spid-rails 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +40 -11
- data/Rakefile +11 -5
- data/app/controllers/spid/rails/metadata_controller.rb +1 -1
- data/app/controllers/spid/rails/single_logout_operations_controller.rb +4 -4
- data/app/controllers/spid/rails/single_sign_ons_controller.rb +1 -1
- data/app/models/spid/idp.rb +25 -12
- data/app/models/spid/metadata.rb +1 -3
- data/app/models/spid/settings.rb +8 -10
- data/app/models/spid/sso_request.rb +2 -2
- data/config/routes.rb +9 -5
- data/config/spid-rails/idp_list.yml +24 -0
- data/lib/generators/spid/rails/config_generator.rb +3 -3
- data/lib/generators/spid/rails/idp_importer_generator.rb +21 -0
- data/lib/generators/spid/rails/keys_generator.rb +3 -3
- data/lib/generators/spid/rails/templates/idp_import.yml +11 -0
- data/lib/generators/spid/rails/templates/spid-rails.rb +1 -5
- data/lib/spid-rails/engine.rb +6 -0
- data/lib/spid-rails/onelogin/rubysaml/authrequest.rb +17 -17
- data/lib/spid-rails/version.rb +1 -1
- data/lib/spid-rails.rb +2 -2
- metadata +51 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1924815eea64175525b474b58e83299d8ad3530f
|
|
4
|
+
data.tar.gz: 0a8ecc6648870bdb58a687ff5002100a589ca665
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 800df0266f21277af9241d116c3412ee18a516ae26a31cabe9db3966b97008d83eec438bd27ec94d4d332ef6fbbdfba54561335b2eaa8caf3483d92fe78a7d4d
|
|
7
|
+
data.tar.gz: 0e0ee632888e170ddcfbe0b2a8fbf92962549e51449acc30915fee2f7185a419312e20ea43c211115570d5856a29fd3871e6dc18f1fc5a14f4ae556c9ff222a2
|
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# spid-rails
|
|
2
|
-
Autenticazione SPID per Ruby on Rails.
|
|
1
|
+
# spid-rails [](http://travis-ci.org/italia/spid-rails)
|
|
2
|
+
Autenticazione SPID per Ruby on Rails.
|
|
3
3
|
Questa gemma si appoggia alla gemma [ruby-saml](https://github.com/onelogin/ruby-saml).
|
|
4
4
|
|
|
5
5
|
## Cosa c'è e cosa manca
|
|
@@ -8,10 +8,11 @@ Questa gemma si appoggia alla gemma [ruby-saml](https://github.com/onelogin/ruby
|
|
|
8
8
|
repository: https://github.com/rubynetti/rubynetti-rails
|
|
9
9
|
- [x] Login tramite redirect
|
|
10
10
|
- [ ] Login tramite post
|
|
11
|
-
- [
|
|
11
|
+
- [X] Sistema di testing automatico
|
|
12
12
|
- [X] Sistema di configurazione
|
|
13
13
|
- [ ] Integrazione con omniauth
|
|
14
14
|
- [ ] Integrazione o esempio di integrazione con devise
|
|
15
|
+
- [ ] Configurazione richiesta attributi utente
|
|
15
16
|
|
|
16
17
|
|
|
17
18
|
## Installazione
|
|
@@ -56,7 +57,7 @@ Spid::Rails.tap do |config|
|
|
|
56
57
|
# default: 'spid'
|
|
57
58
|
# config.mount_point = 'spid'
|
|
58
59
|
|
|
59
|
-
# Url alla quale
|
|
60
|
+
# Url alla quale e' disponibile il metadata del provider
|
|
60
61
|
# default: 'metadata'
|
|
61
62
|
# config.metadata_path = 'metadata'
|
|
62
63
|
|
|
@@ -81,6 +82,33 @@ end
|
|
|
81
82
|
```
|
|
82
83
|
|
|
83
84
|
|
|
85
|
+
Per utilizzare Identity provider custom o modificare quelli presenti:
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
$ rails g spid:rails:idp_importer
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
Il file viene aggiunto alla cartella _config/spid-rails_ e permette di specificare idp per i diversi ambienti dell'applicazione.
