healthify / fake_idp Goto Github PK

View Code? Open in Web Editor NEW

14.0 4.0 8.0 100 KB

Fake IdP service for testing SAML

Home Page: https://rubygems.org/gems/fake_idp

License: MIT License

Ruby 97.32% HTML 1.35% Shell 1.34%

idp saml saml-idp ruby rubygem ruby-gem

fake_idp's Introduction

Fake IdP

About

This is an open source Ruby gem intended for developers needing to spin up a fake Identity Provider (IdP) for testing SAML authentication flows. It's made by the Healthify team. It's not for setting up an IdP within Healthify—to do that, you'll need to reach out to [email protected].

Installation

Clone the repo and cd into the project directory.

bin/setup

Running in Development

To run locally, you first need to set up the following environment variables:

Variables	Description
CALLBACK_URL	The URL of the Healthify app to POST to for SAML authentication - required
NAME_ID	Name_id of the user you want to log in as - may be nil/blank
SSO_UID	Unique id of the user you want to log in as - may be nil/blank
USERNAME	Username of the user you want to log in as - may be nil/blank
ENCRYPTION_ENABLED	Set to 'true' to indicate that the generated assertion should be encrypted. Defaults to false

The .env.example file has examples of what these env variables could look like. You can copy that over to your own .env file to set these environment variables:

cp .env.example .env

Next, to start the server, you can run:

bin/server

Then navigate to http://localhost:9292/saml/auth to begin making your SAML requests.

Running in Test

Gemfile

If you are using this gem to provide a Fake IDP server in a test suite, add the gem to the Gemfile:

group :test do
  gem 'fake_idp'
end

Configuration

You can set the relevant variables in a configuration block if they aren't provided as environment variables. For example:

FakeIdp.configure do |config|
  config.callback_url = 'http://localhost.dev:3000/auth/saml/devidp/callback'
  config.sso_uid = '12345'
  config.name_id = '[email protected]'
  config.username = nil
  config.certificate = "YOUR CERT HERE"
  config.idp_certificate = "YOUR IDP CERT HERE"
  config.idp_secret_key = "YOUR IDP SECRET KEY HERE"
  config.algorithm = :sha512
  config.additional_attributes = { custom_saml_attr: "DELIVERED_IN_ASSERTION" }
end

Resetting Configuration

If you ever want to reset your FakeIdp configuration (e.g. between test specs), you can use the following:

FakeIdp.reset!

Use

You can use Capybara Discoball to spin FakeIdp::Application up in a test:

require 'fake_idp'

before(:each) do
  FakeIdp.configure do |config|
    config.callback_url = callback_url
    config.sso_uid = sso_uid
    config.name_id = name_id
  end
end

it 'logs the sso user in' do
  Capybara::Discoball.spin(FakeIdp::Application) do |fake_idp_server|
    # ...
  end
end

Generating a SAML Response

The gem provides a SamlResponse class used to generate a custom signed XML SAML response with an assertion that can be encrypted by setting encryption_enabled to true.

Usage

# Instantiate with your IDP settings, user attributes and service provider details
saml_response = FakeIdp::SamlResponse.new(
  saml_acs_url: "http://localhost.dev:3000/auth/saml/devidp/callback",
  saml_request_id: "_#{SecureRandom.uuid}",
  name_id: "[email protected]",
  issuer_uri: "http://publichost.dev:3000",
  algorithm_name: :sha256,
  certificate: "YOUR IDP CERTIFICATE HERE",
  secret_key: "YOUR IDP SECRET KEY HERE",
  encryption_enabled: false,
  user_attributes: {
    uuid: "12345",
    username: "bob_builder",
    first_name: "Bob",
    last_name: "The Builder",
    email: "[email protected]",
  },
)

# Returns a signed XML SAML response document
saml_response.build

fake_idp's People

Contributors

Stargazers

Watchers

Forkers

mcfilib 0xbadca7 indigo-lighthouse 00mjk artemave ernestns shhavel thadeu

fake_idp's Issues

Fingerprint support

Hey folks, I would like use this gem just only fingerprint instead certificate and private_key.

