Support for "passive" SAML 2.0 AuthnRequest.

Nikos Dimitrakopoulos · Nikos Dimitrakopoulos · commit 8a825f360d3d · 2013-03-26T10:09:42.000+02:00
diff --git a/lib/onelogin/ruby-saml/authrequest.rb b/lib/onelogin/ruby-saml/authrequest.rb
@@ -44,6 +44,7 @@ def create_authentication_xml_doc(settings)
         root.attributes['IssueInstant'] = time
         root.attributes['Version'] = "2.0"
         root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
+        root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
 
         # Conditionally defined elements based on settings
         if settings.assertion_consumer_service_url != nil
diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb
@@ -17,6 +17,7 @@ def initialize(overrides = {})
       attr_accessor :assertion_consumer_logout_service_url
       attr_accessor :compress_request
       attr_accessor :double_quote_xml_attribute_values
+      attr_accessor :passive
 
       private
       
diff --git a/test/request_test.rb b/test/request_test.rb
@@ -46,6 +46,23 @@ class RequestTest < Test::Unit::TestCase
       assert_match /^<samlp:AuthnRequest/, decoded
     end
 
+    should "create the SAMLRequest URL parameter with IsPassive" do
+      settings = Onelogin::Saml::Settings.new
+      settings.idp_sso_target_url = "http://example.com"
+      settings.passive = true
+      auth_url = Onelogin::Saml::Authrequest.new.create(settings)
+      assert auth_url =~ /^http:\/\/example\.com\?SAMLRequest=/
+      payload  = CGI.unescape(auth_url.split("=").last)
+      decoded  = Base64.decode64(payload)
+
+      zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+
+      assert_match /<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated
+    end
+
     should "accept extra parameters" do
       settings = Onelogin::Saml::Settings.new
       settings.idp_sso_target_url = "http://example.com"
diff --git a/test/settings_test.rb b/test/settings_test.rb
@@ -11,7 +11,8 @@ class SettingsTest < Test::Unit::TestCase
         :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
         :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
         :idp_slo_target_url, :name_identifier_value, :sessionindex,
-        :assertion_consumer_logout_service_url
+        :assertion_consumer_logout_service_url,
+        :passive
       ]
 
       accessors.each do |accessor|
@@ -31,6 +32,7 @@ class SettingsTest < Test::Unit::TestCase
           :idp_slo_target_url => "http://sso.muda.no/slo",
           :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
           :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
+          :passive => true,
       }
       @settings = Onelogin::Saml::Settings.new(config)
 
