saml_idp 0.9.0 → 1.0.0

data/spec/support/certificates/sp_x509_cert.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAkGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBiDELMAkGA1UEBhMCanAx
+DjAMBgNVBAgMBVRva3lvMQswCQYDVQQKDAJHUzEgMB4GA1UEAwwXaHR0cHM6Ly9m
+b28uZXhhbXBsZS5jb20xDDAKBgNVBAcMA0ZvbzEMMAoGA1UECwwDQm9vMR4wHAYJ
+KoZIhvcNAQkBFg9mb29AZXhhbXBsZS5jb20wHhcNMjAwMTIzMDYyMzI5WhcNNDcw
+NjA5MDYyMzI5WjCBiDELMAkGA1UEBhMCanAxDjAMBgNVBAgMBVRva3lvMQswCQYD
+VQQKDAJHUzEgMB4GA1UEAwwXaHR0cHM6Ly9mb28uZXhhbXBsZS5jb20xDDAKBgNV
+BAcMA0ZvbzEMMAoGA1UECwwDQm9vMR4wHAYJKoZIhvcNAQkBFg9mb29AZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwNWPaZUtBXsCNP5ycu
+/eQOdAW8CjdF1R4YaGmWxgVpxgHLM1EP+N6C67VqGu/OcPJk3ynfIHs49ua3SvRo
+av7JjM+HpuuCR/m7oUy1ZOP3i8tC5P+7JAa7N0GSItvmYBZEy2bjegdcMrS/bkm2
+wbU8mee2Rd8EOkU/V5Ys76NnAgMBAAGjUDBOMB0GA1UdDgQWBBQMtOtrh2VS/mh4
+awGbKA37vVnw+zAfBgNVHSMEGDAWgBQMtOtrh2VS/mh4awGbKA37vVnw+zAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAHjTTm4Hyx1rfzygknc6q1dYwpEv
+/3AsPiTnF4AfH/5kGIIXNzwg0ADsziFMJYRRR9eMu97CHQbr8gHt99P8uaen6cmJ
+4VCwJLP2N8gZrycssimA3M83DWRRVZbxZhpuUWNajtYIxwyUbB7eRSJgz3Tc0opF
+933YwucWuFzKSqn3
+-----END CERTIFICATE-----

data/spec/support/saml_request_macros.rb

@@ -1,10 +1,10 @@
 require 'saml_idp/logout_request_builder'
 
 module SamlRequestMacros
-  def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume")
+  def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
     auth_request = OneLogin::RubySaml::Authrequest.new
-    auth_url = auth_request.create(saml_settings(requested_saml_acs_url))
-    CGI.unescape(auth_url.split("=").last)
+    auth_url = auth_request.create_params(saml_settings(requested_saml_acs_url, enable_secure_options))
+    auth_url['SAMLRequest']
   end
 
   def make_saml_logout_request(requested_saml_logout_url = 'https://foo.example.com/saml/logout')
@@ -18,21 +18,122 @@ module SamlRequestMacros
     Base64.strict_encode64(request_builder.signed)
   end
 
-  def saml_settings(saml_acs_url = "https://foo.example.com/saml/consume")
+  def make_saml_sp_slo_request(param_type: true, security_options: {})
+    logout_request = OneLogin::RubySaml::Logoutrequest.new
+    saml_sp_setting = saml_settings("https://foo.example.com/saml/consume", true, security_options: security_options)
+    if param_type
+      logout_request.create_params(saml_sp_setting, 'RelayState' => 'https://foo.example.com/home')
+    else
+      logout_request.create(saml_sp_setting, 'RelayState' => 'https://foo.example.com/home')
+    end
+  end
+
+  def generate_sp_metadata(saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
+    sp_metadata = OneLogin::RubySaml::Metadata.new
+    sp_metadata.generate(saml_settings(saml_acs_url, enable_secure_options), true)
+  end
+
+  def saml_settings(saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false, security_options: {})
     settings = OneLogin::RubySaml::Settings.new
     settings.assertion_consumer_service_url = saml_acs_url
     settings.issuer = "http://example.com/issuer"
     settings.idp_sso_target_url = "http://idp.com/saml/idp"
+    settings.idp_slo_target_url = "http://idp.com/saml/slo"
     settings.assertion_consumer_logout_service_url = 'https://foo.example.com/saml/logout'
     settings.idp_cert_fingerprint = SamlIdp::Default::FINGERPRINT
     settings.name_identifier_format = SamlIdp::Default::NAME_ID_FORMAT
+    add_securty_options(settings, default_sp_security_options.merge!(security_options)) if enable_secure_options
     settings
   end
 
