saml_tools 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/LICENSE +24 -0
- data/README.rdoc +65 -0
- data/Rakefile +28 -0
- data/lib/saml_tool.rb +23 -0
- data/lib/saml_tool/certificate.rb +27 -0
- data/lib/saml_tool/decoder.rb +35 -0
- data/lib/saml_tool/encoder.rb +31 -0
- data/lib/saml_tool/erb_builder.rb +33 -0
- data/lib/saml_tool/reader.rb +40 -0
- data/lib/saml_tool/redirect.rb +45 -0
- data/lib/saml_tool/response_reader.rb +148 -0
- data/lib/saml_tool/rsa_key.rb +13 -0
- data/lib/saml_tool/saml.rb +30 -0
- data/lib/saml_tool/settings.rb +24 -0
- data/lib/saml_tool/validator.rb +40 -0
- data/lib/saml_tool/version.rb +8 -0
- data/lib/saml_tools.rb +1 -0
- data/lib/schema/localised-saml-schema-assertion-2.0.xsd +292 -0
- data/lib/schema/localised-saml-schema-protocol-2.0.xsd +309 -0
- data/lib/schema/localised-xenc-schema.xsd +151 -0
- data/lib/schema/xmldsig-core-schema.xsd +318 -0
- data/test/files/TEST_FILES.rdoc +22 -0
- data/test/files/cacert.pem +21 -0
- data/test/files/open_saml_response.xml +56 -0
- data/test/files/request.saml.erb +28 -0
- data/test/files/response.xml +94 -0
- data/test/files/response_template.xml +63 -0
- data/test/files/usercert.p12 +0 -0
- data/test/files/userkey.pem +18 -0
- data/test/files/valid_saml_request.xml +13 -0
- data/test/test_helper.rb +51 -0
- data/test/units/saml_tool/certificate_test.rb +30 -0
- data/test/units/saml_tool/decoder_test.rb +36 -0
- data/test/units/saml_tool/encoder_test.rb +38 -0
- data/test/units/saml_tool/erb_builder_test.rb +50 -0
- data/test/units/saml_tool/reader_test.rb +104 -0
- data/test/units/saml_tool/redirect_test.rb +70 -0
- data/test/units/saml_tool/response_reader_test.rb +144 -0
- data/test/units/saml_tool/rsa_key_test.rb +21 -0
- data/test/units/saml_tool/saml_test.rb +21 -0
- data/test/units/saml_tool/settings_test.rb +36 -0
- data/test/units/saml_tool/validator_test.rb +16 -0
- metadata +168 -0
@@ -0,0 +1,22 @@
|
|
1
|
+
= Test files
|
2
|
+
|
3
|
+
== response.xml
|
4
|
+
|
5
|
+
response.xml was built using xmlsec1 on Ubuntu.
|
6
|
+
|
7
|
+
It was based on a response found in ruby-saml's {test suite}[https://github.com/onelogin/ruby-saml/tree/master/test/responses].
|
8
|
+
|
9
|
+
The process was very heavily influenced by Philippe Camacho's {"An Introduction
|
10
|
+
to XML Signature and XML Encryption with XMLSec"}[http://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html]
|
11
|
+
|
12
|
+
From these two sources a template was built (test/files/response_template.xml),
|
13
|
+
and then this was signed using the certificates from Phillipe's page.