|
|
92
|
+
|
|
93
|
+
```YAML
|
|
94
|
+
# app/config/spid-rails/idp_import.yml
|
|
95
|
+
|
|
96
|
+
shared: &shared
|
|
97
|
+
local_test:
|
|
98
|
+
metadata_url: 'https://localhost:8080'
|
|
99
|
+
validate_cert: false
|
|
100
|
+
|
|
101
|
+
development:
|
|
102
|
+
<<: *shared
|
|
103
|
+
agid:
|
|
104
|
+
metadata_url: 'https://idp.spid.gov.it:8080/assets/idp-metadata.xml'
|
|
105
|
+
validate_cert: false
|
|
106
|
+
|
|
107
|
+
test:
|
|
108
|
+
<<: *shared
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
|
|
84
112
|
### Nelle view
|
|
85
113
|
|
|
86
114
|
Una volta installata la gemma, verranno creati una serie di helper utilizzabili nelle view e nei controller.
|
|
@@ -93,7 +121,7 @@ link_to "Metadata SP", spid_rails.metadata_path
|
|
|
93
121
|
|
|
94
122
|
|
|
95
123
|
```spid_rails.new_sso_path``` e ```spid_rails.new_sso_url``` restituiscono il percorso tramite il quale inizializzare una richiesa di autenticazione all'Identity Provider.
|
|
96
|
-
|
|
124
|
+
È necessario fornire come parametro l'Idp cui indirizzare la richiesta, facoltativo il livello di autenticazione Spid (default: '1') e i bindings della richiesta all' Idp (default: ['redirect']).
|
|
97
125
|
```ruby
|
|
98
126
|
# Esempio di link al login tramite l'Idp di test https:://idp.spid.gov.it
|
|
99
127
|
link_to "Login con Spid", spid_rails.new_sso_path(sso: { idp: :agid_test, spid_level: 2 })
|
|
@@ -120,15 +148,15 @@ link_to "Logout", spid_rails.new_slo_path
|
|
|
120
148
|
|
|
121
149
|
### Nei controller
|
|
122
150
|
|
|
123
|
-
|
|
151
|
+
Dopo l'autenticazione e fino al logout vengono aggiunte alla sessione le seguenti variabili:
|
|
124
152
|
|
|
125
|
-
```session[:sso_params]``` restituisce i parametri coi quali è stata effettuata l'ultima richiesta di autenticazione, in particolare l'idp
|
|
153
|
+
```session[:sso_params]``` che restituisce i parametri coi quali è stata effettuata l'ultima richiesta di autenticazione, in particolare l'idp
|
|
126
154
|
|
|
127
|
-
```session[:spid_index]```
|
|
155
|
+
```session[:spid_index]``` che restituisce l'identificativo dell'attuale sessione Spid e viene utilizzato nella procedura di logout
|
|
128
156
|
|
|
129
|
-
```session[:spid_login_time]```
|
|
157
|
+
```session[:spid_login_time]``` che restituisce il _time_ in cui è avvenuto il login
|
|
130
158
|
|
|
131
|
-
|
|
159
|
+
È inoltre possibile settare la variabile ```session[:spid_relay_state]```, contenente l'indirizzo al quale si vuole essere reindirizzati in caso l'autenticazione abbia successo
|
|
132
160
|
|
|
133
161
|
Un esempio rudimentale di verifica del login dell'utente all'interno di un'azione del controller potrebbe essere il seguente
|
|
134
162
|
```ruby
|
|
@@ -149,7 +177,8 @@ class MyController < Application controller
|
|
|
149
177
|
|
|
150
178
|
end
|
|
151
179
|
```
|
|
152
|
-
|
|
180
|
+
|
|
181
|
+
dove _login_path_ indirizza alla pagina in cui è posizionato il pulsante Spid.
