├── spec ├── rails_app │ ├── log │ │ └── .gitkeep │ ├── lib │ │ ├── tasks │ │ │ └── .gitkeep │ │ └── assets │ │ │ └── .gitkeep │ ├── public │ │ ├── favicon.ico │ │ ├── robots.txt │ │ ├── 500.html │ │ ├── 422.html │ │ ├── 404.html │ │ └── index.html │ ├── test │ │ ├── unit │ │ │ └── .gitkeep │ │ ├── fixtures │ │ │ └── .gitkeep │ │ ├── functional │ │ │ └── .gitkeep │ │ ├── integration │ │ │ └── .gitkeep │ │ ├── performance │ │ │ └── browsing_test.rb │ │ └── test_helper.rb │ ├── app │ │ ├── mailers │ │ │ └── .gitkeep │ │ ├── models │ │ │ └── .gitkeep │ │ ├── helpers │ │ │ └── application_helper.rb │ │ ├── assets │ │ │ ├── images │ │ │ │ └── rails.png │ │ │ ├── stylesheets │ │ │ │ └── application.css │ │ │ └── javascripts │ │ │ │ └── application.js │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ ├── saml_controller.rb │ │ │ └── saml_idp_controller.rb │ │ └── views │ │ │ └── layouts │ │ │ └── application.html.erb │ ├── vendor │ │ ├── plugins │ │ │ └── .gitkeep │ │ └── assets │ │ │ ├── javascripts │ │ │ └── .gitkeep │ │ │ └── stylesheets │ │ │ └── .gitkeep │ ├── config.ru │ ├── config │ │ ├── environment.rb │ │ ├── routes.rb │ │ ├── boot.rb │ │ ├── initializers │ │ │ ├── mime_types.rb │ │ │ ├── backtrace_silencers.rb │ │ │ ├── session_store.rb │ │ │ ├── secret_token.rb │ │ │ ├── wrap_parameters.rb │ │ │ └── inflections.rb │ │ ├── locales │ │ │ └── en.yml │ │ ├── database.yml │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── test.rb │ │ │ └── production.rb │ │ └── application.rb │ ├── doc │ │ └── README_FOR_APP │ ├── Rakefile │ ├── script │ │ └── rails │ ├── db │ │ └── seeds.rb │ ├── .gitignore │ └── README.rdoc ├── acceptance │ ├── acceptance_helper.rb │ └── idp_controller_spec.rb ├── spec_helper.rb ├── support │ └── saml_request_macros.rb └── saml_idp │ └── controller_spec.rb ├── Gemfile ├── lib ├── saml_idp │ ├── version.rb │ ├── engine.rb │ ├── configurator.rb │ ├── default.rb │ └── controller.rb └── ruby-saml-idp.rb ├── .gitignore ├── .travis.yml ├── app ├── views │ └── saml_idp │ │ └── idp │ │ ├── saml_post.html.erb │ │ └── new.html.erb └── controllers │ └── saml_idp │ └── idp_controller.rb ├── Rakefile ├── MIT-LICENSE ├── ruby-saml-idp.gemspec └── README.md /spec/rails_app/log/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/lib/tasks/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/public/favicon.ico: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/test/unit/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/app/mailers/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/app/models/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/lib/assets/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/test/fixtures/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/vendor/plugins/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/test/functional/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/test/integration/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "http://rubygems.org" 2 | gemspec 3 | -------------------------------------------------------------------------------- /spec/rails_app/vendor/assets/javascripts/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/vendor/assets/stylesheets/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/rails_app/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /lib/saml_idp/version.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | module SamlIdp 3 | VERSION = '0.3.2' 4 | end -------------------------------------------------------------------------------- /lib/saml_idp/engine.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | module SamlIdp 3 | class Engine < Rails::Engine 4 | end 5 | end -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .Gemfile 3 | /.bundle 4 | /.rvmrc 5 | /coverage 6 | /doc 7 | /pkg 8 | /tags 9 | /Gemfile.lock 10 | -------------------------------------------------------------------------------- /spec/rails_app/app/assets/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/workato/ruby-saml-idp/master/spec/rails_app/app/assets/images/rails.png -------------------------------------------------------------------------------- /spec/rails_app/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery 3 | end 4 | -------------------------------------------------------------------------------- /spec/rails_app/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run RailsApp::Application 5 | -------------------------------------------------------------------------------- /spec/rails_app/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application 5 | RailsApp::Application.initialize! 6 | -------------------------------------------------------------------------------- /spec/rails_app/config/routes.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.routes.draw do 2 | get '/saml/auth' => 'saml_idp#new' 3 | post '/saml/auth' => 'saml_idp#create' 4 | 5 | post '/saml/consume' => 'saml#consume' 6 | end 7 | -------------------------------------------------------------------------------- /spec/rails_app/config/boot.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | 3 | # Set up gems listed in the Gemfile. 4 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 5 | 6 | require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE']) 7 | -------------------------------------------------------------------------------- /spec/rails_app/doc/README_FOR_APP: -------------------------------------------------------------------------------- 1 | Use this README file to introduce your application and point to useful places in the API for learning more. 2 | Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries. 3 | -------------------------------------------------------------------------------- /spec/rails_app/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-Agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /spec/rails_app/app/controllers/saml_controller.rb: -------------------------------------------------------------------------------- 1 | class SamlController < ApplicationController 2 | 3 | def consume 4 | response = OneLogin::RubySaml::Response.new(params[:SAMLResponse]) 5 | render :text => response.name_id 6 | end 7 | 8 | end 9 | -------------------------------------------------------------------------------- /spec/rails_app/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /spec/rails_app/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | hello: "Hello world" 6 | -------------------------------------------------------------------------------- /spec/rails_app/app/controllers/saml_idp_controller.rb: -------------------------------------------------------------------------------- 1 | class SamlIdpController < SamlIdp::IdpController 2 | 3 | def idp_authenticate(email, password) 4 | { :email => email } 5 | end 6 | 7 | def idp_make_saml_response(user) 8 | encode_SAMLResponse(user[:email]) 9 | end 10 | 11 | end -------------------------------------------------------------------------------- /spec/rails_app/Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | # Add your own tasks in files placed in lib/tasks ending in .rake, 3 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 4 | 5 | require File.expand_path('../config/application', __FILE__) 6 | 7 | RailsApp::Application.load_tasks 8 | -------------------------------------------------------------------------------- /spec/rails_app/script/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. 3 | 4 | APP_PATH = File.expand_path('../../config/application', __FILE__) 5 | require File.expand_path('../../config/boot', __FILE__) 6 | require 'rails/commands' 7 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | before_install: 2 | - gem install bundler 3 | rvm: 4 | - 1.9.3 5 | - 2.0.0 6 | - 2.1.0 7 | - 2.2.0 8 | - 2.3.0 9 | - 2.4.0 10 | branches: 11 | only: 12 | - master 13 | notifications: 14 | email: 15 | recipients: 16 | - lawrence.pit@gmail.com 17 | on_success: change 18 | on_failure: always 19 | -------------------------------------------------------------------------------- /spec/rails_app/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | RailsApp 5 | <%= stylesheet_link_tag "application", :media => "all" %> 6 | <%= javascript_include_tag "application" %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /spec/rails_app/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Mayor.create(:name => 'Emanuel', :city => cities.first) 8 | -------------------------------------------------------------------------------- /spec/acceptance/acceptance_helper.