Commit e04259d
Changed files (11)
lib/saml/kit/bindings/http_post.rb
@@ -5,7 +5,7 @@ module Saml
include Serializable
def initialize(location:)
- super(binding: Saml::Kit::Namespaces::HTTP_POST, location: location)
+ super(binding: Saml::Kit::Bindings::HTTP_POST, location: location)
end
def serialize(builder, relay_state: nil)
lib/saml/kit/bindings/http_redirect.rb
@@ -5,7 +5,7 @@ module Saml
include Serializable
def initialize(location:)
- super(binding: Saml::Kit::Namespaces::HTTP_REDIRECT, location: location)
+ super(binding: Saml::Kit::Bindings::HTTP_REDIRECT, location: location)
end
def serialize(builder, relay_state: nil)
lib/saml/kit/bindings.rb
@@ -0,0 +1,35 @@
+require "saml/kit/bindings/binding"
+require "saml/kit/bindings/http_post"
+require "saml/kit/bindings/http_redirect"
+require "saml/kit/bindings/url_builder"
+
+module Saml
+ module Kit
+ module Bindings
+ HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'
+ HTTP_POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ ALL = {
+ post: HTTP_POST,
+ http_post: HTTP_POST,
+ http_redirect: HTTP_REDIRECT,
+ http_artifact: HTTP_ARTIFACT,
+ }
+
+ def self.binding_for(binding)
+ ALL[binding]
+ end
+
+ def self.create_for(binding, location)
+ case binding
+ when HTTP_REDIRECT
+ HttpRedirect.new(location: location)
+ when HTTP_POST
+ HttpPost.new(location: location)
+ else
+ Binding.new(binding: binding, location: location)
+ end
+ end
+ end
+ end
+end
lib/saml/kit/identity_provider_metadata.rb
@@ -48,12 +48,12 @@ module Saml
@want_authn_requests_signed = true
end
- def add_single_sign_on_service(url, binding: :post)
- @single_sign_on_urls.push(location: url, binding: Namespaces.binding_for(binding))
+ def add_single_sign_on_service(url, binding: :http_post)
+ @single_sign_on_urls.push(location: url, binding: Bindings.binding_for(binding))
end
- def add_single_logout_service(url, binding: :post)
- @logout_urls.push(location: url, binding: Namespaces.binding_for(binding))
+ def add_single_logout_service(url, binding: :http_post)
+ @logout_urls.push(location: url, binding: Bindings.binding_for(binding))
end
def to_xml
lib/saml/kit/metadata.rb
@@ -62,7 +62,7 @@ module Saml
end
def service_for(binding:, type:)
- binding = Saml::Kit::Namespaces.binding_for(binding)
+ binding = Saml::Kit::Bindings.binding_for(binding)
services(type).find { |x| x.binding?(binding) }
end
@@ -158,14 +158,7 @@ module Saml
end
def binding_for(binding, location)
- case binding
- when Namespaces::HTTP_REDIRECT
- Saml::Kit::Bindings::HttpRedirect.new(location: location)
- when Namespaces::POST
- Saml::Kit::Bindings::HttpPost.new(location: location)
- else
- Saml::Kit::Bindings::Binding.new(binding: binding, location: location)
- end
+ Bindings.create_for(binding, location)
end
end
end
lib/saml/kit/namespaces.rb
@@ -7,9 +7,6 @@ module Saml
BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
ENVELOPED_SIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
- HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'
- HTTP_POST = POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
PASSWORD_PROTECTED = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -32,16 +29,6 @@ module Saml
URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
VERSION_MISMATCH_ERROR = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
XMLDSIG = "http://www.w3.org/2000/09/xmldsig#"
-
- def self.binding_for(binding)
- if :post == binding
- Namespaces::HTTP_POST
- elsif :http_redirect == binding
- Namespaces::HTTP_REDIRECT
- else
- nil
- end
- end
end
end
end
lib/saml/kit/service_provider_metadata.rb
@@ -36,11 +36,11 @@ module Saml
end
def add_assertion_consumer_service(url, binding: :post)
- @acs_urls.push(location: url, binding: Namespaces.binding_for(binding))
+ @acs_urls.push(location: url, binding: Bindings.binding_for(binding))
end
def add_single_logout_service(url, binding: :post)
- @logout_urls.push(location: url, binding: Namespaces.binding_for(binding))
+ @logout_urls.push(location: url, binding: Bindings.binding_for(binding))
end
def to_xml
lib/saml/kit.rb
@@ -21,10 +21,7 @@ require "saml/kit/trustable"
require "saml/kit/document"
require "saml/kit/authentication_request"
-require "saml/kit/bindings/binding"
-require "saml/kit/bindings/http_post"
-require "saml/kit/bindings/http_redirect"
-require "saml/kit/bindings/url_builder"
+require "saml/kit/bindings"
require "saml/kit/configuration"
require "saml/kit/default_registry"
require "saml/kit/fingerprint"
spec/saml/bindings/binding_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
RSpec.describe Saml::Kit::Bindings::Binding do
let(:location) { FFaker::Internet.http_url }
- subject { described_class.new(binding: Saml::Kit::Namespaces::HTTP_ARTIFACT, location: location) }
+ subject { described_class.new(binding: Saml::Kit::Bindings::HTTP_ARTIFACT, location: location) }
