Metadata signature is always embedded regardless of embed_sign setting.

Umofomia · Umofomia · commit 60dd4146ca6f · 2015-03-24T10:45:59.000-07:00
diff --git a/README.md b/README.md
@@ -344,7 +344,9 @@ The settings related to sign are stored in the `security` attribute of the setti
   settings.security[:digest_method]    = XMLSecurity::Document::SHA1
   settings.security[:signature_method] = XMLSecurity::Document::SHA1
 
-  settings.security[:embed_sign]        = false                # Embeded signature or HTTP GET parameter Signature
+  # Embeded signature or HTTP GET parameter signature
+  # Note that metadata signature is always embedded regardless of this value.
+  settings.security[:embed_sign] = false
 ```
 
 
diff --git a/lib/onelogin/ruby-saml/metadata.rb b/lib/onelogin/ruby-saml/metadata.rb
@@ -84,7 +84,7 @@ def generate(settings)
         meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
 
         # embed signature
-        if settings.security[:metadata_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
+        if settings.security[:metadata_signed] && settings.private_key && settings.certificate
           private_key = settings.get_sp_key()
           meta_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
         end
diff --git a/test/metadata_test.rb b/test/metadata_test.rb
@@ -80,7 +80,6 @@ class MetadataTest < Minitest::Test
     describe "when the settings indicate to sign (embedded) the metadata" do
       before do
         settings.security[:metadata_signed] = true
-        settings.security[:embed_sign] = true
         settings.certificate = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
       end
