saml_idp 0.12.0 → 0.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 73712903d3949f895e57a13b138c007e0ae74715d7d546b4415f278829e59054
-  data.tar.gz: fbab7e28d01ea3fc7624e52e20a234f6f997a51643905170e6809cb3f7beeec7
+  metadata.gz: 847e2cafec28e67417685e6ba1173aa88ac489172e0e31fa51f2bbab37ef5d10
+  data.tar.gz: 8d9ace44b46770b3ca7481461bd16fce9dfc0e2b9925a4a2b5460a780cfddce3
 SHA512:
-  metadata.gz: 80a4683963e04b8b7f68051d15b12a5f0a098300cbfba9b72c4ed3940338ab3505c47cda0b091a9a36c1605f4396b5f1732bed7d3356438dd944f83541573a47
-  data.tar.gz: b01be29f645e31f9987afef74bb8b368ccfc86340b67e29524f582fe139e99b56cd827315d5a4e73d34b69e2c3c5b89d881c89f6d29b68c4b3cd2ff5499a39c3
+  metadata.gz: 6aa29d58babddddc81037fe220276241a355d81a15acb3639a9cc6df935f531bf1fe53e3c5599d49640080776c357ebf6348559ac034313ad64f82f80a7824a0
+  data.tar.gz: 9f5b83fd6459476d81c2dc2d3f0e79c401ba01474856f201c5a32615da8e22e4c416d220ef82985205f69f1d87a560a80c3bbae552a39ec4bdb49cc0a1baafa0

data/README.md

@@ -1,6 +1,6 @@
 # Ruby SAML Identity Provider (IdP)
 
-Forked from https://github.com/lawrencepit/ruby-saml-idp
+Forked from <https://github.com/lawrencepit/ruby-saml-idp>
 
 [![Build Status](https://travis-ci.org/saml-idp/saml_idp.svg)](https://travis-ci.org/saml-idp/saml_idp)
 [![Gem Version](https://badge.fury.io/rb/saml_idp.svg)](http://badge.fury.io/rb/saml_idp)
@@ -13,13 +13,15 @@ protocol. It provides a means for managing authentication requests and confirmat
 This was originally setup by @lawrencepit to test SAML Clients. I took it closer to a real
 SAML IDP implementation.
 
-# Installation and Usage
+## Installation and Usage
 
 Add this to your Gemfile:
 
+```ruby
     gem 'saml_idp'
+```
 
-## Not using rails?
+### Not using rails?
 
 Include `SamlIdp::Controller` and see the examples that use rails. It should be straightforward for you.
 
@@ -27,50 +29,16 @@ Basically you call `decode_request(params[:SAMLRequest])` on an incoming request
 `saml_acs_url` to determine the source for which you need to authenticate a user. How you authenticate
 a user is entirely up to you.
 
-Once a user has successfully authenticated on your system send the Service Provider a SAMLReponse by
+Once a user has successfully authenticated on your system send the Service Provider a SAMLResponse by
 posting to `saml_acs_url` the parameter `SAMLResponse` with the return value from a call to
 `encode_response(user_email)`.
 
-## Using rails?
+### Using rails?
 
-Add to your `routes.rb` file, for example:
-
-```ruby
-get '/saml/auth' => 'saml_idp#new'
-get '/saml/metadata' => 'saml_idp#show'
-post '/saml/auth' => 'saml_idp#create'
-match '/saml/logout' => 'saml_idp#logout', via: [:get, :post, :delete]
-```
+Check out our Wiki page for Rails integration
+[Rails Integration guide](https://github.com/saml-idp/saml_idp/wiki/Rails_Integration)
 
-Create a controller that looks like this, customize to your own situation:
-
-```ruby
-class SamlIdpController < SamlIdp::IdpController
-  def idp_authenticate(email, password) # not using params intentionally
-    user = User.by_email(email).first
-    user && user.valid_password?(password) ? user : nil
-  end
-  private :idp_authenticate
-
-  def idp_make_saml_response(found_user) # not using params intentionally
-    # NOTE encryption is optional
-    encode_response found_user, encryption: {
-      cert: saml_request.service_provider.cert,
-      block_encryption: 'aes256-cbc',
-      key_transport: 'rsa-oaep-mgf1p'
-    }
-  end
-  private :idp_make_saml_response
-
-  def idp_logout
-    user = User.by_email(saml_request.name_id)
-    user.logout
-  end
-  private :idp_logout
-end
-```
-
-## Configuration
+### Configuration
 
