Imported Upstream version 1.5.0

parent 729ba45e
coverage/
spec/support/example_private_key.pem
/gemfiles/*.lock
.idea/
env:
global:
- JRUBY_OPTS="$JRUBY_OPTS --debug"
language: ruby
script: bundle exec rspec
matrix:
include:
- rvm: 1.8.7
gemfile: gemfiles/ruby-1.8.7.gemfile
- rvm: 1.9.3
gemfile: Gemfile
- rvm: 2.0.0
gemfile: Gemfile
- rvm: 2.1
gemfile: Gemfile
- rvm: 2.2
gemfile: Gemfile
- rvm: 2.3.0
gemfile: Gemfile
- rvm: jruby-18mode
gemfile: gemfiles/ruby-1.8.7.gemfile
- rvm: jruby-19mode
gemfile: Gemfile
- rvm: jruby-head
gemfile: Gemfile
- rvm: rbx-2
gemfile: Gemfile
- rvm: ruby-head
gemfile: Gemfile
allow_failures:
- rvm: 1.8.7
- rvm: jruby-18mode
- rvm: jruby-head
- rvm: rbx-2
- rvm: ruby-head
fast_finish: true
sudo: false
......@@ -2,9 +2,36 @@
A generic SAML strategy for OmniAuth.
https://github.com/PracticallyGreen/omniauth-saml
https://github.com/omniauth/omniauth-saml
## 1.3.0 (2014-14-10)
## 1.5.0 (2016-02-25)
* Initialize OneLogin::RubySaml::Response instance with settings
* Adding "settings" to Response Class at initialization to handle signing verification
* Support custom attributes
* change URL from PracticallyGreen to omniauth
* Add specs for ACS fallback URL behavior
* Call validation earlier to get real error instead of 'response missing name_id'
* Avoid mutation of the options hash during requests and callbacks
## 1.4.2 (2016-02-09)
* update ruby-saml to 1.1
## 1.4.1 (2015-08-09)
* Configurable attribute_consuming_service
## 1.4.0 (2015-07-23)
* update ruby-saml to 1.0.0
## 1.3.1 (2015-02-26)
* Added missing fingerprint key check
* Expose fingerprint on the auth_hash
## 1.3.0 (2015-01-23)
* add `idp_cert_fingerprint_validator` option
......
# Contributing
## Workflow
We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/),
and prefer delivery as pull requests.
Our first line of defense is the [Travis CI](https://travis-ci.org/omniauth/omniauth-saml) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
Create a feature branch:
```sh
git checkout -B feat/contributing
```
## Git Commit
The cardinal rule for creating good commits is to ensure there is only one
"logical change" per commit. Why is this an important rule?
* The smaller the amount of code being changed, the quicker & easier it is to
review & identify potential flaws.
* If a change is found to be flawed later, it may be necessary to revert the
broken commit. This is much easier to do if there are not other unrelated
code changes entangled with the original commit.
* When troubleshooting problems using Git's bisect capability, small well
defined changes will aid in isolating exactly where the code problem was
introduced.
* When browsing history using Git annotate/blame, small well defined changes
also aid in isolating exactly where & why a piece of code came from.
Things to avoid when creating commits
* Mixing whitespace changes with functional code changes.
* Mixing two unrelated functional changes.
* Sending large new features in a single giant commit.
## Git Commit Conventions
We use git commit as per [Conventional Changelog](https://github.com/ajoslin/conventional-changelog):
```none
<type>(<scope>): <subject>
```
Allowed types:
* **feat**: A new feature
* **fix**: A bug fix
* **docs**: Documentation only changes
* **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, newline, line endings, etc)
* **refactor**: A code change that neither fixes a bug or adds a feature
* **perf**: A code change that improves performance
* **test**: Adding missing tests
* **chore**: Changes to the build process or auxiliary tools and libraries such as documentation generation
You can add additional details after a new line to describe the change in detail or automatically close a issue on Github.
