saml2 3.0.5 → 3.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml2/signable.rb +10 -1
- data/lib/saml2/version.rb +1 -1
- data/spec/fixtures/response_without_keyinfo.xml +1 -0
- data/spec/lib/response_spec.rb +14 -0
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f16f668d04893f2d399e46312ead9237cc6cce6ed941d3155478750e71ef5b1e
|
|
4
|
+
data.tar.gz: 5a437fcdc952cfc1c3e42a15ddcfbb101dd6f5eb5b5a947ced98d6f6ecf5dc9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 77229a603dc7ae1c8042670f787c443cbe9966a3be4bd91b6b415e4625a92e06118145f82c34627ae16b1959b407a014b7e4a2f592470b9f8283430242b5d49c
|
|
7
|
+
data.tar.gz: 5521fdac42cb4cd5207171a1164532fb203ac9b3f03bb22c7f703703296b75160535f9be4e74bfcd600f966b7055fba09ffe42e48d282e96fb55ac39ab1d1d5d
|
data/lib/saml2/signable.rb
CHANGED
|
@@ -25,7 +25,11 @@ module SAML2
|
|
|
25
25
|
|
|
26
26
|
# @return [KeyInfo, nil]
|
|
27
27
|
def signing_key
|
|
28
|
-
|
|
28
|
+
unless instance_variable_defined?(:@signing_key)
|
|
29
|
+
# don't use `... if signature.at_xpath(...)` - we need to make sure we assign the nil
|
|
30
|
+
@signing_key = signature.at_xpath('dsig:KeyInfo', Namespaces::ALL) ? KeyInfo.from_xml(signature) : nil
|
|
31
|
+
end
|
|
32
|
+
@signing_key
|
|
29
33
|
end
|
|
30
34
|
|
|
31
35
|
def signed?
|
|
@@ -70,6 +74,11 @@ module SAML2
|
|
|
70
74
|
if signing_key&.certificate && trusted_keys.include?(signing_key.certificate.public_key.to_s)
|
|
71
75
|
key ||= signing_key.certificate.public_key.to_s
|
|
72
76
|
end
|
|
77
|
+
# signature doesn't say who signed it. hope and pray it's with the only certificate
|
|
78
|
+
# we know about
|
|
79
|
+
if signing_key.nil? && key.nil? && trusted_keys.length == 1
|
|
80
|
+
key = trusted_keys.first
|
|
81
|
+
end
|
|
73
82
|
|
|
74
83
|
return ["no trusted signing key found"] if key.nil?
|
|
75
84
|
|
data/lib/saml2/version.rb
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:enc="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="https://unimelb-dev.instructure.com/login/saml" ID="id-J6KP4S6zcZo--edsB5AoLxEH5D4Cg-HOmMyXoKfS" InResponseTo="_b29345d0-d7cb-4b22-a199-d32183fdc8c8" IssueInstant="2019-04-16T00:56:03Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://authidm3tst.unimelb.edu.au:443/oam/fed</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion ID="id-VblIU1IaOQeozLC8VrLuy7W69gPE6aiTyJ7RZY-0" IssueInstant="2019-04-16T00:56:03Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://authidm3tst.unimelb.edu.au:443/oam/fed</saml:Issuer><dsig:Signature><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#id-VblIU1IaOQeozLC8VrLuy7W69gPE6aiTyJ7RZY-0"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>RI8Jkujs/MZXzrxDB7di3623VF8=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>hb2bSG3yiS2Bcp6/NM4ecK1cr74wJZJePhVlDjj65u/KpVCtohSBQESFKGupvzZhqQQuytMAaf+LpiL/5CW5CoC4XGpIIXhPE1dKXbE4IdoGplKyvp8ErpggmWuPS+HgU71p2sU9yGOv+WsWLMe/TdJMeWhyr8lnbJgKpUAD+Yo=</dsig:SignatureValue></dsig:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">testuserint.sso@staff.oimtest.unimelb.edu.au</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_b29345d0-d7cb-4b22-a199-d32183fdc8c8" NotOnOrAfter="2019-04-16T01:01:03Z" Recipient="https://unimelb-dev.instructure.com/login/saml"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2019-04-16T00:56:03Z" NotOnOrAfter="2019-04-16T01:01:03Z"><saml:AudienceRestriction><saml:Audience>http://unimelb-dev.instructure.com/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2019-04-16T00:49:28Z" SessionIndex="id-Bp2VqFk32RxqG9IDwQakoI-Oei-vWPxk8uZppqIU" SessionNotOnOrAfter="2019-04-16T01:56:03Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">testuserint.sso@staff.oimtest.unimelb.edu.au</saml:AttributeValue></saml:Attribute><saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Test User Int</saml:AttributeValue></saml:Attribute><saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">sso</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
