ssolo 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0ccb40eda9b6ea1d0b4252545669ee1e966d4774c07d55eaa014a8af959a210a
+  data.tar.gz: 1a410aa070099ce4fe6caa8de8d11fdc0b0328a8d4dc723f18eddaf84e24d438
+SHA512:
+  metadata.gz: a0ccf3bf281fe538b3417eb31a73dd38dd539e572ae9ed1b9c9f4fb2b040f9a628b2745f76b0a9cf1d01b6a7afedfd551c7d75e40693c65616062c35634715de
+  data.tar.gz: 81628f37ae67bfb4dba9c3ed1fe226c29b816f787b8f4f2b7a2361f03c796b3261b879a038de6c6ece69d471434d4c8acee86ad657874efb8f87b39eb86efe8c

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2025-05-08
+
+- Initial release

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Covidence
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,96 @@
+# SSOlo
+
+SSOlo is a small SAML identity provider (IdP), for use in test and development environments in applications which operate as service providers - particularly for use with feature tests.
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+```bash
+bundle add ssolo
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install ssolo
+```
+
+## Usage
+
+### Test Environments
+
+Using SSOlo within a test suite can be done via an instance of `SSOlo::Controller`, where you can start the server with an immediately-returned Name ID/email address:
+
+```ruby
+controller = SSOlo::Controller.new
+controller.start(
+  sp_certificate: <<~CERT,
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+  CERT
+  name_id: "test@example.com"
+)
+
+# connect up the appropriate SAML settings via an
+# OneLogin::RubySaml::Settings instance:
+controller.settings #=> OneLogin::RubySaml::Settings
+controller.settings.idp_entity_id
+controller.settings.idp_sso_service_url
+controller.settings.idp_cert
+
+# These details are also available via a URL:
+controller.metadata_url
+
+# initiate a SAML request, and the following
+# SAML response will be returned immediately with
+# the specified name_id in the above `start` call.
+
+# And then when you're done:
+controller.stop
+```
+
+The SSOlo server will use ephemeral certificates and private keys, and the port will also change on every boot (following the behaviour of a standard Capybara server).
+
+### Development Environments
+
+To run SSOlo for a development environment, use the provided executable and manage settings via environment variables:
+
+```sh
+bundle exec ssolo \
+  SSOLO_PERSISTENCE=~/.ssolo.json \
+  SSOLO_SP_CERTIFICATE="-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----" \
+  SSOLO_HOST=127.0.0.1 \
+  SSOLO_PORT=9292 \
+  SSOLO_SILENT=true
+```
+
+`SSOLO_PERSISTENCE` can either be a file path, or "true" or "false". `SSOLO_SP_CERTIFICATE` must be specified with the certificate in PEM format. The other variables are optional (and the above values are the defaults).
+
+You can also specify `SSOLO_NAME_ID` to keep the supplied name ID as a fixed value. But otherwise, you will be prompted for a value when you're going through the SAML flow.
+
+The IdP server has two endpoints:
+
+* `GET /metadata` which returns the XML metadata
+* `GET /saml` which is the URL to initiate SAML requests
+
+So, if you're running the server with the default environment variables, you should be able to see the metadata via [http://127.0.0.1:9292/metadata](http://127.0.0.1:9292/metadata).
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/pat/ssolo. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/pat/ssolo/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the SSOlo project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/pat/ssolo/blob/main/CODE_OF_CONDUCT.md).

