saml_camel 1.0.0 → 1.0.1

data/config/saml/development/settings.json

@@ -0,0 +1,36 @@
+{
+  "_comment": "note you will need to restart the application when you make changes to this file",
+  "settings": {
+    "acs": "http://localhost:3000/saml/consumeSaml",
+    "raw_response_acs": "http://localhost:3000/saml/consumeSaml/rawResponse",
+    "entity_id": "https://dummycamel.com",
+    "sso_url": "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
+    "logout_url": "https://shib.oit.duke.edu/cgi-bin/logout.pl",
+    "primary_id": "eduPersonPrincipalName",
+    "sp_session_timeout": 1,
+    "sp_session_lifetime": 8,
+    "test_auth_path": true,
+    "saml_logging": true,
+    "debug": false
+  },
+  "attribute_map": {
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName",
+    "urn:oid:2.5.4.3": "cn",
+    "urn:oid:0.9.2342.19200300.100.1.1": "uid",
+    "urn:oid:0.9.2342.19200300.100.1.3": "mail",
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
+    "urn:oid:2.16.840.1.113730.3.1.241": "displayName",
+    "urn:mace:duke.edu:idms:unique-id": "duDukeID",
+    "urn:mace:duke.edu:idms:dku-id": "dku-id",
+    "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
+    "urn:oid:2.5.4.42": "givenName",
+    "urn:oid:2.5.4.4": "sn",
+    "urn:oid:2.5.4.11": "ou",
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.1": "eduPersonAffiliation",
+    "urn:oid:2.5.4.20": "telephoneNumber",
+    "urn:oid:2.5.4.12": "title",
+    "urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
+    "urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
+  }
+}

data/config/saml/production/idp_certificate.crt

@@ -0,0 +1,25 @@
+MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBxMGRHVyaGFt
+MRgwFgYDVQQKEw9EdWtlIFVuaXZlcnNpdHkxDDAKBgNVBAsTA09JVDEaMBgGA1UE
+AxMRc2hpYi5vaXQuZHVrZS5lZHUwHhcNMTAwOTA5MTI0NDU1WhcNMjgwOTA0MTI0
+NDU1WjB7MQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzAN
+BgNVBAcTBkR1cmhhbTEYMBYGA1UEChMPRHVrZSBVbml2ZXJzaXR5MQwwCgYDVQQL
+EwNPSVQxGjAYBgNVBAMTEXNoaWIub2l0LmR1a2UuZWR1MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAt+hnl6gSRi0Y8VuNl6PCPYejj7VfVs/y8bRa5zAY
+RHwb75+vBSs2j1yeUcSore9Ba5Ni7v947V34afRMGRPOqr4TEDZxU+1Bg0zAvSrR
+n4Y8B+zyJuhtOpmOZzTwE9o/Oc+CB4kYV/K0woKZdcoxHJm8TbqBqdxU4fFYUlNU
+o4Dr5jRdCSr9MHBOqGWXtQMg16qYNB7StNk4twY29FNnpZwkVTfsE76uVsRMkG8i
+6/RiHpXZ/ioOOqndptbEGdsOIE3ivAJOZdvYwnDe5NnTH06P01HsxH3OOnYqhuG2
+J6qdhqoelGeHRG+jfl8YkYXCcKQvja2tJ5G+6iqSN7DP6QIDAQABo4HgMIHdMB0G
+A1UdDgQWBBQHYXwB6otkfyMOmUI59j8823hFRDCBrQYDVR0jBIGlMIGigBQHYXwB
+6otkfyMOmUI59j8823hFRKF/pH0wezELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5v
+cnRoIENhcm9saW5hMQ8wDQYDVQQHEwZEdXJoYW0xGDAWBgNVBAoTD0R1a2UgVW5p
+dmVyc2l0eTEMMAoGA1UECxMDT0lUMRowGAYDVQQDExFzaGliLm9pdC5kdWtlLmVk
+dYIJAP1rB/FjRgy6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG7q
+wJpiSLJbx2gj/cGDYeuBW/CeRGNghjQ/mb076P3WXsRNPAimcXulSUbQkS6eDH4t
+Ifvsa0jf4FRsEOwH/x8354/0wyv4RwuavX25kjpmoFn3O+eKokyzsc7/Q2gsm0mv
+V8XQo+5b+4we8AFYlAVp26nLeIqAiJM8xZJ9yHuzVL1O4yxIWIKECWHLqY5+1nas
+XNiLURrHhsK5pZUPLuhzJFgZuJT62TtnrjJXlrRhJ389VSkh6R64C6ncjNkg6/Cu
+tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
+9TEfyQ5QpfRYAUFWXBc=
+  

