saml_camel 1.0.5 → 1.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +21 -1
- data/app/controllers/concerns/saml_camel/saml_service.rb +15 -5
- data/app/models/saml_camel/service_provider.rb +27 -2
- data/app/models/saml_camel/shib.rb +5 -1
- data/app/views/saml_camel/saml/failure.html.erb +4 -2
- data/config/saml/development/saml_certificate.crt +24 -25
- data/config/saml/development/saml_key.key +25 -25
- data/config/saml/production/idp_certificate.crt +27 -25
- data/config/saml/production/saml_key.key +25 -25
- data/config/saml/test/saml_certificate.crt +24 -25
- data/config/saml/test/saml_key.key +25 -25
- data/lib/saml_camel.rb +7 -0
- data/lib/saml_camel/version.rb +1 -1
- data/lib/tasks/saml_camel_tasks.rake +1 -0
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 8883a80247875fe73ecb79704abaf9b0a249924b2b8df5582e6767ee49a3428b
|
|
4
|
+
data.tar.gz: 411a4be30453d4bb258065096062a6c6ce0cb89eca2ad852d9582eac8f978c1e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2f154ff374ab4aa74deaf11623b693b2373a872b1a6a5dcea008fee4914b32202e8f0cfbd1978934af6355787d5fc7cbdf89d7372d3e01c7eb7761ef7fcc007
|
|
7
|
+
data.tar.gz: 59eb90047c7ef00faf38ca5bef9a7b371ae9de4f677c2f12d94cf8305ed1ebb0b835c2f99c7bd93c3a438d6bce0d02ef1c242c0f2a98a7e338fa5c205145031e
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ bundle
|
|
|
37
37
|
config.cache_store = :memory_store
|
|
38
38
|
```
|
|
39
39
|
|
|
40
|
-
**NOTE:** use the cache_store most appropriate for your situation. It may make more sense to use a file store, or a redis server. For example it may not make sense to cache in memory in production. You can read more about rails caching behavior here http://guides.rubyonrails.org/caching_with_rails.html
|
|
40
|
+
**NOTE:** use the cache_store most appropriate for your situation. **It may make more sense to use a file store, or a redis server. If you are running an app across multiple instances do not use memory_store**. For example it may not make sense to cache in memory in production. You can read more about rails caching behavior here http://guides.rubyonrails.org/caching_with_rails.html
|
|
41
41
|
|
|
42
42
|
2. run `rake saml_camel:generate_saml` to generate metadata files for the development, test, and production environment. You can also specify a custom environment like this `rake saml_camel:generate_saml environment=acceptance`
|
|
43
43
|
|
|
@@ -72,6 +72,22 @@ Identity Provider(idp) to recognize your app. Typically it should take the form
|
|
|
72
72
|
end
|
|
73
73
|
```
|
|
74
74
|
|
|
75
|
+
6. you can also pass in an optional `RelayState:` keyword argument to provide the RelayState parameter.
|
|
76
|
+
The relay state parameter will be played back to you in the response parameters from the idp. This can be useful if you want to redirect users to different endpoints after the response goes to the ACS.
|
|
77
|
+
```ruby
|
|
78
|
+
class DashboardController < ApplicationController
|
|
79
|
+
before_action except: [:home] do
|
|
80
|
+
saml_protect(relay_state: "some-value-I-want-in-the-response")
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def home
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def index
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
```
|
|
90
|
+
|
|
75
91
|
7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider.
|
|
76
92
|
|
|
77
93
|
7. response attributes found in `session[:saml_attributes]`
|
|
@@ -82,6 +98,9 @@ Identity Provider(idp) to recognize your app. Typically it should take the form
|
|
|
82
98
|
|
|
83
99
|
9. Logging is turned on by default. Logging is configured in `config/saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
|
|
84
100
|
|
|
101
|
+
11. Clock drift can be adjusted by setting the `clock_drift` in `config/saml/development/settings.json`
|
|
102
|
+
The value should be an integer(which translates to seconds). For example a value of 60 will allow clock drift of 1 minute. It is recommended that if you set this value, it should be set as low as possible for security purposes.
