Commit 8897ee9
Changed files (5)
lib/saml/kit/identity_provider_metadata.rb
@@ -42,6 +42,7 @@ module Saml
@name_id_formats = [Namespaces::PERSISTENT]
@single_sign_on_urls = []
@logout_urls = []
+ @configuration = configuration
end
def add_single_sign_on_service(url, binding: :post)
@@ -59,6 +60,13 @@ module Saml
xml.EntityDescriptor entity_descriptor_options do
signature.template(xml)
xml.IDPSSODescriptor protocolSupportEnumeration: Namespaces::PROTOCOL do
+ xml.KeyDescriptor use: "signing" do
+ xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
+ xml.X509Data do
+ xml.X509Certificate @configuration.stripped_signing_certificate
+ end
+ end
+ end
name_id_formats.each do |format|
xml.NameIDFormat format
end
lib/saml/kit/metadata.rb
@@ -35,8 +35,7 @@ module Saml
end
def certificates
- xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor"
- find_all(xpath).map do |item|
+ @certificates ||= find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", NAMESPACES).text
{
text: cert,
@@ -55,8 +54,7 @@ module Saml
end
def single_logout_services
- xpath = "/md:EntityDescriptor/md:#{name}/md:SingleLogoutService"
- find_all(xpath).map do |item|
+ find_all("/md:EntityDescriptor/md:#{name}/md:SingleLogoutService").map do |item|
{
binding: item.attribute("Binding").value,
location: item.attribute("Location").value,
lib/saml/kit/response.rb
@@ -129,7 +129,7 @@ module Saml
def must_be_registered
return unless login_response?
- return if provider.present? && provider.matches?(fingerprint, use: "signing")
+ return if provider.present? && provider.matches?(fingerprint, use: :signing)
errors[:base] << error_message(:unregistered)
end
spec/saml/identity_provider_metadata_spec.rb
@@ -39,6 +39,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['Name']).to eql("id")
expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['FriendlyName']).to eql("id")
expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['NameFormat']).to eql("urn:oasis:names:tc:SAML:2.0:attrname-format:uri")
+ expect(result['EntityDescriptor']['IDPSSODescriptor']['KeyDescriptor']['KeyInfo']['X509Data']['X509Certificate']).to eql(Saml::Kit.configuration.stripped_signing_certificate)
expect(result['EntityDescriptor']['Organization']['OrganizationName']).to eql(org_name)
expect(result['EntityDescriptor']['Organization']['OrganizationDisplayName']).to eql(org_name)
spec/saml/service_provider_metadata_spec.rb
@@ -1,14 +1,14 @@
require 'spec_helper'
RSpec.describe Saml::Kit::ServiceProviderMetadata do
- let(:entity_id) { FFaker::Movie.title }
- let(:acs_post_url) { "https://#{FFaker::Internet.domain_name}/post" }
- let(:acs_redirect_url) { "https://#{FFaker::Internet.domain_name}/redirect" }
- let(:logout_post_url) { "https://#{FFaker::Internet.domain_name}/post" }
- let(:logout_redirect_url) { "https://#{FFaker::Internet.domain_name}/redirect" }
+ let(:entity_id) { FFaker::Internet.http_url }
+ let(:acs_post_url) { FFaker::Internet.http_url }
+ let(:acs_redirect_url) { FFaker::Internet.http_url }
+ let(:logout_post_url) { FFaker::Internet.http_url }
+ let(:logout_redirect_url) { FFaker::Internet.http_url }
describe described_class::Builder do
- let(:acs_url) { "https://#{FFaker::Internet.domain_name}/acs" }
+ let(:acs_url) { FFaker::Internet.http_url }
<<-XML
<?xml version="1.0" encoding="UTF-8"?>