[fix] Configure a certificate and private key for each response #227
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Allow SP config force signature validation * Allow SP config force signature validation Tested with Slack with Authn request signature option --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
I have tested with live SAML SP apps and it works fine * Unspecified certifciate from SP metadata --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
* Set minimum test coverage (saml-idp#207) * Set minimum test coverage to a very high value for testing * Update minimum coverage to actual current value * Try with proper way to update helper method * Correctly decode and mock with correct REXML class * Drop the min coverage --------- Co-authored-by: Mathieu Jobin <majobin@mdsol.com> Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
* wip add error collector * Fix type and rewrite request with proper validation test cases * Lead error render decision to gem user * Validate the certificate's existence before verifying the signature. --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
* Remove duplications * Pre-conditions need to be defined in before section * Le's not test logger in here --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
* Pass ref id as Session Index * Official Rails 8 is not released yet to RubyGem until that let's stick official older version --------- Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
Co-authored-by: zogoo <ch.tsogbadrakh@gmail.com>
Zogoo
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR removes public and private key dependency from low-layer logic. This will allow the application can directly pass the certificates to the signing logic instead of using a config that is shared between threads.
At the controller level, I am still passing config values if the value is not provided, which makes it safer for existing gem users.
Additionally, I'm fixing ruby syntax and hash argument to make it developer-friendly.
This PR will revert Proc approach for set certificate and private key. Because I think those approaches basically trying to achieve the same thing. They need to set up their certificate for each request (not persist the entire app).
For example #209 (comment)