|
|
153
182
|
|
|
154
183
|
|
|
155
184
|
## License
|
data/Rakefile
CHANGED
|
@@ -14,17 +14,22 @@ RDoc::Task.new(:rdoc) do |rdoc|
|
|
|
14
14
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
APP_RAKEFILE = File.expand_path(
|
|
17
|
+
APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
|
|
18
18
|
load 'rails/tasks/engine.rake'
|
|
19
19
|
|
|
20
|
-
|
|
21
20
|
load 'rails/tasks/statistics.rake'
|
|
22
21
|
|
|
23
|
-
|
|
24
|
-
|
|
25
22
|
require 'bundler/gem_tasks'
|
|
26
23
|
|
|
27
24
|
require 'rake/testtask'
|
|
25
|
+
require 'rubocop/rake_task'
|
|
26
|
+
|
|
27
|
+
RuboCop::RakeTask.new(:rubocop) do |t|
|
|
28
|
+
t.options = ['--display-cop-names']
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
require 'bundler/audit/task'
|
|
32
|
+
Bundler::Audit::Task.new
|
|
28
33
|
|
|
29
34
|
Rake::TestTask.new(:test) do |t|
|
|
30
35
|
t.libs << 'test'
|
|
@@ -32,5 +37,6 @@ Rake::TestTask.new(:test) do |t|
|
|
|
32
37
|
t.verbose = false
|
|
33
38
|
end
|
|
34
39
|
|
|
35
|
-
|
|
36
40
|
task default: :test
|
|
41
|
+
task default: 'bundle:audit'
|
|
42
|
+
task default: :rubocop
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require_dependency
|
|
1
|
+
require_dependency 'spid/rails/application_controller'
|
|
2
2
|
|
|
3
3
|
module Spid
|
|
4
4
|
module Rails
|
|
@@ -13,9 +13,9 @@ module Spid
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def create
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
_logout_response = SloResponse.new(params[:SAMLResponse],
|
|
17
|
+
session[:spid_slo_id],
|
|
18
|
+
slo_params)
|
|
19
19
|
# TODO: approfondire validazione logout
|
|
20
20
|
destroy_spid_session
|
|
21
21
|
redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo'
|
data/app/models/spid/idp.rb
CHANGED
|
@@ -1,19 +1,32 @@
|
|
|
1
1
|
module Spid
|
|
2
2
|
|
|
3
3
|
class Idp
|
|
4
|
+
@list = YAML.load_file(
|
|
5
|
+
Spid::Rails::Engine.root.join('config', 'spid-rails', 'idp_list.yml')
|
|
6
|
+
)
|
|
4
7
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
8
|
+
attr_reader :metadata_url
|
|
9
|
+
|
|
10
|
+
def self.find(name)
|
|
11
|
+
raise 'Idp not found' unless @list.key?(name)
|
|
12
|
+
idp_attributes = @list[name]
|
|
13
|
+
new(idp_attributes.symbolize_keys)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def self.import(file_path)
|
|
17
|
+
list = YAML.load_file(file_path)[::Rails.env]
|
|
18
|
+
list.each do |name, params|
|
|
19
|
+
@list[name] = params
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def initialize(metadata_url:, validate_cert: true)
|
|
24
|
+
@metadata_url = metadata_url
|
|
25
|
+
@validate_cert = validate_cert
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def validate_cert?
