Commit 4784343
Changed files (3)
lib
saml
spec
saml
lib/saml/kit/binding.rb
@@ -38,7 +38,15 @@ module Saml
ensure_valid_signature!(params, document)
document
elsif post?
+ if params['SAMLRequest'].present?
+ Saml::Kit::Request.deserialize(params['SAMLRequest'])
+ elsif params['SAMLResponse'].present?
+ Saml::Kit::Response.deserialize(params['SAMLResponse'])
+ else
+ raise ArgumentError.new("Missing SAMLRequest or SAMLResponse")
+ end
else
+ raise ArgumentError.new("Unsupported binding")
end
end
lib/saml/kit/namespaces.rb
@@ -7,12 +7,13 @@ module Saml
BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
ENVELOPED_SIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
+ HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'
+ HTTP_POST = POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
PASSWORD_PROTECTED = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
PERSISTENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
- POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
REQUESTER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Requester"
RESPONDER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Responder"
@@ -33,7 +34,7 @@ module Saml
def self.binding_for(binding)
if :post == binding
- Namespaces::POST
+ Namespaces::HTTP_POST
elsif :http_redirect == binding
Namespaces::HTTP_REDIRECT
else
spec/saml/binding_spec.rb
@@ -74,7 +74,7 @@ RSpec.describe Saml::Kit::Binding do
end
it 'ignores other bindings' do
- subject = Saml::Kit::Binding.new(binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', location: location)
+ subject = Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::HTTP_ARTIFACT, location: location)
expect(subject.serialize(Saml::Kit::AuthenticationRequest)).to be_empty
end
end
@@ -144,5 +144,49 @@ RSpec.describe Saml::Kit::Binding do
end.to raise_error(/Invalid Signature/)
end
end
+
+ describe "HTTP Post binding" do
+ let(:subject) { Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::POST, location: location) }
+
+ it 'deserializes to an AuthnRequest' do
+ builder = Saml::Kit::AuthenticationRequest::Builder.new
+ _, params = subject.serialize(builder)
+ result = subject.deserialize(params)
+ expect(result).to be_instance_of(Saml::Kit::AuthenticationRequest)
+ end
+
+ it 'deserializes to a LogoutRequest' do
+ user = double(:user, name_id_for: SecureRandom.uuid)
+ builder = Saml::Kit::LogoutRequest::Builder.new(user)
+ _, params = subject.serialize(builder)
+ result = subject.deserialize(params)
+ expect(result).to be_instance_of(Saml::Kit::LogoutRequest)
+ end
+
+ it 'deserializes to a Response' do
+ user = double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: [])
+ request = double(:request, id: SecureRandom.uuid, provider: nil, acs_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: FFaker::Internet.http_url)
+ builder = Saml::Kit::Response::Builder.new(user, request)
+ _, params = subject.serialize(builder)
+ result = subject.deserialize(params)
+ expect(result).to be_instance_of(Saml::Kit::Response)
+ end
+
+ it 'raises an error when SAMLRequest and SAMLResponse are missing' do
+ expect do
+ subject.deserialize({})
+ end.to raise_error(/Missing SAMLRequest or SAMLResponse/)
+ end
+ end
+
+ describe "Artifact binding" do
+ let(:subject) { Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::HTTP_ARTIFACT, location: location) }
+
+ it 'raises an error' do
+ expect do
+ subject.deserialize('SAMLRequest' => "CORRUPT")
+ end.to raise_error(/Unsupported binding/)
+ end
+ end
end
end