Switchable assertion signature flag (#228)

Co-authored-by: zogoo <[email protected]>
saml-idp · Nov 17, 2024 · 78c1868 · 78c1868
1 parent fb44202
commit 78c1868
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/lib/saml_idp/controller.rb b/lib/saml_idp/controller.rb
@@ -69,7 +69,7 @@ def encode_authn_response(principal, opts = {})
       signed_message_opts = opts[:signed_message] || false
       name_id_formats_opts = opts[:name_id_formats] || nil
       asserted_attributes_opts = opts[:attributes] || nil
-      signed_assertion_opts = opts[:signed_assertion] || true
+      signed_assertion_opts = opts[:signed_assertion].nil? ? true : opts[:signed_assertion]
       compress_opts = opts[:compress] || false
 
       SamlResponse.new(

diff --git a/spec/lib/saml_idp/controller_spec.rb b/spec/lib/saml_idp/controller_spec.rb
@@ -66,6 +66,16 @@ def params
       end
     end
 
+    context '#encode_authn_response' do
+      it 'uses default values when opts are not provided' do
+        saml_response = encode_authn_response(principal, { audience_uri: 'http://example.com/issuer', issuer_uri: 'http://example.com', acs_url: 'https://foo.example.com/saml/consume', signed_assertion: false })
+
+        response = OneLogin::RubySaml::Response.new(saml_response)
+        response.settings = saml_settings
+        expect(response.document.to_s).to_not include("<ds:Signature>")
+      end
+    end
+
     context "solicited Response" do
       before(:each) do
         params[:SAMLRequest] = make_saml_request