How to do this?
I'm using SAML-Toolkits/ruby-saml gem.

Thanks for you patience.

Publishing to RubyGems.org

Is this something we should pursue?

Tags & Releases

Should we be tagging commits?
Should we be created releases?

What should our approach be?

Cannot turn off encryption via environment variables

The default_encryption method always returns true for two reasons

false || true is true
environment values come in as strings, so even if the ENV['ENCRYPTION_ENABLED'] is set to false, a string with value false is still truthy.

I'll submit a pull request for this.

Unit tests fail with bundled rspec version

bundle install
+ bundle install
Using rake 13.0.1
Using concurrent-ruby 1.1.6
Using i18n 1.8.3
Using minitest 5.14.1
Using thread_safe 0.3.6
Using tzinfo 1.2.7
Using activesupport 5.2.4.3
Using activemodel 5.2.4.3
Using builder 3.2.4
Using bundler 2.1.4
Using coderay 1.1.2
Using diff-lcs 1.2.5
Using dotenv 1.0.2
Using mini_portile2 2.4.0
Using nokogiri 1.10.9
Using ruby-saml 1.11.0
Using systemu 2.6.5
Using macaddr 1.7.1
Using uuid 2.3.8
Using ruby-saml-idp 0.3.2 from https://github.com/lawrencepit/ruby-saml-idp.git (at master@ae53d76)
Using ruby2_keywords 0.0.2
Using mustermann 1.1.1
Using rack 2.2.2
Using rack-protection 2.0.8.1
Using tilt 2.0.10
Using sinatra 2.0.8.1
Using xmlmapper 0.7.3
Using xmlenc 0.7.1
Using fake_idp 0.6.1 from source at `.`
Using method_source 0.9.2
Using pry 0.12.2
Using rspec-support 3.4.1
Using rspec-core 3.4.2
Using rspec-expectations 3.4.0
Using rspec-mocks 3.4.1
Using rspec 3.4.0
Bundle complete! 7 Gemfile dependencies, 36 gems now installed.
Bundled gems are installed into `./vendor`
cp .env.example .env
+ cp .env.example .env

# Do any other automated setup that you need to do here
irene.shaw@OM-C02Z2491LVDQ fake_idp % brake spec
rake aborted!
NoMethodError: undefined method `last_comment' for #<Rake::Application:0x00007ff653350448>
/Users/irene.shaw/dev/fake_idp/vendor/ruby/2.6.0/gems/rspec-core-3.4.2/lib/rspec/core/rake_task.rb:91:in `define'
/Users/irene.shaw/dev/fake_idp/vendor/ruby/2.6.0/gems/rspec-core-3.4.2/lib/rspec/core/rake_task.rb:71:in `initialize'
/Users/irene.shaw/dev/fake_idp/Rakefile:4:in `new'
/Users/irene.shaw/dev/fake_idp/Rakefile:4:in `<top (required)>'
/Users/irene.shaw/dev/fake_idp/vendor/ruby/2.6.0/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
/Users/irene.shaw/.rbenv/versions/2.6.5/bin/bundle:23:in `load'
/Users/irene.shaw/.rbenv/versions/2.6.5/bin/bundle:23:in `<main>'
(See full trace by running task with --trace)

I can submit a pull request to fix this.

Set up CI

It would be great to get this set up with Travis.

Update activesupport dependency

It's great that fake_idp is now published to RubyGems (maybe README should be updated with this) but sadly I still have to load this gem from GitHub to pin it to a version before you added a dependency on Active Support 5.

Our app is running Rails 6.0.3.5 which depends on activesupport (= 6.0.3.5), but this gem depends on activesupport (~> 5.2.4.3). Any chance you could update your Active Support dependency?