Commit d2b404e
Changed files (3)
lib
saml
spec
saml
lib/saml/kit/namespaces.rb
@@ -29,6 +29,7 @@ module Saml
URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
VERSION_MISMATCH_ERROR = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
XMLDSIG = "http://www.w3.org/2000/09/xmldsig#"
+ XMLENC = "http://www.w3.org/2001/04/xmlenc#"
end
end
end
lib/saml/kit/response.rb
@@ -131,32 +131,60 @@ module Saml
xml.Status do
xml.StatusCode Value: status_code
end
- xml.Assertion(assertion_options) do
- xml.Issuer issuer
- signature.template(reference_id)
- xml.Subject do
- xml.NameID user.name_id_for(request.name_id_format), Format: request.name_id_format
- xml.SubjectConfirmation Method: Namespaces::BEARER do
- xml.SubjectConfirmationData "", subject_confirmation_data_options
+ assertion(xml, signature)
+ end
+ end
+ end
+
+ def build
+ Response.new(to_xml, request_id: request.id)
+ end
+
+ private
+
+ def assertion(xml, signature)
+ if encrypt
+ xml.EncryptedAssertion xmlns: Namespaces::ASSERTION do
+ xml.EncryptedData xmlns: Namespaces::XMLENC, TYPE: "http://www.w3.org/2001/04/xmlenc#Element" do
+ xml.KeyInfo xmlns: Namespaces::XMLDSIG do
+ xml.EncryptedKey xmlns: Namespaces::XMLENC do
+ xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
+ xml.CipherData do
+ xml.CipherValue ""
+ end
end
end
- xml.Conditions conditions_options do
- xml.AudienceRestriction do
- xml.Audience request.issuer
- end
+ xml.CipherData do
+ xml.CipherValue ""
end
- xml.AuthnStatement authn_statement_options do
- xml.AuthnContext do
- xml.AuthnContextClassRef Namespaces::PASSWORD
- end
+ end
+ end
+ else
+ xml.Assertion(assertion_options) do
+ xml.Issuer issuer
+ signature.template(reference_id)
+ xml.Subject do
+ xml.NameID user.name_id_for(request.name_id_format), Format: request.name_id_format
+ xml.SubjectConfirmation Method: Namespaces::BEARER do
+ xml.SubjectConfirmationData "", subject_confirmation_data_options
+ end
+ end
+ xml.Conditions conditions_options do
+ xml.AudienceRestriction do
+ xml.Audience request.issuer
end
- assertion_attributes = user.assertion_attributes_for(request)
- if assertion_attributes.any?
- xml.AttributeStatement do
- assertion_attributes.each do |key, value|
- xml.Attribute Name: key, NameFormat: Namespaces::URI, FriendlyName: key do
- xml.AttributeValue value.to_s
- end
+ end
+ xml.AuthnStatement authn_statement_options do
+ xml.AuthnContext do
+ xml.AuthnContextClassRef Namespaces::PASSWORD
+ end
+ end
+ assertion_attributes = user.assertion_attributes_for(request)
+ if assertion_attributes.any?
+ xml.AttributeStatement do
+ assertion_attributes.each do |key, value|
+ xml.Attribute Name: key, NameFormat: Namespaces::URI, FriendlyName: key do
+ xml.AttributeValue value.to_s
end
end
end
@@ -165,12 +193,6 @@ module Saml
end
end
- def build
- Response.new(to_xml, request_id: request.id)
- end
-
- private
-
def destination_for(request)
if request.signed? && request.trusted?
request.acs_url || request.provider.assertion_consumer_service_for(binding: :http_post).try(:location)
spec/saml/response_spec.rb
@@ -415,7 +415,7 @@ RSpec.describe Saml::Kit::Response do
end
describe "#to_xml" do
- xit 'generates an EncryptedAssertion' do
+ it 'generates an EncryptedAssertion' do
subject.encrypt = true
result = Hash.from_xml(subject.to_xml)
expect(result['Response']['EncryptedAssertion']).to be_present