samlr 2.6.3 → 2.7.1.pre.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +15 -2
- data/lib/samlr/signature.rb +9 -3
- data/lib/samlr/tools/metadata_builder.rb +12 -4
- data/lib/samlr/tools/response_builder.rb +5 -1
- data/lib/samlr/version.rb +1 -1
- metadata +4 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ee8259662edd9f4e6cc5e347b1ab2c5e2e6d257e91894675be36a0a7c6d82846
|
|
4
|
+
data.tar.gz: b14b9da0adef31f19f169ecd35bf6396aa31c06dff003d3b67221578ad67bf43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d96291bd116451b2f52c812c391da9d35fcc2795183bc3c7ca816c3b2580016cc73672a66136f21a2d7339b39131dd9e276fc0d800d4349cf1f7a1aca03f145c
|
|
7
|
+
data.tar.gz: b1101f4609b13ba81d9d88ffaa4447a1acb3e4fcb37210b8e905e69ac9a64fba117cb0ffb09af1b8435bee68fc4879df1a4f928a2cb76717f3396970213b1988
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
## Samlr
|
|
1
|
+
## Samlr
|
|
2
2
|
|
|
3
3
|
Samlr is a clean room implementation of SAML for Ruby. It's focused on implementing the service provider (SP) side rather than the identity provider (IdP).
|
|
4
4
|
|
|
@@ -14,7 +14,6 @@ saml_request = Samlr::Request.new(nil, {
|
|
|
14
14
|
})
|
|
15
15
|
```
|
|
16
16
|
|
|
17
|
-
|
|
18
17
|
At this point you can access `request.param` if all you want is the encoded params, or you can get a fully valid request URL with an appropriate `RelayState` value:
|
|
19
18
|
|
|
20
19
|
```ruby
|
|
@@ -190,6 +189,20 @@ Does not build on JRuby. See issue #2.
|
|
|
190
189
|
|
|
191
190
|
Pull requests very welcome. Write tests. Adhere to standards employed (indentation, spaces vs. tabs etc.).
|
|
192
191
|
|
|
192
|
+
### Releasing a new version
|
|
193
|
+
A new version is published to RubyGems.org every time a change to `version.rb` is pushed to the `main` branch.
|
|
194
|
+
In short, follow these steps:
|
|
195
|
+
1. Update `version.rb`,
|
|
196
|
+
2. merge this change into `main`, and
|
|
197
|
+
3. look at [the action](https://github.com/zendesk/samlr/actions/workflows/publish.yml) for output.
|
|
198
|
+
|
|
199
|
+
To create a pre-release from a non-main branch:
|
|
200
|
+
1. change the version in `version.rb` to something like `1.2.0.pre.1` or `2.0.0.beta.2`,
|
|
201
|
+
2. push this change to your branch,
|
|
202
|
+
3. go to [Actions → “Publish to RubyGems.org” on GitHub](https://github.com/zendesk/samlr/actions/workflows/publish.yml),
|
|
203
|
+
4. click the “Run workflow” button,
|
|
204
|
+
5. pick your branch from a dropdown.
|
|
205
|
+
|
|
193
206
|
### Error reporting
|
|
194
207
|
|
|
195
208
|
Pull requests with a failing test case much preferred.