|
|
29
|
+
@validate_cert
|
|
17
30
|
end
|
|
18
31
|
|
|
19
32
|
end
|
data/app/models/spid/metadata.rb
CHANGED
|
@@ -42,7 +42,7 @@ module Spid
|
|
|
42
42
|
key = OpenSSL::PKey::RSA.new settings[:private_key]
|
|
43
43
|
key_size = key.n.num_bytes * 8
|
|
44
44
|
if key_size < 1024
|
|
45
|
-
raise
|
|
45
|
+
raise 'Signature deve essere presente (impostare una chiave di almeno a 1024 bit'
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
|
|
@@ -58,7 +58,6 @@ module Spid
|
|
|
58
58
|
save and @to_xml
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
|
|
62
61
|
def self.xml_namespaces
|
|
63
62
|
{
|
|
64
63
|
saml: 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
@@ -68,7 +67,6 @@ module Spid
|
|
|
68
67
|
xenc: 'http://www.w3.org/2001/04/xmlenc#',
|
|
69
68
|
xs: 'http://www.w3.org/2001/XMLSchema'
|
|
70
69
|
}
|
|
71
|
-
|
|
72
70
|
end
|
|
73
71
|
|
|
74
72
|
end
|
data/app/models/spid/settings.rb
CHANGED
|
@@ -2,7 +2,6 @@ module Spid
|
|
|
2
2
|
|
|
3
3
|
class Settings
|
|
4
4
|
|
|
5
|
-
|
|
6
5
|
attr_accessor :host
|
|
7
6
|
|
|
8
7
|
attr_accessor :metadata_path
|
|
@@ -25,7 +24,6 @@ module Spid
|
|
|
25
24
|
|
|
26
25
|
attr_accessor :relay_state
|
|
27
26
|
|
|
28
|
-
|
|
29
27
|
def initialize spid_params
|
|
30
28
|
@metadata_path = Spid::Rails.app_metadata_path
|
|
31
29
|
@sso_path = Spid::Rails.app_sso_path
|
|
@@ -51,10 +49,9 @@ module Spid
|
|
|
51
49
|
}
|
|
52
50
|
end
|
|
53
51
|
|
|
54
|
-
|
|
55
52
|
def sp_attributes
|
|
56
53
|
{
|
|
57
|
-
issuer: host
|
|
54
|
+
issuer: host,
|
|
58
55
|
assertion_consumer_service_url: host + sso_path,
|
|
59
56
|
single_logout_service_url: host + slo_path,
|
|
60
57
|
private_key: File.read("#{::Rails.root}/#{keys_path}/private_key.pem"),
|
|
@@ -64,11 +61,12 @@ module Spid
|
|
|
64
61
|
end
|
|
65
62
|
|
|
66
63
|
def idp_attributes
|
|
67
|
-
|
|
64
|
+
idp = Spid::Idp.find(@idp.to_s)
|
|
65
|
+
bindings = @bindings.map { |verb| self.class.saml_bindings[verb] }
|
|
68
66
|
parser = OneLogin::RubySaml::IdpMetadataParser.new
|
|
69
|
-
parser.parse_remote_to_hash
|
|
70
|
-
|
|
71
|
-
sso_binding:
|
|
67
|
+
parser.parse_remote_to_hash idp.metadata_url,
|
|
68
|
+
idp.validate_cert?,
|
|
69
|
+
sso_binding: bindings
|
|
72
70
|
end
|
|
73
71
|
|
|
74
72
|
private
|
|
@@ -84,8 +82,8 @@ module Spid
|
|
|
84
82
|
# TODO spostare in utils
|
|
85
83
|
def self.saml_bindings
|
|
86
84
|
{
|
|
87
|
-
post:
|
|
88
|
-
redirect:
|
|
85
|
+
post: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
|
86
|
+
redirect: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
89
87
|
}
|
|
90
88
|
end
|
|
91
89
|
|
|
@@ -11,10 +11,10 @@ module Spid
|
|
|
11
11
|
|
|
12
12
|
def valid?
|
|
13
13
|
if settings[:idp_sso_target_url].blank?
