shibboleths_lil_helper 1.0.0

data/lib/slh/models/site_path.rb

@@ -0,0 +1,17 @@
+class Slh::Models::SitePath < Slh::Models::Base
+  attr_reader :name, :parent_site
+  attr_accessor :flavor,
+    :specific_users # for usage when the flavor is :authentication_required_for_specific_users
+  def initialize(site_path,parent_site,&block)
+    @parent_site = parent_site
+    if site_path.match(/^\/.+/)
+      raise "Invalid site path: #{site_path}, leading slashes are NOT allowed except when protecting an entire site"
+    end
+    @name = site_path
+    @flavor = :authentication_required
+    @specific_users = []
+    if block_given?
+      self.instance_eval(&block)
+    end
+  end
+end

data/lib/slh/models/strategy.rb

@@ -0,0 +1,131 @@
+class Slh::Models::Strategy  < Slh::Models::Base
+  class KeyOriginatorNotSpecified < Exception; end
+
+  ##########################
+  # CORE API METHODS BEGIN #
+  ##########################
+  def for_apache_host(host_name,&block)
+    @hosts << Slh::Models::Host.new(host_name, self, &block)
+  end
+
+  def for_iis_host(host_name, &block)
+    t=Slh::Models::Host.new(host_name, self, &block)
+    t.host_type = :iis
+    @hosts << t
+  end
+  ########################
+  # CORE API METHODS END #
+  ########################
+
+  attr_reader :name, :hosts
+  attr_accessor :sp_entity_id, :idp_metadata_url, :error_support_contact
+  VALID_CONFIG_FILES = %w(shibboleth2.xml idp_metadata.xml shib_apache.conf)
+  def initialize(strategy_name, &block)
+    @name = strategy_name
+    @hosts = []
+    if block_given?
+      self.instance_eval(&block)
+    end
+
+    # The following are checks to ensure required "set" commands are done to set required values
+    if self.sp_entity_id.nil?
+      raise "All strategies must specify an entity ID"
+    end
+    if self.idp_metadata_url.nil?
+      raise "All strategies must specify an IDP metadata URL"
+    end
+    if self.error_support_contact.nil?
+      self.error_support_contact = "administrator"
+    end
+  end
+
+  def idp_metadata
+    if @idp_metadata.blank?
+      url= URI.parse(self.idp_metadata_url)
+      @http = Net::HTTP.new(url.host, url.port)
+      @http.use_ssl = true
+      @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      @http.open_timeout = 60
+      @http.read_timeout = 60
+      @idp_metadata_url_response = @http.get(url.path)
+      case @idp_metadata_url_response
+      when Net::HTTPSuccess
+        @idp_metadata = @idp_metadata_url_response.body
+      else
+        raise "Got a non-200 http status code from #{self.idp_metadata_url}"
+      end
+    end
+    @idp_metadata
+  end
+
+  # Parse it from the idp_metadata
+  def idp_entity_id
+    if @idp_entity_id.blank?
+      doc=Nokogiri::XML(self.idp_metadata)
+      doc.remove_namespaces!
+      element=doc.at('//EntityDescriptor')
+      attr = element.attribute_nodes.detect {|pp| pp.name == 'entityID'}
+      if attr.blank?
+        raise "hopefully not a bug in the XML parsing logic...Could not extract entityID from idp_metadata: #{self.idp_metadata}"
+      end
+      @idp_entity_id = attr.to_s 
+    end
+    @idp_entity_id
+  end
+
+  def config_dir
+    File.join(Slh.config_dir,'generated',self.name.to_s)
+  end
+
+
+  def config_file_path(file_base_name,host,site=nil)
+    if site.nil?
+      File.join(host.config_dir,file_base_name)
+    else
+      File.join(site.config_dir,file_base_name)
+    end
+  end
+
+  def generate_config_file_content(file_base_name,host,site=nil)
+    # to be referenced in erb templates below
+    @strategy = self
+    @host = host
+    @site = site
+    case file_base_name
+    when 'idp_metadata.xml'
+      self.idp_metadata
+    else
+      ERB.new(self.config_template_content(file_base_name)).result(binding)
+    end
+  end
+
+  def config_template_file_path(file_base_name)
+    overridden = File.join(Slh.config_dir,'templates',"#{file_base_name}.erb")
+    if File.exists?(overridden)
+      template_file_path = overridden
+    else
+      template_file_path = File.join(File.dirname(__FILE__), '..', 'templates',"#{file_base_name}.erb")
+    end
+
+    if File.exists?(template_file_path)
+      template_file_path 
+    else
+      raise "#{template_file_path} does not exist"
+    end
+  end
+
+  def config_template_content(file_base_name)
+    File.read(self.config_template_file_path(file_base_name))
+  end
+
+  def key_originator_site
+    self.hosts.each do |host|
+      host.sites.each do |site|
+        if site.is_key_originator
+          return site
+        end
+      end
+    end
+    raise KeyOriginatorNotSpecified.new("You must specify set :is_key_originator, true, on at least one site in a strategy")
+  end
+end

