saml_idp 0.9.0 → 0.14.0

data/spec/lib/saml_idp/response_builder_spec.rb

@@ -6,12 +6,14 @@ module SamlIdp
     let(:saml_acs_url) { "http://sportngin.com" }
     let(:saml_request_id) { "134" }
     let(:assertion_and_signature) { "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2013-07-31T05:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><signature>stuff</signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">jon.phenow@sportngin.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2013-07-31T05:03:00Z\" Recipient=\"http://saml.acs.url\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2013-07-31T04:59:55Z\" NotOnOrAfter=\"2013-07-31T06:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>jon.phenow@sportngin.com</AttributeValue></Attribute></AttributeStatement><AuthnStatment AuthnInstant=\"2013-07-31T05:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatment></Assertion>" }
+    let(:algorithm) { :sha256 }
     subject { described_class.new(
       response_id,
       issuer_uri,
       saml_acs_url,
       saml_request_id,
-      assertion_and_signature
+      assertion_and_signature,
+      algorithm
     ) }
 
     before do

data/spec/lib/saml_idp/saml_response_spec.rb

@@ -24,6 +24,8 @@ module SamlIdp
         key_transport: 'rsa-oaep-mgf1p',
       }
     end
+    let(:signed_response_opts) { true }
+    let(:unsigned_response_opts) { false }
     let(:subject_encrypted) { described_class.new(reference_id,
                                   response_id,
                                   issuer_uri,
@@ -35,7 +37,8 @@ module SamlIdp
                                   authn_context_classref,
                                   expiry,
                                   encryption_opts,
-                                  session_expiry
+                                  session_expiry,
+                                  unsigned_response_opts
                                  )
     }
 
@@ -50,7 +53,8 @@ module SamlIdp
                                   authn_context_classref,
                                   expiry,
                                   nil,
-                                  session_expiry
+                                  session_expiry,
+                                  signed_response_opts
                                  )
     }
 
@@ -77,6 +81,25 @@ module SamlIdp
       expect(saml_resp.is_valid?).to eq(true)
     end
 
+    it "will build signed valid response" do
+      expect { subject.build }.not_to raise_error
+      signed_encoded_xml = subject.build
+      resp_settings = saml_settings(saml_acs_url)
+      resp_settings.private_key = Default::SECRET_KEY
+      resp_settings.issuer = audience_uri
+      saml_resp = OneLogin::RubySaml::Response.new(signed_encoded_xml, settings: resp_settings)
+      expect(
+        Nokogiri::XML(saml_resp.response).at_xpath(
+        "//p:Response//ds:Signature",
+        {
+          "p" => "urn:oasis:names:tc:SAML:2.0:protocol",
+          "ds" => "http://www.w3.org/2000/09/xmldsig#"
+        }
+      )).to be_present
+      expect(saml_resp.send(:validate_signature)).to eq(true)
+      expect(saml_resp.is_valid?).to eq(true)
+    end
+
     it "sets session expiration" do
       saml_resp = OneLogin::RubySaml::Response.new(subject.build)
       expect(saml_resp.session_expires_at).to eq Time.local(1990, "jan", 2).iso8601

data/spec/rails_app/app/controllers/saml_controller.rb

@@ -2,11 +2,7 @@ class SamlController < ApplicationController
 
   def consume
     response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
-    if Gem::Requirement.new('< 4.1') =~ Gem::Version.new(Rails.version)
-      render :text => response.name_id
-    else
-      render :plain => response.name_id
-    end
+    render :plain => response.name_id
   end
 