|
|
14
|
-
raise
|
|
14
|
+
raise 'Destination deve essere presente (impostare idp_sso_target_url)'
|
|
15
15
|
end
|
|
16
16
|
if settings[:authn_context].last != '1' && settings[:force_authn] != true
|
|
17
|
-
raise
|
|
17
|
+
raise 'ForceAuthn deve essere presente per livelli di aitenticazione diversi da SPIDL1 (impostare force_authn a true)'
|
|
18
18
|
end
|
|
19
19
|
if settings[:authn_context_comparison] != 'minimum'
|
|
20
20
|
raise "AuthnContextComparison deve essere settato a 'minimum' (impostare authn_context_comparison a 'minimum')"
|
data/config/routes.rb
CHANGED
|
@@ -4,9 +4,13 @@ end
|
|
|
4
4
|
|
|
5
5
|
Spid::Rails::Engine.routes.draw do
|
|
6
6
|
resource :metadata, only: :show,
|
|
7
|
-
|
|
8
|
-
resource :sso, only: [:new, :create],
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
path: Spid::Rails.metadata_path
|
|
8
|
+
resource :sso, only: [:new, :create],
|
|
9
|
+
controller: :single_sign_ons,
|
|
10
|
+
path: Spid::Rails.sso_path
|
|
11
|
+
resource :slo, only: [:new, :create],
|
|
12
|
+
controller: :single_logout_operations,
|
|
13
|
+
path: Spid::Rails.slo_path do
|
|
14
|
+
get '/', to: 'single_logout_operations#create'
|
|
15
|
+
end
|
|
12
16
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
aruba:
|
|
2
|
+
metadata_url: 'https://loginspid.aruba.it/metadata'
|
|
3
|
+
validate_cert: true
|
|
4
|
+
infocert:
|
|
5
|
+
metadata_url: 'https://identity.infocert.it/metadata/metadata.xml'
|
|
6
|
+
validate_cert: true
|
|
7
|
+
namirial:
|
|
8
|
+
metadata_url: 'https://idp.namirialtsp.com/idp/metadata'
|
|
9
|
+
validate_cert: true
|
|
10
|
+
poste:
|
|
11
|
+
metadata_url: 'https://posteid.poste.it/jod-fs/metadata/metadata.xml'
|
|
12
|
+
validate_cert: true
|
|
13
|
+
poste_test:
|
|
14
|
+
metadata_url: 'http://spidposte.test.poste.it/jod-fs/metadata/idp.xml'
|
|
15
|
+
validate_cert: false
|
|
16
|
+
spiditalia:
|
|
17
|
+
metadata_url: 'https://spid.register.it/login/metadata'
|
|
18
|
+
validate_cert: true
|
|
19
|
+
sielte:
|
|
20
|
+
metadata_url: 'https://identity.sieltecloud.it/simplesaml/metadata.xml'
|
|
21
|
+
validate_cert: true
|
|
22
|
+
tim:
|
|
23
|
+
metadata_url: 'https://login.id.tim.it/spid-services/MetadataBrowser/idp'
|
|
24
|
+
validate_cert: true
|
|
@@ -5,12 +5,12 @@ module Spid
|
|
|
5
5
|
|
|
6
6
|
class ConfigGenerator < ::Rails::Generators::Base
|
|
7
7
|
|
|
8
|
-
source_root File.expand_path(
|
|
8
|
+
source_root File.expand_path('templates', __dir__)
|
|
9
9
|
|
|
10
|
-
desc
|
|
10
|
+
desc 'Crea il file di configurazione di spid (config/initializers/spid-rails.rb).'
|
|
11
11
|
|
|
12
12
|
def create_initializer_file
|
|
13
|
-
template
|
|
13
|
+
template 'spid-rails.rb', './config/initializers/spid-rails.rb'
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Spid
|
|
2
|
+
module Rails
|
|
3
|
+
|
|
4
|
+
module Generators
|
|
5
|
+
|
|
6
|
+
class IdpImporterGenerator < ::Rails::Generators::Base
|
|
7
|
+
|
|
8
|
+
source_root File.expand_path('templates', __dir__)
|
|
9
|
+
|
|
10
|
+
desc 'Crea il file di import custom degli Idp (config/spid-rails/idp_import.yml).'
