Commit 6a5c581
2017-11-15 22:57:43
1 parent
d30ae26
Changed files (6)
airport
app
controllers
config
initializers
proof
config
initializers
saml-kit
lib
airport/app/controllers/sessions_controller.rb
@@ -3,10 +3,22 @@ class SessionsController < ApplicationController
skip_before_action :authenticate!
def new
- @saml_request = idp_metadata.build_request(Saml::Kit::AuthenticationRequest).serialize
@relay_state = JSON.generate(redirect_to: '/')
- @post_uri = idp_metadata.single_sign_on_service_for(binding: :post)
- @redirect_uri = http_redirect_url_for_login(@saml_request, @relay_state)
+ # HTTP Redirect
+ # * URI
+ # * SigAlg
+ # * Signature
+ # * RelayState
+ request_builder = Saml::Kit::AuthenticationRequest::Builder.new(sign: false)
+ request_builder.destination = idp_metadata.single_sign_on_service_for(binding: :http_redirect)
+ @redirect_uri = Saml::Kit::UrlBuilder.new.build(request_builder.build, relay_state: @relay_state)
+
+ # HTTP POST
+ # * URI
+ # * SAMLRequest/SAMLResponse
+ request_builder = Saml::Kit::AuthenticationRequest::Builder.new(sign: true)
+ request_builder.destination = @post_uri = idp_metadata.single_sign_on_service_for(binding: :post)
+ @saml_request = request_builder.build.serialize
end
def create
@@ -28,12 +40,4 @@ class SessionsController < ApplicationController
def idp_metadata
Rails.configuration.x.idp_metadata
end
-
- def http_redirect_url_for_login(saml_request, relay_state)
- UrlBuilder.new.http_redirect_url_for(
- idp_metadata.single_sign_on_service_for(binding: :http_redirect),
- saml_request,
- relay_state
- )
- end
end
airport/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,4 @@
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, 'SAMLResponse', 'SAMLRequest']
+Rails.application.config.filter_parameters += [:password, 'SAMLResponse', 'SAMLRequest', 'RelayState']
proof/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,4 @@
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, 'SAMLResponse', 'SAMLRequest']
+Rails.application.config.filter_parameters += [:password, 'SAMLResponse', 'SAMLRequest', 'RelayState']
saml-kit/lib/saml/kit/authentication_request.rb
@@ -142,7 +142,7 @@ module Saml
class Builder
attr_accessor :id, :now, :issuer, :acs_url, :name_id_format, :sign, :destination
- def initialize(user = nil, configuration: Saml::Kit.configuration, sign: true)
+ def initialize(configuration: Saml::Kit.configuration, sign: true)
@id = SecureRandom.uuid
@issuer = configuration.issuer
@name_id_format = Namespaces::PERSISTENT
saml-kit/lib/saml/kit/invalid_request.rb
@@ -13,6 +13,10 @@ module Saml
@raw = raw
@name = "InvalidRequest"
end
+
+ def to_xml
+ raw
+ end
end
end
end
saml-kit/lib/saml/kit/signature.rb
@@ -53,7 +53,7 @@ module Saml
def finalize(xml)
if sign && reference_id.present?
document = Xmldsig::SignedDocument.new(xml.target!)
- document.sign(configuration.signing_private_key)
+ document.sign(private_key)
else
xml.target!
end
@@ -64,6 +64,12 @@ module Saml
yield xml, signature
signature.finalize(xml)
end
+
+ private
+
+ def private_key
+ configuration.signing_private_key
+ end
end
end
end