Commit 054fbaf
Changed files (8)
lib/saml/kit/identity_provider_metadata.rb
@@ -32,7 +32,7 @@ module Saml
@id = SecureRandom.uuid
@entity_id = configuration.issuer
@attributes = []
- @name_id_formats = [Namespaces::Formats::NameId::PERSISTENT]
+ @name_id_formats = [Namespaces::PERSISTENT]
@single_sign_on_urls = []
@logout_urls = []
end
@@ -62,7 +62,7 @@ module Saml
xml.SingleSignOnService Binding: item[:binding], Location: item[:location]
end
attributes.each do |attribute|
- xml.tag! 'saml:Attribute', NameFormat: Namespaces::Formats::Attr::URI, Name: attribute, FriendlyName: attribute
+ xml.tag! 'saml:Attribute', NameFormat: Namespaces::URI, Name: attribute, FriendlyName: attribute
end
end
xml.Organization do
@@ -95,9 +95,9 @@ module Saml
def binding_namespace_for(binding)
if :post == binding
- Namespaces::Bindings::POST
+ Namespaces::POST
else
- Namespaces::Bindings::HTTP_REDIRECT
+ Namespaces::HTTP_REDIRECT
end
end
end
lib/saml/kit/metadata.rb
@@ -5,7 +5,7 @@ module Saml
METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
NAMESPACES = {
- "NameFormat": Namespaces::Formats::Attr::SPLAT,
+ "NameFormat": Namespaces::ATTR_SPLAT,
"ds": Namespaces::SIGNATURE,
"md": Namespaces::METADATA,
"saml": Namespaces::ASSERTION,
lib/saml/kit/namespaces.rb
@@ -1,48 +1,24 @@
module Saml
module Kit
module Namespaces
- METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
- SIGNATURE = "http://www.w3.org/2000/09/xmldsig#"
+ ATTR_SPLAT = "urn:oasis:names:tc:SAML:2.0:attrname-format:*"
+ BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
+ BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
+ EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+ HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
+ PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
+ PASSWORD_PROTECTED = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+ PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
+ POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
-
- module Bindings
- POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- end
-
- module Statuses
- SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success"
- end
-
- module Consents
- UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:consent:unspecified"
- end
-
- module AuthnContext
- module ClassRef
- PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
- PASSWORD_PROTECTED = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
- end
- end
-
- module Methods
- BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
- end
-
- module Formats
- module Attr
- URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
- BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
- SPLAT = "urn:oasis:names:tc:SAML:2.0:attrname-format:*"
- end
-
- module NameId
- EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
- TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
- PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
- end
- end
+ SIGNATURE = "http://www.w3.org/2000/09/xmldsig#"
+ SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success"
+ TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+ UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:consent:unspecified"
+ URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ XMLDSIG = "http://www.w3.org/2000/09/xmldsig#"
end
end
end
lib/saml/kit/response.rb
@@ -54,13 +54,13 @@ module Saml
signature.template(xml)
xml.Issuer(configuration.issuer, xmlns: Namespaces::ASSERTION)
xml.tag!("samlp:Status") do
- xml.tag!('samlp:StatusCode', Value: Namespaces::Statuses::SUCCESS)
+ xml.tag!('samlp:StatusCode', Value: Namespaces::SUCCESS)
end
xml.Assertion(assertion_options) do
xml.Issuer configuration.issuer
xml.Subject do
xml.NameID user.uuid, Format: name_id_format
- xml.SubjectConfirmation Method: Namespaces::Methods::BEARER do
+ xml.SubjectConfirmation Method: Namespaces::BEARER do
xml.SubjectConfirmationData "", subject_confirmation_data_options
end
end
@@ -71,12 +71,12 @@ module Saml
end
xml.AuthnStatement authn_statement_options do
xml.AuthnContext do
- xml.AuthnContextClassRef Namespaces::AuthnContext::ClassRef::PASSWORD
+ xml.AuthnContextClassRef Namespaces::PASSWORD
end
end
xml.AttributeStatement do
user.assertion_attributes.each do |key, value|
- xml.Attribute Name: key, NameFormat: Namespaces::Formats::Attr::URI, FriendlyName: key do
+ xml.Attribute Name: key, NameFormat: Namespaces::URI, FriendlyName: key do
xml.AttributeValue value.to_s
end
end
@@ -102,7 +102,7 @@ module Saml
Version: "2.0",
IssueInstant: now.iso8601,
Destination: request.acs_url,
- Consent: Namespaces::Consents::UNSPECIFIED,
+ Consent: Namespaces::UNSPECIFIED,
InResponseTo: request.id,
"xmlns:samlp" => Namespaces::PROTOCOL,
}
lib/saml/kit/service_provider_metadata.rb
@@ -25,7 +25,7 @@ module Saml
@entity_id = configuration.issuer
@acs_urls = []
@logout_urls = []
- @name_id_formats = [Namespaces::Formats::NameId::PERSISTENT]
+ @name_id_formats = [Namespaces::PERSISTENT]
end
def add_assertion_consumer_service(url, binding: :post)
@@ -44,7 +44,7 @@ module Saml
signature.template(xml)
xml.SPSSODescriptor descriptor_options do
xml.KeyDescriptor use: "signing" do
