Commit 0208848
Changed files (2)
lib
saml
lib/saml/kit/identity_provider_metadata.rb
@@ -47,7 +47,7 @@ module Saml
class Builder
attr_accessor :id, :organization_name, :organization_url, :contact_email, :entity_id, :attributes, :name_id_formats
- attr_accessor :want_authn_requests_signed
+ attr_accessor :want_authn_requests_signed, :sign
attr_reader :logout_urls, :single_sign_on_urls
def initialize(configuration = Saml::Kit.configuration)
@@ -58,6 +58,7 @@ module Saml
@single_sign_on_urls = []
@logout_urls = []
@configuration = configuration
+ @sign = true
@want_authn_requests_signed = true
end
@@ -70,42 +71,41 @@ module Saml
end
def to_xml
- signature = Signature.new(id)
- xml = ::Builder::XmlMarkup.new
- xml.instruct!
- xml.EntityDescriptor entity_descriptor_options do
- signature.template(xml)
- xml.IDPSSODescriptor idp_sso_descriptor_options do
- xml.KeyDescriptor use: "signing" do
- xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
- xml.X509Data do
- xml.X509Certificate @configuration.stripped_signing_certificate
+ Signature.sign(id, sign: sign) do |xml, signature|
+ xml.instruct!
+ xml.EntityDescriptor entity_descriptor_options do
+ signature.template(xml)
+ xml.IDPSSODescriptor idp_sso_descriptor_options do
+ xml.KeyDescriptor use: "signing" do
+ xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
+ xml.X509Data do
+ xml.X509Certificate @configuration.stripped_signing_certificate
+ end
end
end
+ name_id_formats.each do |format|
+ xml.NameIDFormat format
+ end
+ logout_urls.each do |item|
+ xml.SingleLogoutService Binding: item[:binding], Location: item[:location]
+ end
+ single_sign_on_urls.each do |item|
+ xml.SingleSignOnService Binding: item[:binding], Location: item[:location]
+ end
+ attributes.each do |attribute|
+ xml.tag! 'saml:Attribute', NameFormat: Namespaces::URI, Name: attribute, FriendlyName: attribute
+ end
end
- name_id_formats.each do |format|
- xml.NameIDFormat format
- end
- logout_urls.each do |item|
- xml.SingleLogoutService Binding: item[:binding], Location: item[:location]
- end
- single_sign_on_urls.each do |item|
- xml.SingleSignOnService Binding: item[:binding], Location: item[:location]
+ xml.Organization do
+ xml.OrganizationName organization_name, 'xml:lang': "en"
+ xml.OrganizationDisplayName organization_name, 'xml:lang': "en"
+ xml.OrganizationURL organization_url, 'xml:lang': "en"
end
- attributes.each do |attribute|
- xml.tag! 'saml:Attribute', NameFormat: Namespaces::URI, Name: attribute, FriendlyName: attribute
+ xml.ContactPerson contactType: "technical" do
+ xml.Company "mailto:#{contact_email}"
end
end
- xml.Organization do
- xml.OrganizationName organization_name, 'xml:lang': "en"
- xml.OrganizationDisplayName organization_name, 'xml:lang': "en"
- xml.OrganizationURL organization_url, 'xml:lang': "en"
- end
- xml.ContactPerson contactType: "technical" do
- xml.Company "mailto:#{contact_email}"
- end
end
- signature.finalize(xml)
end
def build
lib/saml/kit/response.rb
@@ -217,45 +217,45 @@ module Saml
true
end
- def to_xml(xml = ::Builder::XmlMarkup.new)
- signature = Signature.new(id, sign: want_assertions_signed)
- xml.Response response_options do
- xml.Issuer(issuer, xmlns: Namespaces::ASSERTION)
- signature.template(xml)
- xml.Status do
- xml.StatusCode Value: status_code
- end
- xml.Assertion(assertion_options) do
- xml.Issuer issuer
- xml.Subject do
- xml.NameID user.name_id_for(request), Format: request.name_id_format
- xml.SubjectConfirmation Method: Namespaces::BEARER do
- xml.SubjectConfirmationData "", subject_confirmation_data_options
- end
+ def to_xml
+ Signature.sign(id, sign: want_assertions_signed) do |xml, signature|
+ xml.Response response_options do
+ xml.Issuer(issuer, xmlns: Namespaces::ASSERTION)
+ signature.template(xml)
+ xml.Status do
+ xml.StatusCode Value: status_code
end
- xml.Conditions conditions_options do
- xml.AudienceRestriction do
- xml.Audience request.issuer
+ xml.Assertion(assertion_options) do
+ xml.Issuer issuer
+ xml.Subject do
+ xml.NameID user.name_id_for(request), Format: request.name_id_format
+ xml.SubjectConfirmation Method: Namespaces::BEARER do
+ xml.SubjectConfirmationData "", subject_confirmation_data_options
+ end
end
- end
- xml.AuthnStatement authn_statement_options do
- xml.AuthnContext do
- xml.AuthnContextClassRef Namespaces::PASSWORD
+ xml.Conditions conditions_options do
+ xml.AudienceRestriction do
+ xml.Audience request.issuer
+ end
end
- end
- assertion_attributes = user.assertion_attributes_for(request)
- if assertion_attributes.any?
- xml.AttributeStatement do
- assertion_attributes.each do |key, value|
- xml.Attribute Name: key, NameFormat: Namespaces::URI, FriendlyName: key do
- xml.AttributeValue value.to_s
+ xml.AuthnStatement authn_statement_options do
+ xml.AuthnContext do
+ xml.AuthnContextClassRef Namespaces::PASSWORD
+ end
+ end
+ assertion_attributes = user.assertion_attributes_for(request)
+ if assertion_attributes.any?
+ xml.AttributeStatement do
+ assertion_attributes.each do |key, value|
+ xml.Attribute Name: key, NameFormat: Namespaces::URI, FriendlyName: key do
+ xml.AttributeValue value.to_s
+ end
end
end
end
end
end
end
- signature.finalize(xml)
end
def build