|
data/lib/samlr/signature.rb
CHANGED
|
@@ -15,10 +15,16 @@ module Samlr
|
|
|
15
15
|
@document = original.dup
|
|
16
16
|
@prefix = prefix
|
|
17
17
|
@options = options
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
18
|
+
@signature = nil
|
|
19
|
+
|
|
20
|
+
# TODO: This option exists only in a pre-release version to allow testing the feature; remove it from the final release
|
|
21
|
+
if options[:skip_signature_reference_checking]
|
|
22
|
+
@signature = @document.at("#{prefix}/ds:Signature", NS_MAP)
|
|
23
|
+
else
|
|
24
|
+
id = document.at("#{prefix}")&.attribute('ID')
|
|
25
|
+
@signature = document.at("#{prefix}/ds:Signature/ds:SignedInfo/ds:Reference[@URI='##{id}']", NS_MAP)&.parent&.parent if id
|
|
21
26
|
end
|
|
27
|
+
@signature.remove if @signature # enveloped signatures only
|
|
22
28
|
|
|
23
29
|
@fingerprint = if options[:fingerprint]
|
|
24
30
|
Fingerprint.from_string(options[:fingerprint])
|
|
@@ -13,12 +13,14 @@ module Samlr
|
|
|
13
13
|
name_identity_format = options[:name_identity_format]
|
|
14
14
|
consumer_service_url = options[:consumer_service_url]
|
|
15
15
|
consumer_service_binding = options[:consumer_service_binding] || "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
16
|
+
metadata_id = options[:metadata_id] || Samlr::Tools.uuid
|
|
17
|
+
sign_metadata = options[:sign_metadata] || false
|
|
16
18
|
|
|
17
19
|
# Mandatory
|
|
18
|
-
entity_id
|
|
20
|
+
entity_id = options.fetch(:entity_id)
|
|
19
21
|
|
|
20
22
|
builder = Nokogiri::XML::Builder.new do |xml|
|
|
21
|
-
xml.EntityDescriptor("xmlns:md" => NS_MAP["md"], "entityID" => entity_id) do
|
|
23
|
+
xml.EntityDescriptor("xmlns:md" => NS_MAP["md"], "ID" => metadata_id, "entityID" => entity_id) do
|
|
22
24
|
xml.doc.root.namespace = xml.doc.root.namespace_definitions.find { |ns| ns.prefix == "md" }
|
|
23
25
|
|
|
24
26
|
xml["md"].SPSSODescriptor("protocolSupportEnumeration" => NS_MAP["samlp"]) do
|
|
@@ -33,9 +35,15 @@ module Samlr
|
|
|
33
35
|
end
|
|
34
36
|
end
|
|
35
37
|
|
|
36
|
-
builder.
|
|
37
|
-
|
|
38
|
+
metadata = builder.doc
|
|
39
|
+
|
|
40
|
+
if sign_metadata
|
|
41
|
+
metadata_options = options.merge(namespaces: [])
|
|
42
|
+
metadata = ResponseBuilder.sign(metadata, metadata_id, metadata_options)
|
|
43
|
+
end
|
|
38
44
|
|
|
45
|
+
metadata.to_xml(COMPACT)
|
|
46
|
+
end
|
|
39
47
|
end
|
|
40
48
|
end
|
|
41
49
|
end
|
|
@@ -125,7 +125,11 @@ module Samlr
|
|
|
125
125
|
end unless skip_keyinfo
|
|
126
126
|
end
|
|
127
127
|
# digest.root.last_element_child.after "<SignatureValue>#{signature}</SignatureValue>"
|
|
128
|
-
element.at("./saml:Issuer", NS_MAP)
|
|
128
|
+
if element.at("./saml:Issuer", NS_MAP)
|
|
129
|
+
element.at("./saml:Issuer", NS_MAP).add_next_sibling(digest)
|
|
130
|
+
else
|
|
131
|
+
element.children.first.add_previous_sibling(digest)
|
|
132
|
+
end
|
|
129
133
|
|
|
130
134
|
document
|
|
131
135
|
end
|
data/lib/samlr/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: samlr
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.7.1.pre.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Morten Primdahl
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: nokogiri
|
|
@@ -139,7 +138,6 @@ homepage: https://github.com/zendesk/samlr
|
|
|
139
138
|
licenses:
|
|
140
139
|
- Apache License Version 2.0
|
|
141
140
|
metadata: {}
|
|
142
|
-
post_install_message:
|
|
143
141
|
rdoc_options: []
|
|
144
142
|
require_paths:
|
|
145
143
|
- lib
|
|
@@ -147,15 +145,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
147
145
|
requirements:
|
|
148
146
|
- - ">="
|
|
149
147
|
- !ruby/object:Gem::Version
|
|
150
|
-
version: 2.
|
|
148
|
+
version: '2.7'
|
|
151
149
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
152
150
|
requirements:
|
|
153
151
|
- - ">="
|
|
154
152
|
- !ruby/object:Gem::Version
|
|
155
153
|
version: '0'
|
|
156
154
|
requirements: []
|
|
157
|
-
rubygems_version: 3.
|
|
158
|
-
signing_key:
|
|
155
|
+
rubygems_version: 3.6.9
|
|
159
156
|
specification_version: 4
|
|
160
157
|
summary: Ruby tools for SAML
|
|
161
158
|
test_files: []
|