|
|
103
|
+
|
|
85
104
|
|
|
86
105
|
10. Convenience Endpoints (assuming enginte is mounted to `saml` path):
|
|
87
106
|
- `/saml/attributes` view attributes being passed through
|
|
@@ -101,6 +120,7 @@ Identity Provider(idp) to recognize your app. Typically it should take the form
|
|
|
101
120
|
"primary_id": "eduPersonPrincipalName",
|
|
102
121
|
"sp_session_timeout": 1,
|
|
103
122
|
"sp_session_lifetime": 8,
|
|
123
|
+
"clock_drift": false,
|
|
104
124
|
"test_auth_path": true,
|
|
105
125
|
"saml_logging": true,
|
|
106
126
|
"debug": false,
|
|
@@ -17,8 +17,8 @@ module SamlCamel::SamlService # rubocop:disable Style/ClassAndModuleChildren
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
# TODO: refactor
|
|
20
|
-
def saml_protect # rubocop:disable Metrics/MethodLength, Metrics/AbcSize:
|
|
21
|
-
|
|
20
|
+
def saml_protect(relay_state: nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize:
|
|
21
|
+
relay_state = relay_state ? "&RelayState=#{CGI.escape(relay_state)}" : ""
|
|
22
22
|
#TODO move this
|
|
23
23
|
begin
|
|
24
24
|
settings = JSON.parse(File.read("config/saml/#{Rails.env}/settings.json"))
|
|
@@ -28,6 +28,8 @@ module SamlCamel::SamlService # rubocop:disable Style/ClassAndModuleChildren
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
user_cache = cache_available?(Rails.cache.fetch(session[:saml_session_id])) if session[:saml_session_id]
|
|
31
|
+
|
|
32
|
+
#user has an active saml_session_id and cache was found using that session id
|
|
31
33
|
if session[:saml_session_id] && user_cache
|
|
32
34
|
SamlCamel::Logging.debug('Saml Session and User Cache Found.') if sp_debug
|
|
33
35
|
SamlCamel::Logging.debug("SAML session id: #{session[:saml_session_id]} | Cache: #{user_cache}") if sp_debug
|
|
@@ -36,14 +38,22 @@ module SamlCamel::SamlService # rubocop:disable Style/ClassAndModuleChildren
|
|
|
36
38
|
saml_attributes: session[:saml_attributes]
|
|
37
39
|
)
|
|
38
40
|
session[:sp_session] = sp.validate_sp_session(session[:sp_session], request.remote_ip)
|
|
41
|
+
|
|
42
|
+
# run this if a user does not have an sp session, or if the response was a failure
|
|
39
43
|
unless session[:saml_response_success] || session[:sp_session]
|
|
40
44
|
SamlCamel::Logging.debug('SAML response not successful or no sp session not valid. Generating new request.') if sp_debug
|
|
41
45
|
SamlCamel::Logging.debug("SAML response: #{session[:saml_response_success]}") if sp_debug
|
|
42
46
|
SamlCamel::Logging.debug("SP session #{session[:sp_session]}") if sp_debug
|
|
47
|
+
|
|
48
|
+
session[:saml_session_id] = SamlCamel::ServiceProvider.generate_permit_key
|
|
49
|
+
saml_request_url = SamlCamel::ServiceProvider.new(
|
|
50
|
+
cache_permit_key: session[:saml_session_id].to_sym
|
|
51
|
+
).generate_saml_request(request)
|
|
43
52
|
|
|
44
|
-
saml_request_url
|
|
45
|
-
redirect_to(saml_request_url)
|
|
53
|
+
redirect_to(saml_request_url + relay_state)
|
|
46
54
|
end
|
|
55
|
+
|
|
56
|
+
# user did not have a saml_session_id and an active cache
|
|
47
57
|
else
|
|
48
58
|
SamlCamel::Logging.debug('User Cache or saml session id not found. Generating new request.') if sp_debug
|
|
49
59
|
SamlCamel::Logging.debug("SAML session id: #{session[:saml_session_id]} | Cache: #{user_cache}") if sp_debug
|
|
@@ -52,7 +62,7 @@ module SamlCamel::SamlService # rubocop:disable Style/ClassAndModuleChildren
|
|
|
52
62
|
saml_request_url = SamlCamel::ServiceProvider.new(
|
|
53
63
|
cache_permit_key: session[:saml_session_id].to_sym
|
|
54
64
|
).generate_saml_request(request)
|
|
55
|
-
redirect_to(saml_request_url)
|
|
65
|
+
redirect_to(saml_request_url + relay_state)
|
|
56
66
|
end
|
|
57
67
|
session[:saml_response_success] = nil # keeps us from looping
|
|
58
68
|
end
|
|
@@ -25,13 +25,35 @@ module SamlCamel
|
|
|
25
25
|
|
|
26
26
|
# ol OneLogin
|
|
27
27
|
def self.ol_response(idp_response, raw_response: false)
|
|
28
|
+
clock_drift = set_clock_drift
|
|
28
29
|
settings = SamlCamel::Transaction.saml_settings(raw_response: raw_response)
|
|
29
|
-
|
|
30
|
+
if clock_drift
|
|
31
|
+
response = OneLogin::RubySaml::Response.new(idp_response, settings: settings, allowed_clock_drift: 2.second)
|
|
32
|
+
else
|
|
33
|
+
response = OneLogin::RubySaml::Response.new(idp_response, settings: settings)
|
|
34
|
+
end
|
|
30
35
|
response.settings = settings
|
|
31
|
-
|
|
32
36
|
response
|
|
33
37
|
end
|
|
34
38
|
|
|
39
|
+
#if user configured clock drift, check configuration
|
|
40
|
+
# ruby saml default I "think" is 180 sec based of the java saml pull request https://github.com/onelogin/java-saml/issues/89
|
|
41
|
+
# however when I pulled the ruby-saml gem and searched the repo it looks like there is no clock drift by default
|
|
42
|
+
def self.set_clock_drift
|
|
43
|
+
clock_drift = SP_SETTINGS.dig('settings','clock_drift')
|
|
44
|
+
return false if !clock_drift
|
|
45
|
+
|
|
46
|
+
# clock drift must either be an integer of falsey, classes have come through
|
|
47
|
+
# differently (fixnum, bignum, integer), using a regex instead to see if that
|
|
48
|
+
# addresses some issues https://stackoverflow.com/questions/16774064/regular-expression-for-whole-numbers-and-integers
|
|
49
|
+
if !clock_drift.to_s.match(/(?<![-.])\b[0-9]+\b(?!\.[0-9])/)
|
|
50
|
+
SamlCamel::Logging.clock_drift(clock_drift)
|
|
51
|
+
raise "Clock Drift Incorrectly Configured."