+  def add_securty_options(settings, options = default_sp_security_options)
+    # Security section
+    settings.idp_cert = SamlIdp::Default::X509_CERTIFICATE
+    # Signed embedded singature
+    settings.security[:authn_requests_signed] = options[:authn_requests_signed]
+    settings.security[:embed_sign] = options[:embed_sign]
+    settings.security[:logout_requests_signed] = options[:logout_requests_signed]
+    settings.security[:logout_responses_signed] = options[:logout_responses_signed]
+    settings.security[:metadata_signed] = options[:digest_method]
+    settings.security[:digest_method] = options[:digest_method]
+    settings.security[:signature_method] = options[:signature_method]
+    settings.security[:want_assertions_signed] = options[:assertions_signed]
+    settings.private_key = sp_pv_key
+    settings.certificate = sp_x509_cert
+  end
+
+  def idp_configure(saml_acs_url = "https://foo.example.com/saml/consume", enable_secure_options = false)
+    SamlIdp.configure do |config|
+      config.x509_certificate = SamlIdp::Default::X509_CERTIFICATE
+      config.secret_key = SamlIdp::Default::SECRET_KEY
+      config.password = nil
+      config.algorithm = :sha256
+      config.organization_name = 'idp.com'
+      config.organization_url = 'http://idp.com'
+      config.base_saml_location = 'http://idp.com/saml/idp'
+      config.single_logout_service_post_location = 'http://idp.com/saml/idp/logout'
+      config.single_logout_service_redirect_location = 'http://idp.com/saml/idp/logout'
+      config.attribute_service_location = 'http://idp.com/saml/idp/attribute'
+      config.single_service_post_location = 'http://idp.com/saml/idp/sso'
+      config.name_id.formats = SamlIdp::Default::NAME_ID_FORMAT
+      config.service_provider.metadata_persister = lambda { |_identifier, _service_provider|
+        raw_metadata = generate_sp_metadata(saml_acs_url, enable_secure_options)
+        SamlIdp::IncomingMetadata.new(raw_metadata).to_h
+      }
+      config.service_provider.persisted_metadata_getter = lambda { |_identifier, _settings|
+        raw_metadata = generate_sp_metadata(saml_acs_url, enable_secure_options)
+        SamlIdp::IncomingMetadata.new(raw_metadata).to_h
+      }
+      config.service_provider.finder = lambda { |_issuer_or_entity_id|
+        {
+          response_hosts: [URI(saml_acs_url).host],
+          acs_url: saml_acs_url,
+          cert: sp_x509_cert,
+          fingerprint: SamlIdp::Fingerprint.certificate_digest(sp_x509_cert),
+          assertion_consumer_logout_service_url: 'https://foo.example.com/saml/logout'
+        }
+      }
+    end
+  end
+
+  def decode_saml_request(saml_request)
+    decoded_request = Base64.decode64(saml_request)
+    begin
+      # Try to decompress, since SAMLRequest might be compressed
+      Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(decoded_request)
+    rescue Zlib::DataError
+      # If it's not compressed, just return the decoded request
+      decoded_request
+    end
+  end
+
   def print_pretty_xml(xml_string)
     doc = REXML::Document.new xml_string
     outbuf = ""
     doc.write(outbuf, 1)
     puts outbuf
   end
+
+  def decode_saml_request(saml_request)
+    decoded_request = Base64.decode64(saml_request)
+    begin
+      # Try to decompress, since SAMLRequest might be compressed
+      Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(decoded_request)
+    rescue Zlib::DataError
+      # If it's not compressed, just return the decoded request
+      decoded_request
+    end
+  end
+
+  def default_sp_security_options
+    {
+      authn_requests_signed: true, 
+      embed_sign: true, 
+      logout_requests_signed: true, 
+      logout_responses_signed: true,
+      digest_method: XMLSecurity::Document::SHA256,
+      signature_method: XMLSecurity::Document::RSA_SHA256,
+      assertions_signed: true
+    }
+  end
 end

data/spec/support/security_helpers.rb

@@ -51,11 +51,21 @@ module SecurityHelpers
     @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
   end
 