data/config/saml/production/saml_certificate.crt

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
+BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMR0wGwYDVQQDDBRzYW1s
+IGNhbWVsIGR1bW15IGFwcDEdMBsGCSqGSIb3DQEJARYOZGExMjlAZHVrZS5lZHUw
+HhcNMTgwNTIyMTcxMDMwWhcNMTkwNTIyMTcxMDMwWjCBnTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
+BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMR0wGwYDVQQDDBRzYW1s
+IGNhbWVsIGR1bW15IGFwcDEdMBsGCSqGSIb3DQEJARYOZGExMjlAZHVrZS5lZHUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+OHs74gT5AmdSsLgHETvX
+50+S0NgWp5dcovfuMYFV+1CFX1MhgjhBQSwkA9U/0pfKf/eoU18O2gI2y46OK8j2
+e5oyUuKv1UQWe2RHKvxvNrwvvUVcLY4mJDZf0d4q6EyTVo2aWHwoskxnQpjbusgp
+Vq178Jfaeu/QaiBtq82vPlu0tfCeOXIyEdyRiOyc2bQvS5MW6FvzWtgatiNUnJJe
+sBM/JUiFOvf3qG7LHEzpaIBmoHBwxG5b3yjrGgGTdw+5gyXdPEwEeiTddMvYlXWM
+t+VMoTmsaBxrXRJBvpLxGWHZRb0VcoVTqWjcKVD/hR0A7H6ogaoOatHDWM41b3ZL
+AgMBAAGjggEAMIH9MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGh/Y36w7wcL
+nLXFC0dUpboAAV+ZMIHKBgNVHSMEgcIwgb+AFGh/Y36w7wcLnLXFC0dUpboAAV+Z
+oYGjpIGgMIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmEx
+DzANBgNVBAcMBkR1cmhhbTEYMBYGA1UECgwPRHVrZSBVbml2ZXJzaXR5MQwwCgYD
+VQQLDANPSVQxHTAbBgNVBAMMFHNhbWwgY2FtZWwgZHVtbXkgYXBwMR0wGwYJKoZI
+hvcNAQkBFg5kYTEyOUBkdWtlLmVkdYIBADANBgkqhkiG9w0BAQsFAAOCAQEAFE/X
+DPipapLFDnu2jCMR4lhDeEF2Pm1DIibiy6ZvmzCstj++MYOI7gKkUgeUUhFTEQIV
+fZIo5gIWkyoPVOwGALLTme01Tdk3Mul4pV0iqMn4k3F9NsC9wRy4WR2yPF9GYa/e
+ktK+ZBYt/2SZA4vS5q63jsMC0TjkrTGJokXohwScWDc4kIFfvU6biWW7zBCVfpaa
+YfsLYNBTbZ7VqEVFzcpYv8LBTOYoToAS5+yuAwrIdPEfqx3R4tIwGCik4tSByQFO
+i/VvEL5rTWhmUrKPh1hriPVYZ9gW2Mk87Snlyswsqv5d8+ITVgF+RL+cutUA29C+
+moSLPLaWINlhqvuRXw==
+-----END CERTIFICATE-----