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + "/../spec_helper") 2 | require 'capybara/rspec' 3 | 4 | # Put your acceptance spec helpers inside /spec/acceptance/support 5 | Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f} 6 | 7 | RSpec.configure do |config| 8 | config.include Rails.application.routes.url_helpers, :type => :request 9 | end 10 | -------------------------------------------------------------------------------- /app/views/saml_idp/idp/saml_post.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | <%= form_tag(@saml_acs_url) do %> 9 | <%= hidden_field_tag("SAMLResponse", @saml_response) %> 10 | <%= submit_tag "Submit" %> 11 | <% end %> 12 | 13 | 14 | -------------------------------------------------------------------------------- /lib/saml_idp/configurator.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | module SamlIdp 3 | class Configurator 4 | attr_accessor :x509_certificate, :secret_key, :algorithm 5 | 6 | def initialize(config_file = nil) 7 | self.x509_certificate = Default::X509_CERTIFICATE 8 | self.secret_key = Default::SECRET_KEY 9 | self.algorithm = :sha1 10 | instance_eval(File.read(config_file), config_file) if config_file 11 | end 12 | end 13 | end -------------------------------------------------------------------------------- /lib/ruby-saml-idp.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | module SamlIdp 3 | require 'saml_idp/configurator' 4 | require 'saml_idp/controller' 5 | require 'saml_idp/default' 6 | require 'saml_idp/version' 7 | require 'saml_idp/engine' if defined?(::Rails) && Rails::VERSION::MAJOR > 2 8 | 9 | def self.config=(config) 10 | @config = config 11 | end 12 | 13 | def self.config 14 | @config ||= SamlIdp::Configurator.new 15 | end 16 | 17 | end 18 | 19 | -------------------------------------------------------------------------------- /spec/rails_app/test/performance/browsing_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'rails/performance_test_help' 3 | 4 | class BrowsingTest < ActionDispatch::PerformanceTest 5 | # Refer to the documentation for all available options 6 | # self.profile_options = { :runs => 5, :metrics => [:wall_time, :memory] 7 | # :output => 'tmp/performance', :formats => [:flat] } 8 | 9 | def test_homepage 10 | get '/' 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /spec/rails_app/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /spec/rails_app/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | RailsApp::Application.config.session_store :cookie_store, :key => '_rails_app_session' 4 | 5 | # Use the database for sessions instead of the cookie-based default, 6 | # which shouldn't be used to store highly confidential information 7 | # (create the session table with "rails generate session_migration") 8 | # RailsApp::Application.config.session_store :active_record_store 9 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | require 'bundler' 3 | Bundler::GemHelper.install_tasks 4 | 5 | require 'rake' 6 | require 'rspec/core/rake_task' 7 | 8 | RSpec::Core::RakeTask.new(:spec) 9 | 10 | # RSpec::Core::RakeTask.new(:rcov) do |spec| 11 | # spec.rcov = true 12 | # spec.rcov_opts = ['--exclude', 'spec','--exclude', '.rvm'] 13 | # end 14 | 15 | desc 'Run the specs.' 16 | task :default => :spec 17 | 18 | task :notes do 19 | system "grep -n -r 'FIXME\\|TODO' lib spec" 20 | end 21 | 22 | -------------------------------------------------------------------------------- /spec/rails_app/.gitignore: -------------------------------------------------------------------------------- 1 | # See http://help.github.com/ignore-files/ for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile ~/.gitignore_global 6 | 7 | # Ignore bundler config 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | 13 | # Ignore all logfiles and tempfiles. 14 | /log/*.log 15 | /tmp 16 | -------------------------------------------------------------------------------- /spec/rails_app/test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV["RAILS_ENV"] = "test" 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order. 7 | # 8 | # Note: You'll currently still have to declare fixtures explicitly in integration tests 9 | # -- they do not yet inherit this setting 10 | fixtures :all 11 | 12 | # Add more helper methods to be used by all tests here... 13 | end 14 | -------------------------------------------------------------------------------- /spec/rails_app/config/initializers/secret_token.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | # Make sure the secret is at least 30 characters and all random, 6 | # no regular words or you'll be exposed to dictionary attacks. 7 | RailsApp::Application.config.secret_token = '8514a9643396093754c300364a89682d50a6f9ec8cbdb9741f24600fbff044546596a48f8d333502107b143a07e0d6cb25e33e148f480073c9cb15ead7d35846' 8 | -------------------------------------------------------------------------------- /spec/rails_app/config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | # 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters :format => [:json] 9 | end 10 | 11 | # Disable root element in JSON by default. 12 | ActiveSupport.on_load(:active_record) do 13 | self.include_root_in_json = false 14 | end 15 | -------------------------------------------------------------------------------- /spec/rails_app/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format 4 | # (all these examples are active by default): 5 | # ActiveSupport::Inflector.inflections do |inflect| 6 | # inflect.plural /^(ox)$/i, '\1en' 7 | # inflect.singular /^(ox)en/i, '\1' 8 | # inflect.irregular 'person', 'people' 9 | # inflect.uncountable %w( fish sheep ) 10 | # end 11 | # 12 | # These inflection rules are supported but not enabled by default: 13 | # ActiveSupport::Inflector.inflections do |inflect| 14 | # inflect.acronym 'RESTful' 15 | # end 16 | -------------------------------------------------------------------------------- /spec/rails_app/app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, 6 | * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the top of the 9 | * compiled file, but it's generally better to create a new file per style scope. 10 | * 11 | *= require_self 12 | *= require_tree . 13 | */ 14 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib' 3 | $LOAD_PATH.unshift File.dirname(__FILE__) 4 | 5 | STDERR.puts("Running Specs under Ruby Version #{RUBY_VERSION}") 6 | 7 | require "rails_app/config/environment" 8 | 9 | require 'rspec' 10 | require 'capybara/rspec' 11 | require 'capybara/rails' 12 | 13 | require 'ruby-saml' 14 | require 'ruby-saml-idp' 15 | 16 | Dir[File.dirname(__FILE__) + "/support/**/*.rb"].each {|f| require f} 17 | 18 | RSpec.configure do |config| 19 | config.mock_with :rspec 20 | config.include SamlRequestMacros 21 | end 22 | 23 | Capybara.default_host = "https://app.example.com" 24 | 25 | -------------------------------------------------------------------------------- /spec/acceptance/idp_controller_spec.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path(File.dirname(__FILE__) + '/acceptance_helper') 2 | 3 | feature 'IdpController' do 4 | 5 | scenario 'Login via default signup page' do 6 | saml_request = make_saml_request("http://foo.example.com/saml/consume") 7 | visit "/saml/auth?SAMLRequest=#{CGI.escape(saml_request)}" 8 | fill_in 'Email', :with => "brad.copa@example.com" 9 | fill_in 'Password', :with => "okidoki" 10 | click_button 'Sign in' 11 | click_button 'Submit' # simulating onload 12 | expect(current_url).to eq('http://foo.example.com/saml/consume') 13 | expect(page).to have_content("brad.copa@example.com") 14 | end 15 | 16 | end 17 | -------------------------------------------------------------------------------- /spec/rails_app/config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | development: 7 | adapter: sqlite3 8 | database: db/development.sqlite3 9 | pool: 5 10 | timeout: 5000 11 | 12 | # Warning: The database defined as "test" will be erased and 13 | # re-generated from your development database when you run "rake". 14 | # Do not set this db to the same as development or production. 15 | test: 16 | adapter: sqlite3 17 | database: db/test.sqlite3 18 | pool: 5 19 | timeout: 5000 20 | 21 | production: 22 | adapter: sqlite3 23 | database: db/production.sqlite3 24 | pool: 5 25 | timeout: 5000 26 | -------------------------------------------------------------------------------- /spec/rails_app/app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, 5 | // or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // the compiled file. 9 | // 10 | // WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD 11 | // GO AFTER THE REQUIRES BELOW. 12 | // 13 | //= require jquery 14 | //= require jquery_ujs 15 | //= require_tree . 16 | -------------------------------------------------------------------------------- /spec/rails_app/public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 17 | 18 | 19 | 20 | 21 |
22 |