data/lib/slh/models/version.rb

@@ -0,0 +1,4 @@
+class Slh::Models::Version
+  PREFIX = 'SLH_VERSION_'
+  VERSION = "#{PREFIX}#{SecureRandom.hex(18)}"
+end

data/lib/slh/templates/_application_details.erb

@@ -0,0 +1,33 @@
+<Sessions lifetime="28800" timeout="3600" checkAddress="true" relayState="ss:mem" handlerSSL="false" idpHistory="false">
+    <SSO entityID="<%= @strategy.idp_entity_id %>">
+      SAML2 SAML1
+    </SSO>
+    <Logout>SAML2 Local</Logout>
+
+    <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+    <Handler type="Status" Location="/Status" />
+    <Handler type="Session" Location="/Session" showAttributeValues="false"/>
+    <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
+</Sessions>
+<Errors supportContact="<%= @strategy.error_support_contact %>" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/>
+<MetadataProvider type="XML" file="<%= @host.prefixed_filepath_for("idp_metadata.xml") %>" />
+<AttributeExtractor type="XML" validate="true" path="<%= @host.prefixed_filepath_for("attribute-map.xml") %>"/>
+<AttributeResolver type="Query" subjectMatch="true"/>
+<AttributeFilter type="XML" validate="true" path="<%= @host.prefixed_filepath_for("attribute-policy.xml") %>"/>
+<CredentialResolver type="File">
+	<Certificate>
+		<Path><%= @host.prefixed_filepath_for("sp-cert.pem") %></Path>
+	</Certificate>
+	<Key>
+		<Path><%= @host.prefixed_filepath_for("sp-key.pem") %></Path>
+    <!-- 
+    This key alias is used by Shibbleth's lil' Helper to
+    determine whether or not a generated SP metadata is
+    up-to-date. It is NOT used by anything Shibboleth.
+    -->
+    <Name><%= Slh::Models::Version::VERSION %></Name>
+	</Key>
+</CredentialResolver>
+
+
+

data/lib/slh/templates/config.rb.erb

@@ -0,0 +1,33 @@
+Slh.for_strategy :test_idp do
+  set :sp_entity_id, 'YOUR_ENTITY_ID'
+  set :idp_metadata_url, 'YOUR_IDP_METADATA_URL'
+  set :error_support_contact, 'YOUR_ERROR_SUPPORT_EMAIL_ADDRESS'
+
+  for_apache_host 'SOMEHOSTNAME.COM' do
+    # UNCOMMENT THIS IF YOUR SHIB STUFF LIVES IN A NON-STANDARD LOCATION 
+    # set :shib_prefix, '/swadm/etc/shibboleth'
+    for_site 'SOMESITENAME1.COM' do
+      protect 'SOME_PATH_YOU_WANT_TO_REQUIRE_AUTH'
+    end
+    for_site 'SOMESITENAME2.COM' do
+      protect 'SOME_PATH_YOU_WANT_OPTIONAL_AUTH' do
+        set :flavor, :authentication_optional
+      end
+    end
+    for_site 'SOMESITENAME3.COM' do
+      protect 'SOME_PATH_YOU_WANT_TO_RESTRICTED_TO_PARTICULAR_USERS' do
+        set :flavor, :authentication_required_for_specific_users
+        set :specific_users, %w(SOMEUSER@SOME.DOMAIN.COM ANOTHERUSER@SOME.DOMAIN.COM)
+      end
+    end
+  end
+  for_iis_host 'SOMEIISHOSTNAME.COM' do
+    for_site 'SOMEIISSITENAME1.COM' do
+      set :site_id, "YOU_MUST_SET_THE_SITE_ID_HERE"
+      protect 'SOME_PATH_YOU_WANT_TO_REQUIRE_AUTH'
+    end
+  end
+end
+Slh.clone_strategy_for_new_idp :test_idp,
+                               :production_idp,
+                               'THE_PRODUCTION_IDP_METADATA_URL'