data/config/saml/production/saml_key.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAvjh7O+IE+QJnUrC4BxE71+dPktDYFqeXXKL37jGBVftQhV9T
+IYI4QUEsJAPVP9KXyn/3qFNfDtoCNsuOjivI9nuaMlLir9VEFntkRyr8bza8L71F
+XC2OJiQ2X9HeKuhMk1aNmlh8KLJMZ0KY27rIKVate/CX2nrv0GogbavNrz5btLXw
+njlyMhHckYjsnNm0L0uTFuhb81rYGrYjVJySXrATPyVIhTr396huyxxM6WiAZqBw
+cMRuW98o6xoBk3cPuYMl3TxMBHok3XTL2JV1jLflTKE5rGgca10SQb6S8Rlh2UW9
+FXKFU6lo3ClQ/4UdAOx+qIGqDmrRw1jONW92SwIDAQABAoIBAHZpuKU9fPT5/xHl
+upmDq+oqL0nowivQJhRfytE3dhjtOmHcRma8poJQrMa6sBxr31wKr0PUqn8XTXuI
+2fQ843w003dyS3VD4H/STklTRBODUkCxpSTNowixUDvz7EZvl4O8xKeJX7kBzTgW
+qAtYydOaBqL50b4K+5CVEBzVb1Qf/DKhCbBeYvnwAcUVT+t5lDGUh+54pLTHmeGZ
+2as+1MeBWLMR/ynMDziVVR3XIM02+pHPEwiI9ZTazUAKRJnskb5gBpHqtGiZSijC
+zQq+GSnnBPvvc0gtjqf+KF/6NLy/zDGmpF1e+blCnnLPUQGPTkClq59EHdn8jedO
+YyRrWmkCgYEA9VqRMziTAi79yP2rLqE7cMKPDtrOilHK8fDk5N2xxzEsVoKUsotq
+x384sfmrA3oVSNQsPi/DF16eH1cLaQL86rTaUKl4DqO6rLBPhQVjrmuwdWgnKKGn
+9XMEp8lBC7KwAnaQKP7c83WarU/FbF08BbPkHob1wuAyMrD7wRv2XDcCgYEAxnl8
+SuHwIooIyiW2/oDjoqCrdtgOLXzdOK2OSDcY+jARVkOA8N0ingPOb18RLOTmjGk5
+KZDHa8xZzdd0Bt7xz3WV2FipYxnkkY7sJosJpMrY8k/QUip9i2D04uLypwVBfT7P
+q3GOgOrP+nvRya8HLHKm0rf7+sU2mGIsSrVYtI0CgYBzQUIoL5FPW0e4XQFG/FJx
+29NcBQk1DMsq8CB2KnZSvhS35st3O+rDIE4/vKrLDVRmS9UkuUcJ+VaKHler0s2A
+a8iKT7GoHt2YNZKFSEzVKJ1R6cVLXvUJZihvsSivGBd6cLuzplWgwEQS2gBBsWJ6
+w1CLzpYwHyU1jtIUmtAV7QKBgCtC3bnAx8PvjHzrfZi55WRUWyt7apO1rM6m3eWV
+xOb7xTulWRynRt1kfQG/mhHMDwi6AtCxkxZHI6f/d3Xr8I9E1RWkNb+5LB4iJg08
+ryxxXppqlUDjrBvOVXKC/1syhRTUtRVsmiA1joHNrWulsA2bLAuwOMdvZzgN5hOe
+tagdAoGAP7kdbprmkT/7xX8puX6WD4MXQ+dgyb3FvpCIfQT8x0t/ndMI2wMc4keg
+woD2L56tjtVyFH8LQz1sU7LroSc8XF2joZOdQePrnyTVUISoMiTqaXMPIO6l6pez
+x7g1PP3ey5LOoX7LG5ule/6qNMtRhVOFok0vA9ZuuIIkkmYSo1c=
+-----END RSA PRIVATE KEY-----

data/config/saml/production/settings.json

@@ -0,0 +1 @@
+{"_comment":"note you will need to restart the application when you make changes to this file","settings":{"acs":"http://localhost:3000/saml/consumeSaml","raw_response_acs":"http://localhost:3000/saml/consumeSaml/rawResponse","entity_id":"https://your-entity-id.com","sso_url":"https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO","logout_url":"https://shib.oit.duke.edu/cgi-bin/logout.pl","primary_id":"eduPersonPrincipalName","sp_session_timeout":1,"sp_session_lifetime":8,"saml_logging":true,"debug":false},"attribute_map":{"urn:oid:1.3.6.1.4.1.5923.1.1.1.9":"eduPersonScopedAffiliation","urn:oid:1.3.6.1.4.1.5923.1.1.1.6":"eduPersonPrincipalName","urn:oid:2.5.4.3":"cn","urn:oid:0.9.2342.19200300.100.1.1":"uid","urn:oid:0.9.2342.19200300.100.1.3":"mail","urn:oid:1.3.6.1.4.1.5923.1.1.1.5":"eduPersonPrimaryAffiliation","urn:oid:2.16.840.1.113730.3.1.241":"displayName","urn:mace:duke.edu:idms:unique-id":"duDukeID","urn:mace:duke.edu:idms:dku-id":"dku-id","urn:oid:1.3.6.1.4.1.5923.1.5.1.1":"isMemberOf","urn:oid:2.5.4.42":"givenName","urn:oid:2.5.4.4":"sn","urn:oid:2.5.4.11":"ou","urn:oid:1.3.6.1.4.1.5923.1.1.1.1":"eduPersonAffiliation","urn:oid:2.5.4.20":"telephoneNumber","urn:oid:2.5.4.12":"title","urn:mace:duke.edu:idms:middle-name1":"duMiddleName1","urn:mace:duke.edu:idms:proxy-token":"duProxyToken"}}