We're sorry, but something went wrong.

23 |
24 | 25 | 26 | -------------------------------------------------------------------------------- /spec/rails_app/public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 17 | 18 | 19 | 20 | 21 |
22 |

The change you wanted was rejected.

23 |

Maybe you tried to change something you didn't have access to.

24 |
25 | 26 | 27 | -------------------------------------------------------------------------------- /app/views/saml_idp/idp/new.html.erb: -------------------------------------------------------------------------------- 1 | <% if @saml_idp_fail_msg %> 2 |
<%= @saml_idp_fail_msg %>
3 | <% end %> 4 | 5 | <%= form_tag do %> 6 | <%= hidden_field_tag("SAMLRequest", params[:SAMLRequest]) %> 7 | 8 |

9 | <%= label_tag :email %> 10 | <%= email_field_tag :email, params[:email], :autocapitalize => "off", :autocorrect => "off", :autofocus => "autofocus", :spellcheck => "false", :size => 30, :class => "email_pwd txt" %> 11 |

12 | 13 |

14 | <%= label_tag :password %> 15 | <%= password_field_tag :password, params[:password], :autocapitalize => "off", :autocorrect => "off", :spellcheck => "false", :size => 30, :class => "email_pwd txt" %> 16 |

17 | 18 |

19 | <%= submit_tag "Sign in", :class => "button big blueish" %> 20 |

21 | <% end %> 22 | -------------------------------------------------------------------------------- /spec/rails_app/public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 17 | 18 | 19 | 20 | 21 |
22 |

The page you were looking for doesn't exist.

23 |

You may have mistyped the address or the page may have moved.

