From a0eedd6e2daf9fe6285622d4d635aca165358dce Mon Sep 17 00:00:00 2001
From: Mauro Berlanda <mauro.berlanda@gmail.com>
Date: Wed, 23 May 2018 12:01:06 +0200
Subject: [PATCH] feat(saml): inherits allows response options from ruby-saml
 instead of whitelist

---
 lib/omniauth/strategies/saml.rb | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb
index bc3cdfc..bbee4af 100644
--- a/lib/omniauth/strategies/saml.rb
+++ b/lib/omniauth/strategies/saml.rb
@@ -10,10 +10,7 @@ def self.inherited(subclass)
         OmniAuth::Strategy.included(subclass)
       end
 
-      OTHER_REQUEST_OPTIONS = [
-        :skip_conditions, :allowed_clock_drift, :matches_request_id,
-        :skip_subject_confirmation, :skip_destination, :skip_recipient_check
-      ].freeze
+      RUBYSAML_RESPONSE_OPTIONS = OneLogin::RubySaml::Response::AVAILABLE_OPTIONS
 
       option :name_identifier_format, nil
       option :idp_sso_target_url_runtime_params, {}
@@ -234,7 +231,7 @@ def validate_fingerprint(settings)
 
       def options_for_response_object
         # filter options to select only extra parameters
-        opts = options.select {|k,_| OTHER_REQUEST_OPTIONS.include?(k.to_sym)}
+        opts = options.select {|k,_| RUBYSAML_RESPONSE_OPTIONS.include?(k.to_sym)}
 
         # symbolize keys without activeSupport/symbolize_keys (ruby-saml use symbols)
         opts.inject({}) do |new_hash, (key, value)|