Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
3fd021c
Set minimum test coverage (#207)
mjobin-mdsol Sep 3, 2024
94b00bc
[fix] Flaky test (#220)
Zogoo Sep 17, 2024
b488008
Update saml_idp.gemspec (#215)
atish23 Sep 17, 2024
2003c94
Add dependency of ostruct gem, to fix warning of ostruct was loaded (…
taketo1113 Sep 18, 2024
62ca537
Check if Rails is fully initialized (#216)
aleksandr-obukhov Sep 23, 2024
101925b
Add new versions for CI (#223)
Zogoo Oct 24, 2024
12416c4
[feat] External Signature param for Redirect Binding (#203)
Zogoo Oct 24, 2024
4b7e4c8
[improvements] Return error to application and support SLO request va…
Zogoo Oct 29, 2024
6f832af
Alternative to support multiple x509 Certificates via procs (#211)
pelted Nov 1, 2024
fb44202
[fix] Accept reference id for SAML response (#226)
Zogoo Nov 4, 2024
78c1868
Switchable assertion signature flag (#228)
Zogoo Nov 17, 2024
9780e65
Use concurrent ruby fixed version for test (#230)
Zogoo Jan 21, 2025
75b1cd9
Add Ruby 3.4 and Rails 8.0/7.2 to CI matrix (#236)
taketo1113 Aug 17, 2025
e7af4e2
v1 (#239)
jphenow Oct 9, 2025
abce86e
CI: Follow up to add Rails 8.0 to CI matrix (#240)
taketo1113 Oct 13, 2025
407602d
[fix] Configure a certificate and private key for each response (#227)
Zogoo Nov 3, 2025
ed7e2d2
CI: Add Ruby 4.0 and Rails 8.1 to CI Matrix (#243)
taketo1113 Feb 2, 2026
4dde1a3
Fix CSRF token leakage in SAML POST binding template (#241)
tyage Feb 2, 2026
8bdcfe2
Basic patch of our assertion extension feature for upstream introduction
pelted Feb 2, 2026
a09cc25
Add documentation for AssertionExtension class
pelted Feb 2, 2026
4e13a91
Make SubjectConfirmationData extension additive instead of replacing
pelted Apr 23, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 55 additions & 12 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,38 +10,81 @@ jobs:
strategy:
fail-fast: false
matrix:
ruby: ['2.5', '2.6', '2.7', '3.0', '3.1', '3.2', '3.3']
gemfile: [rails_5.2.gemfile, rails_6.1.gemfile, rails_7.0.gemfile, rails_7.1.gemfile, rails_dev.gemfile]
ruby: ['2.5', '2.6', '2.7', '3.0', '3.1', '3.2', '3.3', '3.4', '4.0']
gemfile: [rails_5.2.gemfile, rails_6.1.gemfile, rails_7.0.gemfile, rails_7.1.gemfile, rails_7.2.gemfile, rails_8.0.gemfile, rails_8.1.gemfile, rails_dev.gemfile]
exclude:
# Ruby 3.3 is min version for Rails 8.2
- ruby: '2.5'
gemfile: rails_7.0.gemfile
gemfile: rails_dev.gemfile
- ruby: '2.6'
gemfile: rails_dev.gemfile
- ruby: '2.7'
gemfile: rails_dev.gemfile
- ruby: '3.0'
gemfile: rails_dev.gemfile
- ruby: '3.1'
gemfile: rails_dev.gemfile
- ruby: '3.2'
gemfile: rails_dev.gemfile
# Ruby 3.2 is min version for Rails 8.1
- ruby: '2.5'
gemfile: rails_7.1.gemfile
gemfile: rails_8.1.gemfile
- ruby: '2.6'
gemfile: rails_8.1.gemfile
- ruby: '2.7'
gemfile: rails_8.1.gemfile
- ruby: '3.0'
gemfile: rails_8.1.gemfile
- ruby: '3.1'
gemfile: rails_8.1.gemfile
# Ruby 3.2 is min version for Rails 8.0
- ruby: '2.5'
gemfile: rails_dev.gemfile
gemfile: rails_8.0.gemfile
- ruby: '2.6'
gemfile: rails_7.0.gemfile
gemfile: rails_8.0.gemfile
- ruby: '2.7'
gemfile: rails_8.0.gemfile
- ruby: '3.0'
gemfile: rails_8.0.gemfile
- ruby: '3.1'
gemfile: rails_8.0.gemfile
# Ruby 3.1 is min version for Rails 7.2
- ruby: '2.5'
gemfile: rails_7.2.gemfile
- ruby: '2.6'
gemfile: rails_7.2.gemfile
- ruby: '2.7'
gemfile: rails_7.2.gemfile
- ruby: '3.0'
gemfile: rails_7.2.gemfile
# Ruby 2.7 is min version for Rails 7.1
- ruby: '2.5'
gemfile: rails_7.1.gemfile
- ruby: '2.6'
gemfile: rails_dev.gemfile
- ruby: '2.7'
gemfile: rails_dev.gemfile
gemfile: rails_7.1.gemfile
# Ruby 2.7 is min version for Rails 7.0
- ruby: '2.5'
gemfile: rails_7.0.gemfile
- ruby: '2.6'
gemfile: rails_7.0.gemfile
# Ruby 2.7 is max version for Rails 5.2
- ruby: '3.0'
gemfile: rails_5.2.gemfile
- ruby: '3.0'
gemfile: rails_dev.gemfile
- ruby: '3.1'
gemfile: rails_5.2.gemfile
- ruby: '3.2'
gemfile: rails_5.2.gemfile
- ruby: '3.3'
gemfile: rails_5.2.gemfile
- ruby: '3.4'
gemfile: rails_5.2.gemfile
- ruby: '4.0'
gemfile: rails_5.2.gemfile
runs-on: ubuntu-latest
env:
BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
Expand Down
2 changes: 1 addition & 1 deletion .ruby-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.1.2
3.3.5
23 changes: 20 additions & 3 deletions Appraisals
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,34 @@ end

