Skip to content

Commit

Permalink
Parse of slo response
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidlibrera
davidlibrera committed Jul 18, 2018
1 parent 2f02a6e commit 81f1e61
Show file tree
Hide file tree
Showing 6 changed files with 116 additions and 1 deletion.
21 changes: 21 additions & 0 deletions lib/spid/slo_response.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,27 @@
# frozen_string_literal: true

require "onelogin/ruby-saml/logoutresponse"

module Spid
class SloResponse # :nodoc:
attr_reader :body, :slo_settings

def initialize(body:, slo_settings:)
@body = body
@slo_settings = slo_settings
end

def valid?
saml_response.validate
end

private

def saml_response
@saml_response ||= ::OneLogin::RubySaml::Logoutresponse.new(
body,
slo_settings
)
end
end
end
1 change: 1 addition & 0 deletions lib/spid/slo_settings.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ def slo_attributes
name_identifier_format: name_identifier_format_value,
private_key: service_provider_configuration.private_key,
certificate: service_provider_configuration.certificate,
idp_cert_fingerprint: identity_provider_configuration.cert_fingerprint,
sessionindex: session_index,
security: {
logout_requests_signed: true,
Expand Down
13 changes: 13 additions & 0 deletions spec/fixtures/slo-response-signed.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0"?>
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfxb230cffe-623a-90e4-9943-5a2650a3d121" Version="2.0" IssueInstant="2018-07-18T12:01:00Z" Destination="https://service.provider/slo" InResponseTo="_21df91a89767879fc0f7df6a1490c6000c81644d">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="https://identity.provider">
https://identity.provider
</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#pfxb230cffe-623a-90e4-9943-5a2650a3d121"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>IiG2ugt/Vc2qBWqazc+YcR/urwk=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>L1wnvegvDmNpixir9cqnSqA0O1tjXp6H0RPE0jVTSiZivF+61ONDRdlcy8sKCOKWvvNoTe/l5ax6jcfLBU36wdjbyRHGDpO8GvdAl1tN5apq1yaHCqQKj33xj/3UAPbarYnE2CqUTWCdjkKosqRll0x+4LuvPtiy9SgFg3BbULCPa4FPojg+ekZ2M+p0AlpF9eKy23nnSowj7oPBfJqxj2g4Nkc3eUFr8r+QwdZK6ps+YIBE9Je4F1P6zVcT05CSNLtLVWnKHETVgRuFT3auha5KQDsZ14tytn+Nak8H+jMikejwruhXaUQVJauT7FWqeut1PWCG8RsDgZlx5YXSLxfA/z5y+iMUHbd2ZKDv2otjEmF3GsA1FCL/CSE9H5X4a/0Owrh5fsH/oG32u+j9/1TR9i7JezdZZa1J/ERED74FkFoUri2PNdPOaRnXhSM4A4FdpdYcbML2KJe84BXtTg2wc408Ad8pEWrRRT7a5jGg209ohhwEaP6mDUBodyFWIhahQtZQeAZXHydqjL0BubMr+SyABgLsLHnqQ4yQo7rWLGYPzDYmW4AOymqwLS8VkK8yp4Gw0BTKp374TN9W6VBZPVbBQGEA2d8ITlYOTgX5YYWlpGRcafiwJK/ycPHzb05PrqvcR4S+Ob+UM45y5yDLfp5v4K4/saVL0qYIcUw=</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIE8DCCAtigAwIBAgIJAOcvEjSIO3zgMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNVBAYTAklUMB4XDTE4MDcxMjEzMDU1N1oXDTE5MDcxMjEzMDU1N1owDTELMAkGA1UEBhMCSVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+OKub/VlBWV2qI5B99JzSM32B/u6nrY9mVw4/+7sCFqNRr9ukitiBCBIFpQcaqZXe6jCJl1XScrArQ6n/hWhsaRty9fQ2IH811Vk2N3YI1/dfYBZA6PjeNw6xjLOGDKHh++rKdwfs7BKn9mqAASaui61fpe9SVReL+dllg/EC9i05T+5N5jGkllBlztXvwotuxsbYPQoE3x/5YQZO0jAR9ATfPzokd+E8RPwugDGGOVK/4JY5zMMfDklv+qi7R6VlvRzcwph3ByQ4BD3tmRL3IvN7cHXCiVlA0VXDnOUre6cmd/VttRrm1hoT/LYFIYhbpFQF63LP+pMAJ3m+u3pRSeZf5+Mgpv7oW2wsGEdt7mlMhDr1kVnMsAPIrw+HF25QZN/JcJvB65tzixyJvuyOf4n/ZAoPQ8D2uZAh0vXWElY0JrCQUTbRTwfPIJDEtFBQjNso4yry+Kj/rcTabgJeqkHGwW7gle1d8gdRNN7sybIwUQrTSXFydYEJmctJbqw2EbKK8AzKkJug+iGDP1QQXiOm/ZZJ2ia4e1Fm5ugHW68NyDvF0nLek3aGfZnaINURTd5LY3TwLGFaOHRZANRAaLpiRssSOF89kpFoQ77wNeiQW1jN+FY4ne3ApLWVczTSfuk6Uxq3qRmHX1zX/I/Mm6wNg48+TgSRbxjCUPI0SwIDAQABo1MwUTAdBgNVHQ4EFgQUCetCSNMPU7KlhVn8Jth4KsFA3EQwHwYDVR0jBBgwFoAUCetCSNMPU7KlhVn8Jth4KsFA3EQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAF/v+hcO5TXv5ll7gsbi2uXwB7Q4K2J4upYp52EwcmXqNgVvoaPxRO7lO9eGlFz+QyEYrdVLmQdmf6QHUTMqK+x2l5j6TCZdZgLw+UWyOg68VZ73SUC0tHZJzBy01enB8Ov0l5uH8NEZ3UJzIkVsUXliILQLCNKfU2+3Buhv9kcV64pls0k99tRxcVkPptSv+aIx7QEAzlEB3dGpKFoBT7mR+ec+lrfMMhEvVggwqSnZjUQMeL6KHUhiGhAA2mV9g+USZpkOsQiUFGKTgeGnVM7+Trud/GO9vzsfjwXypLKze4Q44/giCsG+xPUyJABdY8OMwqRpHAhRVJnUsS9mdNaaWNlgH31Jc4AhLJkHwW4PSBom4sW1FsFiPGkPHnUl8TNJkGHT7yWre+d3cBZ8Otkmyn3AHxs84ombi5K90gjUG6D/SNoJ0F49Q+pAfU9Hp1zuDprCAT+kEStdrEtcNcyks8Id5Vb545zTmF3ZrKTXsS7rfP8WD72Va3IBAaH73S95S+bZizCI3fetiZQ8q9YfU9vTGNeoOA7PoxYJOuUQKVetzFOdwAOSIPSt8EYc6DrU0noWiZ0rxOz9TdIT1XBm8SDj9MCude+DaeETEObuTrrUWzfZSY0CjWV5z8WZ5k2xtD18iTAvcC2KJSqw04SE13cnHiowK0G+wKwXXPac=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
</samlp:LogoutResponse>
18 changes: 18 additions & 0 deletions spec/fixtures/slo-response-unsigned.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<samlp:LogoutResponse
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_6c3737282f007720e736f0f4028feed8cb9b40291c"
Version="2.0"
IssueInstant="2018-07-18T12:01:00Z"
Destination="https://service.provider/slo"
InResponseTo="_21df91a89767879fc0f7df6a1490c6000c81644d">