 end

data/spec/rails_app/app/controllers/saml_idp_controller.rb

@@ -1,9 +1,48 @@
-class SamlIdpController < SamlIdp::IdpController
-  def idp_authenticate(email, password)
-    { :email => email }
-  end
-
-  def idp_make_saml_response(user)
-    encode_response(user[:email])
-  end
+class SamlIdpController < ApplicationController
+    include SamlIdp::Controller
+
+    before_action :validate_saml_request, only: [:new, :create, :logout]
+
+    def new
+      render template: "saml_idp/idp/new"
+    end
+
+    def show
+      render xml: SamlIdp.metadata.signed
+    end
+
+    def create
+      unless params[:email].blank? && params[:password].blank?
+        person = idp_authenticate(params[:email], params[:password])
+        if person.nil?
+          @saml_idp_fail_msg = "Incorrect email or password."
+        else
+          @saml_response = idp_make_saml_response(person)
+          render :template => "saml_idp/idp/saml_post", :layout => false
+          return
+        end
+      end
+      render :template => "saml_idp/idp/new"
+    end
+
+    def logout
+      idp_logout
+      @saml_response = idp_make_saml_response(nil)
+      render :template => "saml_idp/idp/saml_post", :layout => false
+    end
+
+    def idp_logout
+      raise NotImplementedError
+    end
+    private :idp_logout
+
+    def idp_authenticate(email, password)
+      { :email => email }
+    end
+    protected :idp_authenticate
+
+    def idp_make_saml_response(person)
+      encode_response(person[:email])
+    end
+    protected :idp_make_saml_response
 end

data/{app → spec/rails_app/app}/views/saml_idp/idp/new.html.erb

@@ -1,22 +1,18 @@
 <% if @saml_idp_fail_msg %>
   <div id="saml_idp_fail_msg" class="flash error"><%= @saml_idp_fail_msg %></div>
 <% end %>
-
 <%= form_tag do %>
   <%= hidden_field_tag("SAMLRequest", params[:SAMLRequest]) %>
   <%= hidden_field_tag("RelayState", params[:RelayState]) %>
-
   <p>
     <%= label_tag :email %>
     <%= email_field_tag :email, params[:email], :autocapitalize => "off", :autocorrect => "off", :autofocus => "autofocus", :spellcheck => "false", :size => 30, :class => "email_pwd txt" %>
   </p>
-
   <p>
     <%= label_tag :password %>
     <%= password_field_tag :password, params[:password], :autocapitalize => "off", :autocorrect => "off", :spellcheck => "false", :size => 30, :class => "email_pwd txt" %>
   </p>
-
   <p>
     <%= submit_tag "Sign in", :class => "button big blueish" %>
   </p>
-<% end %>
+<% end %>

data/{app → spec/rails_app/app}/views/saml_idp/idp/saml_post.html.erb

@@ -11,4 +11,4 @@
       <%= submit_tag "Submit" %>
     <% end %>
   </body>
-</html>
+</html>

data/spec/rails_app/config/environments/development.rb

@@ -29,4 +29,6 @@ RailsApp::Application.configure do
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
   #config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  config.hosts << "foo.example.com" if config.respond_to?(:hosts)
 end

data/spec/spec_helper.rb

@@ -43,9 +43,28 @@ RSpec.configure do |config|
       }
     end
   end
+
+  # To reset to default config
+  config.after do
+    SamlIdp.instance_variable_set(:@config, nil)
+    SamlIdp.configure do |c|
+      c.attributes = {
+        emailAddress: {
+          name: "email-address",
+          getter: ->(p) { "foo@example.com" }
+        }
+      }
+
+      c.name_id.formats = {
+        "1.1" => {
+          email_address: ->(p) { "foo@example.com" }
+        }
+      }
+    end
+  end
 end
 
