Commit ae94a33

mo <mo@mokhan.ca>
2018-08-09 22:40:19
omit format if it is not specified.
main
1 parent b5f302b
Changed files (4)
lib
saml
kit
builders
templates
assertion.builder
assertion.rb
version.rb
spec
saml
kit
builders
response_spec.rb
lib/saml/kit/builders/templates/assertion.builder
@@ -4,7 +4,7 @@ xml.Assertion(assertion_options) do
   xml.Issuer issuer
   signature_for(reference_id: reference_id, xml: xml)
   xml.Subject do
-    xml.NameID name_id, Format: name_id_format
+    xml.NameID name_id, name_id_options
     xml.SubjectConfirmation Method: Saml::Kit::Namespaces::BEARER do
       xml.SubjectConfirmationData '', subject_confirmation_data_options
     end
lib/saml/kit/builders/assertion.rb
@@ -64,10 +64,13 @@ module Saml
           {
             AuthnInstant: now.iso8601,
             SessionIndex: reference_id,
-            SessionNotOnOrAfter:
-            configuration.session_timeout.since(now).utc.iso8601,
+            SessionNotOnOrAfter: configuration.session_timeout.since(now).utc.iso8601,
           }
         end
+
+        def name_id_options
+          name_id_format.blank? ? {} : { Format: name_id_format }
+        end
       end
     end
   end
lib/saml/kit/version.rb
@@ -2,6 +2,6 @@
 
 module Saml
   module Kit
-    VERSION = '1.0.16'.freeze
+    VERSION = '1.0.17'.freeze
   end
 end
spec/saml/kit/builders/response_spec.rb
@@ -165,6 +165,22 @@ RSpec.describe Saml::Kit::Builders::Response do
       expect(result.assertion).not_to be_signed
       expect(result.assertion).to be_encrypted
     end
+
+    it 'excludes the nameid format when the request does not specify a nameid format in the nameid policy' do
+      xml = <<-XML.strip_heredoc
+        <samlp:AuthnRequest Version="2.0" ID="I_RzVGR.ktLi_wpo3IbsgwVJ2r8" IssueInstant="#{Time.now.iso8601}" Destination="#{FFaker::Internet.uri('https')}" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+          <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#{FFaker::Name.first_name}</saml:Issuer>
+          <samlp:NameIDPolicy AllowCreate="true" />
+          <samlp:RequestedAuthnContext Comparison="exact">
+            <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+          </samlp:RequestedAuthnContext>
+        </samlp:AuthnRequest>
+      XML
+      authnrequest = Saml::Kit::AuthenticationRequest.new(xml)
+      user = User.new(name_id: FFaker::Internet.email)
+      result = Saml::Kit::Response.build(user, authnrequest)
+      expect(result.assertion.name_id_format).to be_nil
+    end
   end
 
   describe '.build' do