|
14
|
+
|
15
|
+
To rebuild the response.xml, open a console at test/files and run the following
|
16
|
+
command:
|
17
|
+
|
18
|
+
xmlsec1 --sign --output response.xml --pwd hello --pkcs12 usercert.p12 --trusted-pem cacert.pem --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion response_template.xml
|
19
|
+
|
20
|
+
The resulting response.xml can be verified using:
|
21
|
+
|
22
|
+
xmlsec1 --verify response.xml
|
@@ -0,0 +1,21 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIDfjCCAuegAwIBAgIJAIePNUhzFmNTMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
|
3
|
+
VQQGEwJDTDELMAkGA1UECBMCUk0xETAPBgNVBAcTCFNhbnRpYWdvMRwwGgYDVQQK
|
4
|
+
ExNsaXR0bGVjcnlwdG9ncmFwaGVyMRkwFwYDVQQDExBQaGlsaXBwZSBDYW1hY2hv
|
5
|
+
MR8wHQYJKoZIhvcNAQkBFhBsb3N0aWxvc0BmcmVlLmZyMB4XDTA4MDExOTEyNTAy
|
6
|
+
OFoXDTA4MDIxODEyNTAyOFowgYcxCzAJBgNVBAYTAkNMMQswCQYDVQQIEwJSTTER
|
7
|
+
MA8GA1UEBxMIU2FudGlhZ28xHDAaBgNVBAoTE2xpdHRsZWNyeXB0b2dyYXBoZXIx
|
8
|
+
GTAXBgNVBAMTEFBoaWxpcHBlIENhbWFjaG8xHzAdBgkqhkiG9w0BCQEWEGxvc3Rp
|
9
|
+
bG9zQGZyZWUuZnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKjzAWnn7l/e
|
10
|
+
Bgrail/0GRIf8U+Jf4o1QOhLkQfWEldai3vrMW6BRoqlymMR++Gkghnes2ZpM03i
|
11
|
+
+JOheKq0A4z60DBnOOl/93wL8/BKVsElQVgQktbMdBNhz0h7BBOKPDTa+ro4LYey
|
12
|
+
dczm5B8GzJ0NL5NhhTEhv2NOlLBqcIu1AgMBAAGjge8wgewwHQYDVR0OBBYEFP7L
|
13
|
+
Vgso6yrpx5zq5TrVTFWE29RqMIG8BgNVHSMEgbQwgbGAFP7LVgso6yrpx5zq5TrV
|
14
|
+
TFWE29RqoYGNpIGKMIGHMQswCQYDVQQGEwJDTDELMAkGA1UECBMCUk0xETAPBgNV
|
15
|
+
BAcTCFNhbnRpYWdvMRwwGgYDVQQKExNsaXR0bGVjcnlwdG9ncmFwaGVyMRkwFwYD
|
16
|
+
VQQDExBQaGlsaXBwZSBDYW1hY2hvMR8wHQYJKoZIhvcNAQkBFhBsb3N0aWxvc0Bm
|
17
|
+
cmVlLmZyggkAh481SHMWY1MwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
|
18
|
+
gQB6tmgdeQiPW/OLVR+C2igFVK94vS/Npl4Hlx3JAcvq0ZdlMDddN9feLa+pwC0+
|
19
|
+
7/atNl38oNptfJEJl5VXrHDPjmAd20FblafKOj3X02+l6T9UKhw4Qr4DzZB556ms
|
20
|
+
aRm7C8hRPssMtaCyV9DImL+enItRZXmKj/4rRkbqYl7raw==
|
21
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,56 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="https://example.hello.com/access/saml" ID="jVFQbyEpSfUwqhZtJtarIaGoshwuAQMDwLoiMhzJXsv" InResponseTo="cfeooghajnhofcmogakmlhpkohnmikicnfhdnjlc" IssueInstant="2011-06-21T13:54:38.661Z" Version="2.0">
|
3
|
+
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idm.orademo.com</saml2:Issuer>
|
4
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
5
|
+
<ds:SignedInfo>
|
6
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
7
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
8
|
+
<ds:Reference URI="#jVFQbyEpSfUwqhZtJtarIaGoshwuAQMDwLoiMhzJXsv">
|
9
|
+
<ds:Transforms>
|
10
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
11
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
|
12
|
+
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
