Skip to content

Commit 6024dac

Browse files
committed
Release 2.0.2 that uses ruby-saml 1.0.0
1 parent 4e262e3 commit 6024dac

File tree

7 files changed

+60
-50
lines changed

7 files changed

+60
-50
lines changed

Gemfile

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
source 'https://rubygems.org'
22

3-
gem 'ruby-saml', :git => 'https://github.com/onelogin/ruby-saml.git'
3+
gem 'ruby-saml', '~> 1.0.0'
44

55
gem 'byebug'
66

Gemfile.lock

+7-8
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,8 @@
1-
GIT
2-
remote: https://github.com/onelogin/ruby-saml.git
3-
revision: 9627684fc6356c5619e542494601576b751dc76a
1+
PATH
2+
remote: /home/pitbulk/proyectos/ruby-saml
43
specs:
5-
ruby-saml (0.8.1)
6-
nokogiri (>= 1.5.0)
4+
ruby-saml (1.0.0)
5+
nokogiri (>= 1.5.10)
76
uuid (~> 2.3)
87

98
GEM
@@ -56,10 +55,10 @@ GEM
5655
mime-types (~> 1.16)
5756
treetop (~> 1.4.8)
5857
mime-types (1.25.1)
59-
mini_portile (0.6.1)
58+
mini_portile (0.6.2)
6059
minitest (5.5.0)
6160
multi_json (1.10.1)
62-
nokogiri (1.6.5)
61+
nokogiri (1.6.6.2)
6362
mini_portile (~> 0.6.0)
6463
polyglot (0.3.5)
6564
rack (1.5.2)
@@ -99,7 +98,7 @@ GEM
9998
activesupport (>= 3.0)
10099
sprockets (>= 2.8, < 4.0)
101100
sqlite3 (1.3.10)
102-
systemu (2.6.4)
101+
systemu (2.6.5)
103102
thor (0.19.1)
104103
thread_safe (0.3.4)
105104
tilt (1.4.1)

README.md

+3-1
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ link:files/vendor/rails/actionpack/README.html.
2929
Supported Version
3030
-----------------
3131

32-
This ruby-saml-example project works with rails4 and uses is compatible with the ruby-saml toolkit >= 0.8.1.
32+
This ruby-saml-example project works with rails4 and uses is compatible with the ruby-saml toolkit >= 1.0.0.
3333

3434
Getting Started
3535
---------------
@@ -143,6 +143,8 @@ Also, Ruby documentation can be found at http://www.ruby-lang.org/ including:
143143
These two online (and free) books will bring you up to speed on the Ruby language
144144
and also on programming in general.
145145

146+
Documentation related to configuring logging on ruby-saml can be found at:
147+
https://github.com/onelogin/ruby-saml#configuring-logging
146148

147149
Debugger
148150
--------

app/controllers/saml_controller.rb

+24-38
Original file line numberDiff line numberDiff line change
@@ -18,17 +18,19 @@ def sso
1818
end
1919

2020
def acs
21-
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
22-
response.settings = Account.get_saml_settings
21+
settings = Account.get_saml_settings
22+
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => settings)
2323

2424
if response.is_valid?
25-
session[:user_id] = response.name_id
25+
session[:nameid] = response.nameid
2626
session[:attributes] = response.attributes
2727
@attrs = session[:attributes]
2828
logger.info "Sucessfully logged"
29-
logger.info "NAMEID: #{response.name_id}"
29+
logger.info "NAMEID: #{response.nameid}"
3030
render :action => :index
3131
else
32+
logger.info "Response Invalid. Errors: #{response.errors}"
33+
@errors = response.errors
3234
render :action => :fail
3335
end
3436
end
@@ -69,13 +71,13 @@ def sp_logout_request
6971
# to compare it with the response we get back
7072
logout_request = OneLogin::RubySaml::Logoutrequest.new()
7173
session[:transaction_id] = logout_request.uuid
72-
logger.info "New SP SLO for User ID: '#{session[:user_id]}', Transaction ID: '#{session[:transaction_id]}'"
74+
logger.info "New SP SLO for User ID: '#{session[:nameid]}', Transaction ID: '#{session[:transaction_id]}'"
7375

7476
if settings.name_identifier_value.nil?
75-
settings.name_identifier_value = session[:user_id]
77+
settings.name_identifier_value = session[:nameid]
7678
end
7779

78-
relayState = url_for controller: 'saml', action: 'index'
80+
relayState = url_for controller: 'saml', action: 'index'
7981
redirect_to(logout_request.create(settings, :RelayState => relayState))
8082
end
8183
end
@@ -84,55 +86,39 @@ def sp_logout_request
8486
# the LogoutResponse, verify it, then actually delete our session.
8587
def process_logout_response
8688
settings = Account.get_saml_settings
87-
88-
if session.has_key? :transation_id
89-
logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => session[:transation_id])
90-
else
91-
logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings)
92-
end
93-
94-
logger.info "LogoutResponse is: #{logout_response.to_s}"
89+
request_id = session[:transaction_id]
90+
logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => request_id, :get_params => params)
91+
logger.info "LogoutResponse is: #{logout_response.response.to_s}"
9592