|
|
52
|
+
end
|
|
53
|
+
clock_drift.to_i
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
|
|
35
57
|
# TODO: method too complex
|
|
36
58
|
def check_expired_session(sp_session) # rubocop:disable Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/LineLength
|
|
37
59
|
sp_timeout = SP_SETTINGS['settings']['sp_session_timeout']
|
|
@@ -52,6 +74,7 @@ module SamlCamel
|
|
|
52
74
|
end
|
|
53
75
|
|
|
54
76
|
# if the session has timed out remove session, otherwise refresh
|
|
77
|
+
sp_session = sp_session.to_s if sp_session.class != String
|
|
55
78
|
if (Time.now - Time.parse(sp_session)) < sp_timeout.hour
|
|
56
79
|
SamlCamel::Logging.debug('Session within timeout, session renewed') if SP_DEBUG
|
|
57
80
|
Time.now
|
|
@@ -116,6 +139,7 @@ module SamlCamel
|
|
|
116
139
|
end
|
|
117
140
|
|
|
118
141
|
|
|
142
|
+
|
|
119
143
|
# set saml_session lifetime, called if none set
|
|
120
144
|
# TODO: this may need to be renamed, it's not really setting the lifetime
|
|
121
145
|
# it's refreshing the last time a user authenticated
|
|
@@ -125,6 +149,7 @@ module SamlCamel
|
|
|
125
149
|
sp_lifetime = SP_SETTINGS['settings']['sp_session_lifetime']
|
|
126
150
|
|
|
127
151
|
SamlCamel::Logging.debug("Setting lifetime of session. Lifetime of #{sp_lifetime} hours") if SP_DEBUG
|
|
152
|
+
Rails.cache.delete(@cache_permit_key)
|
|
128
153
|
Rails.cache.fetch(@cache_permit_key, expires_in: sp_lifetime.hours) do
|
|
129
154
|
user_saml_cache
|
|
130
155
|
end
|
|
@@ -4,7 +4,11 @@ module SamlCamel
|
|
|
4
4
|
# handle shib attributes
|
|
5
5
|
class Shib
|
|
6
6
|
if SP_SETTINGS.dig('settings','shib_module')
|
|
7
|
-
|
|
7
|
+
if File.file?('config/saml/shibboleth.json') #keep backwards compatiblity
|
|
8
|
+
ATTRIBUTE_MAP = JSON.parse(File.read('config/saml/shibboleth.json'))
|
|
9
|
+
else
|
|
10
|
+
ATTRIBUTE_MAP = JSON.parse(File.read("config/saml/#{Rails.env}/settings.json"))["attribute_map"]
|
|
11
|
+
end
|
|
8
12
|
end
|
|
9
13
|
|
|
10
14
|
def self.attributes(request)
|
|
@@ -1,28 +1,27 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
|
-
|
|
2
|
+
MIIEmjCCA4KgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
|
|
3
3
|
FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
moSLPLaWINlhqvuRXw==
|
|
4
|
+
BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMRMwEQYDVQQDDApkdW1t
|
|
5
|
+
eWNhbWVsMR0wGwYJKoZIhvcNAQkBFg5kYTEyOUBkdWtlLmVkdTAeFw0xODEwMDEx
|
|
6
|
+
OTA5MzFaFw0xOTEwMDExOTA5MzFaMIGTMQswCQYDVQQGEwJVUzEXMBUGA1UECAwO
|
|
7
|
+
Tm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhhbTEYMBYGA1UECgwPRHVrZSBV
|
|
8
|
+