-  def signature_1
-    @signature1 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'certificate1'))
+  def certificate_1
+    @certificate_1 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'certificate1'))
   end
 
   def r1_signature_2
     @signature2 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'r1_certificate2_base64'))
   end
+
+  # Generated by SAML tool https://www.samltool.com/self_signed_certs.php
+  def sp_pv_key
+    @sp_pv_key ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'sp_private_key.pem'))
+  end
+
+  # Generated by SAML tool https://www.samltool.com/self_signed_certs.php, expired date is 9999
+  def sp_x509_cert
+    @sp_x509_cert ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'sp_x509_cert.crt'))
+  end
 end

data/spec/xml_security_spec.rb

@@ -19,7 +19,7 @@ module SamlIdp
     end
 
     it "it raise Fingerprint mismatch" do
-      expect { document.validate("no:fi:ng:er:pr:in:t", false) }.to(
+      expect { document.validate("", "no:fi:ng:er:pr:in:t", false) }.to(
         raise_error(SamlIdp::XMLSecurity::SignedDocument::ValidationError, "Fingerprint mismatch")
       )
     end
@@ -45,10 +45,10 @@ module SamlIdp
       response = Base64.decode64(response_document)
       response.sub!(/<ds:X509Certificate>.*<\/ds:X509Certificate>/, "")
       document = XMLSecurity::SignedDocument.new(response)
-      expect { document.validate("a fingerprint", false) }.to(
+      expect { document.validate("", "a fingerprint", false) }.to(
         raise_error(
           SamlIdp::XMLSecurity::SignedDocument::ValidationError,
-          "Certificate element missing in response (ds:X509Certificate)"
+          "Certificate validation is required, but it doesn't exist."
         )
       )
     end
@@ -57,22 +57,26 @@ module SamlIdp
   describe "Algorithms" do
     it "validate using SHA1" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
-      expect(document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")).to be_truthy
+      base64cert = document.elements["//ds:X509Certificate"].text
+      expect(document.validate(base64cert, "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")).to be_truthy
     end
 
     it "validate using SHA256" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
-      expect(document.validate("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")).to be_truthy
+      base64cert = document.elements["//ds:X509Certificate"].text
+      expect(document.validate(base64cert, "28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")).to be_truthy
     end
 
     it "validate using SHA384" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
-      expect(document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")).to be_truthy
+      base64cert = document.elements["//ds:X509Certificate"].text
+      expect(document.validate(base64cert, "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")).to be_truthy
     end
 
     it "validate using SHA512" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
-      expect(document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")).to be_truthy
+      base64cert = document.elements["//ds:X509Certificate"].text
+      expect(document.validate(base64cert, "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")).to be_truthy
     end
   end
 

