devise_saml_authenticatable 1.5.0 → 1.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +0 -2
- data/.travis.yml +20 -21
- data/Gemfile +2 -2
- data/README.md +62 -18
- data/app/controllers/devise/saml_sessions_controller.rb +34 -7
- data/lib/devise_saml_authenticatable.rb +14 -1
- data/lib/devise_saml_authenticatable/default_attribute_map_resolver.rb +26 -0
- data/lib/devise_saml_authenticatable/exception.rb +1 -1
- data/lib/devise_saml_authenticatable/model.rb +8 -11
- data/lib/devise_saml_authenticatable/saml_config.rb +18 -2
- data/lib/devise_saml_authenticatable/strategy.rb +1 -1
- data/lib/devise_saml_authenticatable/version.rb +1 -1
- data/spec/controllers/devise/saml_sessions_controller_spec.rb +69 -11
- data/spec/devise_saml_authenticatable/default_attribute_map_resolver_spec.rb +58 -0
- data/spec/devise_saml_authenticatable/model_spec.rb +19 -8
- data/spec/features/saml_authentication_spec.rb +44 -37
- data/spec/rails_helper.rb +2 -2
- data/spec/spec_helper.rb +7 -0
- data/spec/support/Gemfile.rails4 +20 -10
- data/spec/support/Gemfile.rails5 +13 -2
- data/spec/support/Gemfile.rails5.1 +13 -2
- data/spec/support/Gemfile.rails5.2 +25 -0
- data/spec/support/attribute_map_resolver.rb.erb +14 -0
- data/spec/support/idp_settings_adapter.rb.erb +5 -5
- data/spec/support/idp_template.rb +3 -1
- data/spec/support/rails_app.rb +75 -17
- data/spec/support/saml_idp_controller.rb.erb +13 -6
- data/spec/support/sp_template.rb +43 -21
- metadata +13 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f648472eaaf23e5e668e51f84fadff2354879045f0ec798a383dd8a2e2ee135a
|
4
|
+
data.tar.gz: 443a5e883595f8baa2297e2ca173e8f97ae0abf3502538ce1d0f4e0e1c84081e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4765fe0a60d2a8ffd97d30d5b0d2fdb55d70a56bd9cb91f760ef7862a0d9ec80570da5d4758a784ac552232e1e5893fdd1accead2ff677893b0eb4a3500dcb9c
|
7
|
+
data.tar.gz: fcd0e6f70b75fdb9b12b3c1954899989e26f8ddb874c6222ab59ca460387a9672ab7767c13855bc4c3cbabd14fdcdb3ddabb2478412dbb452a17194c20ff4c32
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
@@ -1,53 +1,52 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
|
-
- "1.9.3"
|
4
3
|
- "2.0.0"
|
5
4
|
- "2.1.10"
|
6
5
|
- "2.2.10"
|
7
6
|
- "2.3.8"
|
8
|
-
- "2.4.
|
9
|
-
- "2.5.
|
10
|
-
- "2.6.
|
7
|
+
- "2.4.10"
|
8
|
+
- "2.5.8"
|
9
|
+
- "2.6.6"
|
10
|
+
- "2.7.1"
|
11
11
|
gemfile:
|
12
12
|
- Gemfile
|
13
|
+
- spec/support/Gemfile.rails5.2
|
13
14
|
- spec/support/Gemfile.rails5.1
|
14
15
|
- spec/support/Gemfile.rails5
|
15
16
|
- spec/support/Gemfile.rails4
|
16
17
|
matrix:
|
17
18
|
allow_failures:
|
18
|
-
- rvm: "1.9.3"
|
19
|
-
gemfile: Gemfile
|
20
|
-
- rvm: "1.9.3"
|
21
|
-
gemfile: spec/support/Gemfile.rails5
|
22
|
-
- rvm: "1.9.3"
|
23
|
-
gemfile: spec/support/Gemfile.rails5.1
|
24
19
|
- rvm: "2.0.0"
|
25
20
|
gemfile: Gemfile
|
26
21
|
- rvm: "2.0.0"
|
27
22
|
gemfile: spec/support/Gemfile.rails5
|
28
23
|
- rvm: "2.0.0"
|
29
24
|
gemfile: spec/support/Gemfile.rails5.1
|
25
|
+
- rvm: "2.0.0"
|
26
|
+
gemfile: spec/support/Gemfile.rails5.2
|
30
27
|
- rvm: "2.1.10"
|
31
28
|
gemfile: Gemfile
|
32
29
|
- rvm: "2.1.10"
|
33
30
|
gemfile: spec/support/Gemfile.rails5
|
34
31
|
- rvm: "2.1.10"
|
35
32
|
gemfile: spec/support/Gemfile.rails5.1
|
36
|
-
- rvm: "2.