 #### Signed assertions and Signed Response
 
@@ -230,7 +198,7 @@ CERT
 end
 ```
 
-# Keys and Secrets
+## Keys and Secrets
 
 To generate the SAML Response it uses a default X.509 certificate and secret key... which isn't so secret.
 You can find them in `SamlIdp::Default`. The X.509 certificate is valid until year 2032.
@@ -241,31 +209,31 @@ and `SamlIdp.config.secret_key` properties.
 
 The fingerprint to use, if you use the default X.509 certificate of this gem, is:
 
-```
-9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D
+```bash
+  9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D
 ```
 
-# Fingerprint
+## Fingerprint
 
 The gem provides an helper to generate a fingerprint for a X.509 certificate.
 The second parameter is optional and default to your configuration `SamlIdp.config.algorithm`
 
 ```ruby
-Fingerprint.certificate_digest(x509_cert, :sha512)
+  Fingerprint.certificate_digest(x509_cert, :sha512)
 ```
 
-# Service Providers
+## Service Providers
 
 To act as a Service Provider which generates SAML Requests and can react to SAML Responses use the
 excellent [ruby-saml](https://github.com/onelogin/ruby-saml) gem.
 
-# Author
+## Author
 
 Jon Phenow, jon@jphenow.com, jphenow.com, @jphenow
 
 Lawrence Pit, lawrence.pit@gmail.com, lawrencepit.com, @lawrencepit
 
-# Copyright
+## Copyright
 
 Copyright (c) 2012 Sport Ngin.
 Portions Copyright (c) 2010 OneLogin, LLC

data/lib/saml_idp.rb

@@ -9,7 +9,7 @@ module SamlIdp
   require 'saml_idp/metadata_builder'
   require 'saml_idp/version'
   require 'saml_idp/fingerprint'
-  require 'saml_idp/engine' if defined?(::Rails) && Rails::VERSION::MAJOR > 2
+  require 'saml_idp/engine' if defined?(::Rails)
 
   def self.config
     @config ||= SamlIdp::Configurator.new

data/lib/saml_idp/assertion_builder.rb

@@ -16,10 +16,26 @@ module SamlIdp
     attr_accessor :expiry
     attr_accessor :encryption_opts
     attr_accessor :session_expiry
+    attr_accessor :name_id_formats_opts
+    attr_accessor :asserted_attributes_opts
 
     delegate :config, to: :SamlIdp
 
-    def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60, encryption_opts=nil, session_expiry=nil)
+    def initialize(
+        reference_id,
+        issuer_uri,
+        principal,
+        audience_uri,
+        saml_request_id,
+        saml_acs_url,
+        raw_algorithm,
+        authn_context_classref,
+        expiry=60*60,
+        encryption_opts=nil,
+        session_expiry=nil,
+        name_id_formats_opts = nil,
+        asserted_attributes_opts = nil
+    )
       self.reference_id = reference_id
       self.issuer_uri = issuer_uri
       self.principal = principal
@@ -31,6 +47,8 @@ module SamlIdp
       self.expiry = expiry
       self.encryption_opts = encryption_opts
       self.session_expiry = session_expiry.nil? ? config.session_expiry : session_expiry
+      self.name_id_formats_opts = name_id_formats_opts
+      self.asserted_attributes_opts = asserted_attributes_opts
     end
 
     def fresh
@@ -98,7 +116,9 @@ module SamlIdp
     end
 
     def asserted_attributes
-      if principal.respond_to?(:asserted_attributes)
+      if asserted_attributes_opts.present? && !asserted_attributes_opts.empty?
+        asserted_attributes_opts
+      elsif principal.respond_to?(:asserted_attributes)
         principal.send(:asserted_attributes)
       elsif !config.attributes.nil? && !config.attributes.empty?
         config.attributes
@@ -139,10 +159,15 @@ module SamlIdp
     private :name_id_getter
 
     def name_id_format
-      @name_id_format ||= NameIdFormatter.new(config.name_id.formats).chosen
+      @name_id_format ||= NameIdFormatter.new(name_id_formats).chosen
     end
     private :name_id_format
 