- xml.KeyInfo "xmlns": Saml::Kit::Signature::XMLDSIG do
+ xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
xml.X509Data do
xml.X509Certificate @configuration.stripped_signing_certificate
end
@@ -88,9 +88,9 @@ module Saml
def binding_namespace_for(binding)
if :post == binding
- Namespaces::Bindings::POST
+ Namespaces::POST
else
- Namespaces::Bindings::HTTP_REDIRECT
+ Namespaces::HTTP_REDIRECT
end
end
end
lib/saml/kit/signature.rb
@@ -1,7 +1,6 @@
module Saml
module Kit
class Signature
- XMLDSIG="http://www.w3.org/2000/09/xmldsig#"
SIGNATURE_METHODS = {
SHA1: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
SHA224: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
@@ -25,7 +24,7 @@ module Saml
end
def template(xml = ::Builder::XmlMarkup.new)
- xml.Signature "xmlns" => XMLDSIG do
+ xml.Signature "xmlns" => Namespaces::XMLDSIG do
xml.SignedInfo do
xml.CanonicalizationMethod Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
xml.SignatureMethod Algorithm: SIGNATURE_METHODS[configuration.signature_method]
spec/saml/identity_provider_metadata_spec.rb
@@ -14,9 +14,9 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
subject.organization_name = org_name
subject.organization_url = url
subject.name_id_formats = [
- Saml::Kit::Namespaces::Formats::NameId::PERSISTENT,
- Saml::Kit::Namespaces::Formats::NameId::TRANSIENT,
- Saml::Kit::Namespaces::Formats::NameId::EMAIL_ADDRESS,
+ Saml::Kit::Namespaces::PERSISTENT,
+ Saml::Kit::Namespaces::TRANSIENT,
+ Saml::Kit::Namespaces::EMAIL_ADDRESS,
]
subject.add_single_sign_on_service("https://www.example.com/login", binding: :http_redirect)
subject.add_single_logout_service("https://www.example.com/logout", binding: :post)
@@ -28,9 +28,9 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
expect(result['EntityDescriptor']['entityID']).to eql(entity_id)
expect(result['EntityDescriptor']['IDPSSODescriptor']['protocolSupportEnumeration']).to eql('urn:oasis:names:tc:SAML:2.0:protocol')
expect(result['EntityDescriptor']['IDPSSODescriptor']['NameIDFormat']).to match_array([
- Saml::Kit::Namespaces::Formats::NameId::PERSISTENT,
- Saml::Kit::Namespaces::Formats::NameId::TRANSIENT,
- Saml::Kit::Namespaces::Formats::NameId::EMAIL_ADDRESS,
+ Saml::Kit::Namespaces::PERSISTENT,
+ Saml::Kit::Namespaces::TRANSIENT,
+ Saml::Kit::Namespaces::EMAIL_ADDRESS,
])
expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Binding']).to eql('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')
expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Location']).to eql("https://www.example.com/login")
spec/saml/service_provider_metadata_spec.rb
@@ -28,9 +28,9 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
subject.entity_id = entity_id
subject.add_assertion_consumer_service(acs_url, binding: :post)
subject.name_id_formats = [
- Saml::Kit::Namespaces::Formats::NameId::PERSISTENT,
- Saml::Kit::Namespaces::Formats::NameId::TRANSIENT,
- Saml::Kit::Namespaces::Formats::NameId::EMAIL_ADDRESS,
+ Saml::Kit::Namespaces::PERSISTENT,
+ Saml::Kit::Namespaces::TRANSIENT,
+ Saml::Kit::Namespaces::EMAIL_ADDRESS,
]
result = Hash.from_xml(subject.build.to_xml)
@@ -41,9 +41,9 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
expect(result['EntityDescriptor']['SPSSODescriptor']['WantAssertionsSigned']).to eql('true')
expect(result['EntityDescriptor']['SPSSODescriptor']['protocolSupportEnumeration']).to eql('urn:oasis:names:tc:SAML:2.0:protocol')
expect(result['EntityDescriptor']['SPSSODescriptor']['NameIDFormat']).to match_array([
- Saml::Kit::Namespaces::Formats::NameId::PERSISTENT,
- Saml::Kit::Namespaces::Formats::NameId::TRANSIENT,
- Saml::Kit::Namespaces::Formats::NameId::EMAIL_ADDRESS,
+ Saml::Kit::Namespaces::PERSISTENT,
+ Saml::Kit::Namespaces::TRANSIENT,
+ Saml::Kit::Namespaces::EMAIL_ADDRESS,
])
expect(result['EntityDescriptor']['SPSSODescriptor']['AssertionConsumerService']['Binding']).to eql("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
expect(result['EntityDescriptor']['SPSSODescriptor']['AssertionConsumerService']['Location']).to eql(acs_url)
@@ -79,21 +79,21 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
it 'returns each acs url and binding' do
expect(subject.assertion_consumer_services).to match_array([
- { location: acs_post_url, binding: Saml::Kit::Namespaces::Bindings::POST },
- { location: acs_redirect_url, binding: Saml::Kit::Namespaces::Bindings::HTTP_REDIRECT },
+ { location: acs_post_url, binding: Saml::Kit::Namespaces::POST },
+ { location: acs_redirect_url, binding: Saml::Kit::Namespaces::HTTP_REDIRECT },
])
end
it 'returns each logout url and binding' do
expect(subject.single_logout_services).to match_array([
- { location: logout_post_url, binding: Saml::Kit::Namespaces::Bindings::POST },
- { location: logout_redirect_url, binding: Saml::Kit::Namespaces::Bindings::HTTP_REDIRECT },
+ { location: logout_post_url, binding: Saml::Kit::Namespaces::POST },
+ { location: logout_redirect_url, binding: Saml::Kit::Namespaces::HTTP_REDIRECT },
])
end
it 'returns each of the nameid formats' do
expect(subject.name_id_formats).to match_array([
- Saml::Kit::Namespaces::Formats::NameId::PERSISTENT
+ Saml::Kit::Namespaces::PERSISTENT
])
end