Merge remote-tracking branch 'remotes/johnnyshields/v2.x-nokogiri-parrtial-upgrade-phase-3' into v2.x-decryption-refactor

johnnyshields · johnnyshields · commit 75c8a0e7a658 · 2025-03-20T01:13:07.000+09:00
diff --git a/README.md b/README.md
@@ -928,7 +928,7 @@ or underscore, and can only contain letters, digits, underscores, hyphens, and p
 ### Custom Metadata Fields
 
 Some IdPs may require to add SPs to add additional fields (Organization, ContactPerson, etc.)
-into the SP metadata. This can be achieved by extending the `RubySaml::Metadata` class and
+into the SP metadata. This can be done by extending the `RubySaml::Metadata` class and
 overriding the `#add_extras` method using a Nokogiri XML builder as per the following example:
 
 ```ruby
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -18,6 +18,12 @@ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
 settings.security[:digest_method] = XMLSecurity::Document::SHA256
 ```
 
+### JRuby users should upgrade to JRuby 1.19 or later
+
+JRuby users should upgrade to Nokogiri gem version 1.19 or later, to avoid 
+[this Nokogiri issue affecting how XML is generated on JRuby](https://github.com/sparklemotion/nokogiri/pull/3456).
+This issue is likely not critical for most IdPs, but since it is not tested, it is recommended to upgrade.
+
 ### Root "OneLogin" namespace changed to "RubySaml"
 
 RubySaml version `2.0.0` changes the root namespace from `OneLogin::RubySaml::` to just `RubySaml::`.
diff --git a/lib/ruby_saml/metadata.rb b/lib/ruby_saml/metadata.rb
@@ -14,10 +14,11 @@ class Metadata
     # @param valid_until [DateTime] Metadata's valid time
     # @param cache_duration [Integer] Duration of the cache in seconds
     # @return [String] XML Metadata of the Service Provider
-    def generate(settings, pretty_print=false, valid_until=nil, cache_duration=nil)
+    def generate(settings, pretty_print = false, valid_until = nil, cache_duration = nil)
       builder = Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
         root_attributes = {
-          'xmlns:md' => 'urn:oasis:names:tc:SAML:2.0:metadata',
+          'xmlns:md' => RubySaml::XML::NS_METADATA,
+          'xmlns:ds' => RubySaml::XML::DSIG,
           'ID' => RubySaml::Utils.uuid,
           'entityID' => settings.sp_entity_id
         }
@@ -151,7 +152,7 @@ def output_xml(meta_doc, pretty_print)
     def add_certificate_element(xml, cert, use)
       cert_text = Base64.strict_encode64(cert.to_der)
       xml['md'].KeyDescriptor('use' => use.to_s) do
-        xml['ds'].KeyInfo('xmlns:ds' => 'http://www.w3.org/2000/09/xmldsig#') do
+        xml['ds'].KeyInfo do
           xml['ds'].X509Data do
             xml['ds'].X509Certificate(cert_text)
           end
