saml_camel 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +16 -4
- data/app/controllers/concerns/saml_camel/saml_service.rb +17 -12
- data/app/controllers/saml_camel/application_controller.rb +3 -0
- data/app/controllers/saml_camel/saml_controller.rb +47 -29
- data/app/models/saml_camel/application_record.rb +2 -1
- data/app/models/saml_camel/service_provider.rb +99 -71
- data/app/models/saml_camel/shib.rb +7 -12
- data/config/routes.rb +8 -2
- data/config/saml/development/idp_certificate.crt +25 -0
- data/config/saml/development/saml_certificate.crt +28 -0
- data/config/saml/development/saml_key.key +27 -0
- data/config/saml/development/settings.json +36 -0
- data/config/saml/production/idp_certificate.crt +25 -0
- data/config/saml/production/saml_certificate.crt +28 -0
- data/config/saml/production/saml_key.key +27 -0
- data/config/saml/production/settings.json +1 -0
- data/config/saml/test/idp_certificate.crt +25 -0
- data/config/saml/test/saml_certificate.crt +28 -0
- data/config/saml/test/saml_key.key +27 -0
- data/config/saml/test/settings.json +36 -0
- data/lib/saml_camel/engine.rb +3 -3
- data/lib/saml_camel/version.rb +3 -1
- data/lib/saml_camel.rb +81 -53
- data/lib/tasks/saml_camel_tasks.rake +73 -73
- metadata +33 -7
@@ -1,18 +1,19 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
namespace :saml_camel do # rubocop:disable Metrics/BlockLength
|
4
|
+
desc 'Generate Files for Saml'
|
5
|
+
task :generate_saml do # rubocop:disable Metrics/BlockLength
|
4
6
|
dir = "#{Rails.root}/config/saml/"
|
5
|
-
FileUtils.mkdir(dir) unless Dir.
|
7
|
+
FileUtils.mkdir(dir) unless Dir.exist?(dir)
|
6
8
|
|
7
9
|
specified_env = ENV['environment']
|
8
|
-
default_envs = [
|
10
|
+
default_envs = %w[production test development]
|
9
11
|
key = generate_key
|
10
12
|
cert = generate_cert(key)
|
11
13
|
settings = generate_saml_settings.to_json
|
12
14
|
|
13
|
-
|
14
|
-
|
15
|
-
idp_cert = """MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
|
15
|
+
# TODO: pull in specified idp certificate
|
16
|
+
idp_cert = "MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
|
16
17
|
BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBxMGRHVyaGFt
|
17
18
|
MRgwFgYDVQQKEw9EdWtlIFVuaXZlcnNpdHkxDDAKBgNVBAsTA09JVDEaMBgGA1UE
|
18
19
|
AxMRc2hpYi5vaXQuZHVrZS5lZHUwHhcNMTAwOTA5MTI0NDU1WhcNMjgwOTA0MTI0
|
@@ -35,103 +36,104 @@ Ifvsa0jf4FRsEOwH/x8354/0wyv4RwuavX25kjpmoFn3O+eKokyzsc7/Q2gsm0mv
|
|
35
36
|
V8XQo+5b+4we8AFYlAVp26nLeIqAiJM8xZJ9yHuzVL1O4yxIWIKECWHLqY5+1nas
|
36
37
|
XNiLURrHhsK5pZUPLuhzJFgZuJT62TtnrjJXlrRhJ389VSkh6R64C6ncjNkg6/Cu
|
37
38
|
tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
38
|
-
9TEfyQ5QpfRYAUFWXBc=
|
39
|
-
"""
|
39
|
+
9TEfyQ5QpfRYAUFWXBc="
|
40
40
|
|
41
|
-
|
41
|
+
if specified_env
|
42
|
+
dir = "#{Rails.root}/config/saml/#{specified_env}"
|
43
|
+
FileUtils.mkdir(dir) unless Dir.exist?(dir)
|
44
|
+
File.open("#{Rails.root}/config/saml/#{specified_env}/saml_certificate.crt", 'w+') { |f| f.write(cert) } # rubocop:disable Metrics/LineLength
|
45
|
+
File.open("#{Rails.root}/config/saml/#{specified_env}/saml_key.key", 'w+') { |f| f.write(key) } # rubocop:disable Metrics/LineLength
|
46
|
+
File.open("#{Rails.root}/config/saml/#{specified_env}/idp_certificate.crt", 'w+') { |f| f.write(idp_cert) } # rubocop:disable Metrics/LineLength
|
47
|
+
File.open("#{Rails.root}/config/saml/#{specified_env}/settings.json", 'w+') { |f| f.write(settings) } # rubocop:disable Metrics/LineLength
|
48
|
+
File.open('.gitignore', 'a') { |f| f.write("config/saml/#{specified_env}/saml_key.key") }
|
49
|
+
else
|
42
50
|
default_envs.each do |e|
|
43
51
|
dir = "#{Rails.root}/config/saml/#{e}"
|
44
|
-
FileUtils.mkdir(dir) unless Dir.