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Jon Phenow
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-21 00:00:00.000000000 Z
+date: 2025-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,64 +15,64 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
-  name: uuid
+  name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: builder
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 1.6.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 1.6.2
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: ostruct
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -81,119 +80,133 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: xmlenc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: 0.7.1
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.7.1
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: activeresource
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: ruby-saml
+  name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.7.2
+        version: '2.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.7.2
+        version: '2.16'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
-  name: activeresource
+  name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: capybara
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.16'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2.16'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: 3.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: 3.7.0
 - !ruby/object:Gem::Dependency
-  name: xmlenc
+  name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.6.4
+        version: 1.7.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.6.4
+        version: 1.7.2
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -206,6 +219,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.8'
 description: SAML IdP (Identity Provider) Library for Ruby
 email: jon.phenow@sportngin.com
 executables: []
@@ -215,9 +242,6 @@ files:
 - Gemfile
 - LICENSE
 - README.md
-- app/controllers/saml_idp/idp_controller.rb
-- app/views/saml_idp/idp/new.html.erb
-- app/views/saml_idp/idp/saml_post.html.erb
 - lib/saml_idp.rb
 - lib/saml_idp/algorithmable.rb
 - lib/saml_idp/assertion_builder.rb
@@ -228,6 +252,7 @@ files:
 - lib/saml_idp/default.rb
 - lib/saml_idp/encryptor.rb
 - lib/saml_idp/engine.rb
+- lib/saml_idp/fingerprint.rb
 - lib/saml_idp/hashable.rb
 - lib/saml_idp/incoming_metadata.rb
 - lib/saml_idp/logout_builder.rb
@@ -254,6 +279,7 @@ files:
 - spec/lib/saml_idp/configurator_spec.rb
 - spec/lib/saml_idp/controller_spec.rb
 - spec/lib/saml_idp/encryptor_spec.rb
+- spec/lib/saml_idp/fingerprint_spec.rb
 - spec/lib/saml_idp/incoming_metadata_spec.rb
 - spec/lib/saml_idp/logout_request_builder_spec.rb
 - spec/lib/saml_idp/logout_response_builder_spec.rb
@@ -279,6 +305,8 @@ files:
 - spec/rails_app/app/mailers/.gitkeep
 - spec/rails_app/app/models/.gitkeep
 - spec/rails_app/app/views/layouts/application.html.erb
+- spec/rails_app/app/views/saml_idp/idp/new.html.erb
+- spec/rails_app/app/views/saml_idp/idp/saml_post.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -319,6 +347,9 @@ files:
 - spec/spec_helper.rb
 - spec/support/certificates/certificate1
 - spec/support/certificates/r1_certificate2_base64
+- spec/support/certificates/sp_cert_req.csr
+- spec/support/certificates/sp_private_key.pem
+- spec/support/certificates/sp_x509_cert.crt
 - spec/support/responses/adfs_response_sha1.xml
 - spec/support/responses/adfs_response_sha256.xml
 - spec/support/responses/adfs_response_sha384.xml
@@ -347,22 +378,21 @@ metadata:
   homepage_uri: https://github.com/saml-idp/saml_idp
   source_code_uri: https://github.com/saml-idp/saml_idp
   bug_tracker_uri: https://github.com/saml-idp/saml_idp/issues
-  documentation_uri: http://rdoc.info/gems/saml_idp/0.9.0
-post_install_message: |
-  If you're just recently updating saml_idp - please be aware we've changed the default
-  certificate. See the PR and a description of why we've done this here:
-  https://github.com/saml-idp/saml_idp/pull/29
-
-  If you just need to see the certificate `bundle open saml_idp` and go to
-  `lib/saml_idp/default.rb`
+  documentation_uri: http://rdoc.info/gems/saml_idp/1.0.0
+post_install_message: |2
+      If you're just recently updating saml_idp - please be aware we've changed the default
+      certificate. See the PR and a description of why we've done this here:
+      https://github.com/saml-idp/saml_idp/pull/29
 
-  Similarly, please see the README about certificates - you should avoid using the
-  defaults in a Production environment. Post any issues you to github.
+      If you just need to see the certificate `bundle open saml_idp` and go to
+      `lib/saml_idp/default.rb`
 
-  ** New in Version 0.3.0 **
+      Similarly, please see the README about certificates - you should avoid using the
+      defaults in a Production environment. Post any issues you to github.
 
-  Encrypted Assertions require the xmlenc gem. See the example in the Controller
-  section of the README.
+      ** New in Version 0.3.0 **
+      Encrypted Assertions require the xmlenc gem. See the example in the Controller
+      section of the README.
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -371,18 +401,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.6.3
 specification_version: 4
-summary: SAML Indentity Provider for Ruby
+summary: SAML Identity Provider for Ruby
 test_files:
 - spec/acceptance/acceptance_helper.rb
 - spec/acceptance/idp_controller_spec.rb
@@ -392,6 +420,7 @@ test_files:
 - spec/lib/saml_idp/configurator_spec.rb
 - spec/lib/saml_idp/controller_spec.rb
 - spec/lib/saml_idp/encryptor_spec.rb
+- spec/lib/saml_idp/fingerprint_spec.rb
 - spec/lib/saml_idp/incoming_metadata_spec.rb
 - spec/lib/saml_idp/logout_request_builder_spec.rb
 - spec/lib/saml_idp/logout_response_builder_spec.rb
@@ -417,6 +446,8 @@ test_files:
 - spec/rails_app/app/mailers/.gitkeep
 - spec/rails_app/app/models/.gitkeep
 - spec/rails_app/app/views/layouts/application.html.erb
+- spec/rails_app/app/views/saml_idp/idp/new.html.erb
+- spec/rails_app/app/views/saml_idp/idp/saml_post.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -457,6 +488,9 @@ test_files:
 - spec/spec_helper.rb
 - spec/support/certificates/certificate1
 - spec/support/certificates/r1_certificate2_base64
+- spec/support/certificates/sp_cert_req.csr
+- spec/support/certificates/sp_private_key.pem
+- spec/support/certificates/sp_x509_cert.crt
 - spec/support/responses/adfs_response_sha1.xml
 - spec/support/responses/adfs_response_sha256.xml
 - spec/support/responses/adfs_response_sha384.xml