diff --git a/config/application.yml.default b/config/application.yml.default index 1562ace5eba..3b67dda31c3 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -398,7 +398,7 @@ development: recurring_jobs_disabled_names: "[]" s3_report_bucket_prefix: '' s3_report_public_bucket_prefix: '' - saml_endpoint_configs: '[{"suffix":"2021","secret_key_passphrase":"trust-but-verify"},{"suffix":"2022","secret_key_passphrase":"trust-but-verify"}]' + saml_endpoint_configs: '[{"suffix":"2022","secret_key_passphrase":"trust-but-verify"},{"suffix":"2023","secret_key_passphrase":"trust-but-verify"}]' scrypt_cost: 10000$8$1$ secret_key_base: development_secret_key_base session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120 @@ -567,7 +567,7 @@ test: reset_password_email_window_in_minutes: 80 s3_report_bucket_prefix: '' s3_report_public_bucket_prefix: '' - saml_endpoint_configs: '[{"suffix":"2022","secret_key_passphrase":"trust-but-verify"}]' + saml_endpoint_configs: '[{"suffix":"2023","secret_key_passphrase":"trust-but-verify"}]' saml_internal_post: true scrypt_cost: 800$8$1$ secret_key_base: test_secret_key_base diff --git a/config/artifacts.example/local/saml2021.crt b/config/artifacts.example/local/saml2021.crt deleted file mode 100644 index a3a90976e56..00000000000 --- a/config/artifacts.example/local/saml2021.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDajCCAlICCQDiLwemRjMuPDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJV -UzEdMBsGA1UECAwURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNVBAcMCldhc2hp -bmd0b24xDDAKBgNVBAoMA0dTQTESMBAGA1UECwwJTG9naW4uZ292MRIwEAYDVQQD -DAlsb2NhbGhvc3QwHhcNMjEwMjI1MTYzMzU2WhcNMjIwNDAxMTYzMzU2WjB3MQsw -CQYDVQQGEwJVUzEdMBsGA1UECAwURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNV -BAcMCldhc2hpbmd0b24xDDAKBgNVBAoMA0dTQTESMBAGA1UECwwJTG9naW4uZ292 -MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDCBT+T3S3mCjqS/InvU5WwZAYnqUxkNrhzg1wNYUTgw+jpEOcOPCXXesAY -8IfVgQ/AQdMWsg6IQ3cFQG7ZkArVRsXVeJSTH0X91YOCZN3fZF34TQ+lizPppZY2 -sI/4rj255OblZqri09watuez/+L+OhkgZOCWZVIGAG5XZrAsXF3cMr3cU9eegux8 -oduJCL0UtLYqlRY3CCsJodBwDj2wOfhwfd+wMftFgQpbulqyRjMKOfJ89WHY9nZ3 -y40Gi4tEpuhaqqlsZwE128Zra+32ZPayv31KHHd5J7CpJx29fuRroV4M6CIf0Lou -Y5pBCvlBDjiZ3iS3GXf3A+7KL48jAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABMF -7eA2UogL9NBJgAg6+Tu09G/s8+hBhhFUl9/JgPzoxxMmumyqgc/SL1hroceDujFt -dndNCEhCOSxF88XO3JfjYcatxgVIIuIu4BrAnfrfICknNIav35J/46uY5g0qtDWU -ru3DVIQZzBwiKA+6pRt1VL4jHto1qZdEOJJeQTWcSPFPt/y6RTIKTDGs139yH96B -VyJNs+aqb4yMnGhYk9Y685uy+AO9iwJIMuc4U1q0eo/gzJuQZSK26T3eYlXdeTqL -6WnhnFtZtGMM6lPyI+nJxI8w/15Z0sDmFia6qIUCHgT1SBYFhdoUED5Uq/hpp2XF -/YfOQ2zUY9aYuZIWwF4= ------END CERTIFICATE----- diff --git a/config/artifacts.example/local/saml2021.key.enc b/config/artifacts.example/local/saml2021.key.enc deleted file mode 100644 index 6a424ee64de..00000000000 --- a/config/artifacts.example/local/saml2021.key.enc +++ /dev/null @@ -1,33 +0,0 @@ -This is a public example key used for testing and local development. -Even though it appears to be a private key, it is not secret and is intended to be public. - ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIT2qdiG8rutwCAggA -MB0GCWCGSAFlAwQBKgQQdshP+2DFwUsdi5iSAQIwHwSCBNAklzn3KzZPKYt+DQR7 -8619z59keEyGaK+Whptwy64vStLoBvUyMbLCyFx9fAEI+qibgBzep5mn8sRTLlui -MsmrE0xtJhsqeE3+U3jk7lyWfF/zk1ofmiBzVaUMLlBSbrV0fNj5PXjTeoAfTTDC -aXBiZ4N24YLs+lDeEv1g1ZX/JogVd689ClY9jTX14nL5eLkwqOu2febb7yA9gbmn -KwaeEdTTQqolcBH3GkdubBSGmovZkLFodnHN6o5ioFy3FxHveNxRne9i+AZ6xOx+ -rgU71wbp5EWlXB3iRqBSBVy/bqsdBlHlqou0cGxVyxVJOysPRfThC8F2ACzZuBR0 -LPJnexmhxHIl9mvNRgKujV7375HFLmK/2vAd4Ujs07ixpWQrwV1jExJkhbA8mVyj -9WPs5S40RojQDFMgbZZ+UDcT5DKIO9K9pHGoiAyhnRE+JZebGoozxRwcmMubQRmp -T0skC6LtBelf87HGMUzT5hWnIX8tch7HXrcG3/sawvlEs3+bm18dLu0ih/ejsRfE -2iukGzrriL/ivnXY09Red69QjuDs7oPYiYs0oFG1n3u2x6WuHp/wKHdiRi0Z3mdE -zfdNX5c4AW9QlJCj09urR0QX2GUSb/PuimzyN7IFHyCU79XW1jixH2q30BDBQ9Z2 -XFmziARLTGSJ4OTLn0If+PmTAekcGteS9se9nOZ2bFnMEq5YOIIEM0yikciDbBOM -nehCxQonWZF/1DYWNVklsjVd6mOe0wHEUwUUcAbjuqaDIi1UrhKsGBVL6PAdxFVC -Zu1zjABjUwYQPOhIzNSds1CXvCETNikrWDQNMQLMkWhBPiGf2ocHu+1qeLZb4tN1 -JG6I5l5ILQFVGlIme1kwCLnDxPZYul8b1IdlUG2HEdLN8rjhUYtKvqU7MKNqz+gm -AhG1juflPME9XnombtXW/qhZbvm4/Guf51wpZhd9s6hRm5xydCo01X9R4Qz9f0dB -hfTzNM6/GkKsMMTEyjTMryByb+E4AR6DYaFxfmmFIxcEOPQ3cOpwu9EGxL8tIx6t -Bqm5H/6TKGguVxRF4PNrTT/1r1c3TQOPstBQe/bMTb5+LHkxq423xPNaS7B4jTow -pUVrpCnHXBciQiDAdZy1VW2It/ilYaUkFDGAF7aATI8BzLlZ9mBC55IH5oW9hmdm -jd2wKS4OR3qfNIRBebHEinWNq0LvwRoGisPTdE+5QqO4l5nswbF4XTUQ7wue2jg3 -8m2K8WrTxrDZD40YtSjI4akWs+433C/SqmN4uKDCr5oTGjksDbM+gFcLGazROatU -dnoLHLRFF/PP4OYpjS+hALYXAagWQ2I4A/9ZAA4gODClJKFA9x6P88G76OaxDyOk -DR4kaRUW6GfnyJxeiY7YEiCNGl91LdjGNYsb06UOGF0+D+caeOgacgux88Lma+r7 -zSPoKR2ijDCVoU5CysR6pXNl3iPXZPj8aUrBAWozObUBB66XiYpWIZ+goqjGjJGm -/w23daBF57shAFge9tmbHJDeaRiju9M4C3UgLDFxmMf+GtywEBUBJ+K5xSVF08JO -jClUlvFTOLUY8QkOWyWgRs9NhaDUtctZElHR9KqnSd5aHr0+atwPzO4LlMYqyOIY -AHO2OUTG3hCglQDmDZ9W9M8Kog== ------END ENCRYPTED PRIVATE KEY----- diff --git a/config/artifacts.example/local/saml2023.crt b/config/artifacts.example/local/saml2023.crt deleted file mode 120000 index 3adf05b96cb..00000000000 --- a/config/artifacts.example/local/saml2023.crt +++ /dev/null @@ -1 +0,0 @@ -saml2022.crt \ No newline at end of file diff --git a/config/artifacts.example/local/saml2023.crt b/config/artifacts.example/local/saml2023.crt new file mode 100644 index 00000000000..914a417e994 --- /dev/null +++ b/config/artifacts.example/local/saml2023.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDajCCAlICCQCbZpJCM572hTANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJV +UzEdMBsGA1UECAwURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNVBAcMCldhc2hp +bmd0b24xDDAKBgNVBAoMA0dTQTESMBAGA1UECwwJTG9naW4uZ292MRIwEAYDVQQD +DAlsb2dpbi5nb3YwHhcNMjMwNDA0MTYwNzIxWhcNMjQwNDAyMTYwNzIxWjB3MQsw +CQYDVQQGEwJVUzEdMBsGA1UECAwURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNV +BAcMCldhc2hpbmd0b24xDDAKBgNVBAoMA0dTQTESMBAGA1UECwwJTG9naW4uZ292 +MRIwEAYDVQQDDAlsb2dpbi5nb3YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCdToDm3/j0j0PMjca8bc7H0H3FNSTW4l6hpUSywkC/kg2fZ5W6f0hIYYID +TbDYAkpeIiKKE/FDI3TlaQT9+LLe6AbkelLmteS+wMehCPtaBPeRfHKaRNQKsSTk +c5JAf4OWaZKj+F3Fu0e5+dJ2nuYcT2VV7DLoG3KKTw+pcHuXCQZfrPbquyyNbKvo +K4ELVIueQQ5F3EiahP3XchGw+H5FCH5QJPVl57WaCB2gLM8kueELKIzta7roIYHf +GEhdaC71ZYCjGRvsKtAqomNdL2Je67E56dEwJ1fWS242PkSvQTH5vtkYzelE2H9m +V+sPf5lLfc599iLZoTemEe5p6NydAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAH88 +Yl+KbT3NPjrXH7SITWr1wOIemJ8b2/vukz7aS9TiTJnlw6IzsLnD+tiJa1q5CO23 +3/NCaa6piocbD1fC/H7PB6lXu+0ypMwpaStTThpxbpQ6bMUklxKKFyuaX5RpNZn4 +YicYGEnCr7h70+R/01ztgYNOzNdgM6MjHMvEnb8KVkuckuCE1JUoX+LxaE9cxkxX +Auwdct14efBFuyB2HgvWUvqvjN9NDhfS6BG5FgTZWpWJnn7xmjUNUfq1VC4XHQsv +mqoPiDhR1GwB191ZVz7Rq00yysfr7tSUJeWp//5GPZRjSZsrs1wtO6x/tFjngELl +d0/LPNS3OWvaMvvGzgc= +-----END CERTIFICATE----- diff --git a/config/artifacts.example/local/saml2023.key.enc b/config/artifacts.example/local/saml2023.key.enc deleted file mode 120000 index 35bacae1de4..00000000000 --- a/config/artifacts.example/local/saml2023.key.enc +++ /dev/null @@ -1 +0,0 @@ -saml2022.key.enc \ No newline at end of file diff --git a/config/artifacts.example/local/saml2023.key.enc b/config/artifacts.example/local/saml2023.key.enc new file mode 100644 index 00000000000..c1c1a03fa5d --- /dev/null +++ b/config/artifacts.example/local/saml2023.key.enc @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIfgN2KJrydvECAggA +MB0GCWCGSAFlAwQBKgQQEF8wtPY1ps4bJfQ4sV0xeQSCBND598BOsn9cAgqBGUEE +yQgCp+DIpDKFmgwXOiFjjuY1H3vsAFh0lhOoWN2z2UsAWUq8RwWs41UNSajgUllq +wPP3dm+U2BG661AmZEj5+fJ6ckCLX+BZHcv2bjx7cRF8oMv3Z1wlmTvxyARcFlct +b5Rxjl+moDwuBGFUaCg80hL2NZmUSuf/GZ5bj5yHZqGdc/KAXRts6knqLfsBxhrh +uECYUaz11NRN+JCNg8TcQSUJs01QVrhS7MrNhr1WGIwdIYg0AsqHqluzKr4nzjqG +u8vfRV7oraUhNDKrfXfxjGcyy/o4zYnuJO3zBRWPV4Ueesf3efGY3bNyZzoY2BrD +ZlpQwHf7NmANZqHnCAH9dDrk3mcNkfPEnSs/oguhIk05ZHMaZeGR+bIJd1LjxjLY +KOhgw9u+I4WR35GsZRFArwUnHfvAcLTwBbsChMk7ykj16F/rdIknMWiyZX3p31Cm +ZW/tB5j4lm9caA9iPn/d3S/H7O3zG3SSuwQvrwQguImqEegMq2FA6MLT+66R+DU/ +AB/M8WgwIhaLWr136GhGBjJO4Tm21DrNjHzS8NYWcXL8PWdDgagwbTGAL6jLLulr +iCrkEsQoNzX11WiwYgmhrPLKVqophHK4v3dzuY+naMV5GekqhPA+8IfWZfvmizb7 +LVoxb6TKBI0U3p31lhRI9car+Yxa7z5ZSAl0n03TCeZOYvUmKAwj81E23g1XC3Fx ++xB+nrDWQQjvD+ZRXQxqUg58o0qitM9tKsIkh2Qj4IRpATTyTyNO40seGni8AWsU +ftsll8OVWEdHlnOGLNjSPC/uVMYSa8YOcv+xIqErty2Q40yrOsXufX0ompzONNZH +rUbifoY3T8En88m7wCDBQAw38pUdgPniL0VyADdvkc4To5pjkK7B4g7fD+WbjdrD +V7UhU+4wxZkSK9ijaq/4Cj/ZIg5m29qOoCtI/vn2A/DnhLJmomQ8B21xgtUsa/pM +Pi1Z4rz2OLEND1EPuJSm/xijxVGUgYpkOYHoRQmvbpPst9FvXPIXcBdpahbVvqOq +Iv8LcKatTKqTjxyXoOxxUWQ16MYXaOSk8sEbDYqp/YK2N9ItIPiHiYio/Wt+uQM8 +/VbyZGY+e0O9mAGtoWLDuqCziH5HHXjH7sX0mJmrVCc8V7eKewEEYT6jCjvOMG+V +tABCJQXoaOV8Tk5f3rMDVYg+DQaqFfuvOEahj0CLm4xLuEK9mGvNz7HjxgPjRfS1 +CFn93oBKnhJbzeEkNEHWw2sG1/twiOjhSkMs5CbdcpAjm6wNoKE3/e23HbUuFGos +yOb/2mm5oAr/EjBCUSilyNSkIuUTzIKnootLJ4bxHmTHFlpJlYvFBKWT7RIRT21g +LErRAgUHF/f93yNjgEbdzf8lzKfYWBnZK1E2RGbVay3W1OtQQ7Om01CbKd0THt9y +4bwD/rS29+xa4NVImMXmq/aftLLoedaY9TWHz2FOInXhms9vw0wsehmc1aoQ1yrl +DVx+T7raO6YJ8MK385ryjupsZd4J5dYcvHjlkpnZOyvVyzfdNqHvVhtfd765d5rw +GyX2UKPByjECQskxKjeqadjZ8zaAecW/4ujg0wcmdX7l4lfXcdy6+0WiPr3qBwQE +hrcBC92oNEzyorgjdcMEz2RATw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/config/initializers/app_artifacts.rb b/config/initializers/app_artifacts.rb index 3fb55aacb11..ae5ecd48941 100644 --- a/config/initializers/app_artifacts.rb +++ b/config/initializers/app_artifacts.rb @@ -2,8 +2,6 @@ AppArtifacts.setup do |store| # When adding or removing certs, make sure to update the 'saml_endpoint_configs' config - store.add_artifact(:saml_2021_cert, '/%s/saml2021.crt') - store.add_artifact(:saml_2021_key, '/%s/saml2021.key.enc') store.add_artifact(:saml_2022_cert, '/%s/saml2022.crt') store.add_artifact(:saml_2022_key, '/%s/saml2022.key.enc') store.add_artifact(:saml_2023_cert, '/%s/saml2023.crt') diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 6ac9d6990cf..215f3da082f 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -402,7 +402,7 @@ def index end context 'with a SAML request' do - let(:sp_session_request_url) { '/api/saml/auth2022' } + let(:sp_session_request_url) { '/api/saml/auth2023' } it 'returns the saml completion url' do expect(url_with_updated_params).to eq complete_saml_url end @@ -440,9 +440,9 @@ def index context 'with saml_internal_post feature flag set to false' do before { allow(IdentityConfig.store).to receive(:saml_internal_post).and_return false } context 'with a SAML request' do - let(:sp_session_request_url) { '/api/saml/auth2022?SAMLRequest=blah' } + let(:sp_session_request_url) { '/api/saml/auth2023?SAMLRequest=blah' } it 'returns the original request url' do - expect(url_with_updated_params).to eq '/api/saml/auth2022?SAMLRequest=blah' + expect(url_with_updated_params).to eq '/api/saml/auth2023?SAMLRequest=blah' end end diff --git a/spec/controllers/saml_completion_controller_spec.rb b/spec/controllers/saml_completion_controller_spec.rb index ec38e62af35..fd6cbb8105c 100644 --- a/spec/controllers/saml_completion_controller_spec.rb +++ b/spec/controllers/saml_completion_controller_spec.rb @@ -20,7 +20,7 @@ Signature: signature, } end - let(:sp_session_request_url) { 'http://example.gov/api/saml/auth2022' } + let(:sp_session_request_url) { 'http://example.gov/api/saml/auth2023' } before do expect(controller).to receive(:sp_session).at_least(:once).and_return( diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb index 456d874848f..27f9df1d08a 100644 --- a/spec/controllers/saml_idp_controller_spec.rb +++ b/spec/controllers/saml_idp_controller_spec.rb @@ -562,7 +562,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: authn_context, service_provider: sp1_issuer, - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -703,7 +703,7 @@ def name_id_version(format_urn) authn_context_comparison: 'minimum', requested_ial: 'ialmax', service_provider: sp1_issuer, - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1241,7 +1241,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: false, @@ -1282,7 +1282,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: 'none', service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1319,7 +1319,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1354,7 +1354,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: auth_settings.issuer, - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1426,7 +1426,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1458,7 +1458,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: auth_settings.issuer, - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1490,7 +1490,7 @@ def name_id_version(format_urn) authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -1505,7 +1505,7 @@ def name_id_version(format_urn) describe 'HEAD /api/saml/auth', type: :request do it 'responds with "403 Forbidden"' do - head '/api/saml/auth2022?SAMLRequest=bang!' + head '/api/saml/auth2023?SAMLRequest=bang!' expect(response.status).to eq(403) end @@ -1677,7 +1677,7 @@ def name_id_version(format_urn) ds: Saml::XML::Namespaces::SIGNATURE, ) - crt = AppArtifacts.store.saml_2022_cert + crt = AppArtifacts.store.saml_2023_cert expect(element.text).to eq(crt.split("\n")[1...