Adding supported for Encrypted SAML #196
Conversation
Now we propertly extract the Decrypted assertion using XPath (Nokogiri) instead of using String Manipulation as was recorded earlier
Tests were failing for the Time based tests. Upgrading the version of Timecop solved the issue.
The gemspec now conditionally loads different versions of timecop depending on the version of ruby
|
Thanks @ksinkar, we will review all this code. We will integrate in the ruby-saml gem the encrypt/decrypt functionality for sure. |
|
@pitbulk, I had a look at the decrypt branch in which you are developing the decrypt functionality. It seems that branch is only able to handle checking of signatures for encrypted assertions. I don't see any code for decrypting the encrypted assertions. Please correct me if I am wrong in the above inference. I am eager to get the decryption functionality into this gem. People have been asking for this functionality for quite some time now. I suggest that you merge my changes into master or the decrypt branch as you see fit. As for the failing tests, it is dependency problem of nokogiri which I have tried to solve by updating the xmlenc gemspec as well, but not yet been able to solve it. If you have any ideas please let me know and I shall solve them pronto. |
|
@ksinkar Here is the code to decrypt assertions: |
|
Replaced by #241. Right now we avoid the use of xmlenc. |
These changes are for adding support for encrypted SAML messages. xmlenc from has been used for encryption and decryption. All existing tests for ruby-saml are passing. I had to upgrade the timecop gem though, for the tests to pass on my local machine. Unfortunately these are failing on Travis CI for REE and 1.8.x
@buffym @googya, could you please check and let me know if this works for your cases of Ping Federate and Encryption otherwise.
#9 #193 #186 #172