data/exe/ssolo

@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+# -*- mode: ruby -*-
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "logger"
+require "rack/handler/puma"
+require "ssolo"
+
+persistence = case ENV.fetch("SSOLO_PERSISTENCE", nil)
+              when "true"
+                true
+              when "false"
+                false
+              else
+                ENV.fetch("SSOLO_PERSISTENCE", nil)
+              end
+
+Rack::Handler::Puma.run(
+  SSOlo::Server.new(
+    sp_certificate: ENV.fetch("SSOLO_SP_CERTIFICATE"),
+    default_name_id: ENV.fetch("SSOLO_NAME_ID", nil),
+    persistence:
+  ),
+  Host: ENV.fetch("SSOLO_HOST", "127.0.0.1"),
+  Port: ENV.fetch("SSOLO_PORT", 9292),
+  Silent: ENV.fetch("SSOLO_SILENT", "true") == "true",
+  daemon: false,
+  config_files: ["-"]
+)

data/lib/ssolo/certificate.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module SSOlo
+  # Generates an X509 certificate with the given private key. These certificates
+  # are not meant for production use.
+  class Certificate
+    def self.call(...)
+      new(...).call
+    end
+
+    def initialize(private_key)
+      @private_key = private_key
+    end
+
+    # rubocop:disable Metrics/AbcSize
+    def call
+      OpenSSL::X509::Certificate.new.tap do |certificate|
+        certificate.version = 2
+        certificate.serial = 0
+        certificate.not_before = not_before
+        certificate.not_after = not_after
+        certificate.public_key = public_key
+        certificate.subject = name
+        certificate.issuer = name
+        certificate.sign(private_key, digest)
+      end
+    end
+    # rubocop:enable Metrics/AbcSize
+
+    private
+
+    attr_reader :private_key
+
+    def digest
+      OpenSSL::Digest.new("SHA256")
+    end
+
+    def name
+      @name ||= OpenSSL::X509::Name.parse "/CN=nobody/DC=example"
+    end
+
+    # ~10 years
+    def not_after
+      Time.now + (10 * 365 * 24 * 60 * 60)
+    end
+
+    def not_before
+      Time.now
+    end
+
+    def public_key
+      private_key.public_key
+    end
+  end
+end

data/lib/ssolo/controller.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module SSOlo
+  # Manages the external process of a SSOlo server
+  class Controller
+    MAXIMUM_ATTEMPTS = 20
+
+    def metadata_url
+      @metadata_url ||= "http://127.0.0.1:#{port}/metadata"
+    end
+
+    def settings
+      @settings ||= begin
+        wait_until_booted
+
+        OneLogin::RubySaml::IdpMetadataParser.new.parse_remote(
+          metadata_url
+        )
+      end
+    end
+
+    def start(sp_certificate:, name_id: nil)
+      @pid = Process.spawn(
+        {
+          "SSOLO_PORT" => port.to_s,
+          "SSOLO_NAME_ID" => name_id,
+          "SSOLO_SP_CERTIFICATE" => sp_certificate
+        },
+        "bundle exec ssolo"
+      )
+    end
+
+    def stop
+      Process.kill("KILL", @pid)
+    end
+
+    private
+
+    def port
+      @port ||= Addrinfo.tcp("", 0).bind { |s| s.local_address.ip_port }
+    end
+
+    def wait_until_booted
+      attempts = 0
+
+      begin
+        Net::HTTP.get(URI(metadata_url))
+      rescue Errno::ECONNREFUSED
+        attempts += 1
+        raise if attempts > MAXIMUM_ATTEMPTS
+
+        sleep 0.1
+        retry
+      end
+    end
+  end
+end