-1].join("\n").delete("\n")) end @@ -1980,7 +1980,7 @@ def stub_auth authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: true, finish_profile: false, request_signed: false, @@ -2025,7 +2025,7 @@ def stub_requested_attributes authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: false, request_signed: true, @@ -2061,7 +2061,7 @@ def stub_requested_attributes authn_context_comparison: 'exact', requested_ial: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, service_provider: 'http://localhost:3000', - endpoint: '/api/saml/auth2022', + endpoint: '/api/saml/auth2023', idv: false, finish_profile: true, request_signed: true, diff --git a/spec/features/reports/authorization_count_spec.rb b/spec/features/reports/authorization_count_spec.rb index 525a4e0f340..034add6b303 100644 --- a/spec/features/reports/authorization_count_spec.rb +++ b/spec/features/reports/authorization_count_spec.rb @@ -306,7 +306,7 @@ def expect_ial1_and_ial2_count(issuer) def reset_monthly_auth_count_and_login(user) SpReturnLog.delete_all - visit api_saml_logout2022_path + visit api_saml_logout2023_path sign_in_live_with_2fa(user) end end diff --git a/spec/features/saml/multiple_endpoints_spec.rb b/spec/features/saml/multiple_endpoints_spec.rb index 53f9e82a694..63ca9f0e2e7 100644 --- a/spec/features/saml/multiple_endpoints_spec.rb +++ b/spec/features/saml/multiple_endpoints_spec.rb @@ -4,7 +4,7 @@ include SamlAuthHelper include IdvHelper - let(:endpoint_suffix) { '2022' } + let(:endpoint_suffix) { '2023' } let(:user) { create(:user, :signed_up) } let(:endpoint_saml_settings) do diff --git a/spec/features/saml/redirect_uri_validation_spec.rb b/spec/features/saml/redirect_uri_validation_spec.rb index bbe608042e1..75a15ae18c6 100644 --- a/spec/features/saml/redirect_uri_validation_spec.rb +++ b/spec/features/saml/redirect_uri_validation_spec.rb @@ -6,7 +6,7 @@ context 'when redirect_uri param is included in SAML request' do it 'uses the return_to_sp_url URL and not the redirect_uri' do user = create(:user, :signed_up) - visit api_saml_auth2022_path( + visit api_saml_auth2023_path( SAMLRequest: CGI.unescape(saml_request(saml_settings)), redirect_uri: 'http://evil.com', state: '123abc', diff --git a/spec/features/saml/saml_logout_spec.rb b/spec/features/saml/saml_logout_spec.rb index caed7d6f1ae..69cf3d71516 100644 --- a/spec/features/saml/saml_logout_spec.rb +++ b/spec/features/saml/saml_logout_spec.rb @@ -120,7 +120,7 @@ }, ) - expect(current_path).to eq(api_saml_logout2022_path) + expect(current_path).to eq(api_saml_logout2023_path) expect(page.driver.status_code).to eq(400) # The user should be signed in @@ -134,7 +134,7 @@ it 'logs the user out and redirects to the sign in page' do sign_in_and_2fa_user(user) - visit api_saml_logout2022_path + visit api_saml_logout2023_path