+    def name_id_formats
+      @name_id_formats ||= (name_id_formats_opts || config.name_id.formats)
+    end
+    private :name_id_formats
+
     def reference_string
       "_#{reference_id}"
     end

data/lib/saml_idp/controller.rb

@@ -37,11 +37,7 @@ module SamlIdp
       decode_request(raw_saml_request)
       return true if valid_saml_request?
       if defined?(::Rails)
-        if Rails::VERSION::MAJOR >= 4
-          head :forbidden
-        else
-          render nothing: true, status: :forbidden
-        end
+        head :forbidden
       end
       false
     end
@@ -65,6 +61,8 @@ module SamlIdp
       session_expiry = opts[:session_expiry]
       encryption_opts = opts[:encryption] || nil
       signed_message_opts = opts[:signed_message] || false
+      name_id_formats_opts = opts[:name_id_formats] || nil
+      asserted_attributes_opts = opts[:attributes] || nil
 
       SamlResponse.new(
         reference_id,
@@ -79,7 +77,9 @@ module SamlIdp
         expiry,
         encryption_opts,
         session_expiry,
-        signed_message_opts
+        signed_message_opts,
+        name_id_formats_opts,
+        asserted_attributes_opts
       ).build
     end
 

data/lib/saml_idp/encryptor.rb

@@ -61,7 +61,6 @@ module SamlIdp
           key_info.EncryptedKey Id: 'EK', xmlns: 'http://www.w3.org/2001/04/xmlenc#' do |enc_key|
             enc_key.EncryptionMethod Algorithm: key_transport_ns
             enc_key.tag! 'ds:KeyInfo', 'xmlns:ds' => 'http://www.w3.org/2000/09/xmldsig#' do |key_info2|
-              key_info2.tag! 'ds:KeyName'
               key_info2.tag! 'ds:X509Data' do |x509_data|
                 x509_data.tag! 'ds:X509Certificate' do |x509_cert|
                   x509_cert << cert.to_s.gsub(/-+(BEGIN|END) CERTIFICATE-+/, '') 

data/lib/saml_idp/saml_response.rb

@@ -18,21 +18,26 @@ module SamlIdp
     attr_accessor :encryption_opts
     attr_accessor :session_expiry
     attr_accessor :signed_message_opts
+    attr_accessor :name_id_formats_opts
+    attr_accessor :asserted_attributes_opts
 
-    def initialize(reference_id,
-          response_id,
-          issuer_uri,
-          principal,
-          audience_uri,
-          saml_request_id,
-          saml_acs_url,
-          algorithm,
-          authn_context_classref,
-          expiry=60*60,
-          encryption_opts=nil,
-          session_expiry=0,
-          signed_message_opts
-          )
+    def initialize(
+        reference_id,
+        response_id,
+        issuer_uri,
+        principal,
+        audience_uri,
+        saml_request_id,
+        saml_acs_url,
+        algorithm,
+        authn_context_classref,
+        expiry=60*60,
+        encryption_opts=nil,
+        session_expiry=0,
+        signed_message_opts=false,
+        name_id_formats_opts = nil,
+        asserted_attributes_opts = nil
+    )
       self.reference_id = reference_id
       self.response_id = response_id
       self.issuer_uri = issuer_uri
@@ -48,6 +53,8 @@ module SamlIdp
       self.encryption_opts = encryption_opts
       self.session_expiry = session_expiry
       self.signed_message_opts = signed_message_opts
+      self.name_id_formats_opts = name_id_formats_opts
+      self.asserted_attributes_opts = asserted_attributes_opts
     end
 
     def build
@@ -88,7 +95,9 @@ module SamlIdp
         authn_context_classref,
         expiry,
         encryption_opts,
-        session_expiry
+        session_expiry,
+        name_id_formats_opts,
+        asserted_attributes_opts
     end
     private :assertion_builder
   end

data/lib/saml_idp/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module SamlIdp
-  VERSION = '0.12.0'
+  VERSION = '0.14.0'
 end

data/saml_idp.gemspec

@@ -12,8 +12,8 @@ Gem::Specification.new do |s|
   s.summary = 'SAML Indentity Provider for Ruby'
   s.description = 'SAML IdP (Identity Provider) Library for Ruby'
   s.date = Time.now.utc.strftime("%Y-%m-%d")
-  s.files = Dir['app/**/*', 'lib/**/*', 'LICENSE', 'README.md', 'Gemfile', 'saml_idp.gemspec']
-  s.required_ruby_version = '>= 2.2'
+  s.files = Dir['lib/**/*', 'LICENSE', 'README.md', 'Gemfile', 'saml_idp.gemspec']
+  s.required_ruby_version = '>= 2.5'
   s.license = 'MIT'
   s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
@@ -43,19 +43,20 @@ Encrypted Assertions require the xmlenc gem. See the example in the Controller
 section of the README.
   INST
 
