saml2 3.1.10 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99a6296632edaf74d6fc282ef56d06e94dc71787e02b254b5e366902a487f22d
-  data.tar.gz: d7ec1d384f710d3276f51114c34a84079eba0051f41af6a5ce1704c595a0b354
+  metadata.gz: f582a823ae927adc8355f2c3b294c8d592a108a60995d8e156548fabb2530e7c
+  data.tar.gz: 2a596f2b0705d3b9a365a63721b80a0c977a88315cd70c965ac7166913a12948
 SHA512:
-  metadata.gz: 00d66610046dd795906a1ea082c2244c4fabb17f92304005d707f60333233a69c76e059bb312171c3f3ee44470818e32686e418693b059fecb1171d7f6fa7745
-  data.tar.gz: 9ad6721b14a6098c51fa475bd0fec92728e217beb30f7ff314a0abe0765c55d1b3d5343d6e9f661ffda811994f3dc4d45749d603fc23e6303dd92c883ae2bc68
+  metadata.gz: e1140328e3e03194e0d6f7b1046abb89525eb0f7151a838fd313c3bd93ae91fe71f6bcc022474c1aba6b674b48e3a09627003248d8040d4a891c05f86ebe99bc
+  data.tar.gz: 3d5c8a0f2e35fdb4017f35bea6a547f05cf53d4c8ce4b43672d18a2a7485f373a0accd4cc87322635be6dcae392cec0095bff7ae4e3db0856f70588cb261331a

data/app/views/saml2/http_post.html.erb

@@ -5,8 +5,15 @@
 <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
 </head>
 <body onload="document.forms[0].submit();" style="visibility:hidden;">
-<%= form_tag(@saml_acs_url) do %>
-  <%= hidden_field_tag("SAMLResponse", @saml_response) %>
+<%
+  target = @saml_destination || @saml_acs_url
+  message = @saml_request || @saml_response || @saml_message
+  target ||= message.destination if message.is_a?(SAML2::Message)
+  message = Base64.encode64(message.to_s) unless message.is_a?(String)
+%>
+<%= form_tag(target) do %>
+  <%= hidden_field_tag("SAMLRequest", message) if @saml_request || @saml_message.is_a?(SAML2::Request) %>
+  <%= hidden_field_tag("SAMLResponse", message) if @saml_response || @saml_message.is_a?(SAML2::Response) %>
   <%= hidden_field_tag("RelayState", @relay_state) if @relay_state %>
   <%= submit_tag "Submit" %>
 <% end %>

data/exe/bulk_verify_responses

@@ -82,7 +82,7 @@ responses.each_with_index do |response_raw, i|
   # TODO: ignore audience restrictions
   errors = response.validate(service_provider: service_provider_entity,
                              identity_provider: idps[response.issuer&.id],
-                             verification_time: verification_time)
+                             verification_time:)
   unless errors.empty?
     bad_counts[response.issuer&.id] += 1
     warn "#{errors.inspect} for response #{response.id} from #{response.issuer&.id} (index #{i})"

data/lib/saml2/authn_request.rb

@@ -30,16 +30,23 @@ module SAML2
     # @todo go over these params, and use kwargs. Maybe pass Entity instead
     #   of ServiceProvider.
     # @param issuer [NameID]
-    # @param identity_provider [IdentityProvider]
-    # @param assertion_consumer_service [Endpoint::Indexed]
-    # @param service_provider [ServiceProvider]
+    # @param identity_provider [IdentityProvider, nil]
+    # @param assertion_consumer_service [Endpoint::Indexed, nil]
+    # @param service_provider [ServiceProvider, nil]
+    # @param binding [String] the binding to use for the request
     # @return [AuthnRequest]
     def self.initiate(issuer, identity_provider = nil,
                       assertion_consumer_service: nil,
-                      service_provider: nil)
+                      service_provider: nil,
+                      binding: Bindings::HTTPRedirect::URN)
       authn_request = new
       authn_request.issuer = issuer
-      authn_request.destination = identity_provider.single_sign_on_services.first.location if identity_provider
+      if identity_provider
+        authn_request.destination = identity_provider
+                                    .single_sign_on_services
+                                    .choose_endpoint(binding)
+                                    &.location
+      end
       authn_request.name_id_policy = NameID::Policy.new(true, NameID::Format::UNSPECIFIED)
       assertion_consumer_service ||= service_provider.assertion_consumer_services.default if service_provider
       if assertion_consumer_service