24 |
25 | 26 | 27 | -------------------------------------------------------------------------------- /spec/support/saml_request_macros.rb: -------------------------------------------------------------------------------- 1 | module SamlRequestMacros 2 | 3 | def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume") 4 | auth_request = OneLogin::RubySaml::Authrequest.new 5 | auth_url = auth_request.create(saml_settings(saml_acs_url: requested_saml_acs_url)) 6 | CGI.unescape(auth_url.split("=").last) 7 | end 8 | 9 | def saml_settings(options = {}) 10 | settings = OneLogin::RubySaml::Settings.new 11 | settings.assertion_consumer_service_url = options[:saml_acs_url] || "https://foo.example.com/saml/consume" 12 | settings.issuer = options[:issuer] || "http://example.com/issuer" 13 | settings.idp_sso_target_url = options[:idp_sso_target_url] || "http://idp.com/saml/idp" 14 | settings.idp_cert_fingerprint = SamlIdp::Default::FINGERPRINT 15 | settings.name_identifier_format = SamlIdp::Default::NAME_ID_FORMAT 16 | settings 17 | end 18 | 19 | end 20 | -------------------------------------------------------------------------------- /MIT-LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Lawrence Pit (http://lawrencepit.com) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /app/controllers/saml_idp/idp_controller.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | module SamlIdp 3 | class IdpController < ActionController::Base 4 | include SamlIdp::Controller 5 | 6 | unloadable 7 | 8 | protect_from_forgery 9 | 10 | if Rails.version.to_i < 4 11 | before_filter :validate_saml_request 12 | else 13 | before_action :validate_saml_request 14 | end 15 | 16 | def new 17 | render :template => "saml_idp/idp/new" 18 | end 19 | 20 | def create 21 | unless params[:email].blank? && params[:password].blank? 22 | person = idp_authenticate(params[:email], params[:password]) 23 | if person.nil? 24 | @saml_idp_fail_msg = "Incorrect email or password." 25 | else 26 | @saml_response = idp_make_saml_response(person) 27 | render :template => "saml_idp/idp/saml_post", :layout => false 28 | return 29 | end 30 | end 31 | render :template => "saml_idp/idp/new" 32 | end 33 | 34 | protected 35 | 36 | def idp_authenticate(email, password) 37 | raise "Not implemented" 38 | end 39 | 40 | def idp_make_saml_response(person) 41 | raise "Not implemented" 42 | end 43 | 44 | end 45 | end 46 | -------------------------------------------------------------------------------- /ruby-saml-idp.gemspec: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | $:.push File.expand_path("../lib", __FILE__) 3 | require "saml_idp/version" 4 | 5 | Gem::Specification.new do |s| 6 | s.name = %q{ruby-saml-idp} 7 | s.version = SamlIdp::VERSION 8 | s.platform = Gem::Platform::RUBY 9 | s.authors = ["Lawrence Pit"] 10 | s.email = %q{lawrence.pit@gmail.com} 11 | s.homepage = %q{http://github.com/lawrencepit/ruby-saml-idp} 12 | s.summary = %q{SAML Indentity Provider in ruby} 13 | s.description = %q{SAML IdP (Identity Provider) library in ruby} 14 | s.date = Time.now.utc.strftime("%Y-%m-%d") 15 | s.files = Dir.glob("app/**/*") + Dir.glob("lib/**/*") + [ 16 | "MIT-LICENSE", 17 | "README.md", 18 | "Gemfile", 19 | "ruby-saml-idp.gemspec" 20 | ] 21 | s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") 22 | s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } 23 | s.require_paths = ["lib"] 24 | s.rdoc_options = ["--charset=UTF-8"] 25 | s.add_development_dependency "rake" 26 | s.add_development_dependency("nokogiri", "~> 1.6.8") 27 | s.add_development_dependency("rspec", "~> 3.0") 28 | s.add_development_dependency("ruby-saml", "~> 0.8") 29 | s.add_development_dependency("rails", "~> 3.2") 30 | s.add_development_dependency("capybara", "~> 2.4.1") 31 | end 32 | 33 | -------------------------------------------------------------------------------- /spec/rails_app/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Log error messages when you accidentally call methods on nil. 10 | config.whiny_nils = true 11 | 12 | # Show full error reports and disable caching 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send 17 | #config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger 20 | config.active_support.deprecation = :log 21 | 22 | # Only use best-standards-support built into browsers 23 | config.action_dispatch.best_standards_support = :builtin 24 | 25 | # Raise exception on mass assignment protection for Active Record models 26 | #config.active_record.mass_assignment_sanitizer = :strict 27 | 28 | # Log the query plan for queries taking more than this (works 29 | # with SQLite, MySQL, and PostgreSQL) 30 | #config.active_record.auto_explain_threshold_in_seconds = 0.5 31 | 32 | # Do not compress assets 33 | config.assets.compress = false 34 | 35 | # Expands the lines which load the assets 36 | config.assets.debug = true 37 | end 38 | -------------------------------------------------------------------------------- /spec/rails_app/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Configure static asset server for tests with Cache-Control for performance 11 | config.serve_static_assets = true 12 | config.static_cache_control = "public, max-age=3600" 13 | 14 | # Log error messages when you accidentally call methods on nil 15 | config.whiny_nils = true 16 | 17 | # Show full error reports and disable caching 18 | config.consider_all_requests_local = true 19 | config.action_controller.perform_caching = false 20 | 21 | # Raise exceptions instead of rendering exception templates 22 | config.action_dispatch.show_exceptions = false 23 | 24 | # Disable request forgery protection in test environment 25 | config.action_controller.allow_forgery_protection = false 26 | 27 | # Tell Action Mailer not to deliver emails to the real world. 28 | # The :test delivery method accumulates sent emails in the 29 | # ActionMailer::Base.deliveries array. 30 | #config.action_mailer.delivery_method = :test 31 | 32 | # Raise exception on mass assignment protection for Active Record models 33 | #config.active_record.mass_assignment_sanitizer = :strict 34 | 35 | # Print deprecation notices to the stderr 36 | config.active_support.deprecation = :stderr 37 | end 38 | -------------------------------------------------------------------------------- /spec/saml_idp/controller_spec.