expect(page).to have_content(t('devise.sessions.signed_out')) expect(page).to have_current_path(root_path) diff --git a/spec/features/saml/saml_spec.rb b/spec/features/saml/saml_spec.rb index 0d6c2cd56c3..36febbce457 100644 --- a/spec/features/saml/saml_spec.rb +++ b/spec/features/saml/saml_spec.rb @@ -226,7 +226,7 @@ it 'redirects to root' do travel(Devise.timeout_in + 1.second) do - visit api_saml_logout2022_url + visit api_saml_logout2023_url expect(page.current_path).to eq('/') end end diff --git a/spec/lib/app_artifacts_spec.rb b/spec/lib/app_artifacts_spec.rb index c6331545552..4df950e0f0c 100644 --- a/spec/lib/app_artifacts_spec.rb +++ b/spec/lib/app_artifacts_spec.rb @@ -43,10 +43,10 @@ context 'when running locally' do it 'reads the artifact from the example folder' do store = instance.build do |store| - store.add_artifact(:test_artifact, '/%s/saml2021.crt') + store.add_artifact(:test_artifact, '/%s/saml2022.crt') end - file_path = Rails.root.join('config', 'artifacts.example', 'local', 'saml2021.crt') + file_path = Rails.root.join('config', 'artifacts.example', 'local', 'saml2022.crt') contents = File.read(file_path) expect(store.test_artifact).to eq(contents) expect(store['test_artifact']).to eq(contents) @@ -65,12 +65,12 @@ it 'allows a block to be used to transform values' do store = instance.build do |store| - store.add_artifact(:test_artifact, '/%s/saml2021.crt') do |cert| + store.add_artifact(:test_artifact, '/%s/saml2022.crt') do |cert| OpenSSL::X509::Certificate.new(cert) end end - file_path = Rails.root.join('config', 'artifacts.example', 'local', 'saml2021.crt') + file_path = Rails.root.join('config', 'artifacts.example', 'local', 'saml2022.crt') contents = File.read(file_path) expect(store.test_artifact).to be_a(OpenSSL::X509::Certificate) expect(store.test_artifact.to_pem).to eq(contents) @@ -80,7 +80,7 @@ describe '#method_missing' do it 'runs methods based on the configd artifact keys' do store = instance.build do |store| - store.add_artifact(:test_artifact, '/%s/saml2021.crt') + store.add_artifact(:test_artifact, '/%s/saml2022.crt') end expect { store.test_artifact }.to_not raise_error diff --git a/spec/services/saml_endpoint_spec.rb b/spec/services/saml_endpoint_spec.rb index ca059b822ab..8f3b4f4834d 100644 --- a/spec/services/saml_endpoint_spec.rb +++ b/spec/services/saml_endpoint_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' describe SamlEndpoint do - let(:path) { '/api/saml/auth2022' } + let(:path) { '/api/saml/auth2023' } let(:request) do request_double = double allow(request_double).to receive(:path).and_return(path) @@ -14,7 +14,7 @@ it 'should list the suffixes that are configured' do result = described_class.suffixes - expect(result).to eq(%w[2022]) + expect(result).to eq(%w[2023]) end end @@ -24,7 +24,7 @@ expect(result).to eq( [ - { suffix: '2022', secret_key_passphrase: 'trust-but-verify' }, + { suffix: '2023', secret_key_passphrase: 'trust-but-verify' }, ], ) end @@ -36,7 +36,7 @@ subject.secret_key.to_pem, ).to eq( OpenSSL::PKey::RSA.new( - AppArtifacts.store.saml_2022_key, + AppArtifacts.store.saml_2023_key, 'trust-but-verify', ).to_pem, ) @@ -66,7 +66,7 @@ expect( subject.x509_certificate, ).to