saml_idp 0.2.0.pre → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/lib/saml_idp/assertion_builder.rb +8 -4
  2. data/lib/saml_idp/controller.rb +6 -1
  3. data/lib/saml_idp/saml_response.rb +10 -2
  4. data/lib/saml_idp/version.rb +1 -1
  5. data/spec/lib/saml_idp/assertion_builder_spec.rb +8 -2
  6. data/spec/lib/saml_idp/saml_response_spec.rb +8 -1
  7. metadata +9 -6
data/lib/saml_idp/assertion_builder.rb CHANGED
@@ -12,10 +12,12 @@ module SamlIdp
12
12
  attr_accessor :saml_request_id
13
13
  attr_accessor :saml_acs_url
14
14
  attr_accessor :raw_algorithm
15
+ attr_accessor :authn_context_classref
16
+ attr_accessor :expiry
15
17
 
16
18
  delegate :config, to: :SamlIdp
17
19
 
18
- def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm)
20
+ def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60)
19
21
  self.reference_id = reference_id
20
22
  self.issuer_uri = issuer_uri
21
23
  self.principal = principal
@@ -23,6 +25,8 @@ module SamlIdp
23
25
  self.saml_request_id = saml_request_id
24
26
  self.saml_acs_url = saml_acs_url
25
27
  self.raw_algorithm = raw_algorithm
28
+ self.authn_context_classref = authn_context_classref
29
+ self.expiry = expiry
26
30
  end
27
31
 
28
32
  def fresh
@@ -58,10 +62,10 @@ module SamlIdp
58
62
  end
59
63
  end
60
64
  end
61
- end unless config.attributes.nil? || config.attributes.empty?
65
+ end
62
66
  assertion.AuthnStatement AuthnInstant: now_iso, SessionIndex: reference_string do |statement|
63
67
  statement.AuthnContext do |context|
64
- context.AuthnContextClassRef Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
68
+ context.AuthnContextClassRef authn_context_classref
65
69
  end
66
70
  end
67
71
  end
@@ -127,7 +131,7 @@ module SamlIdp
127
131
  private :not_before
128
132
 
129
133
  def not_on_or_after_condition
130
- iso { now + 60 * 60 }
134
+ iso { now + expiry }
131
135
  end
132
136
  private :not_on_or_after_condition
133
137
 
data/lib/saml_idp/controller.rb CHANGED
@@ -26,6 +26,10 @@ module SamlIdp
26
26
  self.saml_request = Request.from_deflated_request(raw_saml_request)
27
27
  end
28
28
 
29
+ def authn_context_classref
30
+ Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
31
+ end
32
+
29
33
  def encode_response(principal, opts = {})
30
34
  response_id, reference_id = get_saml_response_id, get_saml_reference_id
31
35
  audience_uri = opts[:audience_uri] || saml_request.issuer || saml_acs_url[/^(.*?\/\/.*?\/)/, 1]
@@ -39,7 +43,8 @@ module SamlIdp
39
43
  audience_uri,
40
44
  saml_request_id,
41
45
  saml_acs_url,
42
- algorithm
46
+ algorithm,
47
+ authn_context_classref
43
48
  ).build
44
49
  end
45
50
 
data/lib/saml_idp/saml_response.rb CHANGED
@@ -13,6 +13,8 @@ module SamlIdp
13
13
  attr_accessor :algorithm
14
14
  attr_accessor :secret_key
15
15
  attr_accessor :x509_certificate
16
+ attr_accessor :authn_context_classref
17
+ attr_accessor :expiry
16
18
 
17
19
  def initialize(reference_id,
18
20
  response_id,
@@ -21,7 +23,9 @@ module SamlIdp
21
23
  audience_uri,
22
24
  saml_request_id,
23
25
  saml_acs_url,
24
- algorithm
26
+ algorithm,
27
+ authn_context_classref,
28
+ expiry=60*60
25
29
  )
26
30
  self.reference_id = reference_id
27
31
  self.response_id = response_id
@@ -33,6 +37,8 @@ module SamlIdp
33
37
  self.algorithm = algorithm
34
38
  self.secret_key = secret_key
35
39
  self.x509_certificate = x509_certificate
40
+ self.authn_context_classref = authn_context_classref
41
+ self.expiry = expiry
36
42
  end
37
43
 