bml2ZXJzaXR5MQwwCgYDVQQLDANPSVQxEzARBgNVBAMMCmR1bW15Y2FtZWwxHTAb
|
|
9
|
+
BgkqhkiG9w0BCQEWDmRhMTI5QGR1a2UuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
10
|
+
AQ8AMIIBCgKCAQEAxfEBOBim4MNyaqgTxKUJS9Fc6OTIDl/T4JkCRYw0dn96tHU4
|
|
11
|
+
uSFuTXXyeGSNW8xJg5ky5x9/xIusZjfyWb3sboGJRMaMT01QqsJA3+Ty+XSSpWc6
|
|
12
|
+
GXPO/sCYKJmIAXNYtQDXbilkD5TQweNyL3sgEpsMXM7CUjlu2Iw6eJpVTbF0eEgV
|
|
13
|
+
/tDOZFy/EdmZltOgT/xLbm2hypRdjebXZboUj3dO7I5wDH8OdwF6HcwhwRSEkZQG
|
|
14
|
+
EAaWIhbt5Zppzl737ONqzkKKp6d67vpiHV/KU5iyjOkXm1r1ZJtCQJJiM/OGK6rk
|
|
15
|
+
pC78q6USM5CZzOGXw/qN3Gwnkgkme/5h7LNx2QIDAQABo4H2MIHzMA8GA1UdEwEB
|
|
16
|
+
/wQFMAMBAf8wHQYDVR0OBBYEFF/usaGeNEdFtSpp+AAsBDb1JZ/mMIHABgNVHSME
|
|
17
|
+
gbgwgbWAFF/usaGeNEdFtSpp+AAsBDb1JZ/moYGZpIGWMIGTMQswCQYDVQQGEwJV
|
|
18
|
+
UzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhhbTEYMBYG
|
|
19
|
+
A1UECgwPRHVrZSBVbml2ZXJzaXR5MQwwCgYDVQQLDANPSVQxEzARBgNVBAMMCmR1
|
|
20
|
+
bW15Y2FtZWwxHTAbBgkqhkiG9w0BCQEWDmRhMTI5QGR1a2UuZWR1ggEAMA0GCSqG
|
|
21
|
+
SIb3DQEBCwUAA4IBAQCB3HHMBOr3Ju7AhM+I0ngM9T+mVI/tOninpHVqUIp0hftM
|
|
22
|
+
eWYRkIRXhND2ScqnbOgeYGtWirIu/UWdEcI65fD1HVorcQjiW3cEB684tZAD/sh7
|
|
23
|
+
OJoawAAyYOIF7oFtFO5tl1RVpZJM2wBKVnUMpxtG/g6El8TwRwo6dvJpKzu10ypP
|
|
24
|
+
QVPIhzE+3BoOCGoz8eVF3WydBcwmoc5bRixZuNYwAC2XMPGW+S58MxSrhaLmfRu7
|
|
25
|
+
RISpYbgk7jI92S7OJS61c5ZTZgn6H/Gr3u8sV0fn8cLGHIoD2+DUolw7VXN31M8A
|
|
26
|
+
g2KwRSTWaPLf6Be9On3pgGRpd1jZg00P/Gv4wnKe
|
|
28
27
|
-----END CERTIFICATE-----
|
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
2
|
+
MIIEpQIBAAKCAQEAxfEBOBim4MNyaqgTxKUJS9Fc6OTIDl/T4JkCRYw0dn96tHU4
|
|
3
|
+
uSFuTXXyeGSNW8xJg5ky5x9/xIusZjfyWb3sboGJRMaMT01QqsJA3+Ty+XSSpWc6
|
|
4
|
+
GXPO/sCYKJmIAXNYtQDXbilkD5TQweNyL3sgEpsMXM7CUjlu2Iw6eJpVTbF0eEgV
|
|
5
|
+
/tDOZFy/EdmZltOgT/xLbm2hypRdjebXZboUj3dO7I5wDH8OdwF6HcwhwRSEkZQG
|
|
6
|
+
EAaWIhbt5Zppzl737ONqzkKKp6d67vpiHV/KU5iyjOkXm1r1ZJtCQJJiM/OGK6rk
|
|
7
|
+
pC78q6USM5CZzOGXw/qN3Gwnkgkme/5h7LNx2QIDAQABAoIBAF8ExjULgHA84lvY
|
|
8
|
+
u0SWhNPkeNlDmdVsouUaDkEcgMKxh1HBQ617ItwEVpT8j+8VLeUCUbEpKchL1EJt
|
|
9
|
+
cOUriqexfxeIyCn5T1PpVAMmgIzHLO5Bk15MfX1FLsWujd9EY7zf3op/TA0+vseU
|
|
10
|
+
S2gHjunfjBuxFQ8ris5g4mCqlXBpetzpu+AgflCat5ITgmQ3gwUBfY5avu+ad8Qg
|
|
11
|
+
aSg+SIy1WruHmY00qDoXtVy6va7Ru1XuAwq73KxFi/ap1DFBapGnIlwiz016y2JE
|
|
12
|
+
fKN8HSe1svx6ld94+u8cq3/fju6+R5cYzWt6DlK6nJF+epHIJQQOrDIlvLr1a0X2
|
|
13
|
+
i22M8FECgYEA6csjeIcQnFu4BEy8h4Qg5qHOifTCewuxM3MAG4UTssXgblUKAt0e
|
|
14
|
+
+0W/DUcDAcsm8tOlm9pWTzbzzykUQUUm75Vc9kkeQAiwDuXwdz9TKKdqk2YSBpWv
|
|
15
|
+
bnegc7sjvQ5emSrFw4BL1RK9hLopQGl7K7yn6aaCi3C1s1lOf7YJtQcCgYEA2L4Y
|
|
16
|
+
qcGaIB9raKych5xVYVZjovIAMSzDJCCg57+mRyNHl4L1sGzgHLT8pNpM1QUAydO6
|