```none
feat: create initial CONTRIBUTING.md
This closes #73
```
> **NOTE:** [CHANGELOG.md](CHANGELOG.md) is generated based on the commits.
source 'https://rubygems.org'
group :test do
gem 'coveralls', require: false
gem 'mime-types', '< 3'
end
gemspec
PATH
remote: .
specs:
omniauth-saml (1.3.1)
omniauth (~> 1.1)
ruby-saml (~> 1.0.0)
omniauth-saml (1.5.0)
omniauth (~> 1.3)
ruby-saml (~> 1.1, >= 1.1.1)
GEM
remote: https://rubygems.org/
specs:
coveralls (0.7.2)
multi_json (~> 1.3)
rest-client (= 1.6.7)
simplecov (>= 0.7)
term-ansicolor (= 1.2.2)
thor (= 0.18.1)
diff-lcs (1.2.4)
hashie (3.4.2)
hashie (3.4.3)
macaddr (1.7.1)
systemu (~> 2.6.2)
mini_portile (0.6.2)
mime-types (2.99)
mini_portile2 (2.0.0)
multi_json (1.3.7)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
omniauth (1.2.2)
nokogiri (1.6.7.2)
mini_portile2 (~> 2.0.0.rc2)
omniauth (1.3.1)
hashie (>= 1.2, < 4)
rack (~> 1.0)
rack (>= 1.0, < 3)
rack (1.5.2)
rack-test (0.6.2)
rack (>= 1.0)
rest-client (1.6.7)
mime-types (>= 1.16)
rspec (2.14.1)
rspec-core (~> 2.14.0)
rspec-expectations (~> 2.14.0)
......@@ -30,7 +39,7 @@ GEM
rspec-expectations (2.14.4)
diff-lcs (>= 1.1.3, < 2.0)
rspec-mocks (2.14.4)
ruby-saml (1.0.0)
ruby-saml (1.1.2)
nokogiri (>= 1.5.10)
uuid (~> 2.3)
simplecov (0.7.1)
......@@ -38,6 +47,10 @@ GEM
simplecov-html (~> 0.7.1)
simplecov-html (0.7.1)
systemu (2.6.5)
term-ansicolor (1.2.2)
tins (~> 0.8)
thor (0.18.1)
tins (0.13.2)
uuid (2.3.8)
macaddr (~> 1.0)
......@@ -45,7 +58,12 @@ PLATFORMS
ruby
DEPENDENCIES
coveralls
mime-types (< 3)
omniauth-saml!
rack-test (~> 0.6)
rspec (~> 2.8)
simplecov (~> 0.6)
BUNDLED WITH
1.11.2
# License
Copyright © 2016 Omniauth-SAML maintainers
Copyright © 2011-2014 [Practically Green, Inc.](http://www.practicallygreen.com/).
All rights reserved. Released under the MIT license.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
# OmniAuth SAML
A generic SAML strategy for OmniAuth.
[![Gem Version](http://img.shields.io/gem/v/omniauth-saml.svg)][gem]
[![Build Status](http://img.shields.io/travis/omniauth/omniauth-saml.svg)][travis]
[![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth-saml.svg)][gemnasium]
[![Code Climate](http://img.shields.io/codeclimate/github/omniauth/omniauth-saml.svg)][codeclimate]
[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth-saml.svg)][coveralls]
https://github.com/PracticallyGreen/omniauth-saml
[gem]: https://rubygems.org/gems/omniauth-saml
[travis]: http://travis-ci.org/omniauth/omniauth-saml
[gemnasium]: https://gemnasium.com/omniauth/omniauth-saml
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth-saml
[coveralls]: https://coveralls.io/r/omniauth/omniauth-saml
A generic SAML strategy for OmniAuth available under the [MIT License](LICENSE.md)
https://github.com/omniauth/omniauth-saml
## Requirements
* [OmniAuth](http://www.omniauth.org/) 1.2+
* Ruby 1.9.x or Ruby 2.1.x
* [OmniAuth](http://www.omniauth.org/) 1.3+
* Ruby 1.9.x or Ruby 2.1.x+
## Usage
......@@ -100,6 +112,15 @@ The service provider metadata used to ease configuration of the SAML SP in the I
* `:attribute_service_name` - Name for the attribute service. Defaults to `Required attributes`.