 SamlIdp::Default::SERVICE_PROVIDER[:metadata_url] = 'https://example.com/meta'
 SamlIdp::Default::SERVICE_PROVIDER[:response_hosts] = ['foo.example.com']
 SamlIdp::Default::SERVICE_PROVIDER[:assertion_consumer_logout_service_url] = 'https://foo.example.com/saml/logout'
-Capybara.default_host = "https://app.example.com"
+Capybara.default_host = "https://foo.example.com"

data/spec/support/certificates/sp_cert_req.csr

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIByTCCATICAQAwgYgxCzAJBgNVBAYTAmpwMQ4wDAYDVQQIDAVUb2t5bzELMAkG
+A1UECgwCR1MxIDAeBgNVBAMMF2h0dHBzOi8vZm9vLmV4YW1wbGUuY29tMQwwCgYD
+VQQHDANGb28xDDAKBgNVBAsMA0JvbzEeMBwGCSqGSIb3DQEJARYPZm9vQGV4YW1w
+bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8DVj2mVLQV7AjT+cn
+Lv3kDnQFvAo3RdUeGGhplsYFacYByzNRD/jeguu1ahrvznDyZN8p3yB7OPbmt0r0
+aGr+yYzPh6brgkf5u6FMtWTj94vLQuT/uyQGuzdBkiLb5mAWRMtm43oHXDK0v25J
+tsG1PJnntkXfBDpFP1eWLO+jZwIDAQABoAAwDQYJKoZIhvcNAQENBQADgYEAd/J6
+5zjrMhgjxuaMuWCiNN7IS4F9SKy+gEmhkpNVCpChbpggruaEIoERjDP/TkZn2dgL
+VUeHTZB92t+wWfQbHNvEfbzqlV3XkuHkxewCwofnIV/k+8zG1Al5ELSKHehItxig
+rnTuBrFYsd2j4HEVqLzm4NyCfL+xzn/D4U2ec50=
+-----END CERTIFICATE REQUEST-----

data/spec/support/certificates/sp_private_key.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALwNWPaZUtBXsCNP
+5ycu/eQOdAW8CjdF1R4YaGmWxgVpxgHLM1EP+N6C67VqGu/OcPJk3ynfIHs49ua3
+SvRoav7JjM+HpuuCR/m7oUy1ZOP3i8tC5P+7JAa7N0GSItvmYBZEy2bjegdcMrS/
+bkm2wbU8mee2Rd8EOkU/V5Ys76NnAgMBAAECgYEArwclVHCkebIECPnnxbqhKNCj
+AGtifsuKbrZ9CDoDGSq31xeQLdTV6BSm2nVlmOnmilWEuG4qx0Xf2CGlrBI78kmv
+vHCfFdaGnTxbmYnD0HN0u4RK2trsxWO+rEkJk14JE2eVD6ZRPrq1UOSMgGPrQSMb
+SuwAHUu/j94eL8BXuhECQQD3jTlo3Y4VPWttP6XPNqKDP+jRYJs5G0Bch//S9Qy7
+QzmU9/yAUk0BEOyqYcLxinjJhoq6bR2fiIibn+77z3jtAkEAwnhLwkGYOb7Nt3V6
+dQLKx1BP9dnYH7qG/sCmAs7GHPv4LGluaz4zsh2pdEDF/Xar4gwTzUpxYo8FpkCH
+rf4nIwJAVfWnGr/cR4nVVNFGHUcGdXbqvFHEdLb+yWK8NZ+79Qap5w2Zk2GAtb8P
+vzZFQCRqPuhGIegj4jLB5PBLRwtLHQJBAJiWyWL4ExikRUhBTr/HXBL+Sm9u6i0j
+L89unBQx6LNPZhB6/Z/6Y5fLvG2ycWgLGJ06usLnOYaLEHS9x3hXpp8CQQCdtQHw
+xeLBPhRDpfWWbSmFr+bFxyD/4iQHTHToIs3kaecn6OJ4rczIFpGm2Bm7f4X7F3H3
+DDy4jZ0R6iDqCcQD
+-----END PRIVATE KEY-----