|
17
|
+
dVXjg6/YzuQv4Sm0y5zPCjhZOJ5tu0i9HC4ESzDLkrdpQjhLIQu1nkdeUKmoJLd1
|
|
18
|
+
79u62BKyPh5GBKkQ5G08s4CIQ5+Agyeep10Zyh8CgYEAml+h+lHk6/m8Fkq9KhZa
|
|
19
|
+
yy8IfBt711evGDPVXFaQ3Ti/qtrIE4AClxRExPWgzKxh+XE7JyASYZf9gUq0ryyE
|
|
20
|
+
Oyq7CXzaVpnl9tBp6bOMq4lwXAfH20U3Y4/mCMUHIiy81hJiJ2ctq3IGZf+ugXOk
|
|
21
|
+
+wpFLYjfJke0EsrjhHylCD0CgYEA2EylmkvOPz5712NjduZqQpCPMJ8n1+te91/k
|
|
22
|
+
lEKrcxTfLnIQNLgC1EM+WlpNEM1EYyZ8Tvqe6d2ElbwdmCwh9I0SBZYEXD+nLJ9D
|
|
23
|
+
sqqtuEgC8PE/B0ncmCbyYfnBQuh9F99KwEtdZKML5Hgb0izS4dOuH0knM60q+DiC
|
|
24
|
+
2W1M/msCgYEAjwb5w6EiI5bKRUHSmOoR0BPDaLjOdNzF5HlCQZ4CZzYB3y9ND5rd
|
|
25
|
+
tIuwbCCInB7/frAzbGjpWp8shtAvmGtw0wvISGf0OYCzfG25xcrwmnnhC1DEiQ+C
|
|
26
|
+
9i3n0tNaQy3fugDYdCdSeJtv0rg8mrUVhc1ij7kCKMVHaJbYMF3vXBw=
|
|
27
27
|
-----END RSA PRIVATE KEY-----
|
|
@@ -1,25 +1,27 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
|
2
|
+
MIIEmjCCA4KgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
|
|
3
|
+
FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
|
|
4
|
+
BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMRMwEQYDVQQDDApkdW1t
|
|
5
|
+
eWNhbWVsMR0wGwYJKoZIhvcNAQkBFg5kYTEyOUBkdWtlLmVkdTAeFw0xODEwMDEx
|
|
6
|
+
OTA5MzFaFw0xOTEwMDExOTA5MzFaMIGTMQswCQYDVQQGEwJVUzEXMBUGA1UECAwO
|
|
7
|
+
Tm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhhbTEYMBYGA1UECgwPRHVrZSBV
|
|
8
|
+
bml2ZXJzaXR5MQwwCgYDVQQLDANPSVQxEzARBgNVBAMMCmR1bW15Y2FtZWwxHTAb
|
|
9
|
+
BgkqhkiG9w0BCQEWDmRhMTI5QGR1a2UuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
10
|
+
AQ8AMIIBCgKCAQEAxfEBOBim4MNyaqgTxKUJS9Fc6OTIDl/T4JkCRYw0dn96tHU4
|
|
11
|
+
uSFuTXXyeGSNW8xJg5ky5x9/xIusZjfyWb3sboGJRMaMT01QqsJA3+Ty+XSSpWc6
|
|
12
|
+
GXPO/sCYKJmIAXNYtQDXbilkD5TQweNyL3sgEpsMXM7CUjlu2Iw6eJpVTbF0eEgV
|
|
13
|
+
/tDOZFy/EdmZltOgT/xLbm2hypRdjebXZboUj3dO7I5wDH8OdwF6HcwhwRSEkZQG
|
|
14
|
+
EAaWIhbt5Zppzl737ONqzkKKp6d67vpiHV/KU5iyjOkXm1r1ZJtCQJJiM/OGK6rk
|
|
15
|
+
pC78q6USM5CZzOGXw/qN3Gwnkgkme/5h7LNx2QIDAQABo4H2MIHzMA8GA1UdEwEB
|
|
16
|
+
/wQFMAMBAf8wHQYDVR0OBBYEFF/usaGeNEdFtSpp+AAsBDb1JZ/mMIHABgNVHSME
|
|
17
|
+
gbgwgbWAFF/usaGeNEdFtSpp+AAsBDb1JZ/moYGZpIGWMIGTMQswCQYDVQQGEwJV
|
|
18
|
+
UzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhhbTEYMBYG
|
|
19
|
+
A1UECgwPRHVrZSBVbml2ZXJzaXR5MQwwCgYDVQQLDANPSVQxEzARBgNVBAMMCmR1
|
|
20
|
+
bW15Y2FtZWwxHTAbBgkqhkiG9w0BCQEWDmRhMTI5QGR1a2UuZWR1ggEAMA0GCSqG
|
|
21
|
+
SIb3DQEBCwUAA4IBAQCB3HHMBOr3Ju7AhM+I0ngM9T+mVI/tOninpHVqUIp0hftM
|
|
22
|
+
eWYRkIRXhND2ScqnbOgeYGtWirIu/UWdEcI65fD1HVorcQjiW3cEB684tZAD/sh7
|
|
23
|
+
OJoawAAyYOIF7oFtFO5tl1RVpZJM2wBKVnUMpxtG/g6El8TwRwo6dvJpKzu10ypP
|
|
24
|
+
QVPIhzE+3BoOCGoz8eVF3WydBcwmoc5bRixZuNYwAC2XMPGW+S58MxSrhaLmfRu7
