diff --git a/lib/onelogin/ruby-saml/authrequest.rb b/lib/onelogin/ruby-saml/authrequest.rb index eb7546a3f..0f744e5b2 100644 --- a/lib/onelogin/ruby-saml/authrequest.rb +++ b/lib/onelogin/ruby-saml/authrequest.rb @@ -36,7 +36,7 @@ def create(settings, params = {}) def create_authentication_xml_doc(settings) uuid = "_" + UUID.new.generate time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ") - # Create AuthnRequest root element using REXML + # Create AuthnRequest root element using REXML request_doc = REXML::Document.new root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol" } @@ -45,6 +45,7 @@ def create_authentication_xml_doc(settings) root.attributes['Version'] = "2.0" root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? root.attributes['IsPassive'] = settings.passive unless settings.passive.nil? + root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil? # Conditionally defined elements based on settings if settings.assertion_consumer_service_url != nil @@ -55,7 +56,7 @@ def create_authentication_xml_doc(settings) issuer.text = settings.issuer end if settings.name_identifier_format != nil - root.add_element "samlp:NameIDPolicy", { + root.add_element "samlp:NameIDPolicy", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", # Might want to make AllowCreate a setting? "AllowCreate" => "true", @@ -64,14 +65,14 @@ def create_authentication_xml_doc(settings) end # BUG fix here -- if an authn_context is defined, add the tags with an "exact" - # match required for authentication to succeed. If this is not defined, + # match required for authentication to succeed. If this is not defined, # the IdP will choose default rules for authentication. (Shibboleth IdP) if settings.authn_context != nil - requested_context = root.add_element "samlp:RequestedAuthnContext", { + requested_context = root.add_element "samlp:RequestedAuthnContext", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "Comparison" => "exact", } - class_ref = requested_context.add_element "saml:AuthnContextClassRef", { + class_ref = requested_context.add_element "saml:AuthnContextClassRef", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion", } class_ref.text = settings.authn_context diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb index 56f42230d..f4af8ef37 100644 --- a/lib/onelogin/ruby-saml/settings.rb +++ b/lib/onelogin/ruby-saml/settings.rb @@ -18,9 +18,10 @@ def initialize(overrides = {}) attr_accessor :compress_request attr_accessor :double_quote_xml_attribute_values attr_accessor :passive + attr_accessor :protocol_binding private - + DEFAULTS = {:compress_request => true, :double_quote_xml_attribute_values => false} end end diff --git a/test/settings_test.rb b/test/settings_test.rb index 82ef2d683..28f49a149 100644 --- a/test/settings_test.rb +++ b/test/settings_test.rb @@ -12,7 +12,7 @@ class SettingsTest < Test::Unit::TestCase :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format, :idp_slo_target_url, :name_identifier_value, :sessionindex, :assertion_consumer_logout_service_url, - :passive + :passive, :protocol_binding ] accessors.each do |accessor| @@ -33,6 +33,7 @@ class SettingsTest < Test::Unit::TestCase :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00", :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", :passive => true, + :protocol_binding => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' } @settings = Onelogin::Saml::Settings.new(config)