data/spec/support/certificates/sp_x509_cert.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAkGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBiDELMAkGA1UEBhMCanAx
+DjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJHUzEgMB4GA1UEAwwXaHR0cHM6Ly9m
+b28uZXhhbXBsZS5jb20xDDAKBgNVBAcMA0ZvbzEMMAoGA1UECwwDQm9vMR4wHAYJ
+KoZIhvcNAQkBFg9mb29AZXhhbXBsZS5jb20wHhcNMjAwMTIzMDYyMzI5WhcNNDcw
+NjA5MDYyMzI5WjCBiDELMAkGA1UEBhMCanAxDjAMBgNVBAgMBVRva3lvMQswCQYD
+VQQKDAJHUzEgMB4GA1UEAwwXaHR0cHM6Ly9mb28uZXhhbXBsZS5jb20xDDAKBgNV
+BAcMA0ZvbzEMMAoGA1UECwwDQm9vMR4wHAYJKoZIhvcNAQkBFg9mb29AZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwNWPaZUtBXsCNP5ycu
+/eQOdAW8CjdF1R4YaGmWxgVpxgHLM1EP+N6C67VqGu/OcPJk3ynfIHs49ua3SvRo
+av7JjM+HpuuCR/m7oUy1ZOP3i8tC5P+7JAa7N0GSItvmYBZEy2bjegdcMrS/bkm2
+wbU8mee2Rd8EOkU/V5Ys76NnAgMBAAGjUDBOMB0GA1UdDgQWBBQMtOtrh2VS/mh4
+awGbKA37vVnw+zAfBgNVHSMEGDAWgBQMtOtrh2VS/mh4awGbKA37vVnw+zAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAHjTTm4Hyx1rfzygknc6q1dYwpEv
+/3AsPiTnF4AfH/5kGIIXNzwg0ADsziFMJYRRR9eMu97CHQbr8gHt99P8uaen6cmJ
+4VCwJLP2N8gZrycssimA3M83DWRRVZbxZhpuUWNajtYIxwyUbB7eRSJgz3Tc0opF
+933YwucWuFzKSqn3
+-----END CERTIFICATE-----

data/spec/support/saml_request_macros.rb

@@ -1,9 +1,9 @@
 require 'saml_idp/logout_request_builder'
 
 module SamlRequestMacros
-  def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume")
+  def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
     auth_request = OneLogin::RubySaml::Authrequest.new
-    auth_url = auth_request.create(saml_settings(requested_saml_acs_url))
+    auth_url = auth_request.create(saml_settings(requested_saml_acs_url, enable_secure_options))
     CGI.unescape(auth_url.split("=").last)
   end
 
@@ -18,7 +18,12 @@ module SamlRequestMacros
     Base64.strict_encode64(request_builder.signed)
   end
 
-  def saml_settings(saml_acs_url = "https://foo.example.com/saml/consume")
+  def generate_sp_metadata(saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
+    sp_metadata = OneLogin::RubySaml::Metadata.new
+    sp_metadata.generate(saml_settings(saml_acs_url, enable_secure_options), true)
+  end
+
+  def saml_settings(saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
     settings = OneLogin::RubySaml::Settings.new
     settings.assertion_consumer_service_url = saml_acs_url
     settings.issuer = "http://example.com/issuer"
@@ -26,9 +31,63 @@ module SamlRequestMacros
     settings.assertion_consumer_logout_service_url = 'https://foo.example.com/saml/logout'
     settings.idp_cert_fingerprint = SamlIdp::Default::FINGERPRINT
     settings.name_identifier_format = SamlIdp::Default::NAME_ID_FORMAT
+    add_securty_options(settings) if enable_secure_options
     settings
   end
 
