saml_idp 0.8.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -6
- data/lib/saml_idp/version.rb +1 -1
- data/lib/saml_idp/xml_security.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f1ba3b2f2b20a724319f30539cea15c3a224b21e9d7ffacdde0ac471ad885dc0
|
4
|
+
data.tar.gz: 95405db1de10b6f1686bd8c3d4696288f095e8921dc482a57e1fc2f0a4ddb686
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5f21bade5ab5845df2c21567ad6a5db6111aedc3af3642b6127e62708a2ea76cd02cbc47fadb88d7f2fc2036dda1daefc9c3c333b68713bd0cf0538dd9f44fc7
|
7
|
+
data.tar.gz: 817c824e708fa990c6509e3ba4b40867c561ff346bdd895515e6998d66866d56a5256664fcb3498f2746f1b760d4901001605b3dbc46df7eff078b48019f1c77
|
data/README.md
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# Ruby SAML Identity Provider (IdP)
|
2
|
+
|
2
3
|
Forked from https://github.com/lawrencepit/ruby-saml-idp
|
3
4
|
|
4
5
|
[](https://travis-ci.org/saml-idp/saml_idp)
|
@@ -19,6 +20,7 @@ Add this to your Gemfile:
|
|
19
20
|
gem 'saml_idp'
|
20
21
|
|
21
22
|
## Not using rails?
|
23
|
+
|
22
24
|
Include `SamlIdp::Controller` and see the examples that use rails. It should be straightforward for you.
|
23
25
|
|
24
26
|
Basically you call `decode_request(params[:SAMLRequest])` on an incoming request and then use the value
|
@@ -30,9 +32,10 @@ posting to `saml_acs_url` the parameter `SAMLResponse` with the return value fro
|
|
30
32
|
`encode_response(user_email)`.
|
31
33
|
|
32
34
|
## Using rails?
|
35
|
+
|
33
36
|
Add to your `routes.rb` file, for example:
|
34
37
|
|
35
|
-
```
|
38
|
+
```ruby
|
36
39
|
get '/saml/auth' => 'saml_idp#new'
|
37
40
|
get '/saml/metadata' => 'saml_idp#show'
|
38
41
|
post '/saml/auth' => 'saml_idp#create'
|
@@ -41,7 +44,7 @@ match '/saml/logout' => 'saml_idp#logout', via: [:get, :post, :delete]
|
|
41
44
|
|
42
45
|
Create a controller that looks like this, customize to your own situation:
|
43
46
|
|
44
|
-
```
|
47
|
+
```ruby
|
45
48
|
class SamlIdpController < SamlIdp::IdpController
|
46
49
|
def idp_authenticate(email, password) # not using params intentionally
|
47
50
|
user = User.by_email(email).first
|
@@ -101,7 +104,7 @@ CERT
|
|
101
104
|
|
102
105
|
# Principal (e.g. User) is passed in when you `encode_response`
|
103
106
|
#
|
104
|
-
# config.name_id.formats
|
107
|
+
# config.name_id.formats =
|
105
108
|
# { # All 2.0
|
106
109
|
# email_address: -> (principal) { principal.email_address },
|
107
110
|
# transient: -> (principal) { principal.id },
|
@@ -211,6 +214,7 @@ end
|
|
211
214
|
```
|
212
215
|
|
213
216
|
# Keys and Secrets
|
217
|
+
|
214
218
|
To generate the SAML Response it uses a default X.509 certificate and secret key... which isn't so secret.
|
215
219
|
You can find them in `SamlIdp::Default`. The X.509 certificate is valid until year 2032.
|
216
220
|
Obviously you shouldn't use these if you intend to use this in production environments. In that case,
|
@@ -224,18 +228,19 @@ The fingerprint to use, if you use the default X.509 certificate of this gem, is
|
|
224
228
|
9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D
|
225
229
|
```
|
226
230
|
|
227
|
-
|
228
231
|
# Service Providers
|
232
|
+
|
229
233
|
To act as a Service Provider which generates SAML Requests and can react to SAML Responses use the
|
230
234
|
excellent [ruby-saml](https://github.com/onelogin/ruby-saml) gem.
|
231
235
|
|
232
|
-
|
233
236
|
# Author
|
234
|
-
|
237
|
+
|
238
|
+
Jon Phenow, jon@jphenow.com, jphenow.com, @jphenow
|
235
239
|
|
236
240
|
Lawrence Pit, lawrence.pit@gmail.com, lawrencepit.com, @lawrencepit
|
237
241
|
|
238
242
|
# Copyright
|
243
|
+
|
239
244
|
Copyright (c) 2012 Sport Ngin.
|
240
245
|
Portions Copyright (c) 2010 OneLogin, LLC
|
241
246
|
Portions Copyright (c) 2012 Lawrence Pit (http://lawrencepit.com)
|
data/lib/saml_idp/version.rb
CHANGED
@@ -108,7 +108,7 @@ module SamlIdp
|
|
108
108
|
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
109
109
|
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
110
110
|
|
111
|
-
digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod"))
|
111
|
+
digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod", {'ds' => DSIG}))
|
112
112
|
|
113
113
|
hash = digest_algorithm.digest(canon_hashed_element)
|
114
114
|
digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml_idp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jon Phenow
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -347,7 +347,7 @@ metadata:
|
|
347
347
|
homepage_uri: https://github.com/saml-idp/saml_idp
|
348
348
|
source_code_uri: https://github.com/saml-idp/saml_idp
|
349
349
|
bug_tracker_uri: https://github.com/saml-idp/saml_idp/issues
|
350
|
-
documentation_uri: http://rdoc.info/gems/saml_idp/0.8.
|
350
|
+
documentation_uri: http://rdoc.info/gems/saml_idp/0.8.1
|
351
351
|
post_install_message: |
|
352
352
|
If you're just recently updating saml_idp - please be aware we've changed the default
|
353
353
|
certificate. See the PR and a description of why we've done this here:
|