|
13
|
+
</ds:Transform>
|
14
|
+
</ds:Transforms>
|
15
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
16
|
+
<ds:DigestValue>uHuSry39P16Yh7srS32xESmj4Lw=</ds:DigestValue>
|
17
|
+
</ds:Reference>
|
18
|
+
</ds:SignedInfo>
|
19
|
+
<ds:SignatureValue>fdghdfggfd=</ds:SignatureValue>
|
20
|
+
<ds:KeyInfo>
|
21
|
+
<ds:X509Data>
|
22
|
+
<ds:X509Certificate>dfghjkl</ds:X509Certificate>
|
23
|
+
</ds:X509Data>
|
24
|
+
</ds:KeyInfo>
|
25
|
+
</ds:Signature>
|
26
|
+
<saml2p:Status>
|
27
|
+
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
|
28
|
+
</saml2p:Status>
|
29
|
+
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="emmCjammnYdAbMWDuMAJeZvQIMBayeeYqqwvQoDclKE" IssueInstant="2011-06-21T13:54:38.676Z" Version="2.0">
|
30
|
+
<saml2:Issuer>https://idm.orademo.com</saml2:Issuer>
|
31
|
+
<saml2:Subject>
|
32
|
+
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="idp.example.org">someone@example.org</saml2:NameID>
|
33
|
+
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
|
34
|
+
<saml2:SubjectConfirmationData InResponseTo="cfeooghajnhofcmogakmlhpkohnmikicnfhdnjlc" NotOnOrAfter="2011-06-21T14:09:38.676Z" Recipient="https://example.hello.com/access/saml"/>
|
35
|
+
</saml2:SubjectConfirmation>
|
36
|
+
</saml2:Subject>
|
37
|
+
<saml2:Conditions NotBefore="2011-06-21T13:54:38.683Z" NotOnOrAfter="2011-06-21T14:09:38.683Z">
|
38
|
+
<saml2:AudienceRestriction>
|
39
|
+
<saml2:Audience>hello.com</saml2:Audience>
|
40
|
+
</saml2:AudienceRestriction>
|
41
|
+
</saml2:Conditions>
|
42
|
+
<saml2:AuthnStatement AuthnInstant="2011-06-21T13:54:38.685Z" SessionIndex="perdkjfskdjfksdiertusfsdfsddeurtherukjdfgkdffg">
|
43
|
+
<saml2:AuthnContext>
|
44
|
+
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
|
45
|
+
</saml2:AuthnContext>
|
46
|
+
</saml2:AuthnStatement>
|
47
|
+
<saml2:AttributeStatement>
|
48
|
+
<saml2:Attribute Name="FirstName">
|
49
|
+
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Someone</saml2:AttributeValue>
|
50
|
+
</saml2:Attribute>
|
51
|
+
<saml2:Attribute Name="LastName">
|
52
|
+
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Special</saml2:AttributeValue>
|
53
|
+
</saml2:Attribute>
|
54
|
+
</saml2:AttributeStatement>
|
55
|
+
</saml2:Assertion>
|
56
|
+
</saml2p:Response>
|
@@ -0,0 +1,28 @@
|
|
1
|
+
<samlp:AuthnRequest
|
2
|
+
AssertionConsumerServiceURL='<%= settings.assertion_consumer_service_url %>'
|
3
|
+
Destination='<%= settings.idp_sso_target_url %>'
|
4
|
+
ID='<%= settings.id %>'
|
5
|
+
IssueInstant='<%= settings.issue_instance %>'
|
6
|
+
Version='2.0'
|
7
|
+
xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'
|
8
|
+
>
|
9
|
+
<saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>
|
10
|
+
<%= settings.issuer %>
|
11
|
+
</saml:Issuer>
|