data/config/saml/test/idp_certificate.crt

@@ -0,0 +1,25 @@
+MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBxMGRHVyaGFt
+MRgwFgYDVQQKEw9EdWtlIFVuaXZlcnNpdHkxDDAKBgNVBAsTA09JVDEaMBgGA1UE
+AxMRc2hpYi5vaXQuZHVrZS5lZHUwHhcNMTAwOTA5MTI0NDU1WhcNMjgwOTA0MTI0
+NDU1WjB7MQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzAN
+BgNVBAcTBkR1cmhhbTEYMBYGA1UEChMPRHVrZSBVbml2ZXJzaXR5MQwwCgYDVQQL
+EwNPSVQxGjAYBgNVBAMTEXNoaWIub2l0LmR1a2UuZWR1MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAt+hnl6gSRi0Y8VuNl6PCPYejj7VfVs/y8bRa5zAY
+RHwb75+vBSs2j1yeUcSore9Ba5Ni7v947V34afRMGRPOqr4TEDZxU+1Bg0zAvSrR
+n4Y8B+zyJuhtOpmOZzTwE9o/Oc+CB4kYV/K0woKZdcoxHJm8TbqBqdxU4fFYUlNU
+o4Dr5jRdCSr9MHBOqGWXtQMg16qYNB7StNk4twY29FNnpZwkVTfsE76uVsRMkG8i
+6/RiHpXZ/ioOOqndptbEGdsOIE3ivAJOZdvYwnDe5NnTH06P01HsxH3OOnYqhuG2
+J6qdhqoelGeHRG+jfl8YkYXCcKQvja2tJ5G+6iqSN7DP6QIDAQABo4HgMIHdMB0G
+A1UdDgQWBBQHYXwB6otkfyMOmUI59j8823hFRDCBrQYDVR0jBIGlMIGigBQHYXwB
+6otkfyMOmUI59j8823hFRKF/pH0wezELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5v
+cnRoIENhcm9saW5hMQ8wDQYDVQQHEwZEdXJoYW0xGDAWBgNVBAoTD0R1a2UgVW5p
+dmVyc2l0eTEMMAoGA1UECxMDT0lUMRowGAYDVQQDExFzaGliLm9pdC5kdWtlLmVk
+dYIJAP1rB/FjRgy6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG7q
+wJpiSLJbx2gj/cGDYeuBW/CeRGNghjQ/mb076P3WXsRNPAimcXulSUbQkS6eDH4t
+Ifvsa0jf4FRsEOwH/x8354/0wyv4RwuavX25kjpmoFn3O+eKokyzsc7/Q2gsm0mv
+V8XQo+5b+4we8AFYlAVp26nLeIqAiJM8xZJ9yHuzVL1O4yxIWIKECWHLqY5+1nas
+XNiLURrHhsK5pZUPLuhzJFgZuJT62TtnrjJXlrRhJ389VSkh6R64C6ncjNkg6/Cu
+tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
+9TEfyQ5QpfRYAUFWXBc=
+  

