Commit 8ac6fd1
Changed files (2)
lib
saml
spec
lib/saml/kit/composite_metadata.rb
@@ -4,15 +4,11 @@ module Saml
attr_reader :service_provider, :identity_provider
def initialize(xml)
- super("", xml)
+ super("IDPSSODescriptor", xml)
@service_provider = Saml::Kit::ServiceProviderMetadata.new(xml)
@identity_provider = Saml::Kit::IdentityProviderMetadata.new(xml)
end
- def assertion_consumer_services
- service_provider.assertion_consumer_services
- end
-
def services(type)
xpath = "//md:EntityDescriptor/md:SPSSODescriptor/md:#{type}|//md:EntityDescriptor/md:IDPSSODescriptor/md:#{type}"
document.find_all(xpath).map do |item|
@@ -22,10 +18,15 @@ module Saml
end
end
+ def certificates
+ identity_provider.certificates + service_provider.certificates
+ end
+
def method_missing(name, *args)
- puts [name, args].inspect
if identity_provider.respond_to?(name)
identity_provider.public_send(name, *args)
+ elsif service_provider.respond_to?(name)
+ service_provider.public_send(name, *args)
else
super
end
spec/saml/composite_metadata_spec.rb
@@ -5,16 +5,48 @@ RSpec.describe Saml::Kit::CompositeMetadata do
let(:post_binding) { Saml::Kit::Bindings::HTTP_POST }
let(:redirect_binding) { Saml::Kit::Bindings::HTTP_REDIRECT }
let(:sign_on_service) { FFaker::Internet.uri("https") }
+ let(:assertion_consumer_service) { FFaker::Internet.uri("https") }
+ let(:sp_logout_service) { FFaker::Internet.uri("https") }
+ let(:idp_logout_service) { FFaker::Internet.uri("https") }
+ let(:entity_id) { FFaker::Internet.uri("https") }
let(:xml) do
<<-XML
-<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Saml::Kit::Id.generate}" entityID="#{FFaker::Internet.uri("https")}">
+<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Saml::Kit::Id.generate}" entityID="#{entity_id}">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
- <SingleLogoutService Binding="#{post_binding}" Location="#{FFaker::Internet.uri("https")}"/>
+ <KeyDescriptor use="signing">
+ <KeyInfo xmlns="#{Saml::Kit::Namespaces::XMLDSIG}">
+ <X509Data>
+ <X509Certificate>SP-Signing-Certificate</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <KeyInfo xmlns="#{Saml::Kit::Namespaces::XMLDSIG}">
+ <X509Data>
+ <X509Certificate>SP-Encryption-Certificate</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="#{post_binding}" Location="#{sp_logout_service}"/>
<NameIDFormat>#{Saml::Kit::Namespaces::PERSISTENT}</NameIDFormat>
- <AssertionConsumerService Binding="#{post_binding}" Location="#{FFaker::Internet.uri("https")}" index="0" isDefault="true"/>
+ <AssertionConsumerService Binding="#{post_binding}" Location="#{assertion_consumer_service}" index="0" isDefault="true"/>
</SPSSODescriptor>
<IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
- <SingleLogoutService Binding="#{post_binding}" Location="#{FFaker::Internet.uri("https")}"/>
+ <KeyDescriptor use="signing">
+ <KeyInfo xmlns="#{Saml::Kit::Namespaces::XMLDSIG}">
+ <X509Data>
+ <X509Certificate>IDP-Signing-Certificate</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <KeyInfo xmlns="#{Saml::Kit::Namespaces::XMLDSIG}">
+ <X509Data>
+ <X509Certificate>IDP-Encryption-Certificate</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="#{post_binding}" Location="#{idp_logout_service}"/>
<NameIDFormat>#{Saml::Kit::Namespaces::PERSISTENT}</NameIDFormat>
<SingleSignOnService Binding="#{post_binding}" Location="#{sign_on_service}"/>
<SingleSignOnService Binding="#{redirect_binding}" Location="#{sign_on_service}"/>
@@ -52,4 +84,55 @@ RSpec.describe Saml::Kit::CompositeMetadata do
it { expect(subject.want_authn_requests_signed).to be_truthy }
it { expect(subject.attributes).to match_array([name: 'id', format: nil]) }
it { expect(subject.login_request_for(binding: :http_post)).to be_present }
+ it do
+ expect(subject.assertion_consumer_services).to match_array([
+ Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service)
+ ])
+ end
+ it do
+ expect(subject.assertion_consumer_service_for(binding: :http_post)).to eql(
+ Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service)
+ )
+ end
+ it { expect(subject.want_assertions_signed).to be_truthy }
+ it { expect(subject.entity_id).to eql(entity_id) }
+ it { expect(subject.name_id_formats).to match_array([Saml::Kit::Namespaces::PERSISTENT]) }
+ it do
+ expect(subject.certificates).to match_array([
+ Saml::Kit::Certificate.new('SP-Signing-Certificate', use: :signing),
+ Saml::Kit::Certificate.new('SP-Encryption-Certificate', use: :encryption),
+ Saml::Kit::Certificate.new('IDP-Signing-Certificate', use: :signing),
+ Saml::Kit::Certificate.new('IDP-Encryption-Certificate', use: :encryption),
+ ])
+ end
+
+ it do
+ expect(subject.encryption_certificates).to match_array([
+ Saml::Kit::Certificate.new('SP-Encryption-Certificate', use: :encryption),
+ Saml::Kit::Certificate.new('IDP-Encryption-Certificate', use: :encryption),
+ ])
+ end
+ it do
+ expect(subject.signing_certificates).to match_array([
+ Saml::Kit::Certificate.new('SP-Signing-Certificate', use: :signing),
+ Saml::Kit::Certificate.new('IDP-Signing-Certificate', use: :signing),
+ ])
+ end
+ it do
+ expect(subject.services('SingleLogoutService')).to match_array([
+ Saml::Kit::Bindings::HttpPost.new(location: sp_logout_service),
+ Saml::Kit::Bindings::HttpPost.new(location: idp_logout_service),
+ ])
+ end
+ it do
+ expect(subject.services('AssertionConsumerService')).to match_array([
+ Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service),
+ ])
+ end
+ it do
+ expect(subject.services('SingleSignOnService')).to match_array([
+ Saml::Kit::Bindings::HttpPost.new(location: sign_on_service),
+ Saml::Kit::Bindings::HttpRedirect.new(location: sign_on_service),
+ ])
+ end
end