* `:attribute_statements` - Used to map Attribute Names in a SAMLResponse to
entries in the OmniAuth [info hash](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later).
For example, if your SAMLResponse contains an Attribute called 'EmailAddress',
specify `{:email => ['EmailAddress']}` to map the Attribute to the
corresponding key in the info hash. URI-named Attributes are also supported, e.g.
`{:email => ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress']}`.
*Note*: All attributes can also be found in an array under `auth_hash[:extra][:raw_info]`,
so this setting should only be used to map attributes that are part of the OmniAuth info hash schema.
* See the `OneLogin::RubySaml::Settings` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for additional supported options.
## Devise Integration
......@@ -121,26 +142,3 @@ Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformate
## Authors
Authored by [Rajiv Aaron Manglani](http://www.rajivmanglani.com/), Raecoo Cao, Todd W Saxton, Ryan Wilcox, Steven Anderson, Nikos Dimitrakopoulos, Rudolf Vriend and [Bruno Pedro](http://brunopedro.com/).
## License
Copyright (c) 2011-2014 [Practically Green, Inc.](http://www.practicallygreen.com/).
All rights reserved. Released under the MIT license.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
source 'https://rubygems.org'
gem 'nokogiri', '~> 1.5.10'
gem 'hashie', '~> 2.0.5'
gemspec :path => '../'
module OmniAuth
module SAML
VERSION = '1.4.1'
VERSION = '1.5.0'
end
end
......@@ -6,15 +6,23 @@ module OmniAuth
class SAML
include OmniAuth::Strategy
OTHER_REQUEST_OPTIONS = [:skip_conditions, :allowed_clock_drift, :matches_request_id, :skip_subject_confirmation].freeze
option :name_identifier_format, nil
option :idp_sso_target_url_runtime_params, {}
option :request_attributes, [
{ name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
{ name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
{ name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
{ name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
{ :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
{ :name => 'name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Full name' },
{ :name => 'first_name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Given name' },
{ :name => 'last_name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Family name' }
]
option :attribute_service_name, 'Required attributes'
option :attribute_statements, {
name: ["name"],
email: ["email", "mail"],
first_name: ["first_name", "firstname", "firstName"],
last_name: ["last_name", "lastname", "lastName"]
}
def request_phase
options[:assertion_consumer_service_url] ||= callback_url
......@@ -46,10 +54,22 @@ module OmniAuth
options.idp_cert_fingerprint = fingerprint_exists
end
response = OneLogin::RubySaml::Response.new(request.params['SAMLResponse'], options)
response.settings = OneLogin::RubySaml::Settings.new(options)
settings = OneLogin::RubySaml::Settings.new(options)
# filter options to select only extra parameters
opts = options.select {|k,_| OTHER_REQUEST_OPTIONS.include?(k.to_sym)}
# symbolize keys without activeSupport/symbolize_keys (ruby-saml use symbols)
opts =
opts.inject({}) do |new_hash, (key, value)|
new_hash[key.to_sym] = value
new_hash
end
response = OneLogin::RubySaml::Response.new(request.params['SAMLResponse'], opts.merge(settings: settings))
response.attributes['fingerprint'] = options.idp_cert_fingerprint
# will raise an error since we are not in soft mode
response.soft = false
response.is_valid?
@name_id = response.name_id
@attributes = response.attributes
......@@ -57,10 +77,6 @@ module OmniAuth
raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing 'name_id'")
end
# will raise an error since we are not in soft mode
response.soft = false
response.is_valid?
super
rescue OmniAuth::Strategies::SAML::ValidationError
fail!(:invalid_ticket, $!)