+  def add_securty_options(settings, authn_requests_signed: true, 
+                                    embed_sign: true, 
+                                    logout_requests_signed: true, 
+                                    logout_responses_signed: true,
+                                    digest_method: XMLSecurity::Document::SHA256,
+                                    signature_method: XMLSecurity::Document::RSA_SHA256)
+    # Security section
+    settings.idp_cert = SamlIdp::Default::X509_CERTIFICATE
+    # Signed embedded singature
+    settings.security[:authn_requests_signed] = authn_requests_signed
+    settings.security[:embed_sign] = embed_sign
+    settings.security[:logout_requests_signed] = logout_requests_signed
+    settings.security[:logout_responses_signed] = logout_responses_signed
+    settings.security[:metadata_signed] = digest_method
+    settings.security[:digest_method] = digest_method
+    settings.security[:signature_method] = signature_method
+    settings.private_key = sp_pv_key
+    settings.certificate = sp_x509_cert
+  end
+
+  def idp_configure(saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
+    SamlIdp.configure do |config|
+      config.x509_certificate = SamlIdp::Default::X509_CERTIFICATE
+      config.secret_key = SamlIdp::Default::SECRET_KEY
+      config.password = nil
+      config.algorithm = :sha256
+      config.organization_name = 'idp.com'
+      config.organization_url = 'http://idp.com'
+      config.base_saml_location = 'http://idp.com/saml/idp'
+      config.single_logout_service_post_location = 'http://idp.com/saml/idp/logout'
+      config.single_logout_service_redirect_location = 'http://idp.com/saml/idp/logout'
+      config.attribute_service_location = 'http://idp.com/saml/idp/attribute'
+      config.single_service_post_location = 'http://idp.com/saml/idp/sso'
+      config.name_id.formats = SamlIdp::Default::NAME_ID_FORMAT
+      config.service_provider.metadata_persister = lambda { |_identifier, _service_provider|
+        raw_metadata = generate_sp_metadata(saml_acs_url, enable_secure_options)
+        SamlIdp::IncomingMetadata.new(raw_metadata).to_h
+      }
+      config.service_provider.persisted_metadata_getter = lambda { |_identifier, _settings|
+        raw_metadata = generate_sp_metadata(saml_acs_url, enable_secure_options)
+        SamlIdp::IncomingMetadata.new(raw_metadata).to_h
+      }
+      config.service_provider.finder = lambda { |_issuer_or_entity_id|
+        {
+          response_hosts: [URI(saml_acs_url).host],
+          acs_url: saml_acs_url,
+          cert: sp_x509_cert,
+          fingerprint: SamlIdp::Fingerprint.certificate_digest(sp_x509_cert)
+        }
+      }
+    end
+  end
+
   def print_pretty_xml(xml_string)
     doc = REXML::Document.new xml_string
     outbuf = ""