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | require 'spec_helper' 3 | 4 | describe SamlIdp::Controller do 5 | include SamlIdp::Controller 6 | 7 | def params 8 | @params ||= {} 9 | end 10 | 11 | it "should find the SAML ACS URL" do 12 | requested_saml_acs_url = "https://example.com/saml/consume" 13 | params[:SAMLRequest] = make_saml_request(requested_saml_acs_url) 14 | validate_saml_request 15 | expect(saml_acs_url).to eq(requested_saml_acs_url) 16 | end 17 | 18 | context "SAML Responses" do 19 | before(:each) do 20 | params[:SAMLRequest] = make_saml_request 21 | validate_saml_request 22 | end 23 | 24 | it "should create a SAML Response" do 25 | saml_response = encode_SAMLResponse("foo@example.com") 26 | response = OneLogin::RubySaml::Response.new(saml_response) 27 | expect(response.name_id).to eq("foo@example.com") 28 | expect(response.issuer).to eq("http://example.com") 29 | response.settings = saml_settings 30 | expect(response.is_valid?).to be true 31 | end 32 | 33 | it "should handle custom attribute objects" do 34 | provider = double(to_s: %[Organization name]) 35 | 36 | default_attributes = %[foo@example.com] 37 | 38 | 39 | saml_response = encode_SAMLResponse("foo@example.com", { attributes_provider: provider }) 40 | response = OneLogin::RubySaml::Response.new(saml_response) 41 | expect(response.response).to include provider.to_s 42 | expect(response.response).to_not include default_attributes 43 | end 44 | 45 | [:sha1, :sha256, :sha384, :sha512].each do |algorithm_name| 46 | it "should create a SAML Response using the #{algorithm_name} algorithm" do 47 | self.algorithm = algorithm_name 48 | saml_response = encode_SAMLResponse("foo@example.com") 49 | response = OneLogin::RubySaml::Response.new(saml_response) 50 | expect(response.name_id).to eq("foo@example.com") 51 | expect(response.issuer).to eq("http://example.com") 52 | response.settings = saml_settings 53 | expect(response.is_valid?).to be true 54 | end 55 | end 56 | end 57 | end 58 | -------------------------------------------------------------------------------- /spec/rails_app/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | RailsApp::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # Code is not reloaded between requests 5 | config.cache_classes = true 6 | 7 | # Full error reports are disabled and caching is turned on 8 | config.consider_all_requests_local = false 9 | config.action_controller.perform_caching = true 10 | 11 | # Disable Rails's static asset server (Apache or nginx will already do this) 12 | config.serve_static_assets = false 13 | 14 | # Compress JavaScripts and CSS 15 | config.assets.compress = true 16 | 17 | # Don't fallback to assets pipeline if a precompiled asset is missed 18 | config.assets.compile = false 19 | 20 | # Generate digests for assets URLs 21 | config.assets.digest = true 22 | 23 | # Defaults to Rails.root.join("public/assets") 24 | # config.assets.manifest = YOUR_PATH 25 | 26 | # Specifies the header that your server uses for sending files 27 | # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache 28 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx 29 | 30 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 31 | # config.force_ssl = true 32 | 33 | # See everything in the log (default is :info) 34 | # config.log_level = :debug 35 | 36 | # Prepend all log lines with the following tags 37 | # config.log_tags = [ :subdomain, :uuid ] 38 | 39 | # Use a different logger for distributed setups 40 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) 41 | 42 | # Use a different cache store in production 43 | # config.cache_store = :mem_cache_store 44 | 45 | # Enable serving of images, stylesheets, and JavaScripts from an asset server 46 | # config.action_controller.asset_host = "http://assets.example.com" 47 | 48 | # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added) 49 | # config.assets.precompile += %w( search.js ) 50 | 51 | # Disable delivery errors, bad email addresses will be ignored 52 | # config.action_mailer.raise_delivery_errors = false 53 | 54 | # Enable threaded mode 55 | # config.threadsafe! 56 | 57 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 58 | # the I18n.default_locale when a translation can not be found) 59 | config.i18n.fallbacks = true 60 | 61 | # Send deprecation notices to registered listeners 62 | config.active_support.deprecation = :notify 63 | 64 | # Log the query plan for queries taking more than this (works 65 | # with SQLite, MySQL, and PostgreSQL) 66 | # config.active_record.auto_explain_threshold_in_seconds = 0.5 67 | end 68 | -------------------------------------------------------------------------------- /spec/rails_app/config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require "action_controller/railtie" 4 | require "active_resource/railtie" 5 | 6 | if defined?(Bundler) 7 | # If you precompile assets before deploying to production, use this line 8 | Bundler.require(*Rails.groups(:assets => %w(development test))) 9 | # If you want your assets lazily compiled in production, use this line 10 | # Bundler.require(:default, :assets, Rails.env) 11 | end 12 | 13 | module RailsApp 14 | class Application < Rails::Application 15 | # Settings in config/environments/* take precedence over those specified here. 16 | # Application configuration should go into files in config/initializers 17 | # -- all .rb files in that directory are automatically loaded. 18 | 19 | # Custom directories with classes and modules you want to be autoloadable. 20 | # config.autoload_paths += %W(#{config.root}/extras) 21 | 22 | # Only load the plugins named here, in the order given (default is alphabetical). 23 | # :all can be used as a placeholder for all plugins not explicitly named. 24 | # config.plugins = [ :exception_notification, :ssl_requirement, :all ] 25 | 26 | # Activate observers that should always be running. 27 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer 28 | 29 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 30 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 31 | # config.time_zone = 'Central Time (US & Canada)' 32 | 33 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 34 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 35 | # config.i18n.default_locale = :de 36 | 37 | # Configure the default encoding used in templates for Ruby 1.9. 38 | config.encoding = "utf-8" 39 | 40 | # Configure sensitive parameters which will be filtered from the log file. 41 | config.filter_parameters += [:password] 42 | 43 | # Use SQL instead of Active Record's schema dumper when creating the database. 44 | # This is necessary if your schema can't be completely dumped by the schema dumper, 45 | # like if you have constraints or database-specific column types 46 | # config.active_record.schema_format = :sql 47 | 48 | # Enforce whitelist mode for mass assignment. 49 | # This will create an empty whitelist of attributes available for mass-assignment for all models 50 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible 51 | # parameters by using an attr_accessible or attr_protected declaration. 52 | # config.active_record.whitelist_attributes = true 53 | 54 | # Enable the asset pipeline 55 | config.assets.enabled = true 56 | 57 | # Version of your assets, change this if you want to expire all your assets 58 | config.assets.version = '1.0' 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /lib/saml_idp/default.