describe "#serialize" do
it 'ignores other bindings' do
spec/saml/identity_provider_metadata_spec.rb
@@ -14,8 +14,8 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it do
location = "https://dev.oktapreview.com/app/example/1/sso/saml"
expect(subject.single_sign_on_services.map(&:to_h)).to match_array([
- { binding: Saml::Kit::Namespaces::HTTP_POST, location: location },
- { binding: Saml::Kit::Namespaces::HTTP_REDIRECT, location: location },
+ { binding: Saml::Kit::Bindings::HTTP_POST, location: location },
+ { binding: Saml::Kit::Bindings::HTTP_REDIRECT, location: location },
])
end
it { expect(subject.single_logout_services).to be_empty }
@@ -47,15 +47,15 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it do
location = "https://www.example.com/adfs/ls/"
expect(subject.single_sign_on_services.map(&:to_h)).to match_array([
- { location: location, binding: Saml::Kit::Namespaces::HTTP_REDIRECT },
- { location: location, binding: Saml::Kit::Namespaces::HTTP_POST },
+ { location: location, binding: Saml::Kit::Bindings::HTTP_REDIRECT },
+ { location: location, binding: Saml::Kit::Bindings::HTTP_POST },
])
end
it do
location = "https://www.example.com/adfs/ls/"
expect(subject.single_logout_services.map(&:to_h)).to match_array([
- { location: location, binding: Saml::Kit::Namespaces::HTTP_REDIRECT },
- { location: location, binding: Saml::Kit::Namespaces::HTTP_POST },
+ { location: location, binding: Saml::Kit::Bindings::HTTP_REDIRECT },
+ { location: location, binding: Saml::Kit::Bindings::HTTP_POST },
])
end
it do
@@ -129,13 +129,13 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it 'returns the POST binding' do
result = subject.single_sign_on_service_for(binding: :post)
expect(result.location).to eql(post_url)
- expect(result.binding).to eql(Saml::Kit::Namespaces::POST)
+ expect(result.binding).to eql(Saml::Kit::Bindings::HTTP_POST)
end
it 'returns the HTTP_REDIRECT binding' do
result = subject.single_sign_on_service_for(binding: :http_redirect)
expect(result.location).to eql(redirect_url)
- expect(result.binding).to eql(Saml::Kit::Namespaces::HTTP_REDIRECT)
+ expect(result.binding).to eql(Saml::Kit::Bindings::HTTP_REDIRECT)
end
it 'returns nil if the binding cannot be found' do
@@ -219,9 +219,9 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
Saml::Kit::Namespaces::TRANSIENT,
Saml::Kit::Namespaces::EMAIL_ADDRESS,
])
- expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Binding']).to eql(Saml::Kit::Namespaces::HTTP_REDIRECT)
+ expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Binding']).to eql(Saml::Kit::Bindings::HTTP_REDIRECT)
expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Location']).to eql("https://www.example.com/login")
- expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Binding']).to eql(Saml::Kit::Namespaces::HTTP_POST)
+ expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Binding']).to eql(Saml::Kit::Bindings::HTTP_POST)
expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Location']).to eql("https://www.example.com/logout")
expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['Name']).to eql("id")
expect(result['EntityDescriptor']['IDPSSODescriptor']['KeyDescriptor']['KeyInfo']['X509Data']['X509Certificate']).to eql(Saml::Kit.configuration.stripped_signing_certificate)
spec/saml/service_provider_metadata_spec.rb
@@ -79,15 +79,15 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
it 'returns each acs url and binding' do
expect(subject.assertion_consumer_services.map(&:to_h)).to match_array([
- { location: acs_post_url, binding: Saml::Kit::Namespaces::POST },
- { location: acs_redirect_url, binding: Saml::Kit::Namespaces::HTTP_REDIRECT },
+ { location: acs_post_url, binding: Saml::Kit::Bindings::HTTP_POST },
+ { location: acs_redirect_url, binding: Saml::Kit::Bindings::HTTP_REDIRECT },
])
end
it 'returns each logout url and binding' do
expect(subject.single_logout_services.map(&:to_h)).to match_array([
- { location: logout_post_url, binding: Saml::Kit::Namespaces::POST },
- { location: logout_redirect_url, binding: Saml::Kit::Namespaces::HTTP_REDIRECT },
+ { location: logout_post_url, binding: Saml::Kit::Bindings::HTTP_POST },
+ { location: logout_redirect_url, binding: Saml::Kit::Bindings::HTTP_REDIRECT },
])
end
@@ -155,7 +155,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="_#{SecureRandom.uuid}" entityID="#{entity_id}">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
- <SingleLogoutService Binding="#{Saml::Kit::Namespaces::HTTP_POST}" Location="#{FFaker::Internet.uri("https")}"/>
+ <SingleLogoutService Binding="#{Saml::Kit::Bindings::HTTP_POST}" Location="#{FFaker::Internet.uri("https")}"/>
<NameIDFormat>#{Saml::Kit::Namespaces::PERSISTENT}</NameIDFormat>
</SPSSODescriptor>
</EntityDescriptor>