data/config/saml/test/saml_certificate.crt

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
+BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMR0wGwYDVQQDDBRzYW1s
+IGNhbWVsIGR1bW15IGFwcDEdMBsGCSqGSIb3DQEJARYOZGExMjlAZHVrZS5lZHUw
+HhcNMTgwNTIyMTcxMDMwWhcNMTkwNTIyMTcxMDMwWjCBnTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
+BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMR0wGwYDVQQDDBRzYW1s
+IGNhbWVsIGR1bW15IGFwcDEdMBsGCSqGSIb3DQEJARYOZGExMjlAZHVrZS5lZHUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+OHs74gT5AmdSsLgHETvX
+50+S0NgWp5dcovfuMYFV+1CFX1MhgjhBQSwkA9U/0pfKf/eoU18O2gI2y46OK8j2
+e5oyUuKv1UQWe2RHKvxvNrwvvUVcLY4mJDZf0d4q6EyTVo2aWHwoskxnQpjbusgp
+Vq178Jfaeu/QaiBtq82vPlu0tfCeOXIyEdyRiOyc2bQvS5MW6FvzWtgatiNUnJJe
+sBM/JUiFOvf3qG7LHEzpaIBmoHBwxG5b3yjrGgGTdw+5gyXdPEwEeiTddMvYlXWM
+t+VMoTmsaBxrXRJBvpLxGWHZRb0VcoVTqWjcKVD/hR0A7H6ogaoOatHDWM41b3ZL
+AgMBAAGjggEAMIH9MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGh/Y36w7wcL
+nLXFC0dUpboAAV+ZMIHKBgNVHSMEgcIwgb+AFGh/Y36w7wcLnLXFC0dUpboAAV+Z
+oYGjpIGgMIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmEx
+DzANBgNVBAcMBkR1cmhhbTEYMBYGA1UECgwPRHVrZSBVbml2ZXJzaXR5MQwwCgYD
+VQQLDANPSVQxHTAbBgNVBAMMFHNhbWwgY2FtZWwgZHVtbXkgYXBwMR0wGwYJKoZI
+hvcNAQkBFg5kYTEyOUBkdWtlLmVkdYIBADANBgkqhkiG9w0BAQsFAAOCAQEAFE/X
+DPipapLFDnu2jCMR4lhDeEF2Pm1DIibiy6ZvmzCstj++MYOI7gKkUgeUUhFTEQIV
+fZIo5gIWkyoPVOwGALLTme01Tdk3Mul4pV0iqMn4k3F9NsC9wRy4WR2yPF9GYa/e
+ktK+ZBYt/2SZA4vS5q63jsMC0TjkrTGJokXohwScWDc4kIFfvU6biWW7zBCVfpaa
+YfsLYNBTbZ7VqEVFzcpYv8LBTOYoToAS5+yuAwrIdPEfqx3R4tIwGCik4tSByQFO
+i/VvEL5rTWhmUrKPh1hriPVYZ9gW2Mk87Snlyswsqv5d8+ITVgF+RL+cutUA29C+
+moSLPLaWINlhqvuRXw==
+-----END CERTIFICATE-----