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | module SamlIdp 3 | module Default 4 | 5 | NAME_ID_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" 6 | 7 | X509_CERTIFICATE = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF5T0RBeU1qSXlPRm9YRFRNeU1EUXkKTXpBeU1qSXlPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXVCeXdQTmxDMUZvcEdMWWZGOTZTb3RpSwo4Tmo2L25XMDg0TzRvbVJNaWZ6eTd4OTU1UkxFeTY3M3EyYWlKTkIzTHZFNlh2a3Q5Y0d0eHROb09YdzFnMlV2CkhLcGxkUWJyNmJPRWpMTmVETlc3ajBvYitKclJ2QVVPSzlDUmdkeXc1TUM2bHdxVlFRNUMxRG5hVC8yZlNCRmoKYXNCRlRSMjRkRXBmVHk4SGZLRUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJRTkJHbW10M3l0S3BjSmFCYVlOYm55VTJ4a2F6QVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVEUVJwcHJkOHJTcVhDV2dXbURXNThsTnNaR3VoZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FBRQpjVlVQQlg3dVptenFaSmZ5K3RVUE9UNUltTlFqOFZFMmxlcmhuRmpuR1BIbUhJcWhwemdud0hRdWpKZnMvYTMwCjlXbTVxd2NDYUMxZU81Y1dqY0cweDNPamRsbHNnWURhdGw1R0F1bXRCeDhKM05oV1JxTlVnaXRDSWtRbHhISXcKVWZnUWFDdXNoWWdEREw1WWJJUWErK2VnQ2dwSVorVDBEajVvUmV3Ly9BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" 8 | 9 | FINGERPRINT = "9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D" 10 | 11 | SECRET_KEY = < 'saml_idp#new' 33 | post '/saml/auth' => 'saml_idp#create' 34 | ``` 35 | 36 | Create a controller that looks like this, customize to your own situation: 37 | 38 | ``` ruby 39 | class SamlIdpController < SamlIdp::IdpController 40 | before_action :find_account 41 | # layout 'saml_idp' 42 | 43 | def idp_authenticate(email, password) 44 | user = @account.users.where(:email => params[:email]).first 45 | user && user.valid_password?(params[:password]) ? user : nil 46 | end 47 | 48 | def idp_make_saml_response(user) 49 | encode_SAMLResponse(user.email) 50 | end 51 | 52 | private 53 | 54 | def find_account 55 | @subdomain = saml_acs_url[/https?:\/\/(.+?)\.example.com/, 1] 56 | @account = Account.find_by_subdomain(@subdomain) 57 | render :status => :forbidden unless @account.saml_enabled? 58 | end 59 | 60 | end 61 | ``` 62 | 63 | The most minimal example controller would look like: 64 | 65 | ``` ruby 66 | class SamlIdpController < SamlIdp::IdpController 67 | 68 | def idp_authenticate(email, password) 69 | true 70 | end 71 | 72 | def idp_make_saml_response(user) 73 | encode_SAMLResponse("you@example.com") 74 | end 75 | 76 | end 77 | ``` 78 | 79 | Keys and Secrets 80 | ---------------- 81 | 82 | To generate the SAML Response it uses a default X.509 certificate and secret key... which isn't so secret. You can find them in `SamlIdp::Default`. The X.509 certificate is valid until year 2032. Obviously you shouldn't use these if you intend to use this in production environments. In that case, within the controller set the properties `x509_certificate` and `secret_key` using a `prepend_before_action` callback within the current request context or set them globally via the `SamlIdp.config.x509_certificate` and `SamlIdp.config.secret_key` properties. 83 | 84 | The fingerprint to use, if you use the default X.509 certificate of this gem, is: 85 | 86 | ``` 87 | 9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D 88 | ``` 89 | 90 | 91 | Service Providers 92 | ----------------- 93 | 94 | To act as a Service Provider which generates SAML Requests and can react to SAML Responses use the excellent [ruby-saml](https://github.com/onelogin/ruby-saml) gem. 95 | 96 | 97 | Author 98 | ---------- 99 | 100 | Lawrence Pit, lawrence.pit@gmail.com, [lawrencepit.com](http://lawrencepit.com), [@lawrencepit](http://twitter.com/lawrencepit) 101 | 102 | 103 | Copyright 104 | ----------- 105 | 106 | Copyright (c) 2012 Lawrence Pit. See MIT-LICENSE for details. 107 | -------------------------------------------------------------------------------- /lib/saml_idp/controller.rb: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | 3 | module SamlIdp 4 | module Controller 5 | require 'openssl' 6 | require 'base64' 7 | require 'time' 8 | 9 | attr_accessor :x509_certificate, :secret_key, :algorithm 10 | attr_accessor :saml_acs_url 11 | 12 | def x509_certificate 13 | return @x509_certificate if defined?(@x509_certificate) 14 | @x509_certificate = SamlIdp.config.x509_certificate 15 | end 16 | 17 | def secret_key 18 | return @secret_key if defined?(@secret_key) 19 | @secret_key = SamlIdp.config.secret_key 20 | end 21 | 22 | def algorithm 23 | return @algorithm if defined?(@algorithm) 24 | self.algorithm = SamlIdp.config.algorithm 25 | @algorithm 26 | end 27 | 28 | def algorithm=(algorithm) 29 | @algorithm = algorithm 30 | if algorithm.is_a?(Symbol) 31 | @algorithm = case algorithm 32 | when :sha256 then OpenSSL::Digest::SHA256 33 | when :sha384 then OpenSSL::Digest::SHA384 34 | when :sha512 then OpenSSL::Digest::SHA512 35 | else 36 | OpenSSL::Digest::SHA1 37 | end 38 | end 39 | @algorithm 40 | end 41 | 42 | def algorithm_name 43 | algorithm.to_s.split('::').last.downcase 44 | end 45 | 46 | protected 47 | 48 | def validate_saml_request(saml_request = params[:SAMLRequest]) 49 | decode_SAMLRequest(saml_request) 50 | end 51 | 52 | def decode_SAMLRequest(saml_request) 53 | zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS) 54 | @saml_request = zstream.inflate(Base64.decode64(saml_request)) 55 | zstream.finish 56 | zstream.close 57 | @saml_request_id = @saml_request[/ID=['"](.+?)['"]/, 1] 58 | @saml_acs_url = @saml_request[/AssertionConsumerServiceURL=['"](.+?)['"]/, 1] 59 | end 60 | 61 | def encode_SAMLResponse(nameID, opts = {}) 62 | now = Time.now.utc 63 | response_id, reference_id = SecureRandom.uuid, SecureRandom.uuid 64 | audience_uri = opts[:audience_uri] || saml_acs_url[/^(.*?\/\/.*?\/)/, 1] 65 | issuer_uri = opts[:issuer_uri] || (defined?(request) && request.url) || "http://example.com" 66 | attributes_statement = attributes(opts[:attributes_provider], nameID) 67 | 68 | assertion = %[#{issuer_uri}#{nameID}#{audience_uri}#{attributes_statement}urn:federation:authentication:windows] 69 | 70 | digest_value = Base64.encode64(algorithm.digest(assertion)).gsub(/\n/, '') 71 | 72 | signed_info = %[#{digest_value}] 73 | 74 | signature_value = sign(signed_info).gsub(/\n/, '') 75 | 76 | signature = %[#{signed_info}#{signature_value}#{self.x509_certificate}] 77 | 78 | assertion_and_signature = assertion.sub(/Issuer\>\#{signature}#{issuer_uri}#{assertion_and_signature}] 81 | 82 | Base64.encode64(xml) 83 | end 84 | 85 | private 86 | 87 | def sign(data) 88 | key = OpenSSL::PKey::RSA.new(self.secret_key) 89 | Base64.encode64(key.sign(algorithm.new, data)) 90 | end 91 | 92 | def attributes(provider, nameID) 93 | provider ? provider : %[#{nameID}] 94 | end 95 | end 96 | end 97 | -------------------------------------------------------------------------------- /spec/rails_app/public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Ruby on Rails: Welcome aboard 5 | 174 | 187 | 188 | 189 |
190 | 203 | 204 |
205 | 209 | 210 | 214 | 215 |
216 |

