diff --git a/lib/onelogin/ruby-saml/slo_logoutresponse.rb b/lib/onelogin/ruby-saml/slo_logoutresponse.rb
index 2980a9738..f2a01380a 100644
--- a/lib/onelogin/ruby-saml/slo_logoutresponse.rb
+++ b/lib/onelogin/ruby-saml/slo_logoutresponse.rb
@@ -97,6 +97,11 @@ def create_params(settings, request_id = nil, logout_message = nil, params = {})
# @return [String] The SAMLResponse String.
#
def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
+ document = create_xml_document(settings, request_id, logout_message)
+ sign_document(document, settings)
+ end
+
+ def create_xml_document(settings, request_id = nil, logout_message = nil)
time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
response_doc = XMLSecurity::Document.new
@@ -126,14 +131,18 @@ def create_logout_response_xml_doc(settings, request_id = nil, logout_message =
status_message = status.add_element 'samlp:StatusMessage'
status_message.text = logout_message
+ response_doc
+ end
+
+ def sign_document(document, settings)
# embed signature
if settings.security[:logout_responses_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
private_key = settings.get_sp_key
cert = settings.get_sp_cert
- response_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
+ document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
end
- response_doc
+ document
end
end
diff --git a/test/logoutrequest_test.rb b/test/logoutrequest_test.rb
index ace6b46e4..520b53b09 100644
--- a/test/logoutrequest_test.rb
+++ b/test/logoutrequest_test.rb
@@ -104,7 +104,7 @@ class RequestTest < Minitest::Test
settings.private_key = ruby_saml_key_text
end
- it "doens't sign through create_xml_document" do
+ it "doesn't sign through create_xml_document" do
unauth_req = OneLogin::RubySaml::Logoutrequest.new
inflated = unauth_req.create_xml_document(settings).to_s
@@ -113,6 +113,22 @@ class RequestTest < Minitest::Test
refute_match %r[], inflated
end
+ it "sign unsigned request" do
+ unauth_req = OneLogin::RubySaml::Logoutrequest.new
+ unauth_req_doc = unauth_req.create_xml_document(settings)
+ inflated = unauth_req_doc.to_s
+
+ refute_match %r[([a-zA-Z0-9/+=]+)], inflated
+ refute_match %r[], inflated
+ refute_match %r[], inflated
+
+ inflated = unauth_req.sign_document(unauth_req_doc, settings).to_s
+
+ assert_match %r[([a-zA-Z0-9/+=]+)], inflated
+ assert_match %r[], inflated
+ assert_match %r[], inflated
+ end
+
it "signs through create_logout_request_xml_doc" do
unauth_req = OneLogin::RubySaml::Logoutrequest.new
inflated = unauth_req.create_logout_request_xml_doc(settings).to_s
diff --git a/test/slo_logoutresponse_test.rb b/test/slo_logoutresponse_test.rb
index e75447b9c..189037cf6 100644
--- a/test/slo_logoutresponse_test.rb
+++ b/test/slo_logoutresponse_test.rb
@@ -73,6 +73,40 @@ class SloLogoutresponseTest < Minitest::Test
settings.security[:embed_sign] = true
end
+ it "doesn't sign through create_xml_document" do
+ unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
+ inflated = unauth_res.create_xml_document(settings).to_s
+
+ refute_match %r[([a-zA-Z0-9/+=]+)], inflated
+ refute_match %r[], inflated
+ refute_match %r[], inflated
+ end
+
+ it "sign unsigned request" do
+ unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
+ unauth_res_doc = unauth_res.create_xml_document(settings)
+ inflated = unauth_res_doc.to_s
+
+ refute_match %r[([a-zA-Z0-9/+=]+)], inflated
+ refute_match %r[], inflated
+ refute_match %r[], inflated
+
+ inflated = unauth_res.sign_document(unauth_res_doc, settings).to_s
+
+ assert_match %r[([a-zA-Z0-9/+=]+)], inflated
+ assert_match %r[], inflated
+ assert_match %r[], inflated
+ end
+
+ it "signs through create_logout_response_xml_doc" do
+ unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
+ inflated = unauth_res.create_logout_response_xml_doc(settings).to_s
+
+ assert_match %r[([a-zA-Z0-9/+=]+)], inflated
+ assert_match %r[], inflated
+ assert_match %r[], inflated
+ end
+
it "create a signed logout response" do
logout_request.settings = settings
params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message")