38
44
  def build
@@ -56,7 +62,9 @@ module SamlIdp
56
62
  audience_uri,
57
63
  saml_request_id,
58
64
  saml_acs_url,
59
- algorithm
65
+ algorithm,
66
+ authn_context_classref,
67
+ expiry
60
68
  end
61
69
  private :assertion_builder
62
70
  end
data/lib/saml_idp/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # encoding: utf-8
2
2
  module SamlIdp
3
- VERSION = '0.2.0.pre'
3
+ VERSION = '0.2.0'
4
4
  end
data/spec/lib/saml_idp/assertion_builder_spec.rb CHANGED
@@ -8,6 +8,10 @@ module SamlIdp
8
8
  let(:saml_request_id) { "123" }
9
9
  let(:saml_acs_url) { "http://saml.acs.url" }
10
10
  let(:algorithm) { :sha256 }
11
+ let(:authn_context_classref) {
12
+ Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
13
+ }
14
+ let(:expiry) { 3*60*60 }
11
15
  subject { described_class.new(
12
16
  reference_id,
13
17
  issuer_uri,
@@ -15,12 +19,14 @@ module SamlIdp
15
19
  audience_uri,
16
20
  saml_request_id,
17
21
  saml_acs_url,
18
- algorithm
22
+ algorithm,
23
+ authn_context_classref,
24
+ expiry
19
25
  ) }
20
26
 
21
27
  it "builds a legit raw XML file" do
22
28
  Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
23
- subject.raw.should == "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">foo@example.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T14:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"email-address\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"emailAddress\"><AttributeValue>foo@example.com</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>"
29
+ subject.raw.should == "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">foo@example.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T16:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"email-address\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"emailAddress\"><AttributeValue>foo@example.com</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>"
24
30
  end
25
31
  end
26
32
  end
data/spec/lib/saml_idp/saml_response_spec.rb CHANGED
@@ -11,6 +11,11 @@ module SamlIdp
11
11
  let(:algorithm) { :sha1 }
12
12
  let(:secret_key) { Default::SECRET_KEY }
13
13
  let(:x509_certificate) { Default::X509_CERTIFICATE }
14
+ let(:xauthn) { Default::X509_CERTIFICATE }
15
+ let(:authn_context_classref) {
16
+ Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
17
+ }
18
+ let(:expiry) { 3 * 60 * 60 }
14
19
  subject { described_class.new(reference_id,
15
20
  response_id,
16
21
  issuer_uri,
@@ -18,7 +23,9 @@ module SamlIdp
18
23
  audience_uri,
19
24
  saml_request_id,
20
25
  saml_acs_url,
21
- algorithm
26
+ algorithm,
27
+ authn_context_classref,
28
+ expiry
22
29
  )
23
30
  }
24
31
 
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml_idp
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0.pre
5
- prerelease: 6
4
+ version: 0.2.0
5
+ prerelease:
6
6
  platform: ruby
7
7
  authors:
8
8
  - Jon Phenow
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-08-08 00:00:00.000000000 Z
12
+ date: 2015-03-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport
@@ -345,13 +345,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
345
345
  version: '0'
346
346
  segments:
347
347
  - 0
348
- hash: 557942331411013025
348
+ hash: 2099759459074345722
349
349
  required_rubygems_version: !ruby/object:Gem::Requirement
350
350
  none: false
351
351
  requirements:
352
- - - ! '>'
352
+ - - ! '>='
353
353
  - !ruby/object:Gem::Version
354
- version: 1.3.1
354
+ version: '0'
355
+ segments:
356
+ - 0
357
+ hash: 2099759459074345722
355
358
  requirements: []
356
359
  rubyforge_project:
357
360
  rubygems_version: 1.8.23