12
|
+
<samlp:NameIDPolicy
|
13
|
+
AllowCreate='true'
|
14
|
+
Format='<%= settings.name_identifier_format %>'
|
15
|
+
xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'
|
16
|
+
/>
|
17
|
+
<samlp:RequestedAuthnContext
|
18
|
+
Comparison='exact'
|
19
|
+
xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'
|
20
|
+
>
|
21
|
+
<saml:AuthnContextClassRef
|
22
|
+
xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'
|
23
|
+
>
|
24
|
+
<%= settings.authn_context %>
|
25
|
+
</saml:AuthnContextClassRef>
|
26
|
+
</samlp:RequestedAuthnContext>
|
27
|
+
</samlp:AuthnRequest>
|
28
|
+
|
@@ -0,0 +1,94 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="GOSAMLR12901174571794" Version="2.0" IssueInstant="2010-11-18T21:57:37Z" Destination="{recipient}">
|
3
|
+
<samlp:Status>
|
4
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
|
5
|
+
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfxa46574df-b3b0-a06a-23c8-636413198772" IssueInstant="2010-11-18T21:57:37Z">
|
6
|
+
<saml:Issuer>https://app.onelogin.com/saml/metadata/13590</saml:Issuer>
|
7
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
8
|
+
<SignedInfo>
|
9
|
+
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
|
10
|
+
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
11
|
+
<Reference URI="#pfxa46574df-b3b0-a06a-23c8-636413198772">
|
12
|
+
<Transforms>
|
13
|
+
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
14
|
+
</Transforms>
|
15
|
+
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
16
|
+
<DigestValue>YItEpV0VaEcaafv9X7sFXvSiz2o=</DigestValue>
|
17
|
+
</Reference>
|
18
|
+
</SignedInfo>
|
19
|
+
<SignatureValue>QZcM+V3tDw2yOHEWi7hUDyOFRbmIpwW/dvTFoRi6dkH3bnh3jBVUNZuTu9pHcs5X
|
20
|
+
qSFmL2C0zpWomKtxGvxfyIY2dDl8Gbwv+MZssDQ0u/Ce2hh84B6XtW3DtHy8hKSQ
|
21
|
+
WgQA/pKoncL0ZOqmCKclPiM/3bkPUYu54JrtIj9YsPc=</SignatureValue>
|
22
|
+
<KeyInfo>
|
23
|
+
<X509Data>
|
24
|
+
|
25
|
+
|
26
|
+
|
27
|
+
<X509Certificate>MIIC6DCCAlGgAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwgYcxCzAJBgNVBAYTAkNM
|
28
|
+
MQswCQYDVQQIEwJSTTERMA8GA1UEBxMIU2FudGlhZ28xHDAaBgNVBAoTE2xpdHRs
|
29
|
+
ZWNyeXB0b2dyYXBoZXIxGTAXBgNVBAMTEFBoaWxpcHBlIENhbWFjaG8xHzAdBgkq
|
30
|
+
hkiG9w0BCQEWEGxvc3RpbG9zQGZyZWUuZnIwHhcNMDgwMTE5MTI1MjM3WhcNMDkw
|
31
|
+
MTE4MTI1MjM3WjBuMQswCQYDVQQGEwJDTDELMAkGA1UECBMCUk0xHDAaBgNVBAoT
|
32
|
+
E2xpdHRsZWNyeXB0b2dyYXBoZXIxEzARBgNVBAMTCkpvaG4gU21pdGgxHzAdBgkq
|
33
|
+
hkiG9w0BCQEWEGpzbWl0aEBoZWxsby5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
|
34
|
+
MIGJAoGBALwShIDVij20XFC8V3Bs8Xn6b3uRa8rnPgkMCc92LoxNc/IzCriw9gu9
|
35
|
+
NGps/bwanWgZbK5va46Y27axFhHo2uNk9ZE2lj0UQegFdBGlEIOt9hlpHFSqTnmX
|
36
|
+
AKraSHd2yxhVe+JqGIrtyTQluWVNPOCKXd8zubFgWqlUMXMrn8JzAgMBAAGjezB5
|
37
|
+
MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
|