9693
# Validate the SAML Logout Response
9794
if not logout_response.validate
98-
logger.error "The SAML Logout Response is invalid"
95+
error_msg = "The SAML Logout Response is invalid. Errors: #{logout_response.errors}"
96+
logger.error error_msg
97+
render :inline => error_msg
9998
else
10099
# Actually log out this session
101100
if logout_response.success?
102-
logger.info "Delete session for '#{session[:user_id]}'"
101+
logger.info "Delete session for '#{session[:nameid]}'"
103102
reset_session
104103
end
105104
end
106105
end
107106

108-
# Method to handle IdP initiated logouts
107+
# Method to handle IdP initiated logouts
109108
def idp_logout_request
110109
settings = Account.get_saml_settings
111-
logout_request = OneLogin::RubySaml::SloLogoutrequest.new(params[:SAMLRequest])
112-
if !logout_request.is_valid?
113-
logger.error "IdP initiated LogoutRequest was not valid!"
114-
render :inline => logger.error
110+
logout_request = OneLogin::RubySaml::SloLogoutrequest.new(params[:SAMLRequest], :settings => settings)
111+
if not logout_request.is_valid?
112+
error_msg = "IdP initiated LogoutRequest was not valid!. Errors: #{logout_request.errors}"
113+
logger.error error_msg
114+
render :inline => error_msg
115115
end
116-
logger.info "IdP initiated Logout for #{logout_request.name_id}"
116+
logger.info "IdP initiated Logout for #{logout_request.nameid}"
117117

118118
# Actually log out this session
119119
reset_session
120120

121-
# Generate a response to the IdP. :transaction_id sets the InResponseTo
122-
# SAML message to create a reply to the IdP in the LogoutResponse.
123-
#action, content = logout_response = OneLogin::RubySaml::Logoutresponse.new(nil, settings).
124-
# create(:transaction_id => logout_request.transaction_id)
125-
126-
#case action
127-
# when "GET"
128-
# # for GET requests, do a redirect on the content
129-
# redirect_to content
130-
# when "POST"
131-
# # for POST requests (form) render the content as HTML
132-
# render :inline => content
133-
#end logout_request_id = logout_request.id
134-
135-
logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, :RelayState => params[:RelayState])
121+
logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request.id, nil, :RelayState => params[:RelayState])
136122
redirect_to logout_response
137123
end
138124

app/models/account.rb

+18
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,17 @@ def self.get_saml_settings
44
# should retrieve SAML-settings based on subdomain, IP-address, NameID or similar
55
settings = OneLogin::RubySaml::Settings.new
66

7+
# When disabled, saml validation errors will raise an exception.
8+
settings.soft = true
9+
710
# Example settings data, replace this values!
11+
12+
# SP section
813
settings.assertion_consumer_service_url = "http://localhost:3000/saml/acs"
914
settings.assertion_consumer_logout_service_url = "http://localhost:3000/saml/logout"
1015
settings.issuer = "http://localhost:3000/saml/metadata"
16+
17+
# IdP section
1118
settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/<onelogin-app-id>"
1219
settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin-app-id>"
1320
settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin-app-id>"
@@ -28,7 +35,18 @@ def self.get_saml_settings
2835
Tc0=
2936
-----END CERTIFICATE-----"
3037
# or settings.idp_cert_fingerprint = "3B:05:BE:0A:EC:84:CC:D4:75:97:B3:A2:22:AC:56:21:44:EF:59:E6"
38+
# settings.idp_cert_fingerprint_algorithm = XMLSecurity::Document::SHA1
39+
3140
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
41+
42+
# Security section
43+
settings.security[:authn_requests_signed] = false
44+
settings.security[:logout_requests_signed] = false
45+
settings.security[:logout_responses_signed] = false
46+
settings.security[:metadata_signed] = false
47+
settings.security[:digest_method] = XMLSecurity::Document::SHA1
48+
settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
49+
3250
settings
3351
end
3452
end

app/views/saml/fail.html.erb

+5
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
11
<html>
22
<body>
33
<h4>SAML Response invalid</h4>
4+
<% if @errors %>
5+
<% @errors.each do |error| %>
6+
<p><%= error %></p>
7+
<% end %>
8+
<% end %>
49
</body>
510
</html>

app/views/saml/index.html.erb

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
<% if session[:user_id].present? %>
2-
<p>Logged in. <%= session[:user_id] %></p>
1+
<% if session[:nameid].present? %>
2+
<p>NameID: <%= session[:nameid] %></p>
33

44
<% if @attrs.any? %>
55
<p>Received the following attributes in the SAML Response:</p>

0 commit comments

Comments
 (0)