|
|
25
|
+
RISpYbgk7jI92S7OJS61c5ZTZgn6H/Gr3u8sV0fn8cLGHIoD2+DUolw7VXN31M8A
|
|
26
|
+
g2KwRSTWaPLf6Be9On3pgGRpd1jZg00P/Gv4wnKe
|
|
27
|
+
-----END CERTIFICATE-----
|
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
2
|
+
MIIEpQIBAAKCAQEAxfEBOBim4MNyaqgTxKUJS9Fc6OTIDl/T4JkCRYw0dn96tHU4
|
|
3
|
+
uSFuTXXyeGSNW8xJg5ky5x9/xIusZjfyWb3sboGJRMaMT01QqsJA3+Ty+XSSpWc6
|
|
4
|
+
GXPO/sCYKJmIAXNYtQDXbilkD5TQweNyL3sgEpsMXM7CUjlu2Iw6eJpVTbF0eEgV
|
|
5
|
+
/tDOZFy/EdmZltOgT/xLbm2hypRdjebXZboUj3dO7I5wDH8OdwF6HcwhwRSEkZQG
|
|
6
|
+
EAaWIhbt5Zppzl737ONqzkKKp6d67vpiHV/KU5iyjOkXm1r1ZJtCQJJiM/OGK6rk
|
|
7
|
+
pC78q6USM5CZzOGXw/qN3Gwnkgkme/5h7LNx2QIDAQABAoIBAF8ExjULgHA84lvY
|
|
8
|
+
u0SWhNPkeNlDmdVsouUaDkEcgMKxh1HBQ617ItwEVpT8j+8VLeUCUbEpKchL1EJt
|
|
9
|
+
cOUriqexfxeIyCn5T1PpVAMmgIzHLO5Bk15MfX1FLsWujd9EY7zf3op/TA0+vseU
|
|
10
|
+
S2gHjunfjBuxFQ8ris5g4mCqlXBpetzpu+AgflCat5ITgmQ3gwUBfY5avu+ad8Qg
|
|
11
|
+
aSg+SIy1WruHmY00qDoXtVy6va7Ru1XuAwq73KxFi/ap1DFBapGnIlwiz016y2JE
|
|
12
|
+
fKN8HSe1svx6ld94+u8cq3/fju6+R5cYzWt6DlK6nJF+epHIJQQOrDIlvLr1a0X2
|
|
13
|
+
i22M8FECgYEA6csjeIcQnFu4BEy8h4Qg5qHOifTCewuxM3MAG4UTssXgblUKAt0e
|
|
14
|
+
+0W/DUcDAcsm8tOlm9pWTzbzzykUQUUm75Vc9kkeQAiwDuXwdz9TKKdqk2YSBpWv
|
|
15
|
+
bnegc7sjvQ5emSrFw4BL1RK9hLopQGl7K7yn6aaCi3C1s1lOf7YJtQcCgYEA2L4Y
|
|
16
|
+
qcGaIB9raKych5xVYVZjovIAMSzDJCCg57+mRyNHl4L1sGzgHLT8pNpM1QUAydO6
|
|
17
|
+
dVXjg6/YzuQv4Sm0y5zPCjhZOJ5tu0i9HC4ESzDLkrdpQjhLIQu1nkdeUKmoJLd1
|
|
18
|
+
79u62BKyPh5GBKkQ5G08s4CIQ5+Agyeep10Zyh8CgYEAml+h+lHk6/m8Fkq9KhZa
|
|
19
|
+
yy8IfBt711evGDPVXFaQ3Ti/qtrIE4AClxRExPWgzKxh+XE7JyASYZf9gUq0ryyE
|
|
20
|
+
Oyq7CXzaVpnl9tBp6bOMq4lwXAfH20U3Y4/mCMUHIiy81hJiJ2ctq3IGZf+ugXOk
|
|
21
|
+
+wpFLYjfJke0EsrjhHylCD0CgYEA2EylmkvOPz5712NjduZqQpCPMJ8n1+te91/k
|
|
22
|
+
lEKrcxTfLnIQNLgC1EM+WlpNEM1EYyZ8Tvqe6d2ElbwdmCwh9I0SBZYEXD+nLJ9D
|
|
23
|
+
sqqtuEgC8PE/B0ncmCbyYfnBQuh9F99KwEtdZKML5Hgb0izS4dOuH0knM60q+DiC
|
|
24
|
+
2W1M/msCgYEAjwb5w6EiI5bKRUHSmOoR0BPDaLjOdNzF5HlCQZ4CZzYB3y9ND5rd
|
|
25
|
+
tIuwbCCInB7/frAzbGjpWp8shtAvmGtw0wvISGf0OYCzfG25xcrwmnnhC1DEiQ+C
|
|
26
|
+
9i3n0tNaQy3fugDYdCdSeJtv0rg8mrUVhc1ij7kCKMVHaJbYMF3vXBw=
|
|
27
27
|
-----END RSA PRIVATE KEY-----
|
|
@@ -1,28 +1,27 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
|
-
|
|
2
|
+
MIIEmjCCA4KgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
|
|
3
3
|
FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHDAZEdXJoYW0xGDAWBgNV
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
moSLPLaWINlhqvuRXw==
|
|
4
|
+
BAoMD0R1a2UgVW5pdmVyc2l0eTEMMAoGA1UECwwDT0lUMRMwEQYDVQQDDApkdW1t
|
|
5
|
+
eWNhbWVsMR0wGwYJKoZIhvcNAQkBFg5kYTEyOUBkdWtlLmVkdTAeFw0xODEwMDEx
