saml_idp 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -1
- data/lib/saml_idp/assertion_builder.rb +11 -9
- data/lib/saml_idp/request.rb +1 -1
- data/lib/saml_idp/version.rb +1 -1
- data/saml_idp.gemspec +1 -1
- data/spec/lib/saml_idp/assertion_builder_spec.rb +18 -0
- data/spec/lib/saml_idp/request_spec.rb +17 -1
- metadata +5 -5
data/README.md
CHANGED
@@ -52,15 +52,17 @@ module SamlIdp
|
|
52
52
|
restriction.Audience audience_uri
|
53
53
|
end
|
54
54
|
end
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
55
|
+
if !config.attributes.nil? && !config.attributes.empty?
|
56
|
+
assertion.AttributeStatement do |attr_statement|
|
57
|
+
config.attributes.each do |friendly_name, attrs|
|
58
|
+
attrs = (attrs || {}).with_indifferent_access
|
59
|
+
attr_statement.Attribute Name: attrs[:name] || friendly_name,
|
60
|
+
NameFormat: attrs[:name_format] || Saml::XML::Namespaces::Formats::Attr::URI,
|
61
|
+
FriendlyName: friendly_name.to_s do |attr|
|
62
|
+
values = get_values_for friendly_name, attrs[:getter]
|
63
|
+
values.each do |val|
|
64
|
+
attr.AttributeValue val.to_s
|
65
|
+
end
|
64
66
|
end
|
65
67
|
end
|
66
68
|
end
|
data/lib/saml_idp/request.rb
CHANGED
data/lib/saml_idp/version.rb
CHANGED
data/saml_idp.gemspec
CHANGED
@@ -45,7 +45,7 @@ section of the README.
|
|
45
45
|
s.add_dependency('uuid')
|
46
46
|
s.add_dependency('builder')
|
47
47
|
s.add_dependency('httparty')
|
48
|
-
s.add_dependency('nokogiri')
|
48
|
+
s.add_dependency('nokogiri', '>= 1.6.2')
|
49
49
|
|
50
50
|
s.add_development_dependency "rake"
|
51
51
|
s.add_development_dependency "simplecov"
|
@@ -37,6 +37,24 @@ module SamlIdp
|
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
40
|
+
describe "without attributes" do
|
41
|
+
let(:config) { SamlIdp::Configurator.new }
|
42
|
+
before do
|
43
|
+
config.name_id.formats = {
|
44
|
+
"1.1" => {
|
45
|
+
email_address: ->(p) { "foo@example.com" }
|
46
|
+
}
|
47
|
+
}
|
48
|
+
SamlIdp.stub(config: config)
|
49
|
+
end
|
50
|
+
|
51
|
+
it "doesn't include attribute statement" do
|
52
|
+
Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
|
53
|
+
subject.raw.should == "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">foo@example.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T16:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>"
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
40
58
|
it "builds encrypted XML" do
|
41
59
|
builder = described_class.new(
|
42
60
|
reference_id,
|
@@ -1,8 +1,24 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
module SamlIdp
|
3
3
|
describe Request do
|
4
|
+
let(:raw_authn_request) { "<samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/saml/consume' Destination='http://localhost:1337/saml/auth' ID='_af43d1a0-e111-0130-661a-3c0754403fdb' IssueInstant='2013-08-06T22:01:35Z' Version='2.0' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'><saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>localhost:3000</saml:Issuer><samlp:NameIDPolicy AllowCreate='true' Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/><samlp:RequestedAuthnContext Comparison='exact'><saml:AuthnContextClassRef xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>" }
|
5
|
+
|
6
|
+
describe "deflated request" do
|
7
|
+
let(:deflated_request) { Base64.encode64(Zlib::Deflate.deflate(raw_authn_request, 9)[2..-5]) }
|
8
|
+
|
9
|
+
subject { described_class.from_deflated_request deflated_request }
|
10
|
+
|
11
|
+
it "inflates" do
|
12
|
+
subject.request_id.should == "_af43d1a0-e111-0130-661a-3c0754403fdb"
|
13
|
+
end
|
14
|
+
|
15
|
+
it "handles invalid SAML" do
|
16
|
+
req = described_class.from_deflated_request "bang!"
|
17
|
+
req.valid?.should == false
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
4
21
|
describe "authn request" do
|
5
|
-
let(:raw_authn_request) { "<samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/saml/consume' Destination='http://localhost:1337/saml/auth' ID='_af43d1a0-e111-0130-661a-3c0754403fdb' IssueInstant='2013-08-06T22:01:35Z' Version='2.0' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'><saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>localhost:3000</saml:Issuer><samlp:NameIDPolicy AllowCreate='true' Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/><samlp:RequestedAuthnContext Comparison='exact'><saml:AuthnContextClassRef xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>" }
|
6
22
|
subject { described_class.new raw_authn_request }
|
7
23
|
|
8
24
|
it "has a valid request_id" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml_idp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -82,7 +82,7 @@ dependencies:
|
|
82
82
|
requirements:
|
83
83
|
- - ! '>='
|
84
84
|
- !ruby/object:Gem::Version
|
85
|
-
version:
|
85
|
+
version: 1.6.2
|
86
86
|
type: :runtime
|
87
87
|
prerelease: false
|
88
88
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -90,7 +90,7 @@ dependencies:
|
|
90
90
|
requirements:
|
91
91
|
- - ! '>='
|
92
92
|
- !ruby/object:Gem::Version
|
93
|
-
version:
|
93
|
+
version: 1.6.2
|
94
94
|
- !ruby/object:Gem::Dependency
|
95
95
|
name: rake
|
96
96
|
requirement: !ruby/object:Gem::Requirement
|
@@ -393,7 +393,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
393
393
|
version: '0'
|
394
394
|
segments:
|
395
395
|
- 0
|
396
|
-
hash:
|
396
|
+
hash: 3897224932473421583
|
397
397
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
398
398
|
none: false
|
399
399
|
requirements:
|
@@ -402,7 +402,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
402
402
|
version: '0'
|
403
403
|
segments:
|
404
404
|
- 0
|
405
|
-
hash:
|
405
|
+
hash: 3897224932473421583
|
406
406
|
requirements: []
|
407
407
|
rubyforge_project:
|
408
408
|
rubygems_version: 1.8.23
|