Skip to content
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v2.0.0'
gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0'
gem 'identity-idp-functions', github: '18F/identity-idp-functions', ref:'d9241bdfea85a76c170e456a89'
gem 'identity-telephony', github: '18f/identity-telephony', tag: 'v0.1.12'
gem 'identity_validations', github: '18F/identity-validations', branch: 'main'
gem 'identity_validations', github: '18F/identity-validations', tag: 'v0.4.0'
gem 'json-jwt', '>= 1.11.0'
gem 'jwt'
gem 'local_time'
Expand Down
6 changes: 3 additions & 3 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,10 @@ GIT

GIT
remote: https://github.com/18F/identity-validations.git
revision: 26253af02f472d3023062efd5c7a3920b0db5f9c
branch: main
revision: fc8bfdd3903b737ee218a0ab515a244031536b4d
tag: v0.4.0
specs:
identity_validations (0.3.2)
identity_validations (0.4.0)

GIT
remote: https://github.com/18F/saml_idp.git
Expand Down
1 change: 0 additions & 1 deletion app/models/null_service_provider.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ class NullServiceProvider
assertion_consumer_logout_service_url
attribute_bundle
block_encryption
cert
certs
created_at
default_aal
Expand Down
4 changes: 2 additions & 2 deletions app/models/service_provider.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
require 'identity_validations'

class ServiceProvider < ApplicationRecord
self.ignored_columns = %w[deal_id agency aal fingerprint]
self.ignored_columns = %w[deal_id agency aal fingerprint cert]

belongs_to :agency

Expand Down Expand Up @@ -32,7 +32,7 @@ def metadata

# @return [Array<OpenSSL::X509::Certificate>]
def ssl_certs
@ssl_certs ||= (certs.presence || Array(cert)).map do |cert|
@ssl_certs ||= Array(certs).map do |cert|
OpenSSL::X509::Certificate.new(load_cert(cert))
end
end
Expand Down
6 changes: 5 additions & 1 deletion app/services/service_provider_updater.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ class ServiceProviderUpdater
updated_at
].to_set.freeze

SP_IGNORED_ATTRIBUTES = %i[
Comment thread
orenyk marked this conversation as resolved.
cert
]

def run
dashboard_service_providers.each do |service_provider|
update_local_caches(HashWithIndifferentAccess.new(service_provider))
Expand Down Expand Up @@ -43,7 +47,7 @@ def sync_model(sp, cleaned_attributes)
end

def cleaned_service_provider(service_provider)
service_provider.except(*SP_PROTECTED_ATTRIBUTES)
service_provider.except(*SP_PROTECTED_ATTRIBUTES, *SP_IGNORED_ATTRIBUTES)
end

def url
Expand Down
75 changes: 50 additions & 25 deletions config/service_providers.localdev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@ test:
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 2
attribute_bundle:
Expand All @@ -54,7 +55,8 @@ test:
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 2
default_aal: 3
Expand All @@ -76,7 +78,8 @@ test:
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP requesting signed response message'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 1
attribute_bundle:
Expand All @@ -96,7 +99,8 @@ test:
- 'http://example.com/auth/result'
- 'http://example.com/logout'
friendly_name: 'Test SP requesting signed response message'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
logo: 'generic.svg'
ial: 1
attribute_bundle:
Expand All @@ -109,15 +113,17 @@ test:
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
allow_prompt_login: true

'https://rp3.serviceprovider.com/auth/saml/metadata':
acs_url: 'http://example.com/test/saml/decode_assertion'
assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
ial: 2
friendly_name: 'Test SP'
allow_prompt_login: true
Expand All @@ -138,7 +144,8 @@ test:
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/signout'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Example iOS App'
agency: '18F'
agency_id: 1
Expand All @@ -152,7 +159,8 @@ test:
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/signout'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Example app that disallows prompt=login'
agency: '18F'
agency_id: 1
Expand All @@ -165,7 +173,8 @@ test:
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/logout'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Example iOS App'
agency: '18F'
agency_id: 1
Expand All @@ -179,7 +188,8 @@ test:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
- 'http://www.example.com/test/oidc'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
assertion_consumer_logout_service_url: ''
ial: 2
Expand All @@ -191,7 +201,8 @@ test:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
- 'http://www.example.com/test/oidc'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
assertion_consumer_logout_service_url: ''
ial: 2
Expand All @@ -202,7 +213,8 @@ test:
redirect_uris:
- 'http://localhost:7654/auth/result'
- 'https://example.com'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP'
assertion_consumer_logout_service_url: ''
ial: 2
Expand All @@ -211,7 +223,8 @@ test:

'test_sp_with_default_help_text':
agency_id: 2
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP with default help text'
ial: 2
help_text:
Expand Down Expand Up @@ -255,7 +268,8 @@ test:

'test_sp_with_custom_help_text':
agency_id: 2
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Test SP with custom help text'
ial: 2
help_text:
Expand All @@ -278,7 +292,8 @@ test:
assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
sp_initiated_login_url: 'http://localhost:3000/test/saml'
block_encryption: 'none'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
agency: 'Test Government Agency'
agency_id: 1
uuid_priority: 10
Expand All @@ -297,7 +312,8 @@ test:
redirect_uris:
- 'gov.gsa.openidconnect.test://result'
- 'gov.gsa.openidconnect.test://result/signout'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
friendly_name: 'Example iOS App (inactive)'
agency: '18F'
agency_id: 1
Expand All @@ -316,7 +332,8 @@ development:
assertion_consumer_logout_service_url: 'http://localhost:3000/test/saml/decode_slo_request'
block_encryption: 'aes256-cbc'
sp_initiated_login_url: 'http://localhost:3000/test/saml'
cert: 'saml_test_sp'
certs:
- 'saml_test_sp'
fingerprint: '08:79:F5:B1:B8:CC:EC:8F:5C:2A:58:03:30:14:C9:E6:F1:67:78:F1:97:E8:3A:88:EB:8E:70:92:25:D2:2F:32'
logo: 'generic.svg'
agency: 'GSA'
Expand All @@ -328,7 +345,8 @@ development:
sp_initiated_login_url: 'http://localhost:4567/test/saml'
assertion_consumer_logout_service_url: 'http://localhost:4567/slo_logout'
block_encryption: 'aes256-cbc'
cert: 'sp_sinatra_demo'
certs:
- 'sp_sinatra_demo'
ial: 2
attribute_bundle:
- email
Expand All @@ -338,7 +356,8 @@ development:
assertion_consumer_logout_service_url: 'http://localhost:3000/auth/saml/logout'
sp_initiated_login_url: 'http://localhost:3000/admin/sign_in'
block_encryption: 'aes256-cbc'
cert: 'sp_micropurchase'
certs:
- 'sp_micropurchase'
agency: 'TTS Acquisition'
logo: '18f.svg'
friendly_name: 'Micro-purchase Dev'
Expand All @@ -351,7 +370,8 @@ development:
assertion_consumer_logout_service_url: 'http://localhost:3003/auth/saml/logout'
sp_initiated_login_url: 'http://localhost:3003/login'
block_encryption: 'aes256-cbc'
cert: 'sp_rails_demo'
certs:
- 'sp_rails_demo'
agency: '18F'
agency_id: 1
uuid_priority: 10
Expand All @@ -368,7 +388,8 @@ development:
agency_id: 2
uuid_priority: 30
logo: '18f.svg'
cert: 'identity_dashboard_cert'
certs:
- 'identity_dashboard_cert'
return_to_sp_url: 'http://localhost:3001'
redirect_uris:
- 'http://localhost:3001/auth/logindotgov/callback'
Expand All @@ -391,12 +412,14 @@ development:
- 'http://localhost:9292/'
- 'http://localhost:9292/auth/result'
- 'http://localhost:9292/logout'
cert: 'sp_sinatra_demo'
certs:
- 'sp_sinatra_demo'
friendly_name: 'Example Sinatra App'

'urn:gov:gsa:openidconnect:sp:expressjs':
agency: 'GSA'
cert: 'sp_expressjs_demo'
certs:
- 'sp_expressjs_demo'
friendly_name: 'Example OIDC Client (Express.js)'
logo: '18f.svg'
redirect_uris:
Expand All @@ -405,7 +428,8 @@ development:

'urn:gov:gsa:openidconnect:sp:gin':
agency: 'GSA'
cert: 'sp_gin_demo'
certs:
- 'sp_gin_demo'
friendly_name: 'Example OIDC Client (Gin)'
logo: '18f.svg'
redirect_uris:
Expand All @@ -414,7 +438,8 @@ development:

'urn:gov:gsa:openidconnect:sp:phoenix':
agency: 'GSA'
cert: 'sp_phoenix_demo'
certs:
- 'sp_phoenix_demo'
friendly_name: 'Example OIDC Client (Phoenix)'
logo: '18f.svg'
redirect_uris:
Expand Down
Loading