Conversation
Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
Co-authored-by: Andrea Lorenzetti <64900248+andnoz@users.noreply.github.com>
* Squash commits for saml_idp gem * [feat] Allow SP config force signature validation (#16) * Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Don’t ignore certificates without usage (#17) I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Try with proper way to update helper method (#19) * Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [feat] Collect request validation errors (#18) * wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support lowercase percent-encoded sequences for URL encoding (#20) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Gem CI updates for latest versions (#22) * Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * [fix] Allow IdP set reference ID for SAML response (#21) * Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Support rails 8 for dev env (#23) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * Assertion flag should able switchable by application (#24) Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> * concurrent-ruby v1.3.5 has removed the dependency on logger --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com> Co-authored-by: Mathieu Jobin <majobin@mdsol.com>
|
Great. Will this be merged into saml-idp/saml_idp? |
Owner
Author
|
@hamaron, it's nice to see you here. It’s not merged yet. I would like to test the behavior of my project, and if everything works well, let me merge it with the "saml_idp" side. Meanwhile, if you could also test it somewhere, that would be a great help for me. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR removes public and private key dependency from low-layer logic. This will allow the application to directly pass the certificates to the signing logic instead of using a config that is shared between threads.
At the controller level, I am still passing config values if the value is not provided, which makes it safer for existing gem users.
Additionally, I'm fixing Ruby syntax and hash arguments to make it developer-friendly.
This PR will revert the Proc approach for setting the certificate and private key because I think those approaches are basically trying to achieve the same thing. They need to set up their certificate for each request (not persist the entire app).