data/lib/slh/templates/deploy.rb.erb

@@ -0,0 +1,42 @@
+# About
+# =====
+# This file is an EXAMPLE you might find handy if you are using capistrano for deployment
+# Make sure to replace "TODO" with stuff that reflects your environment
+#
+set :application, "shibboleth_deployer"
+set :repository,  "TODO: add your repo url here"
+
+# defaults
+set :use_sudo,              false
+set :scm,                   :git
+# set :git_enable_submodules, 1
+
+# override this if you want your deployed files to be owned by a different group (or blank if not at all)
+set :deploy_group,          "deploy"
+
+set :host, ENV['HOST']
+role :db,   host, :primary => true
+role :web,  host
+role :app,  host
+
+
+set :deploy_to,   "TODO: SPECIFY WHERE YOUR FILES ARE GOING"
+after  'deploy', 'deploy:restart_shibd'
+namespace :deploy do
+ # Override defaults
+ task :start do ; end
+ task :stop do ; end
+ task :restart do ; end
+ task :finalize_update do ; end # does crap with stylesheets & javascripts dirs
+
+ desc "Restarts shibd"
+ task :restart_shibd, :roles => :web do
+   sudo "/etc/init.d/shibd restart"
+   sudo "/etc/init.d/httpd restart"
+ end
+end
+
+after 'deploy:update_code' do
+  # Add custom symlinks here
+end
+

data/lib/slh/templates/shib_apache.conf.erb

@@ -0,0 +1,24 @@
+# Shibboleth Apache Global configuration
+UseCanonicalName On
+
+<% unless @host.shib_prefix.nil? %>
+ShibConfig <%= File.join(@host.shib_prefix, 'shibboleth2.xml') %>
+<% end %>
+  
+LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_22.so
+
+<IfModule mod_alias.c>
+  <Location /shibboleth-sp>
+    Allow from all
+  </Location>
+  Alias /shibboleth-sp/main.css /usr/share/doc/shibboleth-2.4.3/main.css
+  Alias /shibboleth-sp/logo.jpg /usr/share/doc/shibboleth-2.4.3/logo.jpg
+</IfModule>
+
+# Enable shibboleth for all vhosts, does NOT require auth anywhere
+# just makes it possible.
+# Specific auth requirements are make in the <RequestMap> in shibboleth2.xml
+<Location />
+  AuthType shibboleth
+  Require shibboleth
+</Location>