38
|
+
cnRpZmljYXRlMB0GA1UdDgQWBBQ08GE4h2jHJZOGkDUyQE9EEPMqlDAfBgNVHSME
|
39
|
+
GDAWgBT+y1YLKOsq6cec6uU61UxVhNvUajANBgkqhkiG9w0BAQUFAAOBgQAVZMDa
|
40
|
+
KVhvX2qOMlcjX7i6DESF7SDyEbjfPk+bYIDm+al45lmzixkFeYUUQcFJMG0s152A
|
41
|
+
kFd/fTVMfz/j37OQYxUYwwZQlMW3dVnC+CvjtMlSrReeHThhQFQpO16i21aDitON
|
42
|
+
1TFsvO8T+21YGB4kne44vry6O4JJPy8EZBsfbw==</X509Certificate>
|
43
|
+
<X509SubjectName>emailAddress=jsmith@hello.com,CN=John Smith,O=littlecryptographer,ST=RM,C=CL</X509SubjectName>
|
44
|
+
<X509IssuerSerial>
|
45
|
+
<X509IssuerName>emailAddress=lostilos@free.fr,CN=Philippe Camacho,O=littlecryptographer,L=Santiago,ST=RM,C=CL</X509IssuerName>
|
46
|
+
<X509SerialNumber>286</X509SerialNumber>
|
47
|
+
</X509IssuerSerial>
|
48
|
+
</X509Data>
|
49
|
+
<KeyValue>
|
50
|
+
<RSAKeyValue>
|
51
|
+
<Modulus>
|
52
|
+
vBKEgNWKPbRcULxXcGzxefpve5Fryuc+CQwJz3YujE1z8jMKuLD2C700amz9vBqd
|
53
|
+
aBlsrm9rjpjbtrEWEeja42T1kTaWPRRB6AV0EaUQg632GWkcVKpOeZcAqtpId3bL
|
54
|
+
GFV74moYiu3JNCW5ZU084Ipd3zO5sWBaqVQxcyufwnM=
|
55
|
+
</Modulus>
|
56
|
+
<Exponent>
|
57
|
+
AQAB
|
58
|
+
</Exponent>
|
59
|
+
</RSAKeyValue>
|
60
|
+
</KeyValue>
|
61
|
+
</KeyInfo>
|
62
|
+
</Signature>
|
63
|
+
<saml:Subject>
|
64
|
+
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">support@onelogin.com</saml:NameID>
|
65
|
+
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
|
66
|
+
<saml:SubjectConfirmationData NotOnOrAfter="2010-11-18T22:02:37Z" Recipient="{recipient}"/></saml:SubjectConfirmation>
|
67
|
+
</saml:Subject>
|
68
|
+
<saml:Conditions NotBefore="2010-11-18T21:52:37Z" NotOnOrAfter="2010-11-18T22:02:37Z">
|
69
|
+
<saml:AudienceRestriction>
|
70
|
+
<saml:Audience>{audience}</saml:Audience>
|
71
|
+
</saml:AudienceRestriction>
|
72
|
+
</saml:Conditions>
|
73
|
+
<saml:AuthnStatement AuthnInstant="2010-11-18T21:57:37Z" SessionNotOnOrAfter="2010-11-19T21:57:37Z" SessionIndex="_531c32d283bdff7e04e487bcdbc4dd8d">
|
74
|
+
<saml:AuthnContext>
|
75
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
|
76
|
+
</saml:AuthnContext>
|
77
|
+
</saml:AuthnStatement>
|
78
|
+
<saml:AttributeStatement>
|
79
|
+
<saml:Attribute Name="uid">
|
80
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">demo</saml:AttributeValue>
|
81
|
+
</saml:Attribute>
|
82
|
+
<saml:Attribute Name="another_value">
|
83
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue>
|
84
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value2</saml:AttributeValue>
|
85
|
+
</saml:Attribute>
|
86
|
+
<saml:Attribute Name="role">
|
87
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role1</saml:AttributeValue>
|
88
|
+
</saml:Attribute>
|
89
|
+
<saml:Attribute Name="role">
|
90
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role2</saml:AttributeValue>
|
91
|
+
</saml:Attribute>
|