|
|
11
|
+
|
|
12
|
+
def create_import_file
|
|
13
|
+
template 'idp_import.yml', './config/spid-rails/idp_import.yml'
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -7,11 +7,11 @@ module Spid
|
|
|
7
7
|
class_option :cn, type: :string, default: 'spid-rails-test', desc: 'Common name for the X509 certificate'
|
|
8
8
|
class_option :size, type: :numeric, default: 1024, desc: 'RSA key bit size'
|
|
9
9
|
class_option :digest, type: :string, default: 'SHA256', desc: 'Digest algorithm for signing the certificate'
|
|
10
|
-
class_option :validity, type: :numeric, default: 1, desc:
|
|
10
|
+
class_option :validity, type: :numeric, default: 1, desc: 'Certificate validity expressed in months'
|
|
11
11
|
|
|
12
12
|
desc "Description:\n" +
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
" Generate a RSA key and use it to generate a self-signed certificate in the keys path\n" +
|
|
14
|
+
' WARNING: this generator is ment to be used only for testing purpose.'
|
|
15
15
|
|
|
16
16
|
def create_key
|
|
17
17
|
@key = OpenSSL::PKey::RSA.new options[:size]
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Identity Providers are loaded on a per environment basis
|
|
2
|
+
|
|
3
|
+
development:
|
|
4
|
+
agid_test:
|
|
5
|
+
metadata_url: https://idp.spid.gov.it:8080/assets/idp-metadata.xml
|
|
6
|
+
validate_cert: false
|
|
7
|
+
|
|
8
|
+
test:
|
|
9
|
+
local_test:
|
|
10
|
+
metadata_url: https://localhost:8080/assets/idp-metadata.xml
|
|
11
|
+
validate_cert: false
|
|
@@ -1,12 +1,9 @@
|
|
|
1
|
-
# Impostazioni di default dello Spid Engine
|
|
2
|
-
|
|
3
1
|
Spid::Rails.tap do |config|
|
|
4
|
-
|
|
5
2
|
# Mount point di Spid sull'applicazione
|
|
6
3
|
# default: 'spid'
|
|
7
4
|
# config.mount_point = 'spid'
|
|
8
5
|
|
|
9
|
-
# Url alla quale
|
|
6
|
+
# Url alla quale e' disponibile il metadata del provider
|
|
10
7
|
# default: 'metadata'
|
|
11
8
|
# config.metadata_path = 'metadata'
|
|
12
9
|
|
|
@@ -26,5 +23,4 @@ Spid::Rails.tap do |config|
|
|
|
26
23
|
# Livello di crittografia SHA per la generazione delle signature
|
|
27
24
|
# default: 256
|
|
28
25
|
# config.sha = 256
|
|
29
|
-
|
|
30
26
|
end
|
data/lib/spid-rails/engine.rb
CHANGED
|
@@ -6,6 +6,12 @@ module Spid
|
|
|
6
6
|
|
|
7
7
|
class Engine < ::Rails::Engine
|
|
8
8
|
isolate_namespace Spid::Rails
|
|
9
|
+
|
|
10
|
+
initializer 'spid-rails.load_custom_idp_list' do
|
|
11
|
+
path_to_list = ::Rails.root.join('config', 'spid-rails', 'idp_import.yml')
|
|
12
|
+
Spid::Idp.import(path_to_list) if File.exist?(path_to_list)
|
|
13
|
+
end
|
|
14
|
+
|
|
9
15
|
end
|
|
10
16
|
|
|
11
17
|
end
|
|
@@ -7,38 +7,38 @@ module OneLogin
|
|
|
7
7
|
class Authrequest
|
|
8
8
|
|
|
9
9
|
def create_xml_document(settings)
|
|
10
|
-
time = Time.now.utc.strftime(
|
|
10
|
+
time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
|
|
11
11
|
|
|
12
12
|
request_doc = XMLSecurity::Document.new
|
|
13
13
|
request_doc.uuid = uuid
|
|
14
14
|
|
|
15
|
-
root = request_doc.add_element
|
|
15
|
+
root = request_doc.add_element 'samlp:AuthnRequest', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', 'xmlns:saml' => 'urn:oasis:names:tc:SAML:2.0:assertion' }
|
|
16
16
|
root.attributes['ID'] = uuid
|
|
17
17
|
root.attributes['IssueInstant'] = time
|
|
18
|
-
root.attributes['Version'] =
|
|
18
|
+
root.attributes['Version'] = '2.0'
|
|
19
19
|
root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
|
|
20
20
|
root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
|
|
21
21
|
root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
|
|
22
|
-
root.attributes[
|
|
22
|
+
root.attributes['AttributeConsumingServiceIndex'] = settings.attributes_index unless settings.attributes_index.nil?