data/spec/support/security_helpers.rb

@@ -58,4 +58,14 @@ module SecurityHelpers
   def r1_signature_2
     @signature2 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'r1_certificate2_base64'))
   end
+
+  # Generated by SAML tool https://www.samltool.com/self_signed_certs.php
+  def sp_pv_key
+    @sp_pv_key ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'sp_private_key.pem'))
+  end
+
+  # Generated by SAML tool https://www.samltool.com/self_signed_certs.php, expired date is 9999
+  def sp_x509_cert
+    @sp_x509_cert ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'sp_x509_cert.crt'))
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.14.0
 platform: ruby
 authors:
 - Jon Phenow
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-21 00:00:00.000000000 Z
+date: 2021-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,56 +16,70 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
-  name: uuid
+  name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: builder
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 1.6.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 1.6.2
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: xmlenc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 0.7.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 0.7.1
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -128,28 +142,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: activeresource
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.1'
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -179,21 +193,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.8'
 - !ruby/object:Gem::Dependency
-  name: xmlenc
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.6.4
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.6.4
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -215,9 +229,6 @@ files:
 - Gemfile
 - LICENSE
 - README.md
-- app/controllers/saml_idp/idp_controller.rb
-- app/views/saml_idp/idp/new.html.erb
-- app/views/saml_idp/idp/saml_post.html.erb
 - lib/saml_idp.rb
 - lib/saml_idp/algorithmable.rb
 - lib/saml_idp/assertion_builder.rb
@@ -228,6 +239,7 @@ files:
 - lib/saml_idp/default.rb
 - lib/saml_idp/encryptor.rb
 - lib/saml_idp/engine.rb
+- lib/saml_idp/fingerprint.rb
 - lib/saml_idp/hashable.rb
 - lib/saml_idp/incoming_metadata.rb
 - lib/saml_idp/logout_builder.rb
@@ -254,6 +266,7 @@ files:
 - spec/lib/saml_idp/configurator_spec.rb
 - spec/lib/saml_idp/controller_spec.rb
 - spec/lib/saml_idp/encryptor_spec.rb
+- spec/lib/saml_idp/fingerprint_spec.rb
 - spec/lib/saml_idp/incoming_metadata_spec.rb
 - spec/lib/saml_idp/logout_request_builder_spec.rb
 - spec/lib/saml_idp/logout_response_builder_spec.rb
@@ -279,6 +292,8 @@ files:
 - spec/rails_app/app/mailers/.gitkeep
 - spec/rails_app/app/models/.gitkeep
 - spec/rails_app/app/views/layouts/application.html.erb
+- spec/rails_app/app/views/saml_idp/idp/new.html.erb
+- spec/rails_app/app/views/saml_idp/idp/saml_post.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -319,6 +334,9 @@ files:
 - spec/spec_helper.rb
 - spec/support/certificates/certificate1
 - spec/support/certificates/r1_certificate2_base64
+- spec/support/certificates/sp_cert_req.csr
+- spec/support/certificates/sp_private_key.pem
+- spec/support/certificates/sp_x509_cert.crt
 - spec/support/responses/adfs_response_sha1.xml
 - spec/support/responses/adfs_response_sha256.xml
 - spec/support/responses/adfs_response_sha384.xml
@@ -347,7 +365,7 @@ metadata:
   homepage_uri: https://github.com/saml-idp/saml_idp
   source_code_uri: https://github.com/saml-idp/saml_idp
   bug_tracker_uri: https://github.com/saml-idp/saml_idp/issues
-  documentation_uri: http://rdoc.info/gems/saml_idp/0.9.0
+  documentation_uri: http://rdoc.info/gems/saml_idp/0.14.0
 post_install_message: |
   If you're just recently updating saml_idp - please be aware we've changed the default
   certificate. See the PR and a description of why we've done this here:
@@ -371,15 +389,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: SAML Indentity Provider for Ruby
@@ -392,6 +409,7 @@ test_files:
 - spec/lib/saml_idp/configurator_spec.rb
 - spec/lib/saml_idp/controller_spec.rb
 - spec/lib/saml_idp/encryptor_spec.rb
+- spec/lib/saml_idp/fingerprint_spec.rb
 - spec/lib/saml_idp/incoming_metadata_spec.rb
 - spec/lib/saml_idp/logout_request_builder_spec.rb
 - spec/lib/saml_idp/logout_response_builder_spec.rb
@@ -417,6 +435,8 @@ test_files:
 - spec/rails_app/app/mailers/.gitkeep
 - spec/rails_app/app/models/.gitkeep
 - spec/rails_app/app/views/layouts/application.html.erb
+- spec/rails_app/app/views/saml_idp/idp/new.html.erb
+- spec/rails_app/app/views/saml_idp/idp/saml_post.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -457,6 +477,9 @@ test_files:
 - spec/spec_helper.rb
 - spec/support/certificates/certificate1
 - spec/support/certificates/r1_certificate2_base64
+- spec/support/certificates/sp_cert_req.csr
+- spec/support/certificates/sp_private_key.pem
+- spec/support/certificates/sp_x509_cert.crt
 - spec/support/responses/adfs_response_sha1.xml
 - spec/support/responses/adfs_response_sha256.xml
 - spec/support/responses/adfs_response_sha384.xml