data/lib/saml2/base.rb

@@ -30,7 +30,10 @@ module SAML2
       end
 
       def load_object_array(node, element, klass = nil)
-        node.xpath(element, Namespaces::ALL).map do |element_node|
+        nodes = node.xpath(element, Namespaces::ALL)
+        return klass::Array.from_xml(nodes) if klass.is_a?(Module) && klass&.const_defined?(:Array, false)
+
+        nodes.map do |element_node|
           if klass.nil?
             SAML2.const_get(element_node.name, false).from_xml(element_node)
           elsif klass.is_a?(Hash)
@@ -107,10 +110,10 @@ module SAML2
     # @return [String]
     def inspect
       "#<#{self.class.name} #{instance_variables.filter_map do |iv|
-                                next if iv == :@xml
+                                next if IGNORED_IVARS.include?(iv)
 
                                 "#{iv}=#{instance_variable_get(iv).inspect}"
-                              end.join(", ")}>"
+                              end.join(" ")}>"
     end
 
     # Serialize this object to XML
@@ -174,7 +177,7 @@ module SAML2
 
         old_node = node.parent
         this_nodes_keys.each_with_index do |key, i|
-          old_node.replace(node.decrypt_with(key: key))
+          old_node.replace(node.decrypt_with(key:))
         rescue XMLSec::DecryptionError
           # swallow errors on all but the last key
           raise if i - 1 == this_nodes_keys.length
@@ -185,6 +188,9 @@ module SAML2
 
     private
 
+    IGNORED_IVARS = %i[@errors @pretty @xml].freeze
+    private_constant :IGNORED_IVARS
+
     def load_string_array(node, element)
       self.class.load_string_array(node, element)
     end

data/lib/saml2/conditions.rb

@@ -62,8 +62,8 @@ module SAML2
 
     # Use validate instead.
     # @deprecated
-    def valid?(now: Time.now.utc, **options)
-      validate(verification_time: now, **options).empty?
+    def valid?(now: Time.now.utc, **)
+      validate(verification_time: now, **).empty?
     end
 
     # (see Base#build)

data/lib/saml2/endpoint.rb

@@ -4,21 +4,112 @@ require "saml2/bindings/http_post"
 
 module SAML2
   class Endpoint < Base
+    module ChoiceHelpers
+      # Choose a binding supported by this list of endpoints
+      #
+      # @return [String]
+      def choose_binding(*bindings)
+        (bindings & map(&:binding)).first
+      end
+
+      # Choose an endpoint from this list of endpoints that supports a given binding
+      #
+      # @param binding [String] the binding that must match
+      # @return [Endpoint, nil]
+      def choose_endpoint(binding)
+        find { |endpoint| endpoint.binding == binding }
+      end
+    end
+
+    class Array < ::Array
+      include ChoiceHelpers
+
+      def self.from_xml(nodes)
+        new(nodes.map do |node|
+              Endpoint.from_xml(node)
+            end).freeze
+      end
+    end
+
+    class Indexed < Endpoint
+      include IndexedObject
+
+      class Array
+        include ChoiceHelpers
+
+        # Choose a binding supported by this list of endpoints
+        #
+        # Note that if there is a default endpoint, its binding will be preferred even
+        # over the order of the bindings passed in (as long as it is included in the list
+        # at all).
+        # @return [String]
+        def choose_binding(*bindings)
+          return default.binding if default && bindings.include?(default.binding)
+
+          super
+        end
+
+        # Choose an endpoint from this list of endpoints that supports a given binding
+        #
+        # Note that if there is a default endpoint, it will be returned if its binding matches
+        # even over earlier endpoints in the list.
+        # @param binding [String] the binding that must match
+        # @return [Endpoint, nil]
+        def choose_endpoint(binding)
+          return default if default && default.binding == binding
+
+          super
+        end
+      end
+
+      # @param location [String]
+      # @param index [Integer]
+      # @param is_default [true, false, nil]
+      # @param binding [String]
+      # @param response_location [String, nil]
+      def initialize(location = nil,
+                     index = nil,
+                     is_default = nil,
+                     binding = Bindings::HTTP_POST::URN,
+                     response_location = nil)
+        super(location, binding, response_location)
+        @index = index
+        @is_default = is_default
+      end
+
+      def eql?(other)
+        location == other.location &&
+          binding == other.binding &&
+          response_location == other.response_location &&
+          super
+      end
+
+      # @return [String]
+      def inspect
+        "#<SAML2::Endpoint::Indexed #{endpoint_inspect} #{indexed_object_inspect}>"
+      end
+    end
+
     # @return [String]
-    attr_reader :location, :binding
+    attr_accessor :location, :binding
+    # @return [String, nil]
+    attr_accessor :response_location
 