|
|
23
23
|
root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
|
|
24
24
|
|
|
25
25
|
# Conditionally defined elements based on settings
|
|
26
26
|
if settings.assertion_consumer_service_url != nil
|
|
27
|
-
root.attributes[
|
|
27
|
+
root.attributes['AssertionConsumerServiceURL'] = settings.assertion_consumer_service_url
|
|
28
28
|
end
|
|
29
|
-
#NameQualifier e Format da requisiti SPID
|
|
29
|
+
# NameQualifier e Format da requisiti SPID
|
|
30
30
|
if settings.issuer != nil
|
|
31
|
-
issuer = root.add_element
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
issuer = root.add_element 'saml:Issuer', {
|
|
32
|
+
'NameQualifier' => settings.issuer,
|
|
33
|
+
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
34
34
|
}
|
|
35
35
|
issuer.text = settings.issuer
|
|
36
36
|
end
|
|
37
37
|
if settings.name_identifier_format != nil
|
|
38
|
-
root.add_element
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
root.add_element 'samlp:NameIDPolicy', {
|
|
39
|
+
# Might want to make AllowCreate a setting?
|
|
40
|
+
'AllowCreate' => 'true',
|
|
41
|
+
'Format' => settings.name_identifier_format
|
|
42
42
|
}
|
|
43
43
|
end
|
|
44
44
|
|
|
@@ -50,14 +50,14 @@ module OneLogin
|
|
|
50
50
|
comparison = 'exact'
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
-
requested_context = root.add_element
|
|
54
|
-
|
|
53
|
+
requested_context = root.add_element 'samlp:RequestedAuthnContext', {
|
|
54
|
+
'Comparison' => comparison,
|
|
55
55
|
}
|
|
56
56
|
|
|
57
57
|
if settings.authn_context != nil
|
|
58
58
|
authn_contexts_class_ref = settings.authn_context.is_a?(Array) ? settings.authn_context : [settings.authn_context]
|
|
59
59
|
authn_contexts_class_ref.each do |authn_context_class_ref|
|
|
60
|
-
class_ref = requested_context.add_element
|
|
60
|
+
class_ref = requested_context.add_element 'saml:AuthnContextClassRef'
|
|
61
61
|
class_ref.text = authn_context_class_ref
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -65,7 +65,7 @@ module OneLogin
|
|
|
65
65
|
if settings.authn_context_decl_ref != nil
|
|
66
66
|
authn_contexts_decl_refs = settings.authn_context_decl_ref.is_a?(Array) ? settings.authn_context_decl_ref : [settings.authn_context_decl_ref]
|
|
67
67
|
authn_contexts_decl_refs.each do |authn_context_decl_ref|
|
|
68
|
-
decl_ref = requested_context.add_element
|
|
68
|
+
decl_ref = requested_context.add_element 'saml:AuthnContextDeclRef'
|
|
69
69
|
decl_ref.text = authn_context_decl_ref
|
|
70
70
|
end
|
|
71
71
|
end
|
data/lib/spid-rails/version.rb
CHANGED
data/lib/spid-rails.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'spid-rails/engine'
|
|
2
2
|
|
|
3
3
|
module Spid
|
|
4
4
|
module Rails
|
|
@@ -7,7 +7,7 @@ module Spid
|
|
|
7
7
|
mattr_accessor :mount_point
|
|
8
8
|
@@mount_point = 'spid'
|
|
9
9
|
|
|
10
|
-
# Url alla quale
|
|
10
|
+
# Url alla quale e' disponibile il metadata del provider
|
|
11
11
|
mattr_accessor :metadata_path
|
|
12
12
|
@@metadata_path = 'metadata'
|
|
13
13
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alessandro Descovi, Giacomo Bertoldi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -34,16 +34,16 @@ dependencies:
|
|
|
34
34
|
name: ruby-saml
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
|
-
- -
|
|
37
|
+
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 1.