Getting started

217 |

Here’s how to get rolling:

218 | 219 |
    220 |
  1. 221 |

    Use rails generate to create your models and controllers

    222 |

    To see all available options, run it without parameters.

    223 |
    2. 224 | 225 |
  2. 226 |

    Set up a default route and remove public/index.html

    227 |

    Routes are set up in config/routes.rb.

    228 |
    3. 229 | 230 |
  3. 231 |

    Create your database

    232 |

    Run rake db:create to create your database. If you're not using SQLite (the default), edit config/database.yml with your username and password.

    233 |
    4. 234 |
235 |
236 |
237 | 238 | 239 |
240 | 241 | 242 | -------------------------------------------------------------------------------- /spec/rails_app/README.rdoc: -------------------------------------------------------------------------------- 1 | == Welcome to Rails 2 | 3 | Rails is a web-application framework that includes everything needed to create 4 | database-backed web applications according to the Model-View-Control pattern. 5 | 6 | This pattern splits the view (also called the presentation) into "dumb" 7 | templates that are primarily responsible for inserting pre-built data in between 8 | HTML tags. The model contains the "smart" domain objects (such as Account, 9 | Product, Person, Post) that holds all the business logic and knows how to 10 | persist themselves to a database. The controller handles the incoming requests 11 | (such as Save New Account, Update Product, Show Post) by manipulating the model 12 | and directing data to the view. 13 | 14 | In Rails, the model is handled by what's called an object-relational mapping 15 | layer entitled Active Record. This layer allows you to present the data from 16 | database rows as objects and embellish these data objects with business logic 17 | methods. You can read more about Active Record in 18 | link:files/vendor/rails/activerecord/README.html. 19 | 20 | The controller and view are handled by the Action Pack, which handles both 21 | layers by its two parts: Action View and Action Controller. These two layers 22 | are bundled in a single package due to their heavy interdependence. This is 23 | unlike the relationship between the Active Record and Action Pack that is much 24 | more separate. Each of these packages can be used independently outside of 25 | Rails. You can read more about Action Pack in 26 | link:files/vendor/rails/actionpack/README.html. 27 | 28 | 29 | == Getting Started 30 | 31 | 1. At the command prompt, create a new Rails application: 32 | rails new myapp (where myapp is the application name) 33 | 34 | 2. Change directory to myapp and start the web server: 35 | cd myapp; rails server (run with --help for options) 36 | 37 | 3. Go to http://localhost:3000/ and you'll see: 38 | "Welcome aboard: You're riding Ruby on Rails!" 39 | 40 | 4. Follow the guidelines to start developing your application. You can find 41 | the following resources handy: 42 | 43 | * The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html 44 | * Ruby on Rails Tutorial Book: http://www.railstutorial.org/ 45 | 46 | 47 | == Debugging Rails 48 | 49 | Sometimes your application goes wrong. Fortunately there are a lot of tools that 50 | will help you debug it and get it back on the rails. 51 | 52 | First area to check is the application log files. Have "tail -f" commands 53 | running on the server.log and development.log. Rails will automatically display 54 | debugging and runtime information to these files. Debugging info will also be 55 | shown in the browser on requests from 127.0.0.1. 56 | 57 | You can also log your own messages directly into the log file from your code 58 | using the Ruby logger class from inside your controllers. Example: 59 | 60 | class WeblogController < ActionController::Base 61 | def destroy 62 | @weblog = Weblog.find(params[:id]) 63 | @weblog.destroy 64 | logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!") 65 | end 66 | end 67 | 68 | The result will be a message in your log file along the lines of: 69 | 70 | Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1! 71 | 72 | More information on how to use the logger is at http://www.ruby-doc.org/core/ 73 | 74 | Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are 75 | several books available online as well: 76 | 77 | * Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe) 78 | * Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide) 79 | 80 | These two books will bring you up to speed on the Ruby language and also on 81 | programming in general. 82 | 83 | 84 | == Debugger 85 | 86 | Debugger support is available through the debugger command when you start your 87 | Mongrel or WEBrick server with --debugger. This means that you can break out of 88 | execution at any point in the code, investigate and change the model, and then, 89 | resume execution! You need to install ruby-debug to run the server in debugging 90 | mode. With gems, use sudo gem install ruby-debug. Example: 91 | 92 | class WeblogController < ActionController::Base 93 | def index 94 | @posts = Post.all 95 | debugger 96 | end 97 | end 98 | 99 | So the controller will accept the action, run the first line, then present you 100 | with a IRB prompt in the server window. Here you can do things like: 101 | 102 | >> @posts.inspect 103 | => "[#nil, "body"=>nil, "id"=>"1"}>, 105 | #"Rails", "body"=>"Only ten..", "id"=>"2"}>]" 107 | >> @posts.first.title = "hello from a debugger" 108 | => "hello from a debugger" 109 | 110 | ...and even better, you can examine how your runtime objects actually work: 111 | 112 | >> f = @posts.first 113 | => #nil, "body"=>nil, "id"=>"1"}> 114 | >> f. 115 | Display all 152 possibilities? (y or n) 116 | 117 | Finally, when you're ready to resume execution, you can enter "cont". 