......@@ -103,15 +119,23 @@ module OmniAuth
uid { @name_id }
info do
{
:name => @attributes[:name],
:email => @attributes[:email] || @attributes[:mail],
:first_name => @attributes[:first_name] || @attributes[:firstname] || @attributes[:firstName],
:last_name => @attributes[:last_name] || @attributes[:lastname] || @attributes[:lastName]
}
found_attributes = options.attribute_statements.map do |key, values|
attribute = find_attribute_by(values)
[key, attribute]
end
Hash[found_attributes]
end
extra { { :raw_info => @attributes } }
def find_attribute_by(keys)
keys.each do |key|
return @attributes[key] if @attributes[key]
end
nil
end
end
end
end
......
......@@ -9,16 +9,16 @@ Gem::Specification.new do |gem|
gem.authors = ['Raecoo Cao', 'Ryan Wilcox', 'Rajiv Aaron Manglani', 'Steven Anderson', 'Nikos Dimitrakopoulos', 'Rudolf Vriend', 'Bruno Pedro']
gem.email = 'rajiv@alum.mit.edu'
gem.homepage = 'https://github.com/PracticallyGreen/omniauth-saml'
gem.homepage = 'https://github.com/omniauth/omniauth-saml'
gem.add_runtime_dependency 'omniauth', '~> 1.1'
gem.add_runtime_dependency 'ruby-saml', '~> 1.0.0'
gem.add_runtime_dependency 'omniauth', '~> 1.3'
gem.add_runtime_dependency 'ruby-saml', '~> 1.1', '>= 1.1.1'
gem.add_development_dependency 'rspec', '~> 2.8'
gem.add_development_dependency 'simplecov', '~> 0.6'
gem.add_development_dependency 'rack-test', '~> 0.6'
gem.files = ['README.md', 'CHANGELOG.md'] + Dir['lib/**/*.rb']
gem.files = ['README.md', 'CHANGELOG.md', 'LICENSE.md'] + Dir['lib/**/*.rb']
gem.test_files = Dir['spec/**/*.rb']
gem.require_paths = ["lib"]
end
......@@ -16,16 +16,16 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
let(:auth_hash){ last_request.env['omniauth.auth'] }
let(:saml_options) do
{
:assertion_consumer_service_url => "http://localhost:3000/auth/saml/callback",
:idp_sso_target_url => "https://idp.sso.target_url/signon/29490",
:assertion_consumer_service_url => "http://localhost:9080/auth/saml/callback",
:idp_sso_target_url => "https://idp.sso.example.com/signon/29490",
:idp_cert_fingerprint => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
:idp_sso_target_url_runtime_params => {:original_param_key => :mapped_param_key},
:name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
:request_attributes => [
{ name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
{ name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
{ name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
{ name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
{ :name => 'email', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Email address' },
{ :name => 'name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Full name' },
{ :name => 'first_name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Given name' },
{ :name => 'last_name', :name_format => 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', :friendly_name => 'Family name' }
],
:attribute_service_name => 'Required attributes'
}
......@@ -40,7 +40,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
it 'should get authentication page' do
last_response.should be_redirect
last_response.location.should match /https:\/\/idp.sso.target_url\/signon\/29490/
last_response.location.should match /https:\/\/idp.sso.example.com\/signon\/29490/
last_response.location.should match /\?SAMLRequest=/
last_response.location.should_not match /mapped_param_key/
last_response.location.should_not match /original_param_key/