92
|
+
</saml:AttributeStatement>
|
93
|
+
</saml:Assertion>
|
94
|
+
</samlp:Response>
|
@@ -0,0 +1,63 @@
|
|
1
|
+
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="GOSAMLR12901174571794" Version="2.0" IssueInstant="2010-11-18T21:57:37Z" Destination="{recipient}">
|
2
|
+
<samlp:Status>
|
3
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
|
4
|
+
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfxa46574df-b3b0-a06a-23c8-636413198772" IssueInstant="2010-11-18T21:57:37Z">
|
5
|
+
<saml:Issuer>https://app.onelogin.com/saml/metadata/13590</saml:Issuer>
|
6
|
+
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
|
7
|
+
<SignedInfo>
|
8
|
+
<CanonicalizationMethod Algorithm=
|
9
|
+
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
|
10
|
+
<SignatureMethod Algorithm=
|
11
|
+
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
12
|
+
<Reference URI="#pfxa46574df-b3b0-a06a-23c8-636413198772">
|
13
|
+
<Transforms>
|
14
|
+
<Transform Algorithm=
|
15
|
+
"http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
|
16
|
+
</Transforms>
|
17
|
+
<DigestMethod Algorithm=
|
18
|
+
"http://www.w3.org/2000/09/xmldsig#sha1"/>
|
19
|
+
<DigestValue></DigestValue>
|
20
|
+
</Reference>
|
21
|
+
</SignedInfo>
|
22
|
+
<SignatureValue />
|
23
|
+
<KeyInfo>
|
24
|
+
<X509Data >
|
25
|
+
<X509SubjectName/>
|
26
|
+
<X509IssuerSerial/>
|
27
|
+
<X509Certificate/>
|
28
|
+
</X509Data>
|
29
|
+
<KeyValue />
|
30
|
+
</KeyInfo>
|
31
|
+
</Signature>
|
32
|
+
<saml:Subject>
|
33
|
+
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">support@onelogin.com</saml:NameID>
|
34
|
+
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
|
35
|
+
<saml:SubjectConfirmationData NotOnOrAfter="2010-11-18T22:02:37Z" Recipient="{recipient}"/></saml:SubjectConfirmation>
|
36
|
+
</saml:Subject>
|
37
|
+
<saml:Conditions NotBefore="2010-11-18T21:52:37Z" NotOnOrAfter="2010-11-18T22:02:37Z">
|
38
|
+
<saml:AudienceRestriction>
|
39
|
+
<saml:Audience>{audience}</saml:Audience>
|
40
|
+
</saml:AudienceRestriction>
|
41
|
+
</saml:Conditions>
|
42
|
+
<saml:AuthnStatement AuthnInstant="2010-11-18T21:57:37Z" SessionNotOnOrAfter="2010-11-19T21:57:37Z" SessionIndex="_531c32d283bdff7e04e487bcdbc4dd8d">
|
43
|
+
<saml:AuthnContext>
|
44
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
|
45
|
+
</saml:AuthnContext>
|
46
|
+
</saml:AuthnStatement>
|
47
|
+
<saml:AttributeStatement>
|
48
|
+
<saml:Attribute Name="uid">
|
49
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">demo</saml:AttributeValue>
|
50
|
+
</saml:Attribute>
|
51
|
+
<saml:Attribute Name="another_value">
|
52
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue>
|
53
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value2</saml:AttributeValue>
|
54
|
+
</saml:Attribute>
