Adding idp_sso_service_url and idp_slo_service_url settings

Author: pitbulk

README.md

@@ -261,8 +261,8 @@ def saml_settings
   settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
   settings.sp_entity_id                   = "http://#{request.host}/saml/metadata"
   settings.idp_entity_id                  = "https://app.onelogin.com/saml/metadata/#{OneLoginAppId}"
-  settings.idp_sso_target_url             = "https://app.onelogin.com/trust/saml2/http-post/sso/#{OneLoginAppId}"
-  settings.idp_slo_target_url             = "https://app.onelogin.com/trust/saml2/http-redirect/slo/#{OneLoginAppId}"
+  settings.idp_sso_service_url             = "https://app.onelogin.com/trust/saml2/http-post/sso/#{OneLoginAppId}"
+  settings.idp_slo_service_url             = "https://app.onelogin.com/trust/saml2/http-redirect/slo/#{OneLoginAppId}"
   settings.idp_cert_fingerprint           = OneLoginAppCertFingerPrint
   settings.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha1"
   settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
@@ -327,7 +327,7 @@ class SamlController < ApplicationController
 
     settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
     settings.sp_entity_id                   = "http://#{request.host}/saml/metadata"
-    settings.idp_sso_target_url             = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
+    settings.idp_sso_service_url             = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
     settings.idp_cert_fingerprint           = OneLoginAppCertFingerPrint
     settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
 
@@ -400,8 +400,8 @@ end
 The following attributes are set:
   * idp_entity_id
   * name_identifier_format
-  * idp_sso_target_url
-  * idp_slo_target_url
+  * idp_sso_service_url
+  * idp_slo_service_url
   * idp_attribute_names
   * idp_cert
   * idp_cert_fingerprint
@@ -623,7 +623,7 @@ def sp_logout_request
   # LogoutRequest accepts plain browser requests w/o paramters
   settings = saml_settings
 
-  if settings.idp_slo_target_url.nil?
+  if settings.idp_slo_service_url.nil?
     logger.info "SLO IdP Endpoint not found in settings, executing then a normal logout'"
     delete_session
   else

lib/onelogin/ruby-saml/authrequest.rb

@@ -31,14 +31,14 @@ def initialize
       #
       def create(settings, params = {})
         params = create_params(settings, params)
-        params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?'
+        params_prefix = (settings.idp_sso_service_url =~ /\?/) ? '&' : '?'
         saml_request = CGI.escape(params.delete("SAMLRequest"))
         request_params = "#{params_prefix}SAMLRequest=#{saml_request}"
         params.each_pair do |key, value|
           request_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
         end
-        raise SettingError.new "Invalid settings, idp_sso_target_url is not set!" if settings.idp_sso_target_url.nil? or settings.idp_sso_target_url.empty?
-        @login_url = settings.idp_sso_target_url + request_params
+        raise SettingError.new "Invalid settings, idp_sso_service_url is not set!" if settings.idp_sso_service_url.nil? or settings.idp_sso_service_url.empty?
+        @login_url = settings.idp_sso_service_url + request_params
       end
 
       # Creates the Get parameters for the request.
@@ -108,7 +108,7 @@ def create_xml_document(settings)
         root.attributes['ID'] = uuid
         root.attributes['IssueInstant'] = time
         root.attributes['Version'] = "2.0"
-        root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? or settings.idp_sso_target_url.empty?
+        root.attributes['Destination'] = settings.idp_sso_service_url unless settings.idp_sso_service_url.nil? or settings.idp_sso_service_url.empty?
         root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
         root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
         root.attributes["AttributeConsumingServiceIndex"] = settings.attributes_index unless settings.attributes_index.nil?

lib/onelogin/ruby-saml/idp_metadata_parser.rb

@@ -210,8 +210,8 @@ def to_hash(options = {})
           {
             :idp_entity_id => @entity_id,
             :name_identifier_format => idp_name_id_format,
-            :idp_sso_target_url => single_signon_service_url(options),
-            :idp_slo_target_url => single_logout_service_url(options),
+            :idp_sso_service_url => single_signon_service_url(options),
+            :idp_slo_service_url => single_logout_service_url(options),
             :idp_attribute_names => attribute_names,
             :idp_cert => nil,
             :idp_cert_fingerprint => nil,

lib/onelogin/ruby-saml/settings.rb

@@ -31,8 +31,8 @@ def initialize(overrides = {}, keep_security_attributes = false)
 
       # IdP Data
       attr_accessor :idp_entity_id
-      attr_accessor :idp_sso_target_url
-      attr_accessor :idp_slo_target_url
+      attr_accessor :idp_sso_service_url
+      attr_accessor :idp_slo_service_url
       attr_accessor :idp_cert
       attr_accessor :idp_cert_fingerprint
       attr_accessor :idp_cert_fingerprint_algorithm
@@ -69,6 +69,36 @@ def initialize(overrides = {}, keep_security_attributes = false)
       attr_accessor :assertion_consumer_logout_service_url
       attr_accessor :assertion_consumer_logout_service_binding
       attr_accessor :issuer
+      attr_accessor :idp_sso_target_url
+      attr_accessor :idp_slo_target_url
+
+      # @return [String] IdP Single Sign On Service URL
+      #
+      def idp_sso_service_url
+        val = nil
+        if @idp_sso_service_url.nil?
+          if @idp_sso_target_url
+            val = @idp_sso_target_url
+          end
+        else
+          val = @idp_sso_service_url
+        end
+        val
+      end
+
+      # @return [String] IdP Single Logout Service URL
+      #
+      def idp_slo_service_url
+        val = nil
+        if @idp_slo_service_url.nil?
+          if @idp_slo_target_url
+            val = @idp_slo_target_url
+          end
+        else
+          val = @idp_slo_service_url
+        end
+        val
+      end
 
