[feat] Allow SP config force signature validation #16
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Zogoo
force-pushed
the
feature/support_all_metadata_attr_for_sp_config
branch
from
db81230 to
bb558c2
Compare
Zogoo
force-pushed
the
feature/support_all_metadata_attr_for_sp_config
branch
from
bb558c2 to
72843b1
Compare
Zogoo
force-pushed
the
feature/support_all_metadata_attr_for_sp_config
branch
from
982ba16 to
d38395f
Compare
Zogoo
added a commit
that referenced
this pull request
Nov 1, 2024
…lidation (saml-idp#224) * Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <[email protected]> * [feat] Don’t ignore certificates without usage (#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <[email protected]> * wip add error collector * Fix type and rewrite request with proper validation test cases * Try with proper way to update helper method (#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <[email protected]> Co-authored-by: zogoo <[email protected]> * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. * [feat] Collect request validation errors (#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <[email protected]> * Support lowercase percent-encoded sequences for URL encoding (#20) Co-authored-by: zogoo <[email protected]> * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here * Let's not break anything for now * Rename correctly --------- Co-authored-by: zogoo <[email protected]> Co-authored-by: Mathieu Jobin <[email protected]>
Zogoo
added a commit
that referenced
this pull request
Nov 5, 2024
* Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <[email protected]> * [feat] Don’t ignore certificates without usage (#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <[email protected]> * Try with proper way to update helper method (#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <[email protected]> Co-authored-by: zogoo <[email protected]> * [feat] Collect request validation errors (#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <[email protected]> * Support lowercase percent-encoded sequences for URL encoding (#20) Co-authored-by: zogoo <[email protected]> * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version * [fix] Gem CI updates for latest versions (#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <[email protected]> * [fix] Allow IdP set reference ID for SAML response (#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <[email protected]> * Fixes for ORIGIN gem --------- Co-authored-by: zogoo <[email protected]> Co-authored-by: Mathieu Jobin <[email protected]>
Zogoo
added a commit
that referenced
this pull request
Jan 21, 2025
* Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <[email protected]> * [feat] Don’t ignore certificates without usage (#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <[email protected]> * Try with proper way to update helper method (#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <[email protected]> Co-authored-by: zogoo <[email protected]> * [feat] Collect request validation errors (#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <[email protected]> * Support lowercase percent-encoded sequences for URL encoding (#20) Co-authored-by: zogoo <[email protected]> * [fix] Gem CI updates for latest versions (#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <[email protected]> * [fix] Allow IdP set reference ID for SAML response (#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <[email protected]> * Support rails 8 for dev env (#23) Co-authored-by: zogoo <[email protected]> * Assertion flag should able switchable by application (#24) Co-authored-by: zogoo <[email protected]> * concurrent-ruby v1.3.5 has removed the dependency on logger --------- Co-authored-by: zogoo <[email protected]> Co-authored-by: Mathieu Jobin <[email protected]>
Zogoo
added a commit
that referenced
this pull request
Jan 22, 2025
* Signable logic with given certificate information * Update unit test with new test certificate * Assertion builder with certificate attribute * Response builder with ceritificate * Use directly provided cert and pv key * Remove config dependency from low layer logics * Use correct attribute name * Remove config dependency from low level logics * Remove config dependency from low level logics and fix test * Revert Proc approach * Switchable assertion signature flag (saml-idp#228) Co-authored-by: zogoo <[email protected]> * MetadataBuilder uses custom configurator (#25) Co-authored-by: Andrea Lorenzetti <[email protected]> * Use concurrent ruby fixed version for test (saml-idp#230) * Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <[email protected]> * [feat] Don’t ignore certificates without usage (#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <[email protected]> * Try with proper way to update helper method (#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <[email protected]> Co-authored-by: zogoo <[email protected]> * [feat] Collect request validation errors (#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <[email protected]> * Support lowercase percent-encoded sequences for URL encoding (#20) Co-authored-by: zogoo <[email protected]> * [fix] Gem CI updates for latest versions (#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <[email protected]> * [fix] Allow IdP set reference ID for SAML response (#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <[email protected]> * Support rails 8 for dev env (#23) Co-authored-by: zogoo <[email protected]> * Assertion flag should able switchable by application (#24) Co-authored-by: zogoo <[email protected]> * concurrent-ruby v1.3.5 has removed the dependency on logger --------- Co-authored-by: zogoo <[email protected]> Co-authored-by: Mathieu Jobin <[email protected]> --------- Co-authored-by: zogoo <[email protected]> Co-authored-by: Massimo Zappino <[email protected]> Co-authored-by: Andrea Lorenzetti <[email protected]> Co-authored-by: Mathieu Jobin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The service provider (SP) has a configuration parameter called "validate_signature" that is intended to enforce signature validation. However, this parameter was never utilized, which led to an issue where the SP configuration couldn't control the validation of authentication requests.