-  s.add_dependency('activesupport', '>= 3.2')
+  s.add_dependency('activesupport', '>= 5.2')
   s.add_dependency('builder', '>= 3.0')
   s.add_dependency('nokogiri', '>= 1.6.2')
+  s.add_dependency('xmlenc', '>= 0.7.1')
+  s.add_dependency('rexml')
 
   s.add_development_dependency('rake')
   s.add_development_dependency('simplecov')
   s.add_development_dependency('rspec', '>= 3.7.0')
   s.add_development_dependency('ruby-saml', '>= 1.7.2')
-  s.add_development_dependency('rails', '>= 3.2')
-  s.add_development_dependency('activeresource', '>= 3.2')
+  s.add_development_dependency('rails', '>= 5.2')
+  s.add_development_dependency('activeresource', '>= 5.1')
   s.add_development_dependency('capybara', '>= 2.16')
   s.add_development_dependency('timecop', '>= 0.8')
-  s.add_development_dependency('xmlenc', '>= 0.6.4')
   s.add_development_dependency('appraisal')
   s.add_development_dependency('byebug')
 end

data/spec/lib/saml_idp/assertion_builder_spec.rb

@@ -19,6 +19,9 @@ module SamlIdp
         key_transport: 'rsa-oaep-mgf1p',
       }
     end
+    let(:session_expiry) { nil }
+    let(:name_id_formats_opt) { nil }
+    let(:asserted_attributes_opt) { nil }
     subject { described_class.new(
       reference_id,
       issuer_uri,
@@ -103,6 +106,76 @@ module SamlIdp
       expect(encrypted_xml).to_not match(audience_uri)
     end
 
+    describe "with name_id_formats_opt" do
+      let(:name_id_formats_opt) {
+        {
+            persistent: -> (principal) {
+              principal.unique_identifier
+            }
+        }
+      }
+      it "delegates name_id_formats to opts" do
+        UserWithUniqueId = Struct.new(:unique_identifier, :email, :asserted_attributes)
+        principal = UserWithUniqueId.new('unique_identifier_123456', 'foo@example.com',  { emailAddress: { getter: :email } })
+        builder = described_class.new(
+            reference_id,
+            issuer_uri,
+            principal,
+            audience_uri,
+            saml_request_id,
+            saml_acs_url,
+            algorithm,
+            authn_context_classref,
+            expiry,
+            encryption_opts,
+            session_expiry,
+            name_id_formats_opt,
+            asserted_attributes_opt
+        )
+        Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
+          expect(builder.raw).to eq("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\">unique_identifier_123456</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T16:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement><AttributeStatement><Attribute Name=\"emailAddress\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"emailAddress\"><AttributeValue>foo@example.com</AttributeValue></Attribute></AttributeStatement></Assertion>")
+        end
+      end
+    end
+
+    describe "with asserted_attributes_opt" do
+      let(:asserted_attributes_opt) {
+        {
+            'GivenName' => {
+                getter: :first_name
+            },
+            'SurName' => {
+                getter: -> (principal) {
+                    principal.last_name
+                }
+            }
+        }
+      }
+
+      it "delegates asserted_attributes to opts" do
+        UserWithName = Struct.new(:email, :first_name, :last_name)
+        principal = UserWithName.new('foo@example.com', 'George', 'Washington')
+        builder = described_class.new(
+            reference_id,
+            issuer_uri,
+            principal,
+            audience_uri,
+            saml_request_id,
+            saml_acs_url,
+            algorithm,
+            authn_context_classref,
+            expiry,
+            encryption_opts,
+            session_expiry,
+            name_id_formats_opt,
+            asserted_attributes_opt
+        )
+        Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
+          expect(builder.raw).to eq("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">foo@example.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T16:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement><AttributeStatement><Attribute Name=\"GivenName\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"GivenName\"><AttributeValue>George</AttributeValue></Attribute><Attribute Name=\"SurName\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"SurName\"><AttributeValue>Washington</AttributeValue></Attribute></AttributeStatement></Assertion>")
+        end
+      end
+    end
+
     describe "with custom session_expiry configuration" do
       let(:config) { SamlIdp::Configurator.new }
       before do