data/config/saml/test/saml_key.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAvjh7O+IE+QJnUrC4BxE71+dPktDYFqeXXKL37jGBVftQhV9T
+IYI4QUEsJAPVP9KXyn/3qFNfDtoCNsuOjivI9nuaMlLir9VEFntkRyr8bza8L71F
+XC2OJiQ2X9HeKuhMk1aNmlh8KLJMZ0KY27rIKVate/CX2nrv0GogbavNrz5btLXw
+njlyMhHckYjsnNm0L0uTFuhb81rYGrYjVJySXrATPyVIhTr396huyxxM6WiAZqBw
+cMRuW98o6xoBk3cPuYMl3TxMBHok3XTL2JV1jLflTKE5rGgca10SQb6S8Rlh2UW9
+FXKFU6lo3ClQ/4UdAOx+qIGqDmrRw1jONW92SwIDAQABAoIBAHZpuKU9fPT5/xHl
+upmDq+oqL0nowivQJhRfytE3dhjtOmHcRma8poJQrMa6sBxr31wKr0PUqn8XTXuI
+2fQ843w003dyS3VD4H/STklTRBODUkCxpSTNowixUDvz7EZvl4O8xKeJX7kBzTgW
+qAtYydOaBqL50b4K+5CVEBzVb1Qf/DKhCbBeYvnwAcUVT+t5lDGUh+54pLTHmeGZ
+2as+1MeBWLMR/ynMDziVVR3XIM02+pHPEwiI9ZTazUAKRJnskb5gBpHqtGiZSijC
+zQq+GSnnBPvvc0gtjqf+KF/6NLy/zDGmpF1e+blCnnLPUQGPTkClq59EHdn8jedO
+YyRrWmkCgYEA9VqRMziTAi79yP2rLqE7cMKPDtrOilHK8fDk5N2xxzEsVoKUsotq
+x384sfmrA3oVSNQsPi/DF16eH1cLaQL86rTaUKl4DqO6rLBPhQVjrmuwdWgnKKGn
+9XMEp8lBC7KwAnaQKP7c83WarU/FbF08BbPkHob1wuAyMrD7wRv2XDcCgYEAxnl8
+SuHwIooIyiW2/oDjoqCrdtgOLXzdOK2OSDcY+jARVkOA8N0ingPOb18RLOTmjGk5
+KZDHa8xZzdd0Bt7xz3WV2FipYxnkkY7sJosJpMrY8k/QUip9i2D04uLypwVBfT7P
+q3GOgOrP+nvRya8HLHKm0rf7+sU2mGIsSrVYtI0CgYBzQUIoL5FPW0e4XQFG/FJx
+29NcBQk1DMsq8CB2KnZSvhS35st3O+rDIE4/vKrLDVRmS9UkuUcJ+VaKHler0s2A
+a8iKT7GoHt2YNZKFSEzVKJ1R6cVLXvUJZihvsSivGBd6cLuzplWgwEQS2gBBsWJ6
+w1CLzpYwHyU1jtIUmtAV7QKBgCtC3bnAx8PvjHzrfZi55WRUWyt7apO1rM6m3eWV
+xOb7xTulWRynRt1kfQG/mhHMDwi6AtCxkxZHI6f/d3Xr8I9E1RWkNb+5LB4iJg08
+ryxxXppqlUDjrBvOVXKC/1syhRTUtRVsmiA1joHNrWulsA2bLAuwOMdvZzgN5hOe
+tagdAoGAP7kdbprmkT/7xX8puX6WD4MXQ+dgyb3FvpCIfQT8x0t/ndMI2wMc4keg
+woD2L56tjtVyFH8LQz1sU7LroSc8XF2joZOdQePrnyTVUISoMiTqaXMPIO6l6pez
+x7g1PP3ey5LOoX7LG5ule/6qNMtRhVOFok0vA9ZuuIIkkmYSo1c=
+-----END RSA PRIVATE KEY-----

data/config/saml/test/settings.json

@@ -0,0 +1,36 @@
+{
+  "_comment": "note you will need to restart the application when you make changes to this file",
+  "settings": {
+    "acs": "http://localhost:3000/saml/consumeSaml",
+    "raw_response_acs": "http://localhost:3000/saml/consumeSaml/rawResponse",
+    "entity_id": "https://dummycamel.com",
+    "sso_url": "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
+    "logout_url": "https://shib.oit.duke.edu/cgi-bin/logout.pl",
+    "primary_id": "eduPersonPrincipalName",
+    "sp_session_timeout": 1,
+    "sp_session_lifetime": 8,
+    "test_auth_path": true,
+    "saml_logging": true,
+    "debug": false
+  },
+  "attribute_map": {
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName",
+    "urn:oid:2.5.4.3": "cn",
+    "urn:oid:0.9.2342.19200300.100.1.1": "uid",
+    "urn:oid:0.9.2342.19200300.100.1.3": "mail",
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
+    "urn:oid:2.16.840.1.113730.3.1.241": "displayName",
+    "urn:mace:duke.edu:idms:unique-id": "duDukeID",
+    "urn:mace:duke.edu:idms:dku-id": "dku-id",
+    "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
+    "urn:oid:2.5.4.42": "givenName",
+    "urn:oid:2.5.4.4": "sn",
+    "urn:oid:2.5.4.11": "ou",
+    "urn:oid:1.3.6.1.4.1.5923.1.1.1.1": "eduPersonAffiliation",
+    "urn:oid:2.5.4.20": "telephoneNumber",
+    "urn:oid:2.5.4.12": "title",
+    "urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
+    "urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
+  }
+}