appraise 'rails-6.1' do
gem 'rails', '~> 6.1.0'
gem 'activeresource', '~> 5.1.0'
gem 'activeresource', '>= 5.1.0'
gem 'bigdecimal'
gem 'mutex_m'
gem 'benchmark'
gem 'concurrent-ruby', '1.3.4'
end

appraise 'rails-7.0' do
gem 'rails', '~> 7.0.0'
gem 'activeresource', '~> 6.0.0'
gem 'bigdecimal'
gem 'mutex_m'
gem 'concurrent-ruby', '1.3.4'
end

appraise 'rails-7.1' do
gem 'rails', '~> 7.1.0'
gem 'activeresource', '~> 6.0.0'
end

appraise 'rails-7.2' do
gem 'rails', '~> 7.2.0'
end

appraise 'rails-8.0' do
gem 'rails', '~> 8.0.0'
end

appraise 'rails-8.1' do
gem 'rails', '~> 8.1.0'
end

appraise 'rails-dev' do
Expand Down
10 changes: 7 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,13 @@ Add this to your Gemfile:

Include `SamlIdp::Controller` and see the examples that use rails. It should be straightforward for you.

Basically you call `decode_request(params[:SAMLRequest])` on an incoming request and then use the value
`saml_acs_url` to determine the source for which you need to authenticate a user. How you authenticate
a user is entirely up to you.
Basically, you call `decode_request(params[:SAMLRequest])` on an incoming request and then use the value
`saml_acs_url` to determine the source for which you need to authenticate a user.
If the signature (`Signature`) and signing algorithm (`SigAlg`) are provided as external parameters in the request,
you can pass those parameters as `decode_request(params[:SAMLRequest], params[:Signature], params[:SigAlg], params[:RelayState])`.
Then, you can verify the request signature with the `valid?` method.

How you authenticate a user is entirely up to you.

Once a user has successfully authenticated on your system send the Service Provider a SAMLResponse by
posting to `saml_acs_url` the parameter `SAMLResponse` with the return value from a call to
Expand Down
1 change: 1 addition & 0 deletions gemfiles/rails_5.2.gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ source "https://rubygems.org"

gem "rails", "~> 5.2.4"
gem "activeresource", "~> 5.1.0"
gem 'concurrent-ruby', '1.3.4'

gemspec path: "../"
6 changes: 5 additions & 1 deletion gemfiles/rails_6.1.gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
source "https://rubygems.org"

gem "rails", "~> 6.1.0"
gem "activeresource", "~> 5.1.0"
gem "activeresource", ">= 5.1.0"
gem "bigdecimal"
gem "mutex_m"
gem "benchmark"
gem "concurrent-ruby", "1.3.4"

gemspec path: "../"
4 changes: 3 additions & 1 deletion gemfiles/rails_7.0.gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
source "https://rubygems.org"

gem "rails", "~> 7.0.0"
gem "activeresource", "~> 6.0.0"
gem "bigdecimal"
gem "mutex_m"
gem "concurrent-ruby", "1.3.4"

gemspec path: "../"
1 change: 0 additions & 1 deletion gemfiles/rails_7.1.gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,5 @@
source "https://rubygems.org"

gem "rails", "~> 7.1.0"
gem "activeresource", "~> 6.0.0"

gemspec path: "../"
7 changes: 7 additions & 0 deletions gemfiles/rails_7.2.gemfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This file was generated by Appraisal

source "https://rubygems.org"

gem "rails", "~> 7.2.0"

gemspec path: "../"
7 changes: 7 additions & 0 deletions gemfiles/rails_8.0.gemfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This file was generated by Appraisal

source "https://rubygems.org"

gem "rails", "~> 8.0.0"

gemspec path: "../"
7 changes: 7 additions & 0 deletions gemfiles/rails_8.1.gemfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# This file was generated by Appraisal

source "https://rubygems.org"

gem "rails", "~> 8.1.0"

gemspec path: "../"
6 changes: 3 additions & 3 deletions lib/saml_idp.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ module SamlIdp
require 'saml_idp/metadata_builder'
require 'saml_idp/version'
require 'saml_idp/fingerprint'
require 'saml_idp/engine' if defined?(::Rails)
require 'saml_idp/engine' if defined?(::Rails::Engine)

def self.config
@config ||= SamlIdp::Configurator.new
Expand Down Expand Up @@ -70,9 +70,9 @@ def signed?
!!xpath("//ds:Signature", ds: signature_namespace).first
end

def valid_signature?(fingerprint)
def valid_signature?(certificate, fingerprint)
signed? &&
signed_document.validate(fingerprint, :soft)
signed_document.validate(certificate, fingerprint, :soft)
end

def signed_document
Expand Down
5 changes: 2 additions & 3 deletions lib/saml_idp/algorithmable.rb
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
module SamlIdp
module Algorithmable
def algorithm
algorithm_check = raw_algorithm || SamlIdp.config.algorithm
return algorithm_check if algorithm_check.respond_to?(:digest)
return raw_algorithm if raw_algorithm.respond_to?(:digest)
begin
OpenSSL::Digest.const_get(algorithm_check.to_s.upcase)
OpenSSL::Digest.const_get(raw_algorithm.to_s.upcase)
rescue NameError
OpenSSL::Digest::SHA1
end
Expand Down
Loading