saml_idp 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +11 -6
- data/lib/saml_idp/version.rb +1 -1
- data/lib/saml_idp/xml_security.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f1ba3b2f2b20a724319f30539cea15c3a224b21e9d7ffacdde0ac471ad885dc0
|
|
4
|
+
data.tar.gz: 95405db1de10b6f1686bd8c3d4696288f095e8921dc482a57e1fc2f0a4ddb686
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5f21bade5ab5845df2c21567ad6a5db6111aedc3af3642b6127e62708a2ea76cd02cbc47fadb88d7f2fc2036dda1daefc9c3c333b68713bd0cf0538dd9f44fc7
|
|
7
|
+
data.tar.gz: 817c824e708fa990c6509e3ba4b40867c561ff346bdd895515e6998d66866d56a5256664fcb3498f2746f1b760d4901001605b3dbc46df7eff078b48019f1c77
|
data/README.md
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# Ruby SAML Identity Provider (IdP)
|
|
2
|
+
|
|
2
3
|
Forked from https://github.com/lawrencepit/ruby-saml-idp
|
|
3
4
|
|
|
4
5
|
[](https://travis-ci.org/saml-idp/saml_idp)
|
|
@@ -19,6 +20,7 @@ Add this to your Gemfile:
|
|
|
19
20
|
gem 'saml_idp'
|
|
20
21
|
|
|
21
22
|
## Not using rails?
|
|
23
|
+
|
|
22
24
|
Include `SamlIdp::Controller` and see the examples that use rails. It should be straightforward for you.
|
|
23
25
|
|
|
24
26
|
Basically you call `decode_request(params[:SAMLRequest])` on an incoming request and then use the value
|
|
@@ -30,9 +32,10 @@ posting to `saml_acs_url` the parameter `SAMLResponse` with the return value fro
|
|
|
30
32
|
`encode_response(user_email)`.
|
|
31
33
|
|
|
32
34
|
## Using rails?
|
|
35
|
+
|
|
33
36
|
Add to your `routes.rb` file, for example:
|
|
34
37
|
|
|
35
|
-
```
|
|
38
|
+
```ruby
|
|
36
39
|
get '/saml/auth' => 'saml_idp#new'
|
|
37
40
|
get '/saml/metadata' => 'saml_idp#show'
|
|
38
41
|
post '/saml/auth' => 'saml_idp#create'
|
|
@@ -41,7 +44,7 @@ match '/saml/logout' => 'saml_idp#logout', via: [:get, :post, :delete]
|
|
|
41
44
|
|
|
42
45
|
Create a controller that looks like this, customize to your own situation:
|
|
43
46
|
|
|
44
|
-
```
|
|
47
|
+
```ruby
|
|
45
48
|
class SamlIdpController < SamlIdp::IdpController
|
|
46
49
|
def idp_authenticate(email, password) # not using params intentionally
|
|
47
50
|
user = User.by_email(email).first
|
|
@@ -101,7 +104,7 @@ CERT
|
|
|
101
104
|
|
|
102
105
|
# Principal (e.g. User) is passed in when you `encode_response`
|
|
103
106
|
#
|
|
104
|
-
# config.name_id.formats
|
|
107
|
+
# config.name_id.formats =
|
|
105
108
|
# { # All 2.0
|
|
106
109
|
# email_address: -> (principal) { principal.email_address },
|
|
107
110
|
# transient: -> (principal) { principal.id },
|
|
@@ -211,6 +214,7 @@ end
|
|
|
211
214
|
```
|
|
212
215
|
|
|
213
216
|
# Keys and Secrets
|
|
217
|
+
|
|
214
218
|
To generate the SAML Response it uses a default X.509 certificate and secret key... which isn't so secret.
|
|
215
219
|
You can find them in `SamlIdp::Default`. The X.509 certificate is valid until year 2032.
|
|
216
220
|
Obviously you shouldn't use these if you intend to use this in production environments. In that case,
|
|
@@ -224,18 +228,19 @@ The fingerprint to use, if you use the default X.509 certificate of this gem, is
|
|
|
224
228
|
9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D
|
|
225
229
|
```
|
|
226
230
|
|
|
227
|
-
|
|
228
231
|
# Service Providers
|
|
232
|
+
|
|
229
233
|
To act as a Service Provider which generates SAML Requests and can react to SAML Responses use the
|
|
230
234
|
excellent [ruby-saml](https://github.com/onelogin/ruby-saml) gem.
|
|
231
235
|
|
|
232
|
-
|
|
233
236
|
# Author
|
|
234
|
-
|
|
237
|
+
|
|
238
|
+
Jon Phenow, jon@jphenow.com, jphenow.com, @jphenow
|
|
235
239
|
|
|
236
240
|
Lawrence Pit, lawrence.pit@gmail.com, lawrencepit.com, @lawrencepit
|
|
237
241
|
|
|
238
242
|
# Copyright
|
|
243
|
+
|
|
239
244
|
Copyright (c) 2012 Sport Ngin.
|
|
240
245
|
Portions Copyright (c) 2010 OneLogin, LLC
|
|
241
246
|
Portions Copyright (c) 2012 Lawrence Pit (http://lawrencepit.com)
|
data/lib/saml_idp/version.rb
CHANGED
|
@@ -108,7 +108,7 @@ module SamlIdp
|
|
|
108
108
|
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
109
109
|
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
|
110
110
|
|
|
111
|
-
digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod"))
|
|
111
|
+
digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod", {'ds' => DSIG}))
|
|
112
112
|
|
|
113
113
|
hash = digest_algorithm.digest(canon_hashed_element)
|
|
114
114
|
digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml_idp
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jon Phenow
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-01-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -347,7 +347,7 @@ metadata:
|
|
|
347
347
|
homepage_uri: https://github.com/saml-idp/saml_idp
|
|
348
348
|
source_code_uri: https://github.com/saml-idp/saml_idp
|
|
349
349
|
bug_tracker_uri: https://github.com/saml-idp/saml_idp/issues
|
|
350
|
-
documentation_uri: http://rdoc.info/gems/saml_idp/0.8.
|
|
350
|
+
documentation_uri: http://rdoc.info/gems/saml_idp/0.8.1
|
|
351
351
|
post_install_message: |
|
|
352
352
|
If you're just recently updating saml_idp - please be aware we've changed the default
|
|
353
353
|
certificate. See the PR and a description of why we've done this here:
|