|
55
|
+
<saml:Attribute Name="role">
|
56
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role1</saml:AttributeValue>
|
57
|
+
</saml:Attribute>
|
58
|
+
<saml:Attribute Name="role">
|
59
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role2</saml:AttributeValue>
|
60
|
+
</saml:Attribute>
|
61
|
+
</saml:AttributeStatement>
|
62
|
+
</saml:Assertion>
|
63
|
+
</samlp:Response>
|
Binary file
|
@@ -0,0 +1,18 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
Proc-Type: 4,ENCRYPTED
|
3
|
+
DEK-Info: DES-EDE3-CBC,7D88A380248C2614
|
4
|
+
|
5
|
+
02esmv1iImtl5MVME36xJxIF4PGKI66Y1sS/qpgiXupAFA+5sRDviNHYRYWOp8hZ
|
6
|
+
W8k0fem0hai82dUQS8bmUdi24ZWyUISMaQFojPcutuDF07HIe8voYpI8iWU/zw2z
|
7
|
+
Is6eZlFJvsHDf34igSXaD10EPWbO9uLKlFl1YEwyhAKP6jlo4Oe6d69DBazlH3vT
|
8
|
+
ilmOKtkUOoks3Ri9WJH20zqNwLpa4mEt+0sgfkAUPgsOWyJd3BJ3rDdZp4TIFtUU
|
9
|
+
MoNqdxb/6vMhghC6yp0uUsu7n9dmmcRcvb+MWC2JOSEIdKvev0bt0Wvk8ZDNId2a
|
10
|
+
9V14QCKGGeQ1T9/Mc09nNWlA559By+YZxIn51+J5No2+3G1oPka8jVTZ3Q+orkaU
|
11
|
+
nBjgg+e5SIWd6BZF8QZs5vOJhcABAweKsdTJuksVyKTCw9gwcNYTqakKY9Bt+kD0
|
12
|
+
Q1hDIjCV725TuML7707cPeBO2Rhpc0Tr79WJepB3L+V0/PLIaYhdhLI0FTpzxUN/
|
13
|
+
lWOyy0wzzU9zfGsWCG6KECu+OriX0GSu//F7nZ0/7U0FxzwAqCykS/lej0byS0bK
|
14
|
+
iL0nsjMRPlVVnM73Chq7p65pYLJ70K5nSlLoXjPoWGJ0DQYyMnB9WcvbBwvWoRW3
|
15
|
+
/9Dm/ZDLj1xP4U5oKHAgkaxJOkKnmoLOG1F/NnwqzXw4+M5BzMWwtXH3QAaKJ9DU
|
16
|
+
UiNQgP9O33HMx85n7tugmR0NkZAbeJ8LmSRSoTiZ1UxHtLTRqvWhTRg3e73I4pcG
|
17
|
+
gD8t+bNqjbY+XGLmgpAkoAXpjIkkxmZD6layeG+VIC13ZROM5onWyA==
|
18
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,13 @@
|
|
1
|
+
<samlp:AuthnRequest
|
2
|
+
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
3
|
+
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
4
|
+
ID="aaf23196-1773-2113-474a-fe114412ab72"
|
5
|
+
Version="2.0"
|
6
|
+
IssueInstant="2004-12-05T09:21:59"
|
7
|
+
AssertionConsumerServiceIndex="0"
|
8
|
+
AttributeConsumingServiceIndex="0">
|
9
|
+
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
|
10
|
+
<samlp:NameIDPolicy
|
11
|
+
AllowCreate="true"
|
12
|
+
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
|
13
|
+
</samlp:AuthnRequest>
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
$:.unshift File.join(File.dirname(__FILE__),'..','lib')
|
2
|
+
|
3
|
+
require 'minitest'
|
4
|
+
require 'minitest/autorun'
|
5
|
+
require 'saml_tool'
|
6
|
+
|
7
|
+
class Minitest::Test
|
8
|
+
|
9
|
+
def valid_xml
|
10
|
+
'<foo>bar</foo>'
|
11
|
+
end
|
12
|
+
|
13
|
+
def saml
|
14
|
+
'<foo>something that behaves like saml</foo>'
|
15
|
+
end
|
16
|
+
|
17
|
+
def valid_saml_request
|
18
|
+
contents_of 'files/valid_saml_request.xml'
|
19
|
+
end
|
20
|
+
|
21
|
+
def request_saml_erb
|
22
|
+
contents_of 'files/request.saml.erb'
|
23
|
+
end
|
24
|
+
|
25
|
+
def response_xml