data/spec/rails_app/app/controllers/saml_controller.rb

@@ -2,11 +2,7 @@ class SamlController < ApplicationController
 
   def consume
     response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
-    if Gem::Requirement.new('< 4.1') =~ Gem::Version.new(Rails.version)
-      render :text => response.name_id
-    else
-      render :plain => response.name_id
-    end
+    render :plain => response.name_id
   end
 
 end

data/spec/rails_app/app/controllers/saml_idp_controller.rb

@@ -1,9 +1,48 @@
-class SamlIdpController < SamlIdp::IdpController
-  def idp_authenticate(email, password)
-    { :email => email }
-  end
-
-  def idp_make_saml_response(user)
-    encode_response(user[:email])
-  end
+class SamlIdpController < ApplicationController
+    include SamlIdp::Controller
+
+    before_action :validate_saml_request, only: [:new, :create, :logout]
+
+    def new
+      render template: "saml_idp/idp/new"
+    end
+
+    def show
+      render xml: SamlIdp.metadata.signed
+    end
+
+    def create
+      unless params[:email].blank? && params[:password].blank?
+        person = idp_authenticate(params[:email], params[:password])
+        if person.nil?
+          @saml_idp_fail_msg = "Incorrect email or password."
+        else
+          @saml_response = idp_make_saml_response(person)
+          render :template => "saml_idp/idp/saml_post", :layout => false
+          return
+        end
+      end
+      render :template => "saml_idp/idp/new"
+    end
+
+    def logout
+      idp_logout
+      @saml_response = idp_make_saml_response(nil)
+      render :template => "saml_idp/idp/saml_post", :layout => false
+    end
+
+    def idp_logout
+      raise NotImplementedError
+    end
+    private :idp_logout
+
+    def idp_authenticate(email, password)
+      { :email => email }
+    end
+    protected :idp_authenticate
+
+    def idp_make_saml_response(person)
+      encode_response(person[:email])
+    end
+    protected :idp_make_saml_response
 end

data/{app → spec/rails_app/app}/views/saml_idp/idp/new.html.erb

@@ -1,22 +1,18 @@
 <% if @saml_idp_fail_msg %>
   <div id="saml_idp_fail_msg" class="flash error"><%= @saml_idp_fail_msg %></div>
 <% end %>
-
 <%= form_tag do %>
   <%= hidden_field_tag("SAMLRequest", params[:SAMLRequest]) %>
   <%= hidden_field_tag("RelayState", params[:RelayState]) %>
-
   <p>
     <%= label_tag :email %>
     <%= email_field_tag :email, params[:email], :autocapitalize => "off", :autocorrect => "off", :autofocus => "autofocus", :spellcheck => "false", :size => 30, :class => "email_pwd txt" %>
   </p>
-
   <p>
     <%= label_tag :password %>
     <%= password_field_tag :password, params[:password], :autocapitalize => "off", :autocorrect => "off", :spellcheck => "false", :size => 30, :class => "email_pwd txt" %>
   </p>
-
   <p>
     <%= submit_tag "Sign in", :class => "button big blueish" %>
   </p>
-<% end %>
+<% end %>

data/{app → spec/rails_app/app}/views/saml_idp/idp/saml_post.html.erb

@@ -11,4 +11,4 @@
       <%= submit_tag "Submit" %>
     <% end %>
   </body>
-</html>
+</html>

data/spec/rails_app/config/environments/development.rb

@@ -29,4 +29,6 @@ RailsApp::Application.configure do
   # Log the query plan for queries taking more than this (works
   # with SQLite, MySQL, and PostgreSQL)
   #config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  config.hosts << "foo.example.com" if config.respond_to?(:hosts)
 end