|
|
39
|
+
version: 1.8.0
|
|
40
40
|
type: :runtime
|
|
41
41
|
prerelease: false
|
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
|
-
- -
|
|
44
|
+
- - "~>"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: 1.
|
|
46
|
+
version: 1.8.0
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: rails-html-sanitizer
|
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -64,6 +64,48 @@ dependencies:
|
|
|
64
64
|
- - ">="
|
|
65
65
|
- !ruby/object:Gem::Version
|
|
66
66
|
version: 1.0.4
|
|
67
|
+
- !ruby/object:Gem::Dependency
|
|
68
|
+
name: bundler-audit
|
|
69
|
+
requirement: !ruby/object:Gem::Requirement
|
|
70
|
+
requirements:
|
|
71
|
+
- - ">="
|
|
72
|
+
- !ruby/object:Gem::Version
|
|
73
|
+
version: '0'
|
|
74
|
+
type: :development
|
|
75
|
+
prerelease: false
|
|
76
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
77
|
+
requirements:
|
|
78
|
+
- - ">="
|
|
79
|
+
- !ruby/object:Gem::Version
|
|
80
|
+
version: '0'
|
|
81
|
+
- !ruby/object:Gem::Dependency
|
|
82
|
+
name: rubocop
|
|
83
|
+
requirement: !ruby/object:Gem::Requirement
|
|
84
|
+
requirements:
|
|
85
|
+
- - ">="
|
|
86
|
+
- !ruby/object:Gem::Version
|
|
87
|
+
version: '0'
|
|
88
|
+
type: :development
|
|
89
|
+
prerelease: false
|
|
90
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
91
|
+
requirements:
|
|
92
|
+
- - ">="
|
|
93
|
+
- !ruby/object:Gem::Version
|
|
94
|
+
version: '0'
|
|
95
|
+
- !ruby/object:Gem::Dependency
|
|
96
|
+
name: simplecov
|
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirements:
|
|
99
|
+
- - ">="
|
|
100
|
+
- !ruby/object:Gem::Version
|
|
101
|
+
version: '0'
|
|
102
|
+
type: :development
|
|
103
|
+
prerelease: false
|
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
+
requirements:
|
|
106
|
+
- - ">="
|
|
107
|
+
- !ruby/object:Gem::Version
|
|
108
|
+
version: '0'
|
|
67
109
|
- !ruby/object:Gem::Dependency
|
|
68
110
|
name: sqlite3
|
|
69
111
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,8 +156,11 @@ files:
|
|
|
114
156
|
- app/models/spid/sso_response.rb
|
|
115
157
|
- app/views/layouts/spid-rails/application.html.erb
|
|
116
158
|
- config/routes.rb
|
|
159
|
+
- config/spid-rails/idp_list.yml
|
|
117
160
|
- lib/generators/spid/rails/config_generator.rb
|
|
161
|
+
- lib/generators/spid/rails/idp_importer_generator.rb
|
|
118
162
|
- lib/generators/spid/rails/keys_generator.rb
|
|
163
|
+
- lib/generators/spid/rails/templates/idp_import.yml
|
|
119
164
|
- lib/generators/spid/rails/templates/spid-rails.rb
|
|
120
165
|
- lib/spid-rails.rb
|
|
121
166
|
- lib/spid-rails/engine.rb
|