|
26
|
+
contents_of 'files/response.xml'
|
27
|
+
end
|
28
|
+
|
29
|
+
def open_saml_request
|
30
|
+
contents_of 'files/open_saml_response.xml'
|
31
|
+
end
|
32
|
+
|
33
|
+
def x509_certificate
|
34
|
+
@x509_certificate ||= OpenSSL::PKCS12.new(
|
35
|
+
contents_of('files/usercert.p12'),
|
36
|
+
'hello'
|
37
|
+
).certificate
|
38
|
+
end
|
39
|
+
|
40
|
+
def open_ssl_rsa_key
|
41
|
+
@open_ssl_rsa_key ||= OpenSSL::PKey::RSA.new(
|
42
|
+
contents_of('files/userkey.pem'),
|
43
|
+
'hello'
|
44
|
+
)
|
45
|
+
end
|
46
|
+
|
47
|
+
def contents_of(file_path)
|
48
|
+
File.read File.expand_path(file_path, File.dirname(__FILE__))
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require_relative '../../test_helper'
|
2
|
+
|
3
|
+
module SamlTool
|
4
|
+
class CertificateTest < Minitest::Test
|
5
|
+
|
6
|
+
def test_x509_certificate
|
7
|
+
expected = x509_certificate.to_s.lines.to_a[1..-2].join
|
8
|
+
assert_equal expected, certificate.x509_certificate
|
9
|
+
end
|
10
|
+
|
11
|
+
def test_issuer_name
|
12
|
+
expected = x509_certificate.issuer.to_s[1..-1].split('/').reverse.join(',')
|
13
|
+
assert_equal expected, certificate.issuer_name
|
14
|
+
end
|
15
|
+
|
16
|
+
def test_subject_name
|
17
|
+
expected = x509_certificate.subject.to_s[1..-1].split('/').reverse.join(',')
|
18
|
+
assert_equal expected, certificate.subject_name
|
19
|
+
end
|
20
|
+
|
21
|
+
def test_serial_number
|
22
|
+
assert_equal x509_certificate.serial, certificate.serial_number
|
23
|
+
end
|
24
|
+
|
25
|
+
def certificate
|
26
|
+
@certificate ||= Certificate.new(x509_certificate)
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require_relative '../../test_helper'
|
2
|
+
|
3
|
+
module SamlTool
|
4
|
+
class DecoderTest < Minitest::Test
|
5
|
+
|
6
|
+
def test_class_decode
|
7
|
+
deflated_saml = deflate saml
|
8
|
+
encoded_saml = Base64.encode64 deflated_saml
|
9
|
+
assert_equal Decoder.new(encoded_saml).decode, Decoder.decode(encoded_saml)
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_decode
|
13
|
+
deflated_saml = deflate saml
|
14
|
+
encoded_saml = Base64.encode64 deflated_saml
|
15
|
+
decoded_saml = Decoder.new(encoded_saml).decode
|
16
|
+
assert_equal saml, decoded_saml
|
17
|
+
end
|
18
|
+
|
19
|
+
def test_base64
|
20
|
+
encoded_saml = Base64.encode64 saml
|
21
|
+
decoded_saml = Decoder.new(encoded_saml).base64
|
22
|
+
assert_equal saml, decoded_saml
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_zlib
|
26
|
+
deflated_saml = deflate saml
|
27
|
+
decoded_saml = Decoder.new(deflated_saml).zlib
|
28
|
+
assert_equal saml, decoded_saml
|
29
|
+
end
|
30
|
+
|
31
|
+
def deflate(text)
|
32
|
+
Zlib::Deflate.deflate(text, Zlib::BEST_COMPRESSION)[2..-5]
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|