|
|
6
|
+
OTA5MzFaFw0xOTEwMDExOTA5MzFaMIGTMQswCQYDVQQGEwJVUzEXMBUGA1UECAwO
|
|
7
|
+
Tm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhhbTEYMBYGA1UECgwPRHVrZSBV
|
|
8
|
+
bml2ZXJzaXR5MQwwCgYDVQQLDANPSVQxEzARBgNVBAMMCmR1bW15Y2FtZWwxHTAb
|
|
9
|
+
BgkqhkiG9w0BCQEWDmRhMTI5QGR1a2UuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
10
|
+
AQ8AMIIBCgKCAQEAxfEBOBim4MNyaqgTxKUJS9Fc6OTIDl/T4JkCRYw0dn96tHU4
|
|
11
|
+
uSFuTXXyeGSNW8xJg5ky5x9/xIusZjfyWb3sboGJRMaMT01QqsJA3+Ty+XSSpWc6
|
|
12
|
+
GXPO/sCYKJmIAXNYtQDXbilkD5TQweNyL3sgEpsMXM7CUjlu2Iw6eJpVTbF0eEgV
|
|
13
|
+
/tDOZFy/EdmZltOgT/xLbm2hypRdjebXZboUj3dO7I5wDH8OdwF6HcwhwRSEkZQG
|
|
14
|
+
EAaWIhbt5Zppzl737ONqzkKKp6d67vpiHV/KU5iyjOkXm1r1ZJtCQJJiM/OGK6rk
|
|
15
|
+
pC78q6USM5CZzOGXw/qN3Gwnkgkme/5h7LNx2QIDAQABo4H2MIHzMA8GA1UdEwEB
|
|
16
|
+
/wQFMAMBAf8wHQYDVR0OBBYEFF/usaGeNEdFtSpp+AAsBDb1JZ/mMIHABgNVHSME
|
|
17
|
+
gbgwgbWAFF/usaGeNEdFtSpp+AAsBDb1JZ/moYGZpIGWMIGTMQswCQYDVQQGEwJV
|
|
18
|
+
UzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExDzANBgNVBAcMBkR1cmhhbTEYMBYG
|
|
19
|
+
A1UECgwPRHVrZSBVbml2ZXJzaXR5MQwwCgYDVQQLDANPSVQxEzARBgNVBAMMCmR1
|
|
20
|
+
bW15Y2FtZWwxHTAbBgkqhkiG9w0BCQEWDmRhMTI5QGR1a2UuZWR1ggEAMA0GCSqG
|
|
21
|
+
SIb3DQEBCwUAA4IBAQCB3HHMBOr3Ju7AhM+I0ngM9T+mVI/tOninpHVqUIp0hftM
|
|
22
|
+
eWYRkIRXhND2ScqnbOgeYGtWirIu/UWdEcI65fD1HVorcQjiW3cEB684tZAD/sh7
|
|
23
|
+
OJoawAAyYOIF7oFtFO5tl1RVpZJM2wBKVnUMpxtG/g6El8TwRwo6dvJpKzu10ypP
|
|
24
|
+
QVPIhzE+3BoOCGoz8eVF3WydBcwmoc5bRixZuNYwAC2XMPGW+S58MxSrhaLmfRu7
|
|
25
|
+
RISpYbgk7jI92S7OJS61c5ZTZgn6H/Gr3u8sV0fn8cLGHIoD2+DUolw7VXN31M8A
|
|
26
|
+
g2KwRSTWaPLf6Be9On3pgGRpd1jZg00P/Gv4wnKe
|
|
28
27
|
-----END CERTIFICATE-----
|
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
2
|
+
MIIEpQIBAAKCAQEAxfEBOBim4MNyaqgTxKUJS9Fc6OTIDl/T4JkCRYw0dn96tHU4
|
|
3
|
+
uSFuTXXyeGSNW8xJg5ky5x9/xIusZjfyWb3sboGJRMaMT01QqsJA3+Ty+XSSpWc6
|
|
4
|
+
GXPO/sCYKJmIAXNYtQDXbilkD5TQweNyL3sgEpsMXM7CUjlu2Iw6eJpVTbF0eEgV
|
|
5
|
+
/tDOZFy/EdmZltOgT/xLbm2hypRdjebXZboUj3dO7I5wDH8OdwF6HcwhwRSEkZQG
|
|
6
|
+
EAaWIhbt5Zppzl737ONqzkKKp6d67vpiHV/KU5iyjOkXm1r1ZJtCQJJiM/OGK6rk
|
|
7
|
+
pC78q6USM5CZzOGXw/qN3Gwnkgkme/5h7LNx2QIDAQABAoIBAF8ExjULgHA84lvY
|
|
8
|
+
u0SWhNPkeNlDmdVsouUaDkEcgMKxh1HBQ617ItwEVpT8j+8VLeUCUbEpKchL1EJt
|
|
9
|
+
cOUriqexfxeIyCn5T1PpVAMmgIzHLO5Bk15MfX1FLsWujd9EY7zf3op/TA0+vseU
|
|
10
|
+
S2gHjunfjBuxFQ8ris5g4mCqlXBpetzpu+AgflCat5ITgmQ3gwUBfY5avu+ad8Qg
|
|
11
|
+
aSg+SIy1WruHmY00qDoXtVy6va7Ru1XuAwq73KxFi/ap1DFBapGnIlwiz016y2JE
|
|
12
|
+
fKN8HSe1svx6ld94+u8cq3/fju6+R5cYzWt6DlK6nJF+epHIJQQOrDIlvLr1a0X2
|
|
13
|
+
i22M8FECgYEA6csjeIcQnFu4BEy8h4Qg5qHOifTCewuxM3MAG4UTssXgblUKAt0e