       # @return [String] SP Entity ID
       #

test/idp_metadata_parser_test.rb

@@ -24,9 +24,9 @@ def initialize; end
       settings = idp_metadata_parser.parse(idp_metadata_descriptor)
 
       assert_equal "https://hello.example.com/access/saml/idp.xml", settings.idp_entity_id
-      assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_target_url
+      assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_service_url
       assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
-      assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_target_url
+      assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_service_url
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
       assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
       assert_equal '2014-04-17T18:02:33.910Z', settings.valid_until
@@ -60,7 +60,7 @@ def initialize; end
       idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
       idp_metadata = idp_metadata_descriptor3
       settings = idp_metadata_parser.parse(idp_metadata)
-      assert_equal "https://idp.example.com/idp/profile/Shibboleth/SSO", settings.idp_sso_target_url
+      assert_equal "https://idp.example.com/idp/profile/Shibboleth/SSO", settings.idp_sso_service_url
     end
 
     it "extract SSO endpoint with specific binding" do
@@ -69,15 +69,15 @@ def initialize; end
       options = {}
       options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
       settings = idp_metadata_parser.parse(idp_metadata, options)
-      assert_equal "https://idp.example.com/idp/profile/SAML2/POST/SSO", settings.idp_sso_target_url
+      assert_equal "https://idp.example.com/idp/profile/SAML2/POST/SSO", settings.idp_sso_service_url
 
       options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
       settings = idp_metadata_parser.parse(idp_metadata, options)
-      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", settings.idp_sso_target_url
+      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", settings.idp_sso_service_url
 
       options[:sso_binding] = ['invalid_binding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
       settings = idp_metadata_parser.parse(idp_metadata, options)
-      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", settings.idp_sso_target_url
+      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", settings.idp_sso_service_url
     end
 
     it "uses settings options as hash for overrides" do
@@ -117,9 +117,9 @@ def initialize; end
       metadata = idp_metadata_parser.parse_to_hash(idp_metadata_descriptor)
 
       assert_equal "https://hello.example.com/access/saml/idp.xml", metadata[:idp_entity_id]
-      assert_equal "https://hello.example.com/access/saml/login", metadata[:idp_sso_target_url]
+      assert_equal "https://hello.example.com/access/saml/login", metadata[:idp_sso_service_url]
       assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", metadata[:idp_cert_fingerprint]
-      assert_equal "https://hello.example.com/access/saml/logout", metadata[:idp_slo_target_url]
+      assert_equal "https://hello.example.com/access/saml/logout", metadata[:idp_slo_service_url]
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", metadata[:name_identifier_format]
       assert_equal ["AuthToken", "SSOStartPage"], metadata[:idp_attribute_names]
       assert_equal '2014-04-17T18:02:33.910Z', metadata[:valid_until]
@@ -153,7 +153,7 @@ def initialize; end
       idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
       idp_metadata = idp_metadata_descriptor3
       metadata = idp_metadata_parser.parse_to_hash(idp_metadata)
-      assert_equal "https://idp.example.com/idp/profile/Shibboleth/SSO", metadata[:idp_sso_target_url]
+      assert_equal "https://idp.example.com/idp/profile/Shibboleth/SSO", metadata[:idp_sso_service_url]
     end
 
     it "extract SSO endpoint with specific binding" do
@@ -162,15 +162,15 @@ def initialize; end
       options = {}
       options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
       parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, options)
-      assert_equal "https://idp.example.com/idp/profile/SAML2/POST/SSO", parsed_metadata[:idp_sso_target_url]
+      assert_equal "https://idp.example.com/idp/profile/SAML2/POST/SSO", parsed_metadata[:idp_sso_service_url]
 
       options[:sso_binding] = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
       parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, options)
-      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", parsed_metadata[:idp_sso_target_url]
+      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", parsed_metadata[:idp_sso_service_url]
 
       options[:sso_binding] = ['invalid_binding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
       parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, options)
-      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", parsed_metadata[:idp_sso_target_url]
+      assert_equal "https://idp.example.com/idp/profile/SAML2/Redirect/SSO", parsed_metadata[:idp_sso_service_url]
     end
 
     it "ignores a given :settings hash" do
@@ -207,8 +207,8 @@ def initialize; end
       settings = idp_metadata_parser.parse(idp_metadata_descriptor2)
 
       assert_equal "https://hello.example.com/access/saml/idp.xml", settings.idp_entity_id
-      assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_target_url
-      assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_target_url
+      assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_service_url
+      assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_service_url
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
       assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
 