data/spec/lib/response_spec.rb
CHANGED
|
@@ -258,6 +258,20 @@ module SAML2
|
|
|
258
258
|
expect(response.errors).to eq []
|
|
259
259
|
expect(response.assertions.first.subject.name_id.id).to eq 'jacob'
|
|
260
260
|
end
|
|
261
|
+
|
|
262
|
+
it "allows signatures that don't include KeyInfo, if we have a full cert" do
|
|
263
|
+
response = Response.parse(fixture("response_without_keyinfo.xml"))
|
|
264
|
+
sp_entity.entity_id = 'http://unimelb-dev.instructure.com/saml2'
|
|
265
|
+
idp_entity.entity_id = 'https://authidm3tst.unimelb.edu.au:443/oam/fed'
|
|
266
|
+
idp_entity.identity_providers.first.keys.clear
|
|
267
|
+
idp_entity.identity_providers.first.keys << KeyDescriptor.new(<<-CERTIFICATE)
|
|
268
|
+
MIIB/jCCAWegAwIBAgIBCjANBgkqhkiG9w0BAQQFADAkMSIwIAYDVQQDExlhZGRlcjEuaXRzLnVuaW1lbGIuZWR1LmF1MB4XDTE3MDUyMjA2MzQzOFoXDTI3MDUyMDA2MzQzOFowJDEiMCAGA1UEAxMZYWRkZXIxLml0cy51bmltZWxiLmVkdS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjJgoa5bPS+Jukq2vNaMwZ39L3IhAg6oOytz+bgOhmF+o5zYARbFqC67faa/rMSkfQwYIpp/MdsC8XHtHeR6HCJjbuPkH/EooHiREOClTI0EKZvI2Xv/DqexxEegRPxXiwPUEPozGGT1yWtSwkQTvRvA9tMpZl3yLg1LhDOP6s6MCAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBRukBh7J1okLMIfSRpzF5opuj0LizANBgkqhkiG9w0BAQQFAAOBgQB0zySVaypIGRksTwpmjaQhMvNrYWGvj74Rs1iuqOdsEQkpgk5dQKRFiAFEr+6b7WN4k+IAH5S++l1R0bUG6k9HFSn7uy7AD+qZcdoUm9a39brtH2kefs0D3bQfrwkqggAtWKwqfU4r7nAcdtVE+CT3cny5QU2/mJav9W9bzFPMXQ==
|
|
269
|
+
CERTIFICATE
|
|
270
|
+
|
|
271
|
+
sp_entity.valid_response?(response, idp_entity, verification_time: Time.parse('2019-04-16T00:56:03Z'))
|
|
272
|
+
expect(response.errors).to eq []
|
|
273
|
+
expect(response.assertions.first.subject.name_id.id).to eq 'testuserint.sso@staff.oimtest.unimelb.edu.au'
|
|
274
|
+
end
|
|
261
275
|
end
|
|
262
276
|
end
|
|
263
277
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cody Cutrer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-04-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -76,14 +76,14 @@ dependencies:
|
|
|
76
76
|
requirements:
|
|
77
77
|
- - "~>"
|
|
78
78
|
- !ruby/object:Gem::Version
|
|
79
|
-
version: '
|
|
79
|
+
version: '10.0'
|
|
80
80
|
type: :development
|
|
81
81
|
prerelease: false
|
|
82
82
|
version_requirements: !ruby/object:Gem::Requirement
|
|
83
83
|
requirements:
|
|
84
84
|
- - "~>"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
|
-
version: '
|
|
86
|
+
version: '10.0'
|
|
87
87
|
- !ruby/object:Gem::Dependency
|
|
88
88
|
name: rake
|
|
89
89
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -195,6 +195,7 @@ files:
|
|
|
195
195
|
- spec/fixtures/response_with_attribute_signed.xml
|
|
196
196
|
- spec/fixtures/response_with_encrypted_assertion.xml
|
|
197
197
|
- spec/fixtures/response_with_signed_assertion_and_encrypted_subject.xml
|
|
198
|
+
- spec/fixtures/response_without_keyinfo.xml
|
|
198
199
|
- spec/fixtures/service_provider.xml
|
|
199
200
|
- spec/fixtures/test3-response.xml
|
|
200
201
|
- spec/fixtures/test6-response.xml
|
|
@@ -238,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
238
239
|
- !ruby/object:Gem::Version
|
|
239
240
|
version: '0'
|
|
240
241
|
requirements: []
|
|
241
|
-
rubygems_version: 3.0.
|
|
242
|
+
rubygems_version: 3.0.3
|
|
242
243
|
signing_key:
|
|
243
244
|
specification_version: 4
|
|
244
245
|
summary: SAML 2.0 Library
|
|
@@ -269,6 +270,7 @@ test_files:
|
|
|
269
270
|
- spec/fixtures/noconditions_response.xml
|
|
270
271
|
- spec/fixtures/entities.xml
|
|
271
272
|
- spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml
|
|
273
|
+
- spec/fixtures/response_without_keyinfo.xml
|
|
272
274
|
- spec/fixtures/response_with_signed_assertion_and_encrypted_subject.xml
|
|
273
275
|
- spec/fixtures/othercertificate.pem
|
|
274
276
|
- spec/fixtures/xslt-transform-response.xml
|