|
|
14
|
+
+0W/DUcDAcsm8tOlm9pWTzbzzykUQUUm75Vc9kkeQAiwDuXwdz9TKKdqk2YSBpWv
|
|
15
|
+
bnegc7sjvQ5emSrFw4BL1RK9hLopQGl7K7yn6aaCi3C1s1lOf7YJtQcCgYEA2L4Y
|
|
16
|
+
qcGaIB9raKych5xVYVZjovIAMSzDJCCg57+mRyNHl4L1sGzgHLT8pNpM1QUAydO6
|
|
17
|
+
dVXjg6/YzuQv4Sm0y5zPCjhZOJ5tu0i9HC4ESzDLkrdpQjhLIQu1nkdeUKmoJLd1
|
|
18
|
+
79u62BKyPh5GBKkQ5G08s4CIQ5+Agyeep10Zyh8CgYEAml+h+lHk6/m8Fkq9KhZa
|
|
19
|
+
yy8IfBt711evGDPVXFaQ3Ti/qtrIE4AClxRExPWgzKxh+XE7JyASYZf9gUq0ryyE
|
|
20
|
+
Oyq7CXzaVpnl9tBp6bOMq4lwXAfH20U3Y4/mCMUHIiy81hJiJ2ctq3IGZf+ugXOk
|
|
21
|
+
+wpFLYjfJke0EsrjhHylCD0CgYEA2EylmkvOPz5712NjduZqQpCPMJ8n1+te91/k
|
|
22
|
+
lEKrcxTfLnIQNLgC1EM+WlpNEM1EYyZ8Tvqe6d2ElbwdmCwh9I0SBZYEXD+nLJ9D
|
|
23
|
+
sqqtuEgC8PE/B0ncmCbyYfnBQuh9F99KwEtdZKML5Hgb0izS4dOuH0knM60q+DiC
|
|
24
|
+
2W1M/msCgYEAjwb5w6EiI5bKRUHSmOoR0BPDaLjOdNzF5HlCQZ4CZzYB3y9ND5rd
|
|
25
|
+
tIuwbCCInB7/frAzbGjpWp8shtAvmGtw0wvISGf0OYCzfG25xcrwmnnhC1DEiQ+C
|
|
26
|
+
9i3n0tNaQy3fugDYdCdSeJtv0rg8mrUVhc1ij7kCKMVHaJbYMF3vXBw=
|
|
27
27
|
-----END RSA PRIVATE KEY-----
|
data/lib/saml_camel.rb
CHANGED
|
@@ -87,6 +87,12 @@ module SamlCamel
|
|
|
87
87
|
LOGGER.debug('Unknown Error During relay state logging. IP check') if SHOULD_LOG
|
|
88
88
|
end
|
|
89
89
|
|
|
90
|
+
def self.clock_drift(clock_drift)
|
|
91
|
+
LOGGER.debug("Clock drift has not been configured. Must either be false, or an integer. Currently configured as #{clock_drift}(#{clock_drift.class})") if SHOULD_LOG
|
|
92
|
+
rescue StandardError
|
|
93
|
+
LOGGER.debug('Unknown Error During Debug') if SHOULD_LOG
|
|
94
|
+
end
|
|
95
|
+
|
|
90
96
|
def self.debug(message)
|
|
91
97
|
LOGGER.debug(message) if SHOULD_LOG
|
|
92
98
|
rescue StandardError
|
|
@@ -108,6 +114,7 @@ module SamlCamel
|
|
|
108
114
|
end
|
|
109
115
|
end
|
|
110
116
|
|
|
117
|
+
#no occurances of this being used, may be able to remove? 10/17/2018
|
|
111
118
|
def self.saml_state(data)
|
|
112
119
|
if SHOULD_LOG
|
|
113
120
|
LOGGER.info("Stored Relay: #{data[:stored_relay]} |
|
data/lib/saml_camel/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml_camel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 'Danai Adkisson '
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-09-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -139,8 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
139
139
|
- !ruby/object:Gem::Version
|
|
140
140
|
version: '0'
|
|
141
141
|
requirements: []
|
|
142
|
-
|
|
143
|
-
rubygems_version: 2.6.11
|
|
142
|
+
rubygems_version: 3.1.2
|
|
144
143
|
signing_key:
|
|
145
144
|
specification_version: 4
|
|
146
145
|
summary: SAML tool wrapping onelogin/rubysaml
|