data/lib/saml_camel/engine.rb

@@ -1,13 +1,13 @@
+# frozen_string_literal: true
+
 require 'rubygems'
 require 'onelogin/ruby-saml'
-
 module SamlCamel
+  # engine definition
   class Engine < ::Rails::Engine
     isolate_namespace SamlCamel
-
     config.to_prepare do
       ActionController::Base.include SamlCamel::SamlService
     end
-
   end
 end

data/lib/saml_camel/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SamlCamel
-  VERSION = '1.0.0'
+  VERSION = '1.0.1'
 end

data/lib/saml_camel.rb

@@ -1,41 +1,49 @@
-require "saml_camel/engine"
+# frozen_string_literal: true
 
+require 'saml_camel/engine'
+
+# main logic for non initialized SAML camel methods
 module SamlCamel
   begin
     SP_SETTINGS = JSON.parse(File.read("config/saml/#{Rails.env}/settings.json"))
-  rescue
-    #rescue othewise the generator fails
+    SP_DEBUG = SP_SETTINGS['settings']['debug']
+  rescue StandardError # rubocop:disable Lint/HandleExceptions
+    # rescue othewise the generator fails
   end
 
-
+  # builds saml requests and decrypts saml responses
   module Transaction
     begin
       IDP_CERT = File.read("config/saml/#{Rails.env}/idp_certificate.crt")
       SP_CERT = File.read("config/saml/#{Rails.env}/saml_certificate.crt")
       SP_KEY = File.read("config/saml/#{Rails.env}/saml_key.key")
-    rescue
-      #rescue othewise the generator fails
+    rescue StandardError # rubocop:disable Lint/HandleExceptions
+      # rescue othewise the generator fails
     end
 
     def self.map_attributes(sp_attributes)
-      attr_map = SP_SETTINGS["attribute_map"]
+      attr_map = SP_SETTINGS['attribute_map']
       mapped_attributes = {}
 
-      sp_attributes.each do |sp_attribute,value|
+      sp_attributes.each do |sp_attribute, value|
         sp_attribute = attr_map[sp_attribute] || value
         mapped_attributes[sp_attribute] = value
       end
       mapped_attributes
     end
 
-    def self.saml_settings
-      sp_settings = SP_SETTINGS["settings"]
+    def self.saml_settings(raw_response: false)
+      sp_settings = SP_SETTINGS['settings']
 
       settings = OneLogin::RubySaml::Settings.new
-      settings.assertion_consumer_service_url = sp_settings["acs"]
-
-      settings.issuer                         = sp_settings["entity_id"]
-      settings.idp_sso_target_url             = sp_settings["sso_url"]
+      if raw_response
+        settings.assertion_consumer_service_url = sp_settings['raw_response_acs']
+        settings.force_authn = '1'
+      else
+        settings.assertion_consumer_service_url = sp_settings['acs']
+      end
+      settings.issuer                         = sp_settings['entity_id']
+      settings.idp_sso_target_url             = sp_settings['sso_url']
 
       # certificate to register with IDP and key to decrypt
       settings.certificate = SP_CERT
@@ -46,57 +54,77 @@ module SamlCamel
       # certificate to verify IDP signature
       settings.idp_cert = IDP_CERT
 
+      # inidcates SP wants assertions to be signed
+      settings.security[:want_responses_signed] = true
+
       settings
     end
   end
 
-
+  # handles logging throughout SP
   module Logging
     begin
-      PRIMARY_ID = SP_SETTINGS["settings"]["primary_id"]
-      SHOULD_LOG = SP_SETTINGS["settings"]["saml_logging"]
-      LOGGER = Logger.new("log/saml.log")
-    rescue
-      #rescue othewise the generator fails
+      PRIMARY_ID = SP_SETTINGS['settings']['primary_id']
+      SHOULD_LOG = SP_SETTINGS['settings']['saml_logging']
+      LOGGER = Logger.new('log/saml.log')
+    rescue StandardError # rubocop:disable Lint/HandleExceptions
+      # rescue othewise the generator fails
     end
 
+    def self.auth_failure(error_context)
+      LOGGER.error("An error occured during authentication. #{error_context}") if SHOULD_LOG
+      LOGGER.error("Backtrace: \n\t\t#{error_context.backtrace.join("\n\t\t")}") if SHOULD_LOG
+    rescue StandardError
+      LOGGER.debug('Unknown Error During auth_failure logging.') if SHOULD_LOG
+    end
 