     # @param location [String]
     # @param binding [String]
-    def initialize(location = nil, binding = Bindings::HTTP_POST::URN)
+    # @param response_location [String, nil]
+    def initialize(location = nil, binding = Bindings::HTTP_POST::URN, response_location = nil)
       super()
       @location = location
       @binding = binding
+      @response_location = response_location
     end
 
     # @param rhs [Endpoint]
     # @return [Boolean]
     def ==(other)
-      location == other.location && binding == other.binding
+      other.is_a?(Endpoint) &&
+        location == other.location && binding == other.binding && response_location == other.response_location
     end
 
     # (see Base#from_xml)
@@ -26,30 +117,35 @@ module SAML2
       super
       @location = node["Location"]
       @binding = node["Binding"]
+      @response_location = node["ResponseLocation"]
     end
 
     # (see Base#build)
     def build(builder, element)
-      builder["md"].__send__(element, "Location" => location, "Binding" => binding)
+      builder["md"].__send__(element, "Location" => location, "Binding" => binding) do |b|
+        b.ResponseLocation = response_location if response_location
+      end
     end
 
-    class Indexed < Endpoint
-      include IndexedObject
+    # @!attribute[r]
+    # @return [String]
+    # The {response_location} if there is one, otherwise the {location}
+    def effective_response_location
+      response_location || location
+    end
 
-      # @param location [String]
-      # @param index [Integer]
-      # @param is_default [true, false, nil]
-      # @param binding [String]
-      def initialize(location = nil, index = nil, is_default = nil, binding = Bindings::HTTP_POST::URN)
-        super(location, binding)
-        @index = index
-        @is_default = is_default
-      end
+    # @return [String]
+    def inspect
+      "#<SAML2::Endpoint #{endpoint_inspect}>"
+    end
 
-      def eql?(other)
-        location == other.location &&
-          binding == other.binding && super
-      end
+    private
+
+    def endpoint_inspect
+      r = "location=#{location.inspect}"
+      r += " binding=#{binding.inspect}" if binding
+      r += " response_location=#{response_location.inspect}" if response_location
+      r
     end
   end
 end

data/lib/saml2/entity.rb

@@ -168,15 +168,15 @@ module SAML2
     # @param identity_provider [Entity]
     def valid_response?(message,
                         identity_provider,
-                        **opts)
+                        **)
       unless message.is_a?(Response)
         message.errors << "not a Response object"
         return false
       end
 
       message.validate(service_provider: self,
-                       identity_provider: identity_provider,
-                       **opts).empty?
+                       identity_provider:,
+                       **).empty?
     end
   end
 end

data/lib/saml2/identity_provider.rb

@@ -12,7 +12,7 @@ module SAML2
     def initialize
       super
       @want_authn_requests_signed = nil
-      @single_sign_on_services = []
+      @single_sign_on_services = Endpoint::Array.new
       @attribute_profiles = []
       @attributes = []
     end
@@ -34,7 +34,7 @@ module SAML2
       @want_authn_requests_signed
     end
 
-    # @return [Array<Endpoint>]
+    # @return [Endpoint::Array]
     def single_sign_on_services
       @single_sign_on_services ||= load_object_array(xml, "md:SingleSignOnService", Endpoint)
     end

data/lib/saml2/indexed_object.rb

@@ -4,6 +4,10 @@ require "saml2/base"
 
 module SAML2
   module IndexedObject
+    def self.included(klass)
+      klass.const_set(:Array, Array.dup)
+    end
+
     # @return [Integer]
     attr_accessor :index
 
@@ -42,9 +46,7 @@ module SAML2
 
       def self.from_xml(nodes)
         new(nodes.map do |node|
-              name.split("::")[1..-2].inject(SAML2) do |mod, klass|
-                mod.const_get(klass)
-              end.from_xml(node)
+              Object.const_get(name.rpartition("::").first, false).from_xml(node)
             end).freeze
       end
 
@@ -88,8 +90,14 @@ module SAML2
       builder.parent.children.last["isDefault"] = default? if default_defined?
     end
 
-    def self.included(klass)
-      klass.const_set(:Array, Array.dup)
+    private
+
+    def indexed_object_inspect
+      if default_defined?
+        "index=#{index}, default=#{default?}"
+      else
+        "index=#{index}"
+      end
     end
   end
 end

data/lib/saml2/logout_request.rb

@@ -7,15 +7,16 @@ module SAML2
   class LogoutRequest < Request
     attr_writer :name_id, :session_index
 