|
45
|
-
File.open("#{Rails.root}/config/saml/#{e}/saml_certificate.crt",
|
46
|
-
File.open("#{Rails.root}/config/saml/#{e}/saml_key.key",
|
47
|
-
File.open("#{Rails.root}/config/saml/#{e}/idp_certificate.crt",
|
48
|
-
File.open("#{Rails.root}/config/saml/#{e}/settings.json",
|
49
|
-
File.open('.gitignore', 'a') { |f| f.write("config/saml/#{e}/saml_key.key\n") }
|
52
|
+
FileUtils.mkdir(dir) unless Dir.exist?(dir)
|
53
|
+
File.open("#{Rails.root}/config/saml/#{e}/saml_certificate.crt", 'w+') { |f| f.write(cert) } # rubocop:disable Metrics/LineLength
|
54
|
+
File.open("#{Rails.root}/config/saml/#{e}/saml_key.key", 'w+') { |f| f.write(key) } # rubocop:disable Metrics/LineLength
|
55
|
+
File.open("#{Rails.root}/config/saml/#{e}/idp_certificate.crt", 'w+') { |f| f.write(idp_cert) } # rubocop:disable Metrics/LineLength
|
56
|
+
File.open("#{Rails.root}/config/saml/#{e}/settings.json", 'w+') { |f| f.write(settings) } # rubocop:disable Metrics/LineLength
|
57
|
+
File.open('.gitignore', 'a') { |f| f.write("config/saml/#{e}/saml_key.key\n") } # rubocop:disable Metrics/LineLength
|
50
58
|
end
|
51
|
-
else
|
52
|
-
dir = "#{Rails.root}/config/saml/#{specified_env}"
|
53
|
-
FileUtils.mkdir(dir) unless Dir.exists?(dir)
|
54
|
-
File.open("#{Rails.root}/config/saml/#{specified_env}/saml_certificate.crt","w+") {|f| f.write(cert) }
|
55
|
-
File.open("#{Rails.root}/config/saml/#{specified_env}/saml_key.key","w+") {|f| f.write(key) }
|
56
|
-
File.open("#{Rails.root}/config/saml/#{specified_env}/idp_certificate.crt","w+") {|f| f.write(idp_cert) }
|
57
|
-
File.open("#{Rails.root}/config/saml/#{specified_env}/settings.json","w+") {|f| f.write(settings) }
|
58
|
-
File.open('.gitignore', 'a') { |f| f.write("config/saml/#{specified_env}/saml_key.key") }
|
59
59
|
end
|
60
60
|
end
|
61
61
|
|
62
|
-
|
63
|
-
def generate_saml_settings
|
62
|
+
def generate_saml_settings # rubocop:disable Metrics/MethodLength
|
64
63
|
{
|
65
|
-
_comment:
|
64
|
+
_comment: 'note you will need to restart the application when you make changes to this file',
|
66
65
|
settings: {
|
67
|
-
acs:
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
66
|
+
acs: 'http://localhost:3000/saml/consumeSaml',
|
67
|
+
raw_response_acs: 'http://localhost:3000/saml/consumeSaml/rawResponse',
|
68
|
+
entity_id: 'https://your-entity-id.com',
|
69
|
+
sso_url: 'https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO',
|
70
|
+
logout_url: 'https://shib.oit.duke.edu/cgi-bin/logout.pl',
|
71
|
+
primary_id: 'eduPersonPrincipalName',
|
72
72
|
sp_session_timeout: 1,
|
73
73
|
sp_session_lifetime: 8,
|
74
|
-
|
74
|
+
test_auth_path: true,
|
75
|
+
saml_logging: true,
|
76
|
+
debug: false
|
75
77
|
},
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
78
|
+
'attribute_map': {
|
79
|
+
'urn:oid:1.3.6.1.4.1.5923.1.1.1.9': 'eduPersonScopedAffiliation',
|
80
|
+
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6': 'eduPersonPrincipalName',
|
81
|
+
'urn:oid:2.5.4.3': 'cn',
|
82
|
+
'urn:oid:0.9.2342.19200300.100.1.1': 'uid',
|
83
|
+
'urn:oid:0.9.2342.19200300.100.1.3': 'mail',
|
84
|
+
'urn:oid:1.3.6.1.4.1.5923.1.1.1.5': 'eduPersonPrimaryAffiliation',
|
85
|
+
'urn:oid:2.16.840.1.113730.3.1.241': 'displayName',
|
86
|
+
'urn:mace:duke.edu:idms:unique-id': 'duDukeID',
|
87
|
+
'urn:mace:duke.edu:idms:dku-id': 'dku-id',
|
88
|
+
'urn:oid:1.3.6.1.4.1.5923.1.5.1.1': 'isMemberOf',
|
89
|
+
'urn:oid:2.5.4.42': 'givenName',
|
90
|
+
'urn:oid:2.5.4.4': 'sn',
|
91
|
+
'urn:oid:2.5.4.11': 'ou',
|
92
|
+
'urn:oid:1.3.6.1.4.1.5923.1.1.1.1': 'eduPersonAffiliation',
|
93
|
+
'urn:oid:2.5.4.20': 'telephoneNumber',
|
94
|
+
'urn:oid:2.5.4.12': 'title',
|
95
|
+
'urn:mace:duke.edu:idms:middle-name1': 'duMiddleName1',
|
96
|
+
'urn:mace:duke.edu:idms:proxy-token': 'duProxyToken'
|
95
97
|
}
|
96
98
|
}
|
97
99
|
end
|
98
100
|
|
99
|
-
|
100
101
|
def generate_key
|
101
102
|
OpenSSL::PKey::RSA.new(2048)
|
102
103
|
end
|
103
104
|
|
104
|
-
def generate_cert(key)
|
105
|
-
puts
|
106
|
-
STDOUT.puts
|
105
|
+
def generate_cert(key) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
106
|
+
puts '\n\nPlease provide the following details to generate your saml key and certificate:'
|
107
|
+
STDOUT.puts 'Country Name (2 letter code) [AU]:'
|
107
108
|
country = STDIN.gets.strip
|
108
109
|
|
109
|
-
STDOUT.puts
|
110
|
+
STDOUT.puts 'State or Province Name (full name) [Some-State]:'
|
110
111
|
state = STDIN.gets.strip
|
111
112
|
|
112
|
-
STDOUT.puts
|
113
|
+
STDOUT.puts 'Locality Name (eg, city):'
|
113
114
|
city = STDIN.gets.strip
|
114
115
|
|
115
|
-
STDOUT.puts
|
116
|
+
STDOUT.puts 'Organization Name (eg, company):'
|
116
117
|
org = STDIN.gets.strip
|
117
118
|
|
118
|
-
STDOUT.puts
|
119
|
+
STDOUT.puts 'Organizational Unit Name (eg, section):'
|
119
120
|
unit = STDIN.gets.strip
|
120
121
|
|
121
|
-
STDOUT.puts
|
122
|
+
STDOUT.puts 'Common Name (non url name, remember this is not a server cert):'
|
122
123
|
cn = STDIN.gets.strip
|
123
124
|
|
124
|
-
STDOUT.puts
|
125
|
+
STDOUT.puts 'Email Address:'
|
125
126
|
email = STDIN.gets.strip
|
126
127
|
|
127
|
-
|
128
128
|
public_key = key.public_key
|
129
129
|
|
130
|
-
#generate subject line of cert
|
131
|
-
subject = "/C=#{country}/ST=#{state}/L=#{city}/O=#{org}/OU=#{unit}/CN=#{cn}/emailAddress=#{email}"
|
130
|
+
# generate subject line of cert
|
131
|
+
subject = "/C=#{country}/ST=#{state}/L=#{city}/O=#{org}/OU=#{unit}/CN=#{cn}/emailAddress=#{email}" # rubocop:disable Metrics/LineLength
|
132
132
|
|
133
133
|
cert = OpenSSL::X509::Certificate.new
|
134
|
-
|
134
|
+
|
135
|
+
# TODO: this line breaks when https:// is added for CN
|
136
|
+
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
|
135
137
|
cert.not_before = Time.now
|
136
138
|
cert.not_after = Time.now + 365 * 24 * 60 * 60
|
137
139
|
cert.public_key = public_key
|