......@@ -54,12 +54,37 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
it 'should get authentication page' do
last_response.should be_redirect
last_response.location.should match /https:\/\/idp.sso.target_url\/signon\/29490/
last_response.location.should match /https:\/\/idp.sso.example.com\/signon\/29490/
last_response.location.should match /\?SAMLRequest=/
last_response.location.should match /\&mapped_param_key=original_param_value/
last_response.location.should_not match /original_param_key/
end
end
context "when the assertion_consumer_service_url is the default" do
before :each do
saml_options[:compress_request] = false
saml_options.delete(:assertion_consumer_service_url)
end
it 'should send the current callback_url as the assertion_consumer_service_url' do
%w(foo.example.com bar.example.com).each do |host|
get "https://#{host}/auth/saml"
last_response.should be_redirect
location = URI.parse(last_response.location)
query = Rack::Utils.parse_query location.query
query.should have_key('SAMLRequest')
request = REXML::Document.new(Base64.decode64(query['SAMLRequest']))
request.root.should_not be_nil
acs = request.root.attributes.get_attribute('AssertionConsumerServiceURL')
acs.to_s.should == "https://#{host}/auth/saml/callback"
end
end
end
end
describe 'POST /auth/saml/callback' do
......@@ -68,7 +93,7 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
let(:xml) { :example_response }
before :each do
Time.stub(:now).and_return(Time.new(2012, 11, 8, 20, 40, 00, 0))
Time.stub(:now).and_return(Time.utc(2012, 11, 8, 20, 40, 00))
end
context "when the response is valid" do
......@@ -153,6 +178,27 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
it { should fail_with(:invalid_ticket) }
end
context "when response has custom attributes" do
before :each do
saml_options[:idp_cert_fingerprint] = "3B:82:F1:F5:54:FC:A8:FF:12:B8:4B:B8:16:61:1D:E4:8E:9B:E2:3C"
saml_options[:attribute_statements] = {
email: ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
first_name: ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"],
last_name: ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"]
}
post_xml :custom_attributes
end
it "should obey attribute statements mapping" do
auth_hash[:info].should == {
'first_name' => 'Rajiv',
'last_name' => 'Manglani',
'email' => 'user@example.com',
'name' => nil
}
end
end
end
describe 'GET /auth/saml/metadata' do
......
require 'simplecov'
SimpleCov.start
if RUBY_VERSION >= '1.9'
require 'simplecov'
if ENV['TRAVIS']
require 'coveralls'
Coveralls.wear!
end
SimpleCov.start
end
require 'omniauth-saml'
require 'rack/test'
......
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx31eeaa1f-4f9a-7dbc-200c-4d556bac4fc9" Version="2.0" IssueInstant="2012-11-08T20:39:54Z" Destination="http://localhost:9080/auth/saml/callback" InResponseTo="_5ad34590-0c12-0130-2b62-109add67ce12">
<saml:Issuer>http://localhost:9000/saml2/idp/metadata.php</saml:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfx31eeaa1f-4f9a-7dbc-200c-4d556bac4fc9">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>f311FuR1PE2NXct21G5z8Ka/Gfo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>3vfxoQn2PLwcYp1ApVLzlaZKEcHGjNZwLCBHkJC8oHYRonoL8v25iJ+5NFlWWXxSRG0SUA15coH+1gLMm6cF41h1sqHL/3wtiHQARnJUogqRUM76hTePHkSiJMUpr+ZD+Kb/l0DFct9/gJYkW1RPny9v8vdGNsMOQ/qnmk2xtII=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICWDCCAcGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBJMQswCQYDVQQGEwJmaTEQMA4GA1UECAwHVXVzaW1hYTERMA8GA1UECgwIRmxvd2RvY2sxFTATBgNVBAMMDGZsb3dkb2NrLmNvbTAeFw0xNTA5MTYwODUxMzdaFw0xNjA5MTUwODUxMzdaMEkxCzAJBgNVBAYTAmZpMRAwDgYDVQQIDAdVdXNpbWFhMREwDwYDVQQKDAhGbG93ZG9jazEVMBMGA1UEAwwMZmxvd2RvY2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDntqPTJ4pRMWb5d17e3vImfpOg6Hzr3PFtbsqEyM8uXZAL713Q4oASum+VlKkPp5ybzJKrFYeEeCl4NOdwyuabrOTUoJLE/x6CpGBgU6o+Iavku+4CkDM5scEIguZgroVabvkwoZRs/2TgVbLhNWXwtLD7n1OvVhLI0L9ycK+RNQIDAQABo1AwTjAdBgNVHQ4EFgQU9t1/AYExhABNzP1+hCsuImUpkXAwHwYDVR0jBBgwFoAU9t1/AYExhABNzP1+hCsuImUpkXAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQCoMeBcLW6JTOdmygPXhYtS+c8t9RCg6Ki/XENOkZN98NgBRS7mAw+DZDezw5KTSH6k0DNw04MFAVZ64gaP2/ad9wHnsktH3mvbfQ8RY6XefSqNy0SuKIt03q26Xf3/vi1jrxn2JgnJG4V+AVR3DVoiiAfQF1ijQW2qhnZR3WCnWQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="pfxe689248c-47f0-1e59-d2bb-546563043b6c" Version="2.0" IssueInstant="2012-11-08T20:39:54Z">
<saml:Issuer>http://localhost:9000/saml2/idp/metadata.php</saml:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfxe689248c-47f0-1e59-d2bb-546563043b6c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>20g3ohE5p7icP5ZQ3CSRkSpGaME=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>m9+Hq+RDNJyKWGsqCpqmkXt/6dz/NQUkdzeF5YHSezVuLFJajB+QC2aSeyic5H5Z0LBkQscjZ1sgme7Hyeo+ZvBgDrBejP6bZfMyaNrET6JTKXxXnrSI0txEL7oXGgnWLJX+oTUWLJgO+PHAUGeS9AgbKcBTQjaW7aW8uh4WtJg=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICWDCCAcGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBJMQswCQYDVQQGEwJmaTEQMA4GA1UECAwHVXVzaW1hYTERMA8GA1UECgwIRmxvd2RvY2sxFTATBgNVBAMMDGZsb3dkb2NrLmNvbTAeFw0xNTA5MTYwODUxMzdaFw0xNjA5MTUwODUxMzdaMEkxCzAJBgNVBAYTAmZpMRAwDgYDVQQIDAdVdXNpbWFhMREwDwYDVQQKDAhGbG93ZG9jazEVMBMGA1UEAwwMZmxvd2RvY2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDntqPTJ4pRMWb5d17e3vImfpOg6Hzr3PFtbsqEyM8uXZAL713Q4oASum+VlKkPp5ybzJKrFYeEeCl4NOdwyuabrOTUoJLE/x6CpGBgU6o+Iavku+4CkDM5scEIguZgroVabvkwoZRs/2TgVbLhNWXwtLD7n1OvVhLI0L9ycK+RNQIDAQABo1AwTjAdBgNVHQ4EFgQU9t1/AYExhABNzP1+hCsuImUpkXAwHwYDVR0jBBgwFoAU9t1/AYExhABNzP1+hCsuImUpkXAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQCoMeBcLW6JTOdmygPXhYtS+c8t9RCg6Ki/XENOkZN98NgBRS7mAw+DZDezw5KTSH6k0DNw04MFAVZ64gaP2/ad9wHnsktH3mvbfQ8RY6XefSqNy0SuKIt03q26Xf3/vi1jrxn2JgnJG4V+AVR3DVoiiAfQF1ijQW2qhnZR3WCnWQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID SPNameQualifier="sample-saml-strategy" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_1f6fcf6be5e13b08b1e3610e7ff59f205fbd814f23</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2012-11-08T20:44:54Z" Recipient="http://localhost:9080/auth/saml/callback" InResponseTo="_5ad34590-0c12-0130-2b62-109add67ce12"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2012-11-08T20:39:24Z" NotOnOrAfter="2012-11-08T20:44:54Z">
<saml:AudienceRestriction>
<saml:Audience>sample-saml-strategy</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2012-11-08T20:39:54Z" SessionNotOnOrAfter="2012-11-09T04:39:54Z" SessionIndex="_17c45b5f1bb209798b06536ab9594723aa80634c58">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<saml:AttributeValue xsi:type="xs:string">Rajiv</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<saml:AttributeValue xsi:type="xs:string">Manglani</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<saml:AttributeValue xsi:type="xs:string">user@example.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment