Update our main branch with beta changes#7
Open
pelted wants to merge 21 commits into
Open
Conversation
* Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value
* Decode AuthnRequest params to XML format before pass to mock * Drop test case check --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
Co-authored-by: Jon Phenow <jon@jphenow.com>
…aml-idp#217) Co-authored-by: Jon Phenow <jon@jphenow.com>
* Add new versions for CI * Add ruby 3.1 for dev env --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
* Squash commits for saml_idp gem * Add explanation for external attributes of decode_request method --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
…lidation (saml-idp#224) * Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (saml-idp#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Don’t ignore certificates without usage (saml-idp#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * wip add error collector * Fix type and rewrite request with proper validation test cases * Try with proper way to update helper method (saml-idp#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. * [feat] Collect request validation errors (saml-idp#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support lowercase percent-encoded sequences for URL encoding (saml-idp#20) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here * Let's not break anything for now * Rename correctly --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> Co-authored-by: Mathieu Jobin <majobin@mdsol.com>
…#211) * Adds support for multiple multiple x509 certificates, secret keys, and passwords by providing procs in the idp configuration. * Call the proc in the tests * Add documentation in the form of a comment in the README.md * fix extra space * remove additional change * Fix metadata x509 certificate
* Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (saml-idp#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Don’t ignore certificates without usage (saml-idp#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Try with proper way to update helper method (saml-idp#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Collect request validation errors (saml-idp#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support lowercase percent-encoded sequences for URL encoding (saml-idp#20) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version * [fix] Gem CI updates for latest versions (saml-idp#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Allow IdP set reference ID for SAML response (saml-idp#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Fixes for ORIGIN gem --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> Co-authored-by: Mathieu Jobin <majobin@mdsol.com>
Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
* Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (saml-idp#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Don’t ignore certificates without usage (saml-idp#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Try with proper way to update helper method (saml-idp#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Collect request validation errors (saml-idp#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support lowercase percent-encoded sequences for URL encoding (saml-idp#20) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Gem CI updates for latest versions (saml-idp#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Allow IdP set reference ID for SAML response (saml-idp#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support rails 8 for dev env (saml-idp#23) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Assertion flag should able switchable by application (saml-idp#24) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * concurrent-ruby v1.3.5 has removed the dependency on logger --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> Co-authored-by: Mathieu Jobin <majobin@mdsol.com>
…-idp#227) * Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (saml-idp#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Don’t ignore certificates without usage (saml-idp#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Try with proper way to update helper method (saml-idp#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Collect request validation errors (saml-idp#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support lowercase percent-encoded sequences for URL encoding (saml-idp#20) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Gem CI updates for latest versions (saml-idp#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Allow IdP set reference ID for SAML response (saml-idp#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support rails 8 for dev env (saml-idp#23) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Signable logic with given certificate information * Update unit test with new test certificate * Assertion builder with certificate attribute * Response builder with ceritificate * Use directly provided cert and pv key * Remove config dependency from low layer logics * Use correct attribute name * Remove config dependency from low level logics * Remove config dependency from low level logics and fix test * Revert Proc approach * Assertion flag should able switchable by application (saml-idp#24) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * concurrent-ruby v1.3.5 has removed the dependency on logger (saml-idp#27) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * MetadataBuilder uses custom configurator (saml-idp#25) Co-authored-by: Andrea Lorenzetti <64900248+andnoz@users.noreply.github.com> --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: Massimo Zappino <99500013+mzappino-noz@users.noreply.github.com> Co-authored-by: Andrea Lorenzetti <64900248+andnoz@users.noreply.github.com>
Fix a load error for the benchmark gem on Rails 6.1 with Ruby 4.0 Remove Ruby 3.2 from CI Matrix following rails-dev (Rails 8.2) support drop Bump actions/checkout from 4 to 6
Co-authored-by: zogoo <chtsogbadrakh@gmail.com>
- Introduced `assertion_extension` attribute in `AssertionBuilder`, `SamlResponse`, and `Controller`. - Updated initialization methods to accept `assertion_extension` as an option. - Enhanced the `build` methods to utilize `assertion_extension` for customizing subject confirmation data and authentication context. - Ensured backward compatibility by maintaining existing functionality when no extension is provided.
- Enhanced comments in the AssertionExtension class to clarify its purpose and usage. - Provided details on the expected implementation of subclasses and alignment with SAML 2.0 specifications. - Added references to external documentation for further specification analysis.
pelted
force-pushed
the
kolide-main-beta
branch
from
2b45b55 to
a09cc25
Compare
|
|
The SubjectConfirmationData extension point previously replaced the entire element, requiring the extension to reimplement standard attributes (Recipient, InResponseTo, NotOnOrAfter). This was inconsistent with the AuthnContextDecl extension point which is additive. Now both extension points behave the same way: standard SAML elements are always emitted, and the extension adds custom content inside them. The SubjectConfirmationData element is always rendered with its standard attributes, and the extension receives the builder to add child elements.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Combines proc lookup and Saml::XML extraction changes into one PR.
These are both PRed upstream as well