data/lib/ssolo/server.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require "rack"
+require "saml_idp"
+
+require_relative "certificate"
+
+module SSOlo
+  # A rack app that operates as an extremely minimal SAML Identity Provider.
+  # There are two endpoints:
+  #
+  # - GET /metadata -- which returns the SAML IdP metadata as XML
+  # - GET /saml -- which, if there's a default name ID, renders a HTML form that
+  #   submits immediately. Otherwise, renders a form asking for a name ID/email
+  #   address
+  class Server
+    attr_reader :sp_certificate
+
+    def initialize(sp_certificate:, default_name_id: nil, persistence: false)
+      @sp_certificate = certificate_from_string(sp_certificate)
+      @default_name_id = default_name_id
+      @persistence = persistence
+    end
+
+    def call(env)
+      request = Rack::Request.new(env)
+      return four_oh_four unless request.get?
+
+      case request.path_info
+      when "/metadata"
+        metadata(request)
+      when "/saml"
+        saml(request)
+      else
+        [200, {}, [""]]
+      end
+    end
+
+    def certificate
+      @certificate ||= certificate_from_string(persisted_settings["certificate"])
+    end
+
+    def private_key
+      @private_key ||= OpenSSL::PKey::RSA.new(persisted_settings["private_key"])
+    end
+
+    private
+
+    attr_reader :default_name_id, :persistence
+
+    def certificate_from_string(value)
+      case value
+      when String
+        OpenSSL::X509::Certificate.new(value)
+      when OpenSSL::X509::Certificate
+        value
+      else
+        raise ArgumentError, "Invalid certificate: #{value}"
+      end
+    end
+
+    def four_oh_four
+      [404, {}, ["Not Found"]]
+    end
+
+    def metadata(request)
+      [
+        200,
+        { "Content-Type" => "application/xml; charset=utf-8" },
+        [SSOlo::Templates::Metadata.call(request, certificate)]
+      ]
+    end
+
+    def new_settings
+      key = OpenSSL::PKey::RSA.new(2048)
+
+      {
+        "certificate" => SSOlo::Certificate.call(key).to_pem,
+        "private_key" => key.to_pem
+      }
+    end
+
+    def persistence_path
+      case persistence
+      when String
+        persistence
+      else
+        "~/.ssolo.json"
+      end
+    end
+
+    def persisted_settings
+      @persisted_settings ||= begin
+        settings = File.exist?(persistence_path) ? JSON.parse(File.read(persistence_path)) : new_settings
+
+        File.write(persistence_path, JSON.generate(settings)) if persistence
+
+        settings
+      end
+    end
+
+    def saml(request)
+      name_id = default_name_id || request.params["name_id"]
+
+      html = if name_id && name_id.strip.length.positive?
+               SSOlo::Templates::Response.call(self, request, name_id)
+             else
+               SSOlo::Templates::Entry.call(request)
+             end
+
+      [200, { "Content-Type" => "text/html; charset=utf-8" }, [html]]
+    end
+  end
+end

data/lib/ssolo/templates/entry.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module SSOlo
+  module Templates
+    # Returns HTML for a form that contains an in-progress SAML request, with
+    # a field to specify a custom Name ID/email address.
+    class Entry
+      def self.call(request)
+        <<~HTML
+          <!DOCTYPE html>
+          <html>
+            <head>
+              <meta charset="utf-8">
+              <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+            </head>
+            <body>
+              <form method="get" action="#{request.base_url}/saml">
+                <input type="hidden" name="SAMLRequest" value="#{request.params['SAMLRequest']}">
+                <input type="hidden" name="RelayState" value="#{request.params['RelayState']}">
+
+                <label for="name_id">Email / Name ID</label>
+                <input type="text" name="name_id" id="name_id">
+
+                <input type="submit" value="Submit">
+              </form>
+            </body>
+          </html>
+        HTML
+      end
+    end
+  end
+end

data/lib/ssolo/templates/metadata.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module SSOlo
+  module Templates
+    # Renders the XML details of the Identity Provider
+    class Metadata
+      def self.call(request, certificate)
+        <<~XML
+          <?xml version="1.0" encoding="utf-8"?>
+          <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="#{request.base_url}/saml">
+            <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+              <KeyDescriptor>
+                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                  <ds:X509Data>
+                    <ds:X509Certificate>
+                      #{certificate.to_pem.lines.grep_v(/BEGIN|END/).join.strip}
+                    </ds:X509Certificate>
+                  </ds:X509Data>
+                </ds:KeyInfo>
+              </KeyDescriptor>
+              <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="#{request.base_url}/saml" />
+            </IDPSSODescriptor>
+          </EntityDescriptor>
+        XML
+      end
+    end
+  end
+end

