Comparing changes

v1.0.22 → v1.0.23

2 commits 4 files changed

Commits

d1b3d41 allow custom default nameid format for encrypted assertions. mo 2018-08-23 17:55:48

57ee72a pingfed demands that SubjectConfirmationData#NotOnOrAfter be present. mo 2018-08-13 18:11:58

Changed files (4)

lib

saml

kit

builders

assertion.rb

encrypted_assertion.rb

version.rb

spec

saml

kit

builders

response_spec.rb

lib/saml/kit/builders/assertion.rb

@@ -53,6 +53,7 @@ module Saml
           options = {}
           options[:InResponseTo] = request.id if request.present?
           options[:Recipient] = destination if destination.present?
+          options[:NotOnOrAfter] = (now + 5.minutes).utc.iso8601
           options
         end

lib/saml/kit/builders/encrypted_assertion.rb

@@ -14,6 +14,10 @@ module Saml
           :configuration,
           :encryption_certificate
 
+        def_delegators :@assertion,
+          :default_name_id_format,
+          :default_name_id_format=
+
         def initialize(response_builder, assertion)
           @response_builder = response_builder
           @assertion = assertion

lib/saml/kit/version.rb

@@ -2,6 +2,6 @@
 
 module Saml
   module Kit
-    VERSION = '1.0.21'.freeze
+    VERSION = '1.0.23'.freeze
   end
 end

spec/saml/kit/builders/response_spec.rb

@@ -32,6 +32,23 @@ RSpec.describe Saml::Kit::Builders::Response do
       expect(result).to be_valid
     end
 
+    it 'builds an encrypted assertion with a custom default nameid format' do
+      allow(configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
+      allow(provider).to receive(:matches?).and_return(true)
+      allow(request).to receive(:name_id_format).and_return(nil)
+
+      subject.assertion.default_name_id_format = Saml::Kit::Namespaces::TRANSIENT
+      subject.embed_signature = true
+      subject.encrypt = true
+
+      result = Hash.from_xml(subject.to_xml)
+      expect(result['Response']['EncryptedAssertion']).to be_present
+      encrypted_assertion = result['Response']['EncryptedAssertion']
+      decrypted_assertion = Xml::Kit::Decryption.new(private_keys: configuration.private_keys(use: :encryption)).decrypt_hash(encrypted_assertion)
+      document = Saml::Kit::Document.new(decrypted_assertion, name: 'Assertion')
+      expect(document.at_xpath('//saml:NameID/@Format').value).to eql(Saml::Kit::Namespaces::TRANSIENT)
+    end
+
     it 'includes the issuer' do
       subject.encrypt = false
       result = subject.build
@@ -76,7 +93,7 @@ RSpec.describe Saml::Kit::Builders::Response do
 
       expect(hash['Response']['Assertion']['Subject']['NameID']).to eql(user.name_id)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['Method']).to eql('urn:oasis:names:tc:SAML:2.0:cm:bearer')
-      expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to be_nil
+      expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to eql(5.minutes.from_now.utc.iso8601)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['Recipient']).to eql(assertion_consumer_service_url)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['InResponseTo']).to eql(request.id)