saml2/version.rb +1 -1
- data/spec/fixtures/response_signed.xml +9 -9
- data/spec/fixtures/response_with_attribute_signed.xml +9 -9
- data/spec/lib/response_spec.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b7d46d26e196c43de38dbea14bf3be6bbd0e212
|
|
4
|
+
data.tar.gz: 4eb34e5bec906dff3f6ebb748ec13f4aeee113da
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 22b0948988e9aa48b0919f9df1e1831e84bc6f15cedd8a820e3e844232302e1a7e538b4a576d067048c3bb5ba8ec314a6eec54422eb80d76c5c2aa050da7f311
|
|
7
|
+
data.tar.gz: 4564507cda91f5aea94e4b7102ac433c27b80de8b889416e0a8c5b9f94ed1c99aab5dc87880a6b289e84ba86249bb7d89d2d4669eae8ad7797175134c7d34f8d
|
data/lib/saml2/assertion.rb
CHANGED
|
@@ -14,6 +14,10 @@ module SAML2
|
|
|
14
14
|
|
|
15
15
|
@xml.set_id_attribute('ID')
|
|
16
16
|
@xml.sign!(cert: x509_certificate, key: private_key, digest_alg: algorithm_name.to_s, signature_alg: "rsa-#{algorithm_name}", uri: "##{id}")
|
|
17
|
+
# the Signature element must be right after the Issuer, so put it there
|
|
18
|
+
issuer = @xml.at_xpath("saml:Issuer", Namespaces::ALL)
|
|
19
|
+
signature = @xml.at_xpath("dsig:Signature", Namespaces::ALL)
|
|
20
|
+
issuer.add_next_sibling(signature)
|
|
17
21
|
self
|
|
18
22
|
end
|
|
19
23
|
|
data/lib/saml2/key.rb
CHANGED
|
@@ -18,7 +18,7 @@ module SAML2
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def initialize(x509, use = nil, encryption_methods = [])
|
|
21
|
-
@use, @x509, @encryption_methods = use, x509, encryption_methods
|
|
21
|
+
@use, @x509, @encryption_methods = use, x509.gsub(/\w*-+(BEGIN|END) CERTIFICATE-+\w*/, "").strip, encryption_methods
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def encryption?
|
data/lib/saml2/response.rb
CHANGED
|
@@ -39,7 +39,6 @@ module SAML2
|
|
|
39
39
|
assertion.subject.name_id = name_id
|
|
40
40
|
assertion.subject.confirmation = Subject::Confirmation.new
|
|
41
41
|
assertion.subject.confirmation.method = Subject::Confirmation::Methods::BEARER
|
|
42
|
-
assertion.subject.confirmation.not_before = Time.now.utc
|
|
43
42
|
assertion.subject.confirmation.not_on_or_after = Time.now.utc + 30
|
|
44
43
|
assertion.subject.confirmation.recipient = response.destination if response.destination
|
|
45
44
|
assertion.issuer = issuer
|
data/lib/saml2/version.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><
|
|
2
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
3
3
|
<SignedInfo>
|
|
4
4
|
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
5
5
|
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
|
@@ -9,15 +9,15 @@
|
|
|
9
9
|
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
10
10
|
</Transforms>
|
|
11
11
|
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
|
12
|
-
<DigestValue>
|
|
12
|
+
<DigestValue>dRjiJ4yQ4ujjWB87gOoYZ5sYaUVJc0SSH2YzWwH+Z4Y=</DigestValue>
|
|
13
13
|
</Reference>
|
|
14
14
|
</SignedInfo>
|
|
15
|
-
<SignatureValue>
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
15
|
+
<SignatureValue>jJYv2J8bXQSnDT48bb3/K2iV/gIUDGC5w+Q4HJ9MAPBuyhupHDTCb1XwrjJHurx0
|
|
16
|
+
QLxo8RqgIeZKDj0bKiy8zdVn2+9SX6bHYOl4Ca0lNVHE0vum2nlZwsfLALf2oBpo
|
|
17
|
+
fr11sln9SXlHbI+6tcd9j49uUjIj5jpPWdY6jEwoOTLMcsVdrxwpxAF1USDSGEpI
|
|
18
|
+
omFtlxj0sdfo+0VwjPkdlDL3Cl66uTa2t1ZXJxY4dXqzyFyuRsfEBe4FtXYvo0g9
|
|
19
|
+
GuAW2UCuMhXzGl+CJHAfIG9yYPe+YTE7HOy8t+OteHkN6ZalI5CW53zmGQs3oMWQ
|
|
20
|
+
QOgTrVgJMSDhFZqpoIvVLg==</SignatureValue>
|
|
21
21
|
<KeyInfo>
|
|
22
22
|
<X509Data>
|
|
23
23
|
<X509Certificate>MIID+jCCAuKgAwIBAgIJAIz/He5UafnhMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
|
|
@@ -44,4 +44,4 @@ Cg8Yo62X9vWW6PaKXHs3N+g1Ig16NwjdVIYvcxLc2KY0vrqu/R5c8RbmCxMZyss9
|
|
|
44
44
|
ZtltN+yN40INHGRWnHc=</X509Certificate>
|
|
45
45
|
</X509Data>
|
|
46
46
|
</KeyInfo>
|
|
47
|
-
</Signature></saml:Assertion></samlp:Response>
|
|
47
|
+
</Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">jacob</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2015-02-12T22:54:29Z" Recipient="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"/></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2015-02-12T22:51:29Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<?xml version="1.0"?>
|
|
2
|
-
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><
|
|
2
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_9a15e699-2d04-4ba7-a521-cfa4dcd21f44" Version="2.0" IssueInstant="2015-02-12T22:51:29Z" Destination="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cdfc3faf-90ad-462f-880d-677483210684" Version="2.0" IssueInstant="2015-02-12T22:51:29Z"><saml:Issuer>issuer</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
|
3
3
|
<SignedInfo>
|
|
4
4
|
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
5
5
|
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
|
@@ -9,15 +9,15 @@
|
|
|
9
9
|
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
10
10
|
</Transforms>
|
|
11
11
|
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
|
12
|
-
<DigestValue>
|
|
12
|
+
<DigestValue>cNsW8tqrcA6HB+H8gOA5bAswPLLyN8tH9j53exrhfjU=</DigestValue>
|
|
13
13
|
</Reference>
|
|
14
14
|
</SignedInfo>
|
|
15
|
-
<SignatureValue>
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
15
|
+
<SignatureValue>JuL8PNrAiqNODwMa94qvvJMPEpjFG0yAbd58Rj7iUTeiAYE+26k9xRvYTsF3z3Va
|
|
16
|
+
Xt3yOBZFoOt40AwKiZ3sqPnCM5GrBtrApcRcBoxBYwr/2bSGfhoIxO1Y51VHBOTM
|
|
17
|
+
SoBkLUNJAPI6YJtJF2CZJA1Gv92/n/PMvQFDK2LHN/0Jbcy8ebvg1q/Wu9vJIgcY
|
|
18
|
+
TIan4wrByBQHX16CNR+JDrdBIxe/GKI+6GzGsRr+V9CgLRdyvpevFLYFmmn1gOx7
|
|
19
|
+
gLypwLteGo0eX5nclwVD0N6GjqUpW8eYGPFUiErgZp36DZBXy9sCT8Pz1h35daXs
|
|
20
|
+
8dfw7cO59iYT4vSDFqIE6A==</SignatureValue>
|
|
21
21
|
<KeyInfo>
|
|
22
22
|
<X509Data>
|
|
23
23
|
<X509Certificate>MIID+jCCAuKgAwIBAgIJAIz/He5UafnhMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
|
|
@@ -44,4 +44,4 @@ Cg8Yo62X9vWW6PaKXHs3N+g1Ig16NwjdVIYvcxLc2KY0vrqu/R5c8RbmCxMZyss9
|
|
|
44
44
|
ZtltN+yN40INHGRWnHc=</X509Certificate>
|
|
45
45
|
</X509Data>
|
|
46
46
|
</KeyInfo>
|
|
47
|
-
</Signature></saml:Assertion></samlp:Response>
|
|
47
|
+
</Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">jacob</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2015-02-12T22:54:29Z" Recipient="https://siteadmin.test.instructure.com/saml_consume" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"/></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2015-02-12T22:51:29Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" Name="urn:oid:2.5.4.42" FriendlyName="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" x500:Encoding="LDAP"><saml:AttributeValue xsi:type="xsd:string">cody</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
data/spec/lib/response_spec.rb
CHANGED
|
@@ -30,7 +30,6 @@ module SAML2
|
|
|
30
30
|
assertion.instance_variable_set(:@issue_instant, Time.parse("2015-02-12T22:51:29Z"))
|
|
31
31
|
assertion.statements.first.authn_instant = Time.parse("2015-02-12T22:51:29Z")
|
|
32
32
|
confirmation = assertion.subject.confirmation
|
|
33
|
-
confirmation.not_before = Time.parse("2015-02-12T22:51:29Z")
|
|
34
33
|
confirmation.not_on_or_after = Time.parse("2015-02-12T22:54:29Z")
|
|
35
34
|
confirmation.recipient = response.destination
|
|
36
35
|
confirmation.in_response_to = response.in_response_to
|
|
@@ -39,6 +38,7 @@ module SAML2
|
|
|
39
38
|
it "should generate a valid signature" do
|
|
40
39
|
freeze_response
|
|
41
40
|
response.sign(fixture('certificate.pem'), fixture('privatekey.key'))
|
|
41
|
+
Schemas.protocol.validate(response.to_xml).must_equal []
|
|
42
42
|
# verifiable on the command line with:
|
|
43
43
|
# xmlsec1 --verify --pubkey-cert-pem certificate.pem --privkey-pem privatekey.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion response_signed.xml
|
|
44
44
|
response.to_s.must_equal fixture('response_signed.xml')
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cody Cutrer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-03-
|
|
11
|
+
date: 2015-03-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|