data/lib/ssolo/templates/response.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module SSOlo
+  module Templates
+    # Returns the HTML output of an auto-submitting form, to post the SAML
+    # response through to the service provider.
+    class Response
+      def self.call(...)
+        new(...).call
+      end
+
+      def initialize(server, request, name_id)
+        @server = server
+        @request = request
+        @name_id = name_id
+      end
+
+      # rubocop:disable Metrics/MethodLength
+      def call
+        configure_idp
+
+        <<~HTML
+          <!DOCTYPE html>
+          <html>
+            <head>
+              <meta charset="utf-8">
+              <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+            </head>
+            <body onload="document.forms[0].submit();" style="visibility:hidden;">
+              <form method="post" action="#{saml_request.acs_url}">
+                <input type="hidden" name="SAMLResponse" value="#{saml_response}" />
+                <input type="hidden" name="RelayState" value="#{request.params['RelayState']}" />
+                <input type="submit" value="Submit" />
+              </form>
+            </body>
+          </html>
+        HTML
+      end
+      # rubocop:enable Metrics/MethodLength
+
+      private
+
+      attr_reader :server, :request, :name_id
+
+      def configure_idp
+        SamlIdp.configure do |config|
+          config.base_saml_location = "#{request.base_url}/saml"
+          config.x509_certificate = server.certificate
+          config.secret_key = server.private_key
+          config.algorithm = :sha256
+          config.name_id.formats = {
+            email_address: ->(principal) { principal }
+          }
+        end
+      end
+
+      def saml_request
+        @saml_request ||= SamlIdp::Request.from_deflated_request(
+          request.params["SAMLRequest"]
+        )
+      end
+
+      # rubocop:disable Metrics/MethodLength
+      def saml_response
+        SamlIdp::SamlResponse.new(
+          SecureRandom.uuid, # reference_id
+          SecureRandom.uuid, # response_id
+          "#{request.base_url}/saml", # issuer_uri
+          name_id, # principal / name ID
+          saml_request.issuer,
+          saml_request.request_id,
+          saml_request.acs_url,
+          OpenSSL::Digest::SHA256,
+          Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD,
+          60 * 60, # expiry
+          {
+            # This is the service provider's certificate, so we can encrypt the
+            # response in a manner that only the service provider can decrypt.
+            cert: server.sp_certificate,
+            block_encryption: "aes256-cbc",
+            key_transport: "rsa-oaep-mgf1p"
+          }
+        ).build
+      end
+      # rubocop:enable Metrics/MethodLength
+    end
+  end
+end

data/lib/ssolo/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module SSOlo
+  VERSION = "0.1.0"
+end

data/lib/ssolo.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require_relative "ssolo/certificate"
+require_relative "ssolo/controller"
+require_relative "ssolo/server"
+require_relative "ssolo/templates/entry"
+require_relative "ssolo/templates/metadata"
+require_relative "ssolo/templates/response"
+require_relative "ssolo/version"
+
+# This gem provides a minimal SAML Identity Provider (IdP) server, which can be
+# used in development or test environments.
+module SSOlo
+end

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: ssolo
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Pat Allan
+bindir: exe
+cert_chain: []
+date: 2025-05-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: saml_idp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+email:
+- pat@freelancing-gods.com
+executables:
+- ssolo
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- LICENSE.txt
+- README.md
+- exe/ssolo
+- lib/ssolo.rb
+- lib/ssolo/certificate.rb
+- lib/ssolo/controller.rb
+- lib/ssolo/server.rb
+- lib/ssolo/templates/entry.rb
+- lib/ssolo/templates/metadata.rb
+- lib/ssolo/templates/response.rb
+- lib/ssolo/version.rb
+homepage: https://github.com/pat/ssolo
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/pat/ssolo
+  source_code_uri: https://github.com/pat/ssolo
+  changelog_uri: https://github.com/pat/ssolo/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.4
+specification_version: 4
+summary: A micro SAML IdP for development/test environments
+test_files: []