data/lib/slh/templates/shibboleth2.xml.erb

@@ -0,0 +1,44 @@
+<!--
+DO NOT MODIFY!
+Auto-generated on <%= Time.now.to_s %> by Shibboleth's Lil Helper:
+https://github.com/joegoggins/shibboleths_lil_helper
+Changes should not be made directly to this file. Instead, modify your slh config.rb file, re-generate, and re-deploy
+This template was originally created by taking the default /etc/shibboleth/shibboleth2.xml and modifying/templating it
+to accommodate multiple vhosts (for both IIS and Apache) for the shibboleth-2.4.3-2.1.el5 RPM on RHEL 5
+-->
+<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
+    xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    clockSkew="180">
+    <% if @host.host_type == :iis %>
+      <InProcess logger="<%= @host.prefixed_filepath_for("native.logger") %>">
+        <ISAPI normalizeRequest="true" safeHeaderNames="true">
+          <% @host.sites.each do |site| %>
+            <Site id="<%= site.site_id %>" name="<%= site.name %>"/>
+          <% end %>
+        </ISAPI>
+      </InProcess>
+    <% else %>
+      <OutOfProcess logger="<%= @host.prefixed_filepath_for("shibd.logger") %>" />
+      <InProcess logger="<%= @host.prefixed_filepath_for("native.logger") %>" />
+    <% end %>
+    <RequestMapper type="Native">
+      <RequestMap>
+        <% @host.sites.each do |site| %>
+          <%= site.to_auth_request_map_directive %>
+        <% end %>
+      </RequestMap>
+    </RequestMapper>
+    <ApplicationDefaults entityID="<%= @strategy.sp_entity_id %>" REMOTE_USER="eppn mail">
+      <%= @strategy.generate_config_file_content('_application_details', @host) %>
+        <% @host.sites.each do |site| %>
+          <ApplicationOverride id="<%= site.name %>" homeURL="<%= site.to_https_prefixed_name %>">
+            <%= @strategy.generate_config_file_content('_application_details', @host) %>
+          </ApplicationOverride>
+        <% end %>
+    </ApplicationDefaults>
+    <SecurityPolicyProvider type="XML" validate="true" path="<%= @host.prefixed_filepath_for("security-policy.xml") %>"/>
+    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="<%= @host.prefixed_filepath_for("protocols.xml") %>"/>
+</SPConfig>

data/lib/slh/templates/sp_metadata_for_entity_id_to_give_to_idp.xml.erb

@@ -0,0 +1,40 @@
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="<%= Slh::Models::Version::VERSION %>" entityID="<%= @strategy.sp_entity_id %>">
+    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
+      <md:Extensions>
+        <% @matching_hosts.each do |host| %>
+          <!-- BEGIN host <%= host.name %> -->
+          <% host.sites.each do |site| %>
+            <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/Login"/>
+          <% end %>
+          <!-- END host <%= host.name %> -->
+        <% end %>
+      </md:Extensions>
+      <md:KeyDescriptor>
+        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+          <ds:KeyName>IGNORED</ds:KeyName>
+          <ds:X509Data>
+            <ds:X509SubjectName>IGNORED</ds:X509SubjectName>
+            <ds:X509Certificate><%= @strategy.key_originator_site.x509_certificate_string %></ds:X509Certificate>
+          </ds:X509Data>
+        </ds:KeyInfo>
+      </md:KeyDescriptor>
+      <% @matching_hosts.each do |host| %>
+        <!-- BEGIN host <%= host.name %> -->
+
+        <% host.sites.each do |site| %>
+          <!-- BEGIN site <%= site.name %> -->
+          <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/Artifact/SOAP" index="0"/>
+          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/POST" index="0"/>
+          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/POST-SimpleSign" index="1"/>
+          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/Artifact" index="2"/>
+          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/ECP" index="3"/>
+          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML/POST" index="4"/>
+          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML/Artifact" index="5"/>
+          <!-- END site <%= site.name %> -->
+        <% end %>
+        <!-- END host <%= host.name %> -->
+      <% end %>
+    </md:SPSSODescriptor>
+</md:EntityDescriptor>
+
+

data/lib/slh/templates/sp_metadata_for_host_to_give_to_idp.xml.erb

@@ -0,0 +1,33 @@
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="<%= Slh::Models::Version::VERSION %>" entityID="<%= @strategy.sp_entity_id %>">
+
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
+    <md:Extensions>
+      <% @host.sites.each do |site| %>
+        <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/Login"/>
+      <% end %>
+    </md:Extensions>
+    <md:KeyDescriptor>
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:KeyName><%= @host.name %></ds:KeyName>
+        <ds:X509Data>
+          <ds:X509SubjectName>CN=<%= @host.name %></ds:X509SubjectName>
+          <ds:X509Certificate><%= @first_site_for_host.x509_certificate_string %></ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+
+    <% @host.sites.each do |site| %>
+      <!-- BEGIN <%= site.name %> -->
+      <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/Artifact/SOAP" index="0"/>
+      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/POST" index="0"/>
+      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/POST-SimpleSign" index="1"/>
+      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/Artifact" index="2"/>
+      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML2/ECP" index="3"/>
+      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML/POST" index="4"/>
+      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="<%= site.to_https_prefixed_name %>/Shibboleth.sso/SAML/Artifact" index="5"/>
+      <!-- END <%= site.name %> -->
+    <% end %>
+  </md:SPSSODescriptor>
+</md:EntityDescriptor>
+
+