-    # @param sso [SSO]
+    # @param sso [SSO, nil]
     # @param issuer [NameID]
     # @param name_id [NameID]
     # @param session_index optional [String, Array<String>]
+    # @param binding [String] the binding to use for the request
     # @return [LogoutRequest]
-    def self.initiate(sso, issuer, name_id, session_index = [])
+    def self.initiate(sso, issuer, name_id, session_index = [], binding: Bindings::HTTPRedirect::URN)
       logout_request = new
       logout_request.issuer = issuer
-      logout_request.destination = sso.single_logout_services.first.location
+      logout_request.destination = sso.single_logout_services.choose_endpoint(binding)&.location if sso
       logout_request.name_id = name_id
       logout_request.session_index = session_index
 

data/lib/saml2/logout_response.rb

@@ -5,16 +5,25 @@ require "saml2/status_response"
 module SAML2
   class LogoutResponse < StatusResponse
     # @param logout_request [LogoutRequest]
-    # @param sso [SSO]
+    # @param sso [SSO, nil]
     # @param issuer [NameID]
     # @param status_code [String]
+    # @param binding [String] the binding to use for the response
     # @return [LogoutResponse]
-    def self.respond_to(logout_request, sso, issuer, status_code = Status::SUCCESS)
+    def self.respond_to(logout_request,
+                        sso,
+                        issuer,
+                        status_code = Status::SUCCESS,
+                        binding: Bindings::HTTPRedirect::URN,
+                        message: nil)
       logout_response = new
       logout_response.issuer = issuer
-      logout_response.destination = sso.single_logout_services.first.location
+      if sso
+        logout_response.destination = sso.single_logout_services.choose_endpoint(binding)&.effective_response_location
+      end
       logout_response.in_response_to = logout_request.id
       logout_response.status.code = status_code
+      logout_response.status.message = message
       logout_response
     end
 

data/lib/saml2/message.rb

@@ -113,13 +113,14 @@ module SAML2
     end
 
     def validate
-      @errors = Schemas.protocol.validate(xml.document)
+      @errors = xml ? Schemas.protocol.validate(xml.document) : []
       errors
     end
 
     # If the XML is valid according to SAML XSDs.
     # @return [Boolean]
     def valid_schema?
+      return true if xml.nil? # it didn't come from parsing XML; there's nothing to be invalid
       return false unless Schemas.protocol.valid?(xml.document)
 
       true

data/lib/saml2/name_id.rb

@@ -59,7 +59,8 @@ module SAML2
       # @param rhs [Policy]
       # @return [Boolean]
       def ==(other)
-        allow_create? == other.allow_create? &&
+        other.is_a?(Policy) &&
+          allow_create? == other.allow_create? &&
           format == other.format &&
           sp_name_qualifier == other.sp_name_qualifier
       end
@@ -102,7 +103,8 @@ module SAML2
     # @param rhs [NameID]
     # @return [Boolean]
     def ==(other)
-      id == other.id &&
+      other.is_a?(NameID) &&
+        id == other.id &&
         format == other.format &&
         name_qualifier == other.name_qualifier &&
         sp_name_qualifier == other.sp_name_qualifier
@@ -116,5 +118,18 @@ module SAML2
       args["SPNameQualifier"] = sp_name_qualifier if sp_name_qualifier
       builder["saml"].__send__(element || "NameID", id, args)
     end
+
+    # @return [String]
+    def inspect
+      return id.inspect unless format || name_qualifier || sp_name_qualifier
+      return "#{id.inspect}@#{format.inspect}" unless name_qualifier || sp_name_qualifier
+
+      r = "#<SAML2::NameID id=#{id.inspect}"
+      r << " format=#{format.inspect}" if format
+      r << " name_qualifier=#{name_qualifier.inspect}" if name_qualifier
+      r << " sp_name_qualifier=#{sp_name_qualifier.inspect}" if sp_name_qualifier
+      r << ">"
+      r
+    end
   end
 end

