saml2 2.2.3 → 2.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml2/assertion.rb +6 -3
- data/lib/saml2/conditions.rb +1 -0
- data/lib/saml2/response.rb +4 -3
- data/lib/saml2/version.rb +1 -1
- data/spec/fixtures/noconditions_response.xml +1 -0
- data/spec/lib/response_spec.rb +5 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9ddfa80997c8cd9e463d41bd14dfd213653d1b20b4b65ef9d65e4e01023d7d51
|
4
|
+
data.tar.gz: 0afbd8222cf2f7450983780c013892a46525f0bf1db118e7e6cc11f15675b4c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0b69c37f7f9df28d7776a388dd6e3382868941d4d2130e0e0842feae7194dfad7e8bdf21c87130d23ac14baffdcb8662a56147eb82e8cf979fb3f4f1c255ce39
|
7
|
+
data.tar.gz: 31dd8a893d188aaed40b997f80a2298c22cceee3280907f158e92485a43c6aa487ec43643afb3e9c2c61835aeb849f2199924d37ad90b615b36eee62ec1b88d3
|
data/lib/saml2/assertion.rb
CHANGED
@@ -14,8 +14,8 @@ module SAML2
|
|
14
14
|
|
15
15
|
def from_xml(node)
|
16
16
|
super
|
17
|
-
@conditions = nil
|
18
17
|
@statements = nil
|
18
|
+
remove_instance_variable(:@conditions)
|
19
19
|
end
|
20
20
|
|
21
21
|
# @return [Subject, nil]
|
@@ -28,7 +28,10 @@ module SAML2
|
|
28
28
|
|
29
29
|
# @return [Conditions]
|
30
30
|
def conditions
|
31
|
-
|
31
|
+
if !instance_variable_defined?(:@conditions) && xml
|
32
|
+
@conditions = Conditions.from_xml(xml.at_xpath('saml:Conditions', Namespaces::ALL))
|
33
|
+
end
|
34
|
+
@conditions
|
32
35
|
end
|
33
36
|
|
34
37
|
# @return [Array<AuthnStatement]
|
@@ -55,7 +58,7 @@ module SAML2
|
|
55
58
|
|
56
59
|
subject.build(assertion)
|
57
60
|
|
58
|
-
conditions.build(assertion)
|
61
|
+
conditions.build(assertion) if conditions
|
59
62
|
|
60
63
|
statements.each { |stmt| stmt.build(assertion) }
|
61
64
|
end
|
data/lib/saml2/conditions.rb
CHANGED
data/lib/saml2/response.rb
CHANGED
@@ -185,7 +185,7 @@ module SAML2
|
|
185
185
|
|
186
186
|
# only do our own issue instant validation if the assertion
|
187
187
|
# doesn't mandate any
|
188
|
-
unless assertion.conditions
|
188
|
+
unless assertion.conditions&.not_on_or_after
|
189
189
|
if assertion.issue_instant + 5 * 60 < verification_time ||
|
190
190
|
assertion.issue_instant - 5 * 60 > verification_time
|
191
191
|
errors << "assertion not recently issued"
|
@@ -193,8 +193,9 @@ module SAML2
|
|
193
193
|
end
|
194
194
|
end
|
195
195
|
|
196
|
-
|
197
|
-
|
196
|
+
if assertion.conditions &&
|
197
|
+
!(condition_errors = assertion.conditions.validate(verification_time: verification_time,
|
198
|
+
audience: service_provider.entity_id)).empty?
|
198
199
|
return errors.concat(condition_errors)
|
199
200
|
end
|
200
201
|
|
data/lib/saml2/version.rb
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
<samlp:Response ID="_8BE49FED716A72AC7F522E48FB0AAD60" Version="2.0" IssueInstant="2018-06-02T17:10:55.181Z" Destination="https://school.instructure.com/login/saml" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://login.school.org:9000/SSO/CanvasIndex</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_8BE49FED716A72AC7F522E48FB0AAD60"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>JLUChoHqec/YsCvAbA5IyZec+SI=</DigestValue></Reference></SignedInfo><SignatureValue>Zyz2cx4zwPXZrIJS0Tviio41F13yqRAlCGZQN6attC9w/vUf+l0dDinWP0cIpmKTSTxm0ZvwQsxb1hOhHNMVmgl1enKxAS51vSn1UDLLAwumlv3+hb0PBNkOrdfgxXXNUPJvJokBMGvEQl5Iy2YRQUlmpY49NfLIWfbgI55YqGg=</SignatureValue><KeyInfo><X509Data><X509Certificate></X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7B628E4F6D162193D406C05E2BF19920" IssueInstant="2018-06-02T17:10:55.181Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>https://login.school.org:9000/SSO/CanvasIndex</saml:Issuer><saml:Subject><saml:NameID>user@school.edu</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2028-06-02T10:10:55.181Z" Recipient="https://school.instructure.com/login/saml" /></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2018-06-02T17:10:55.181Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
|
data/spec/lib/response_spec.rb
CHANGED
@@ -109,6 +109,11 @@ module SAML2
|
|
109
109
|
expect(response.assertions.first.subject.name_id.id).to eq 'testuser@example.com'
|
110
110
|
end
|
111
111
|
|
112
|
+
it "doesn't choke on missing Conditions" do
|
113
|
+
response = Response.parse(fixture("noconditions_response.xml"))
|
114
|
+
expect(response.assertions.first.conditions).to eq nil
|
115
|
+
end
|
116
|
+
|
112
117
|
describe "#validate" do
|
113
118
|
let (:idp_entity) do
|
114
119
|
idp_entity = Entity.new("issuer")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cody Cutrer
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-06-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -186,6 +186,7 @@ files:
|
|
186
186
|
- spec/fixtures/entities.xml
|
187
187
|
- spec/fixtures/external-uri-reference-response.xml
|
188
188
|
- spec/fixtures/identity_provider.xml
|
189
|
+
- spec/fixtures/noconditions_response.xml
|
189
190
|
- spec/fixtures/othercertificate.pem
|
190
191
|
- spec/fixtures/privatekey.key
|
191
192
|
- spec/fixtures/response_signed.xml
|
@@ -263,6 +264,7 @@ test_files:
|
|
263
264
|
- spec/fixtures/response_tampered_signature.xml
|
264
265
|
- spec/fixtures/xml_missigned_assertion.xml
|
265
266
|
- spec/fixtures/certificate.pem
|
267
|
+
- spec/fixtures/noconditions_response.xml
|
266
268
|
- spec/fixtures/entities.xml
|
267
269
|
- spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml
|
268
270
|
- spec/fixtures/othercertificate.pem
|