data/spec/spec_helper.rb

@@ -67,4 +67,4 @@ end
 SamlIdp::Default::SERVICE_PROVIDER[:metadata_url] = 'https://example.com/meta'
 SamlIdp::Default::SERVICE_PROVIDER[:response_hosts] = ['foo.example.com']
 SamlIdp::Default::SERVICE_PROVIDER[:assertion_consumer_logout_service_url] = 'https://foo.example.com/saml/logout'
-Capybara.default_host = "https://app.example.com"
+Capybara.default_host = "https://foo.example.com"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.14.0
 platform: ruby
 authors:
 - Jon Phenow
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-20 00:00:00.000000000 Z
+date: 2021-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.2
+- !ruby/object:Gem::Dependency
+  name: xmlenc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -114,28 +142,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: activeresource
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '5.1'
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -164,20 +192,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.8'
-- !ruby/object:Gem::Dependency
-  name: xmlenc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.6.4
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.6.4
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -215,9 +229,6 @@ files:
 - Gemfile
 - LICENSE
 - README.md
-- app/controllers/saml_idp/idp_controller.rb
-- app/views/saml_idp/idp/new.html.erb
-- app/views/saml_idp/idp/saml_post.html.erb
 - lib/saml_idp.rb
 - lib/saml_idp/algorithmable.rb
 - lib/saml_idp/assertion_builder.rb
@@ -281,6 +292,8 @@ files:
 - spec/rails_app/app/mailers/.gitkeep
 - spec/rails_app/app/models/.gitkeep
 - spec/rails_app/app/views/layouts/application.html.erb
+- spec/rails_app/app/views/saml_idp/idp/new.html.erb
+- spec/rails_app/app/views/saml_idp/idp/saml_post.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -352,7 +365,7 @@ metadata:
   homepage_uri: https://github.com/saml-idp/saml_idp
   source_code_uri: https://github.com/saml-idp/saml_idp
   bug_tracker_uri: https://github.com/saml-idp/saml_idp/issues
-  documentation_uri: http://rdoc.info/gems/saml_idp/0.12.0
+  documentation_uri: http://rdoc.info/gems/saml_idp/0.14.0
 post_install_message: |
   If you're just recently updating saml_idp - please be aware we've changed the default
   certificate. See the PR and a description of why we've done this here:
@@ -376,7 +389,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -422,6 +435,8 @@ test_files:
 - spec/rails_app/app/mailers/.gitkeep
 - spec/rails_app/app/models/.gitkeep
 - spec/rails_app/app/views/layouts/application.html.erb
+- spec/rails_app/app/views/saml_idp/idp/new.html.erb
+- spec/rails_app/app/views/saml_idp/idp/saml_post.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb

data/app/controllers/saml_idp/idp_controller.rb

@@ -1,59 +0,0 @@
-# encoding: utf-8
-
-module SamlIdp
-  class IdpController < ActionController::Base
-    include SamlIdp::Controller
-
-    unloadable unless Rails::VERSION::MAJOR >= 4
-    protect_from_forgery
-
-    if Rails::VERSION::MAJOR >= 4
-      before_action :validate_saml_request, only: [:new, :create]
-    else
-      before_filter :validate_saml_request, only: [:new, :create]
-    end
-
-    def new
-      render template: "saml_idp/idp/new"
-    end
-
-    def show
-      render xml: SamlIdp.metadata.signed
-    end
-
-    def create
-      unless params[:email].blank? && params[:password].blank?
-        person = idp_authenticate(params[:email], params[:password])
-        if person.nil?
-          @saml_idp_fail_msg = "Incorrect email or password."
-        else
-          @saml_response = idp_make_saml_response(person)
-          render :template => "saml_idp/idp/saml_post", :layout => false
-          return
-        end
-      end
-      render :template => "saml_idp/idp/new"
-    end
-
-    def logout
-      idp_logout
-      @saml_response = idp_make_saml_response(nil)
-      render :template => "saml_idp/idp/saml_post", :layout => false
-    end
-
-    def idp_logout
-      raise NotImplementedError
-    end
-    private :idp_logout
-
-    def idp_authenticate(email, password)
-      raise NotImplementedError
-    end
-    protected :idp_authenticate
-
-    def idp_make_saml_response(person)
-      raise NotImplementedError
-    end
-    protected :idp_make_saml_response
-  end
-end