data/lib/saml2/response.rb

@@ -35,7 +35,7 @@ module SAML2
     end
 
     # Begin an IdP Initiated login
-    # @param service_provider [ServiceProvider]
+    # @param service_provider [ServiceProvider, nil]
     # @param issuer [NameID]
     # @param name_id [NameID] The subject
     # @param attributes optional [Hash<String => String>, Array<Attribute>]
@@ -43,7 +43,12 @@ module SAML2
     def self.initiate(service_provider, issuer, name_id, attributes = nil)
       response = new
       response.issuer = issuer
-      response.destination = service_provider.assertion_consumer_services.default.location if service_provider
+      if service_provider
+        response.destination = service_provider
+                               .assertion_consumer_services
+                               .choose_endpoint(Bindings::HTTP_POST::URN)
+                               &.effective_response_location
+      end
       assertion = Assertion.new
       assertion.subject = Subject.new
       assertion.subject.name_id = name_id
@@ -235,9 +240,9 @@ module SAML2
 
       if assertion.conditions &&
          !(condition_errors = assertion.conditions.validate(
-           verification_time: verification_time,
+           verification_time:,
            audience: service_provider.entity_id,
-           ignore_audience_condition: ignore_audience_condition
+           ignore_audience_condition:
          )).empty?
         return errors.concat(condition_errors)
       end

data/lib/saml2/role.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "set"
-
 require "saml2/base"
 require "saml2/key"
 require "saml2/organization_and_contacts"

data/lib/saml2/service_provider.rb

@@ -44,18 +44,16 @@ module SAML2
 
     # @return [Endpoint::Indexed::Array]
     def assertion_consumer_services
-      @assertion_consumer_services ||= begin
-        nodes = xml.xpath("md:AssertionConsumerService", Namespaces::ALL)
-        Endpoint::Indexed::Array.from_xml(nodes)
-      end
+      @assertion_consumer_services ||= load_object_array(xml,
+                                                         "md:AssertionConsumerService",
+                                                         Endpoint::Indexed)
     end
 
     # @return [AttributeConsumingService::Array]
     def attribute_consuming_services
-      @attribute_consuming_services ||= begin
-        nodes = xml.xpath("md:AttributeConsumingService", Namespaces::ALL)
-        AttributeConsumingService::Array.from_xml(nodes)
-      end
+      @attribute_consuming_services ||= load_object_array(xml,
+                                                          "md:AttributeConsumingService",
+                                                          AttributeConsumingService)
     end
 
     # (see Base#build)

data/lib/saml2/signable.rb

@@ -100,8 +100,8 @@ module SAML2
     #
     # @param (see #validate_signature)
     # @return [Boolean]
-    def valid_signature?(**kwargs)
-      validate_signature(**kwargs).empty?
+    def valid_signature?(**)
+      validate_signature(**).empty?
     end
 
     # Sign this object.

data/lib/saml2/sso.rb

@@ -7,7 +7,7 @@ module SAML2
   class SSO < Role
     def initialize
       super
-      @single_logout_services = []
+      @single_logout_services = Endpoint::Array.new
       @name_id_formats = []
     end
 
@@ -18,7 +18,7 @@ module SAML2
       @name_id_formats = nil
     end
 
-    # @return [Array<Endpoint>]
+    # @return [Endpoint::Array]
     def single_logout_services
       @single_logout_services ||= load_object_array(xml, "md:SingleLogoutService", Endpoint)
     end

data/lib/saml2/status.rb

@@ -4,7 +4,9 @@ require "saml2/base"
 
 module SAML2
   class Status < Base
-    SUCCESS      = "urn:oasis:names:tc:SAML:2.0:status:Success"
+    SUCCESS   = "urn:oasis:names:tc:SAML:2.0:status:Success"
+    REQUESTER = "urn:oasis:names:tc:SAML:2.0:status:Requester"
+    RESPONDER = "urn:oasis:names:tc:SAML:2.0:status:Responder"
 
     # @return [String]
     attr_accessor :code, :message

data/lib/saml2/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SAML2
-  VERSION = "3.1.10"
+  VERSION = "3.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml2
 version: !ruby/object:Gem::Version
-  version: 3.1.10
+  version: 3.2.0
 platform: ruby
 authors:
 - Cody Cutrer
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-02-25 00:00:00.000000000 Z
+date: 2025-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -70,90 +70,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.5
-- !ruby/object:Gem::Dependency
-  name: debug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.10'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.10'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.2'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.5'
-- !ruby/object:Gem::Dependency
-  name: rubocop-inst
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
-- !ruby/object:Gem::Dependency
-  name: rubocop-rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-- !ruby/object:Gem::Dependency
-  name: rubocop-rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.5'
 description: |
   The saml2 library is yet another SAML library for Ruby, with
   an emphasis on _not_ re-implementing XML, especially XML Security,
@@ -237,14 +153,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: SAML 2.0 Library