@@ -239,9 +239,9 @@ def initialize; end
       settings = idp_metadata_parser.parse_remote(@url)
 
       assert_equal "https://hello.example.com/access/saml/idp.xml", settings.idp_entity_id
-      assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_target_url
+      assert_equal "https://hello.example.com/access/saml/login", settings.idp_sso_service_url
       assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
-      assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_target_url
+      assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_service_url
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
       assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
       assert_equal '2014-04-17T18:02:33.910Z', settings.valid_until
@@ -273,9 +273,9 @@ def initialize; end
       parsed_metadata = idp_metadata_parser.parse_remote_to_hash(@url)
 
       assert_equal "https://hello.example.com/access/saml/idp.xml", parsed_metadata[:idp_entity_id]
-      assert_equal "https://hello.example.com/access/saml/login", parsed_metadata[:idp_sso_target_url]
+      assert_equal "https://hello.example.com/access/saml/login", parsed_metadata[:idp_sso_service_url]
       assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", parsed_metadata[:idp_cert_fingerprint]
-      assert_equal "https://hello.example.com/access/saml/logout", parsed_metadata[:idp_slo_target_url]
+      assert_equal "https://hello.example.com/access/saml/logout", parsed_metadata[:idp_slo_service_url]
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", parsed_metadata[:name_identifier_format]
       assert_equal ["AuthToken", "SSOStartPage"], parsed_metadata[:idp_attribute_names]
       assert_equal '2014-04-17T18:02:33.910Z', parsed_metadata[:valid_until]
@@ -341,9 +341,9 @@ def initialize; end
 
     it "should retreive data" do
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", @settings.name_identifier_format
-      assert_equal "https://hello.example.com/access/saml/login", @settings.idp_sso_target_url
+      assert_equal "https://hello.example.com/access/saml/login", @settings.idp_sso_service_url
       assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", @settings.idp_cert_fingerprint
-      assert_equal "https://hello.example.com/access/saml/logout", @settings.idp_slo_target_url
+      assert_equal "https://hello.example.com/access/saml/logout", @settings.idp_slo_service_url
       assert_equal ["AuthToken", "SSOStartPage"], @settings.idp_attribute_names
       assert_equal '2014-04-17T18:02:33.910Z', @settings.valid_until
     end
@@ -434,8 +434,8 @@ def initialize; end
       assert_equal expected_multi_cert, @settings.idp_cert_multi
       assert_equal "https://idp.examle.com/saml/metadata", @settings.idp_entity_id
       assert_equal "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", @settings.name_identifier_format
-      assert_equal "https://idp.examle.com/saml/sso", @settings.idp_sso_target_url
-      assert_equal "https://idp.examle.com/saml/slo", @settings.idp_slo_target_url
+      assert_equal "https://idp.examle.com/saml/sso", @settings.idp_sso_service_url
+      assert_equal "https://idp.examle.com/saml/slo", @settings.idp_slo_service_url
     end
   end
 
@@ -479,8 +479,8 @@ def initialize; end
       assert_equal expected_multi_cert, @settings.idp_cert_multi
       assert_equal "https://idp.examle.com/saml/metadata", @settings.idp_entity_id
       assert_equal "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", @settings.name_identifier_format
-      assert_equal "https://idp.examle.com/saml/sso", @settings.idp_sso_target_url
-      assert_equal "https://idp.examle.com/saml/slo", @settings.idp_slo_target_url
+      assert_equal "https://idp.examle.com/saml/sso", @settings.idp_sso_service_url
+      assert_equal "https://idp.examle.com/saml/slo", @settings.idp_slo_service_url
     end
   end
 
@@ -519,8 +519,8 @@ def initialize; end
       assert_nil @settings.idp_cert_multi
       assert_equal "https://app.onelogin.com/saml/metadata/383123", @settings.idp_entity_id
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", @settings.name_identifier_format
-      assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_target_url
-      assert_nil @settings.idp_slo_target_url
+      assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_service_url
+      assert_nil @settings.idp_slo_service_url
     end
   end
 
@@ -587,8 +587,8 @@ def initialize; end
       assert_equal expected_multi_cert, @settings.idp_cert_multi
       assert_equal "https://app.onelogin.com/saml/metadata/383123", @settings.idp_entity_id
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", @settings.name_identifier_format
-      assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_target_url
-      assert_nil @settings.idp_slo_target_url
+      assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_service_url
+      assert_nil @settings.idp_slo_service_url
     end
   end
 end

test/logout_responses/logoutresponse_fixtures.rb

@@ -77,8 +77,8 @@ def settings
           :single_logout_service_url => "http://app.muda.no/sso/consume_logout",
           :issuer => "http://app.muda.no",
           :sp_name_qualifier => "http://sso.muda.no",
-          :idp_sso_target_url => "http://sso.muda.no/sso",
-          :idp_slo_target_url => "http://sso.muda.no/slo",
+          :idp_sso_service_url => "http://sso.muda.no/sso",
+          :idp_slo_service_url => "http://sso.muda.no/slo",
           :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
           :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
       }