<saml:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
NameQualifier="https://identity.provider">
https://identity.provider
</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
</samlp:LogoutResponse>
1 change: 1 addition & 0 deletions spec/fixtures/slo-response.base64
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
lVfZkptKEn2fiPmHjvYj0WbfOmzfKPZ9B0m8TCA2IRAgFiH09YPby7U9cz13Hjlknjp5KqmkPvxxvzRPt3wYq679+Iy+R57/+PTPf3wYk0vTvxpd2c2Tl49914750xbajq9vrz4+z0P72iVjNb62ySUfX6f01Qem8Yq9R177oZu6tGuef0j5fUYyjvkwbRqen1Th43Nf3I8YjqRFkb9QGJ68sEhOvLAsgb+QCUaRSIJnKIY+P0XflG8kW+o4zrnajlPSThuEoMwLQr+gTIBirwj6iiDx85OQj1PVJtNb1mma+vEVhrfFb1Wav9+E36osH+Cx6Ta69lvpQffx+V8YmhUsmjAsTdEMzRYpUtBZQSUowSIphSBIyqAUQWTPm4FPT28Wvr4pGp6kbrgk0+8t+IxU2UvxFvqat1M1rc9P1oa6c9JURZUPfwreRL4FfFf8ZdGnp78MeNME/yDq04dsfPWrcvNiHr5tbjZ+WWNjWJbl/YK/74YSxrbiYISFt5hsrMp3Xyv8mp9nalt0b3R80nZtlW5yH28Om/l06rIn0JTdUE2ny1+QozCKfCZ/ye/pS4oS7btn+Gs9P4n823QI8U3ry6Ub8nfDmLyMpwQjqa/En2m9vMiHvE3zp9BTPz6/+7tN91ZpMCTt+Hmvxp8f/6e4n4zM21vedH2evYzfatwE/n+E/9W8D/B/ahSqcuv9v+nhTzI369Cvur6QREkz55/USsbmcoKjFLtyu2vySKFD6sHzsNQf3wT8GPwGfLf8y+Mv3fN9n79kGOiy2VPehIvVV/dqYNNr618BYqPTed9TCuI5InKOAr+Kq5sEUahtCV7WpCsz6ryt7243qwtyuCGTO3VOC4MLcWrJzsfVU2Shtxn5loEGnSwy6a/omij81dXPOH4/w3gInGMyHFoR469hsOOzc61349VrGuQOEcZ8c6ZqZf1SKnHuGBq8kxCS051LKK9jzIR6BDS9xOb6iuFt63fLme4crtCu9zNWElad4nkoDcwAuUsW61Q/QgeVE1ktJyTUoR5RGiAk71vGZES7VlfEICq9WQrwZD4lpO4KY4wS0zq1kJXUjAKdzarOz8swn/ZJ6EZaMge0tLvm84Q6O15mvFEo4+ZOHva+cS8A/CBXqDJD5ZhhsS7csG46ixcJl0eASrwB877IKuSeSGDEXoYTWYwK3Mk4NkNnFkYDj61oLX9kcZygGix6okATUi114VBhjpU5duK1+5NvEoCQsj47pEfTwHQtZwhuPwUltqQEwoCM6cXd4HkBnZBnucQQtjudFjFxqIsQcl22Sjv1lJzcKXZzEO+VNbueDYSbj+YA+SvgSmM0lPbqEqvb0cPOkA/OQzhcdgSw18t1MXwmqnVm7Ql5QbhA73GaCCx2R0Vc7ERHzpVFgGWMGjQHOyj35OGwa3rZS5OiWjQdXlNHeRwR0hmut9QjfMg+QqFJkCu5CkbRkzdCJ7azNDKQ60FNw+Xj93b+oX+3MbqBer5+b/A9ibBCMiXfH/jPQ6/YDswp/2SqqsgIPA+mqgSLyoFS1YCd3sSzr9r4ozQBIvP+VfbVIy64IscvIdiwO/8AGldaEQcOAaib0OSIvRCIhCmkd/MsPkwhRC20+4yRv2DLhhkmqGWAhiJ3Mnk/cpeyVKtf1wJuCACh8sICPr/XQafywOUhW5+PcNRwuwi7qiTHstrDN3GMg2eqHQ7sJVoIGKJHXrpa3sDOdTVVHM+pUu+myTXe59SZ1xp076cDGFyqhU+705h408oWLqYqDIpGNWbhBxWFs+LAxYByzrm1UPezYcuCrpwgaNCzpRhpTm/ZyxUAP5krCi36nPUjLzegrGlKWOTZCiEDiLS2Vqubhmse0/62dNN8H48Hx+1E/A6TBze2kTPwWBAUzqOrM0hkPGeZS0GW7UiHCe1APkyzEOrmBl0r2qOi5uY90qU/4dzqEpyATxfPwNWbRafKnq+iBiDRXmjtcMip9JLB0TR5wwU9dQFsHCT1cDr2kitRuOFAvQk0/ALNeO/5eVyQkFn2N7rbYcsoi9lEXxrzJAxoHbXmCBx1WCBFwkg3tmAt1W4cRU6P6r5qt3m1C6KFY9A5LiNgcwxOyG2/E5sDog28GwZHL1gKR9UEcZI492yNHbEOK6Sf4SENkmOp5ddakZcdXTY5mjFl5lkWPa5HdQndIfD30podRO2STtrxumDiUdcZ8NBrbS6hShYc1HX3lX2B41jDqoTIUelCzqWyoxhrFW4S0hp5jSdyEbeJaoVekJHGAQ8WQ5YSW/FiYHkgMfrKG0fflhi27qXOpenFyit3h54tSDoQbY6D3thF6SPwi7mmwvsVv3oXZY8+9rAKmxdqsUqCgYLS9473Mx86KuIvqgBcwHWouYQByD5/L4pLiFLphnw+bWet6YS03pyiltGmE6GPEsBFd1GWgxB5yJnjykXqwG9jhS+xAXAVmAPh9qWIHPwAFlfW11Ndyex2EAF3CwY2D0oRSPANOqU2GexvZNPQ5XissHm/cLRL6JhGzP2hJzFxSS/7q1VGty5x7p5NNzaby430gNxVPAxZZFzc7FJQrhIG5lWH7lhDnqmAj7O4NBYo3K12STFRTON+yCOTEmsPbkXQvOUY+4Y05KwwlhjjofZQ62gM902lGq7BW3oRYhDOzacbW6cRRfTNiNQsO3n3NKqdfvJvUKLeaVcEj0bk8EzudanjAvriQXkKNUNhmifxFpXlcvXb+By6Zm5QuhKeKvkEAHaJ2BIK/biv7dGtQknWgzKX28ikoWCYM1i22dtjLM7Lfu0N/ZETLkHAZcWPMnR3wlUDXHZgbHO5er0CTl6kteHos5fMSpKd1ZQKjmopAU6GVivLjnB8rrsQ4w6VRqly5NpR2rBhAkurZSWg192QQxmecjFjT/VlbXGg3EeG6C7HitRZpDyHMiXAvtVpiESwLtSDImSVHn3MQj/wIIBq0Z+yQZxSK13rkVEzMjqSBPkItqEaD3qwH316KBxmJ9BYlODb0Z4o24awpA8d4+rBq3iRT1XsMlf2sFHfAtnKOxvQTnc/aPYcunqUTw/JzhZg+6rjT4x4SClhCJG221UxMtztBxtkaoDuuQvjC2fW5Ocsh4QkFwPRPs7BMIS7RxH7B4Q/7yLywexissbuk4AyVQBuKb8NaP+6IIQvonjaKlW36IgMLfqy3ztJ+mW8/TqwvoNfRhr847D7aRz+eR/qX/1pg8ZvP/c/YnyX5U9vk/P396TxLfrVn9M0H8dv//PwL/TfgJ+vsJ/+DQ==
63 changes: 62 additions & 1 deletion spec/spid/slo_response_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,68 @@
require "spec_helper"

RSpec.describe Spid::SloResponse do
subject { described_class.new }
subject(:slo_response) do
described_class.new(body: spid_response, slo_settings: slo_settings)
end

let(:spid_response) do
File.read(generate_fixture_path("slo-response.base64"))
end

let(:slo_settings) do
Spid::SloSettings.new(
service_provider_configuration: service_provider_configuration,
identity_provider_configuration: identity_provider_configuration,
session_index: session_index
)
end

let(:identity_provider_configuration) do
Spid::IdentityProviderConfiguration.new(
idp_metadata: idp_metadata
)
end

let(:service_provider_configuration) do
Spid::ServiceProviderConfiguration.new(
host: host,
sso_path: "/sso",
slo_path: "/slo",
metadata_path: "/metadata",
digest_method: Spid::SHA256,
signature_method: Spid::RSA_SHA256,
private_key_file_path: generate_fixture_path("private-key.pem"),
certificate_file_path: generate_fixture_path("certificate.pem")
)
end

let(:host) { "https://service.provider" }
let(:session_index) { "a-session-index" }

let(:idp_metadata) do
File.read(generate_fixture_path("identity-provider-metadata.xml"))
end

it { is_expected.to be_a described_class }

it "requires a body" do
expect(slo_response.body).to eq spid_response
end

it "requires a saml_settings configuration" do
expect(slo_response.slo_settings).to eq slo_settings
end

context "when response conforms to the request" do
it { is_expected.to be_valid }
end

context "when response isn't conform to the request" do
before do
allow(slo_settings).
to receive(:idp_entity_id) { "https://another-identity.provider" }
end

it { is_expected.not_to be_valid }
end
end

0 comments on commit 81f1e61

Please sign in to comment.