Commit 5fe7bf9
Changed files (2)
lib
saml
kit
spec
lib/saml/kit/trustable.rb
@@ -56,6 +56,10 @@ module Saml
end
def must_be_trusted
+ if provider.present? && !signed?
+ return
+ end
+
return if trusted?
errors[:fingerprint] << error_message(:invalid_fingerprint)
end
spec/saml/authentication_request_spec.rb
@@ -108,6 +108,34 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
subject.signature_verified!
expect(subject).to be_valid
end
+
+ it 'is valid when there is no signature, and the issuer is registered' do
+ now = Time.now.utc
+ raw_xml = <<-XML
+<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Saml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
+ <saml:Issuer>#{issuer}</saml:Issuer>
+ <samlp:NameIDPolicy AllowCreate='true' Format='#{Saml::Kit::Namespaces::PERSISTENT}'/>
+</samlp:AuthnRequest>
+ XML
+
+ allow(registry).to receive(:metadata_for).with(issuer).and_return(metadata)
+ subject = described_class.new(raw_xml, configuration: configuration)
+ expect(subject).to be_valid
+ end
+
+ it 'is invalid when there is no signature, and the issuer is not registered' do
+ now = Time.now.utc
+ raw_xml = <<-XML
+<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Saml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
+ <saml:Issuer>#{issuer}</saml:Issuer>
+ <samlp:NameIDPolicy AllowCreate='true' Format='#{Saml::Kit::Namespaces::PERSISTENT}'/>
+</samlp:AuthnRequest>
+ XML
+
+ allow(registry).to receive(:metadata_for).with(issuer).and_return(nil)
+ subject = described_class.new(raw_xml, configuration: configuration)
+ expect(subject).to be_invalid
+ end
end
describe "#assertion_consumer_service_url" do