eq( - AppArtifacts.store.saml_2022_cert, + AppArtifacts.store.saml_2023_cert, ) end end @@ -75,7 +75,7 @@ it 'returns the saml metadata with the suffix added to the urls' do result = subject.saml_metadata - expect(result.configurator.single_service_post_location).to match(%r{api/saml/auth2022\Z}) + expect(result.configurator.single_service_post_location).to match(%r{api/saml/auth2023\Z}) end it 'does not include the SingLogoutService endpoints when configured' do @@ -93,10 +93,10 @@ result = subject.saml_metadata expect(result.configurator.single_logout_service_post_location).to match( - %r{api/saml/logout2022\Z}, + %r{api/saml/logout2023\Z}, ) expect(result.configurator.remote_logout_service_post_location).to match( - %r{api/saml/remotelogout2022\Z}, + %r{api/saml/remotelogout2023\Z}, ) end end diff --git a/spec/support/idv_examples/sp_requested_attributes.rb b/spec/support/idv_examples/sp_requested_attributes.rb index e06efed3f06..f61de453275 100644 --- a/spec/support/idv_examples/sp_requested_attributes.rb +++ b/spec/support/idv_examples/sp_requested_attributes.rb @@ -71,7 +71,7 @@ if javascript_enabled? expect(current_path).to eq(test_saml_decode_assertion_path) else - expect(current_url).to include(api_saml_auth2022_url) + expect(current_url).to include(api_saml_auth2023_url) end end end diff --git a/spec/support/saml_auth_helper.rb b/spec/support/saml_auth_helper.rb index 0973f2a1993..a0fe9c8c2ca 100644 --- a/spec/support/saml_auth_helper.rb +++ b/spec/support/saml_auth_helper.rb @@ -23,8 +23,8 @@ def saml_settings(overrides: {}) settings.double_quote_xml_attribute_values = true # IdP setting - settings.idp_sso_target_url = "http://#{IdentityConfig.store.domain_name}/api/saml/auth2022" - settings.idp_slo_target_url = "http://#{IdentityConfig.store.domain_name}/api/saml/logout2022" + settings.idp_sso_target_url = "http://#{IdentityConfig.store.domain_name}/api/saml/auth2023" + settings.idp_slo_target_url = "http://#{IdentityConfig.store.domain_name}/api/saml/logout2023" settings.idp_cert_fingerprint = idp_fingerprint settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2001/04/xmlenc#sha256' @@ -79,7 +79,7 @@ def saml_logout_request_url(overrides: {}, params: {}) end def saml_remote_logout_request_url(overrides: {}, params: {}) - overrides[:idp_slo_target_url] = "http://#{IdentityConfig.store.domain_name}/api/saml/remotelogout2022" + overrides[:idp_slo_target_url] = "http://#{IdentityConfig.store.domain_name}/api/saml/remotelogout2023" logout_request.create( saml_settings(overrides: overrides), params, @@ -108,12 +108,12 @@ def saml_get_auth(settings) def saml_post_auth(saml_request) # POST redirect binding Authn Request - request.path = '/api/saml/authpost2022' + request.path = '/api/saml/authpost2023' post :auth, params: { SAMLRequest: CGI.unescape(saml_request) } end def saml_final_post_auth(saml_request) - request.path = '/api/saml/finalauthpost2022' + request.path = '/api/saml/finalauthpost2023' post :auth, params: { SAMLRequest: CGI.unescape(saml_request) } end @@ -130,7 +130,7 @@ def saml_test_sp_key end def saml_test_idp_cert - AppArtifacts.store.saml_2022_cert + AppArtifacts.store.saml_2023_cert end public