118 | 119 | 120 | == Console 121 | 122 | The console is a Ruby shell, which allows you to interact with your 123 | application's domain model. Here you'll have all parts of the application 124 | configured, just like it is when the application is running. You can inspect 125 | domain models, change values, and save to the database. Starting the script 126 | without arguments will launch it in the development environment. 127 | 128 | To start the console, run rails console from the application 129 | directory. 130 | 131 | Options: 132 | 133 | * Passing the -s, --sandbox argument will rollback any modifications 134 | made to the database. 135 | * Passing an environment name as an argument will load the corresponding 136 | environment. Example: rails console production. 137 | 138 | To reload your controllers and models after launching the console run 139 | reload! 140 | 141 | More information about irb can be found at: 142 | link:http://www.rubycentral.org/pickaxe/irb.html 143 | 144 | 145 | == dbconsole 146 | 147 | You can go to the command line of your database directly through rails 148 | dbconsole. You would be connected to the database with the credentials 149 | defined in database.yml. Starting the script without arguments will connect you 150 | to the development database. Passing an argument will connect you to a different 151 | database, like rails dbconsole production. Currently works for MySQL, 152 | PostgreSQL and SQLite 3. 153 | 154 | == Description of Contents 155 | 156 | The default directory structure of a generated Ruby on Rails application: 157 | 158 | |-- app 159 | | |-- assets 160 | | |-- images 161 | | |-- javascripts 162 | | `-- stylesheets 163 | | |-- controllers 164 | | |-- helpers 165 | | |-- mailers 166 | | |-- models 167 | | `-- views 168 | | `-- layouts 169 | |-- config 170 | | |-- environments 171 | | |-- initializers 172 | | `-- locales 173 | |-- db 174 | |-- doc 175 | |-- lib 176 | | `-- tasks 177 | |-- log 178 | |-- public 179 | |-- script 180 | |-- test 181 | | |-- fixtures 182 | | |-- functional 183 | | |-- integration 184 | | |-- performance 185 | | `-- unit 186 | |-- tmp 187 | | |-- cache 188 | | |-- pids 189 | | |-- sessions 190 | | `-- sockets 191 | `-- vendor 192 | |-- assets 193 | `-- stylesheets 194 | `-- plugins 195 | 196 | app 197 | Holds all the code that's specific to this particular application. 198 | 199 | app/assets 200 | Contains subdirectories for images, stylesheets, and JavaScript files. 201 | 202 | app/controllers 203 | Holds controllers that should be named like weblogs_controller.rb for 204 | automated URL mapping. All controllers should descend from 205 | ApplicationController which itself descends from ActionController::Base. 206 | 207 | app/models 208 | Holds models that should be named like post.rb. Models descend from 209 | ActiveRecord::Base by default. 210 | 211 | app/views 212 | Holds the template files for the view that should be named like 213 | weblogs/index.html.erb for the WeblogsController#index action. All views use 214 | eRuby syntax by default. 215 | 216 | app/views/layouts 217 | Holds the template files for layouts to be used with views. This models the 218 | common header/footer method of wrapping views. In your views, define a layout 219 | using the layout :default and create a file named default.html.erb. 220 | Inside default.html.erb, call <% yield %> to render the view using this 221 | layout. 222 | 223 | app/helpers 224 | Holds view helpers that should be named like weblogs_helper.rb. These are 225 | generated for you automatically when using generators for controllers. 226 | Helpers can be used to wrap functionality for your views into methods. 227 | 228 | config 229 | Configuration files for the Rails environment, the routing map, the database, 230 | and other dependencies. 231 | 232 | db 233 | Contains the database schema in schema.rb. db/migrate contains all the 234 | sequence of Migrations for your schema. 235 | 236 | doc 237 | This directory is where your application documentation will be stored when 238 | generated using rake doc:app 239 | 240 | lib 241 | Application specific libraries. Basically, any kind of custom code that 242 | doesn't belong under controllers, models, or helpers. This directory is in 243 | the load path. 244 | 245 | public 246 | The directory available for the web server. Also contains the dispatchers and the 247 | default HTML files. This should be set as the DOCUMENT_ROOT of your web 248 | server. 249 | 250 | script 251 | Helper scripts for automation and generation. 252 | 253 | test 254 | Unit and functional tests along with fixtures. When using the rails generate 255 | command, template test files will be generated for you and placed in this 256 | directory. 257 | 258 | vendor 259 | External libraries that the application depends on. Also includes the plugins 260 | subdirectory. If the app has frozen rails, those gems also go here, under 261 | vendor/rails/. This directory is in the load path. 262 | --------------------------------------------------------------------------------