@@ -142,15 +144,13 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
142
144
|
ef.subject_certificate = cert
|
143
145
|
ef.issuer_certificate = cert
|
144
146
|
cert.extensions = [
|
145
|
-
ef.create_extension(
|
146
|
-
ef.create_extension(
|
147
|
+
ef.create_extension('basicConstraints', 'CA:TRUE', true),
|
148
|
+
ef.create_extension('subjectKeyIdentifier', 'hash'),
|
147
149
|
# ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
|
148
150
|
]
|
149
|
-
cert.add_extension ef.create_extension(
|
150
|
-
|
151
|
+
cert.add_extension ef.create_extension('authorityKeyIdentifier',
|
152
|
+
'keyid:always,issuer:always')
|
151
153
|
|
152
154
|
cert.sign key, OpenSSL::Digest::SHA256.new
|
153
155
|
end
|
154
|
-
|
155
|
-
|
156
156
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml_camel
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 'Danai Adkisson '
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-05-
|
11
|
+
date: 2018-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -39,21 +39,21 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 1.7.2
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: byebug
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
47
|
+
version: '0'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
54
|
+
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
56
|
+
name: rubocop
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - ">="
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: ruby-saml
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 1.7.2
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 1.7.2
|
69
83
|
description: SAML tool wrapping onelogin/rubysaml
|
70
84
|
email:
|
71
85
|
- da129@duke.edu
|
@@ -86,6 +100,18 @@ files:
|
|
86
100
|
- app/views/saml_camel/saml/attr_check.html.erb
|
87
101
|
- app/views/saml_camel/saml/failure.html.erb
|
88
102
|
- config/routes.rb
|
103
|
+
- config/saml/development/idp_certificate.crt
|
104
|
+
- config/saml/development/saml_certificate.crt
|
105
|
+
- config/saml/development/saml_key.key
|
106
|
+
- config/saml/development/settings.json
|
107
|
+
- config/saml/production/idp_certificate.crt
|
108
|
+
- config/saml/production/saml_certificate.crt
|
109
|
+
- config/saml/production/saml_key.key
|
110
|
+
- config/saml/production/settings.json
|
111
|
+
- config/saml/test/idp_certificate.crt
|
112
|
+
- config/saml/test/saml_certificate.crt
|
113
|
+
- config/saml/test/saml_key.key
|
114
|
+
- config/saml/test/settings.json
|
89
115
|
- lib/saml_camel.rb
|
90
116
|
- lib/saml_camel/engine.rb
|
91
117
|
- lib/saml_camel/transaction.rb
|
@@ -114,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
114
140
|
version: '0'
|
115
141
|
requirements: []
|
116
142
|
rubyforge_project:
|
117
|
-
rubygems_version: 2.
|
143
|
+
rubygems_version: 2.6.11
|
118
144
|
signing_key:
|
119
145
|
specification_version: 4
|
120
146
|
summary: SAML tool wrapping onelogin/rubysaml
|