Commit 683dac7
Changed files (2)
lib
saml
kit
bindings
spec
saml
bindings
lib/saml/kit/bindings/url_builder.rb
@@ -10,10 +10,14 @@ module Saml
end
def build(saml_document, relay_state: nil)
- payload = canonicalize(saml_document, relay_state)
if configuration.sign?
+ payload = canonicalize(saml_document, relay_state)
"#{saml_document.destination}?#{payload}&Signature=#{signature_for(payload)}"
else
+ payload = to_query_string(
+ saml_document.query_string_parameter => serialize(saml_document.to_xml),
+ 'RelayState' => relay_state,
+ )
"#{saml_document.destination}?#{payload}"
end
end
@@ -26,11 +30,15 @@ module Saml
end
def canonicalize(saml_document, relay_state)
- {
+ to_query_string(
saml_document.query_string_parameter => serialize(saml_document.to_xml),
'RelayState' => relay_state,
'SigAlg' => Saml::Kit::Namespaces::SHA256,
- }.map do |(key, value)|
+ )
+ end
+
+ def to_query_string(query_params)
+ query_params.map do |(key, value)|
value.present? ? "#{key}=#{escape(value)}" : nil
end.compact.join('&')
end
spec/saml/bindings/http_redirect_spec.rb
@@ -79,7 +79,15 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
end
it 'raises an error when the signature does not match' do
- url, _ = subject.serialize(Saml::Kit::AuthenticationRequest.builder_class.new)
+ configuration = Saml::Kit::Configuration.new do |config|
+ config.issuer = issuer
+ config.generate_key_pair_for(use: :signing)
+ end
+ url, _ = subject.serialize(
+ Saml::Kit::AuthenticationRequest.builder(configuration: configuration) do |x|
+ x.embed_signature = true
+ end
+ )
query_params = query_params_from(url)
query_params['Signature'] = 'invalid'
expect do