-     def self.auth_failure(error_context)
-       LOGGER.error("An error occured during authentication. #{error_context}") if SHOULD_LOG
-       LOGGER.error("Backtrace: \n\t\t#{error_context.backtrace.join("\n\t\t")}") if SHOULD_LOG
-     rescue
-       LOGGER.debug("Unknown Error During auth_failure logging.") if SHOULD_LOG
-     end
-
-     def self.bad_ip(saml_attrs,request_ip,current_ip)
-       LOGGER.info("Bad IP address for #{saml_attrs[PRIMARY_ID]}. IP at SAML request #{request_ip} | IP presented #{current_ip}") if SHOULD_LOG
-     rescue
-       LOGGER.debug("Unknown Error During relay state logging. IP check") if SHOULD_LOG
-     end
-
-     def self.expired_session(saml_attrs)
-       LOGGER.info("Session Expired for #{saml_attrs[PRIMARY_ID]}") if SHOULD_LOG
-     rescue
-       LOGGER.debug("Unknown Error During relay state logging. Expired session check") if SHOULD_LOG
-     end
-
-     def self.logout(saml_attrs)
-       LOGGER.info("#{saml_attrs[PRIMARY_ID]} has succesfully logged out.") if SHOULD_LOG
-     rescue
-       LOGGER.debug("Unknown error logging user logout. Most likely anonymous user clicked a logout button.") if SHOULD_LOG
-     end
-
-     def self.saml_state(data)
-       LOGGER.info("Stored Relay: #{data[:stored_relay]} | RequestRelay: #{data[:request_relay]} | Stored IP: #{data[:stored_ip]}  RemoteIP: #{data[:remote_ip]}") if SHOULD_LOG
-     rescue
-       LOGGER.debug("Unknown Error During relay state logging. Saml state check") if SHOULD_LOG
-     end
+    def self.bad_ip(saml_attrs, request_ip, current_ip)
+      if SHOULD_LOG
+        LOGGER.info("Bad IP address for #{saml_attrs[PRIMARY_ID]}. IP at SAML
+ request #{request_ip} | IP presented #{current_ip}")
+      end
+    rescue StandardError
+      LOGGER.debug('Unknown Error During relay state logging. IP check') if SHOULD_LOG
+    end
+
+    def self.debug(message)
+      LOGGER.debug(message) if SHOULD_LOG
+    rescue StandardError
+      LOGGER.debug('Unknown Error During Debug') if SHOULD_LOG
+    end
+
+    def self.expired_session(saml_attrs)
+      LOGGER.info("Session Expired for #{saml_attrs[PRIMARY_ID]}") if SHOULD_LOG
+    rescue StandardError
+      LOGGER.debug('Unknown Error During relay state logging. Expired session check') if SHOULD_LOG
+    end
+
+    def self.logout(saml_attrs)
+      LOGGER.info("#{saml_attrs[PRIMARY_ID]} has succesfully logged out.") if SHOULD_LOG
+    rescue StandardError
+      if SHOULD_LOG
+        LOGGER.debug('Unknown error logging user logout.
+ Most likely anonymous user clicked a logout button.')
+      end
+    end
+
+    def self.saml_state(data)
+      if SHOULD_LOG
+        LOGGER.info("Stored Relay: #{data[:stored_relay]} |
+  RequestRelay: #{data[:request_relay]} |
+  Stored IP: #{data[:stored_ip]}  RemoteIP: #{data[:remote_ip]}")
+      end
+    rescue StandardError
+      LOGGER.debug('Unknown Error During relay state logging. Saml state check') if SHOULD_LOG
+    end
 
     def self.successful_auth(saml_attrs)
       LOGGER.info("#{saml_attrs[PRIMARY_ID]} has succesfully authenticated.") if SHOULD_LOG
-    rescue
-      LOGGER.debug("Unknown Error During successful_auth logging. Check PRIMARY_ID configured in settings.json and that user has attribute.") if SHOULD_LOG
+    rescue StandardError
+      if SHOULD_LOG
+        LOGGER.debug('Unknown Error During successful_auth logging.
+   Check PRIMARY_ID configured in settings.json and that user has attribute.')
+      end
     end
   end
-
 end