data/shibboleths_lil_helper.gemspec

@@ -0,0 +1,111 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{shibboleths_lil_helper}
+  s.version = "1.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Joe Goggins"]
+  s.date = %q{2011-11-01}
+  s.default_executable = %q{slh}
+  s.description = %q{See the summary text.}
+  s.email = %q{goggins@umn.edu}
+  s.executables = ["slh"]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.markdown"
+  ]
+  s.files = [
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.markdown",
+    "Rakefile",
+    "TODOS.txt",
+    "VERSION",
+    "bin/slh",
+    "doc/debugging_shibboleth.markdown",
+    "doc/deprecated_code_that_could_be_useful.rb",
+    "doc/for_slh_developers.markdown",
+    "doc/nuances.markdown",
+    "doc/technical_question_and_answer.markdown",
+    "lib/shibboleths_lil_helper.rb",
+    "lib/slh.rb",
+    "lib/slh/class_methods.rb",
+    "lib/slh/cli.rb",
+    "lib/slh/cli/command_base.rb",
+    "lib/slh/cli/compare_metadata.rb",
+    "lib/slh/cli/copy_templates_to_override.rb",
+    "lib/slh/cli/describe_config.rb",
+    "lib/slh/cli/fetch_metadata.rb",
+    "lib/slh/cli/generate.rb",
+    "lib/slh/cli/generate_capistrano_deploy.rb",
+    "lib/slh/cli/generate_metadata.rb",
+    "lib/slh/cli/host_filterable_base.rb",
+    "lib/slh/cli/initialize.rb",
+    "lib/slh/cli/verify_metadata_encryption.rb",
+    "lib/slh/models/base.rb",
+    "lib/slh/models/host.rb",
+    "lib/slh/models/site.rb",
+    "lib/slh/models/site_path.rb",
+    "lib/slh/models/strategy.rb",
+    "lib/slh/models/version.rb",
+    "lib/slh/templates/_application_details.erb",
+    "lib/slh/templates/config.rb.erb",
+    "lib/slh/templates/deploy.rb.erb",
+    "lib/slh/templates/shib_apache.conf.erb",
+    "lib/slh/templates/shibboleth2.xml.erb",
+    "lib/slh/templates/sp_metadata_for_entity_id_to_give_to_idp.xml.erb",
+    "lib/slh/templates/sp_metadata_for_host_to_give_to_idp.xml.erb",
+    "shibboleths_lil_helper.gemspec",
+    "test/fixtures/dummy1.rb",
+    "test/fixtures/dummy1_output/attribute-map.xml",
+    "test/fixtures/dummy1_output/shib_for_vhost.conf",
+    "test/fixtures/dummy1_output/shibboleth2.xml",
+    "test/helper.rb",
+    "test/test_shibboleths_lil_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/joegoggins/shibboleths_lil_helper}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.6}
+  s.summary = %q{A ruby gem to streamline the setup, deployment, and ongoing management of Apache & IIS web-servers running the Shibboleth Native Service Provider implementations.}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activesupport>, ["~> 3.0.9"])
+      s.add_runtime_dependency(%q<nokogiri>, [">= 0"])
+      s.add_runtime_dependency(%q<i18n>, [">= 0"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_development_dependency(%q<ruby-debug>, [">= 0"])
+    else
+      s.add_dependency(%q<activesupport>, ["~> 3.0.9"])
+      s.add_dependency(%q<nokogiri>, [">= 0"])
+      s.add_dependency(%q<i18n>, [">= 0"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<ruby-debug>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<activesupport>, ["~> 3.0.9"])
+    s.add_dependency(%q<nokogiri>, [">= 0"])
+    s.add_dependency(%q<i18n>, [">= 0"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<ruby-debug>, [">= 0"])
+  end
+end
+