|
33
|
+
- rvm: "2.1.10"
|
34
|
+
gemfile: spec/support/Gemfile.rails5.2
|
35
|
+
- rvm: "2.2.10"
|
36
|
+
gemfile: Gemfile
|
37
|
+
- rvm: "2.2.10"
|
38
|
+
gemfile: spec/support/Gemfile.rails5.2
|
39
|
+
- rvm: "2.3.8"
|
40
|
+
gemfile: Gemfile
|
41
|
+
- rvm: "2.4.10"
|
42
|
+
gemfile: Gemfile
|
43
|
+
- rvm: "2.6.6"
|
44
|
+
gemfile: spec/support/Gemfile.rails4
|
45
|
+
- rvm: "2.7.1"
|
37
46
|
gemfile: spec/support/Gemfile.rails4
|
38
47
|
|
39
48
|
before_install:
|
40
|
-
# update bundler to avoid https://github.com/travis-ci/travis-ci/issues/5239
|
41
49
|
- command -v bundle || gem install bundler -v '~> 1.17.3'
|
42
50
|
|
43
51
|
script:
|
44
52
|
- bundle exec rake
|
45
|
-
|
46
|
-
notifications:
|
47
|
-
hipchat:
|
48
|
-
rooms:
|
49
|
-
secure: cuDak5a6fBeg+sp61COqxQfzdcFEsjwCqtwvCISso0RNh5SR8v+uVYKcA8rlK+GE1l9uR7tLRHeHF3ZmzvFSOat07NvpScvjZXi+OSpWlc6rwQ6Pl6bBP6gu6sREiKVe0eT/uGrvJloyWKZaXIhiiBzQ+ZERx/ssGA9WMmNkhlwy1OgGnPNurNNHZLBjEZn1V6kdyxiXx6QPASNpjNEgN1G8dUh3qzcWUGVQGNZSJk65A6ie1MveNyecTjDhw+ADBU8nS28Ja4y6ohRm4FzofSgespYrvfygIZ5rYF0HPMj5FW1ZDWtM5355ojCk8RLT+ZkuhssCn1OJk7ogaOVjnYcOFRxEfpu3eIbjtMmUz3j4umatFqbgas+6SXMVIPkr5HUoTrP8HNFssIpcEBOnPwAF8QCpx+daHc0r2cc8lGuXhtJfpW0P2F0dmwJNiQ7//nz2y2xs84x4Gb7MV9tEDYp0FqEClMuFBkPNizBljarm04PkiLSrqvR52aMDfQz7YAX2oXAvFjPzI1GC0K8x7xX8TuHT9yuHy7fI+rUSNivZYLKO+IEZqPPDdJpXISUbVwanZoNvmQYk5PZV21MfDSGwQrz8eO/uFiAblj18yIlNbAfb2hdZDVYsm4EvWxELJtfaTxgrj6M3Y3m/KbCbCoDp+2jE307M2rxL0Gum2gk=
|
50
|
-
template:
|
51
|
-
- '%{repository}<a href="%{build_url}">#%{build_number}</a> (%{branch} - <a href="%{compare_url}">%{commit}</a> : %{author}): %{message}'
|
52
|
-
format: html
|
53
|
-
on_pull_requests: true
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -6,18 +6,15 @@ It uses [ruby-saml][] to handle all SAML-related stuff.
|
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
9
|
-
Add this
|
9
|
+
Add this gem to your application's Gemfile:
|
10
10
|
|
11
|
-
|
11
|
+
git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
|
12
|
+
gem "devise_saml_authenticatable", github: "apokalipto/devise_saml_authenticatable"
|
12
13
|
|
13
14
|
And then execute:
|
14
15
|
|
15
16
|
$ bundle
|
16
17
|
|
17
|
-
Or install it yourself as:
|
18
|
-
|
19
|
-
$ gem install devise_saml_authenticatable
|
20
|
-
|
21
18
|
## Usage
|
22
19
|
|
23
20
|
Follow the [normal devise installation process](https://github.com/plataformatec/devise/tree/master#getting-started). The controller filters and helpers are unchanged from normal devise usage.
|
@@ -92,13 +89,13 @@ In `config/initializers/devise.rb`:
|
|
92
89
|
# If you don't set it then email will be extracted from SAML assertation attributes.
|
93
90
|
config.saml_use_subject = true
|
94
91
|
|
95
|
-
# You can support multiple IdPs by setting this value to a class that implements a
|
96
|
-
# an IdP entity id as an argument and returns a hash of idp settings for the corresponding IdP.
|
97
|
-
config.idp_settings_adapter =
|
92
|
+
# You can support multiple IdPs by setting this value to the name of a class that implements a ::settings method
|
93
|
+
# which takes an IdP entity id as an argument and returns a hash of idp settings for the corresponding IdP.
|
94
|
+
# config.idp_settings_adapter = "MyIdPSettingsAdapter"
|
98
95
|
|
99
96
|
# You provide you own method to find the idp_entity_id in a SAML message in the case of multiple IdPs
|
100
|
-
# by setting this to a custom reader class, or use the default.
|
101
|
-
# config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
|
97
|
+
# by setting this to the name of a custom reader class, or use the default.
|
98
|
+
# config.idp_entity_id_reader = "DeviseSamlAuthenticatable::DefaultIdpEntityIdReader"
|
102
99
|
|
103
100
|
# You can set a handler object that takes the response for a failed SAML request and the strategy,
|
104
101
|
# and implements a #handle method. This method can then redirect the user, return error messages, etc.
|
@@ -110,6 +107,10 @@ In `config/initializers/devise.rb`:
|
|
110
107
|
# If saml_route_helper_prefix = 'saml' then the new_user_session route becomes new_saml_user_session
|
111
108
|
# config.saml_route_helper_prefix = 'saml'
|
112
109
|
|
110
|
+
# You can add allowance for clock drift between the sp and idp.
|
111
|
+
# This is a time in seconds.
|
112
|
+
# config.allowed_clock_drift_in_seconds = 0
|
113
|
+
|
113
114
|
# Configure with your SAML settings (see ruby-saml's README for more information: https://github.com/onelogin/ruby-saml).
|
114
115
|
config.saml_configure do |settings|
|
115
116
|
# assertion_consumer_service_url is required starting with ruby-saml 1.4.3: https://github.com/onelogin/ruby-saml#updating-from-142-to-143
|
@@ -126,7 +127,26 @@ In `config/initializers/devise.rb`:
|
|
126
127
|
end
|
127
128
|
```
|
128
129
|
|
129
|
-
|
130
|
+
#### Attributes
|
131
|
+
|
132
|
+
There are two ways to map SAML attributes to User attributes:
|
133
|
+
|
134
|
+
- [initializer](#attribute-map-initializer)
|
135
|
+
- [config file](#attribute-map-config-file)
|
136
|
+
|
137
|
+
The attribute mappings are very dependent on the way the IdP encodes the attributes.
|
138
|
+
In these examples the attributes are given in URN style.
|
139
|
+
Other IdPs might provide them as OID's, or by other means.
|
140
|
+
|
141
|
+
You are now ready to test it against an IdP.
|
142
|
+
|
143
|
+
When the user visits `/users/saml/sign_in` they will be redirected to the login page of the IdP.
|
144
|
+
|
145
|
+
Upon successful login the user is redirected to the Devise `user_root_path`.
|
146
|
+
|
147
|
+
##### Attribute map config file
|
148
|
+
|
149
|
+
Create a YAML file (`config/attribute-map.yml`) that maps SAML attributes with your model's fields:
|
130
150
|
|
131
151
|
```yaml
|
132
152
|
# attribute-map.yml
|
@@ -137,15 +157,39 @@ In the config directory, create a YAML file (`attribute-map.yml`) that maps SAML
|
|
137
157
|
"urn:mace:dir:attribute-def:givenName": "name"
|
138
158
|
```
|
139
159
|
|
140
|
-
|
141
|
-
In this example the attributes are given in URN style.
|
142
|
-
Other IdPs might provide them as OID's, or by other means.
|
160
|
+
##### Attribute map initializer
|
143
161
|
|
144
|
-
|
162
|
+
In `config/initializers/devise.rb` (see above), add an attribute map resolver.
|
163
|
+
The resolver gets the [SAML response from the IdP](https://github.com/onelogin/ruby-saml/blob/master/lib/onelogin/ruby-saml/response.rb) so it can decide which attribute map to load.
|
164
|
+
If you only have one IdP, you can use the config file above, or just return a single hash.
|
145
165
|
|
146
|
-
|
166
|
+
```ruby
|
167
|
+
# config/initializers/devise.rb
|
168
|
+
Devise.setup do |config|
|
169
|
+
...
|
170
|
+
# ==> Configuration for :saml_authenticatable
|
147
171
|
|
148
|
-
|
172
|
+
config.saml_attribute_map_resolver = "MyAttributeMapResolver"
|
173
|
+
end
|
174
|
+
```
|
175
|
+
|
176
|
+
```ruby
|
177
|
+
# app/lib/my_attribute_map_resolver
|
178
|
+
class MyAttributeMapResolver < DeviseSamlAuthenticatable::DefaultAttributeMapResolver
|
179
|
+
def attribute_map
|
180
|
+
issuer = saml_response.issuers.first
|
181
|
+
case issuer
|
182
|
+
when "idp_entity_id"
|
183
|
+
{
|
184
|
+
"urn:mace:dir:attribute-def:uid" => "user_name",
|
185
|
+
"urn:mace:dir:attribute-def:email" => "email",
|
186
|
+
"urn:mace:dir:attribute-def:name" => "last_name",
|
187
|
+
"urn:mace:dir:attribute-def:givenName" => "name",
|
188
|
+
}
|
189
|
+
end
|
190
|
+
end
|
191
|
+
end
|
192
|
+
```
|
149
193
|
|
150
194
|
## Supporting Multiple IdPs
|
151
195
|
|
@@ -5,8 +5,10 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
5
5
|
unloadable if Rails::VERSION::MAJOR < 4
|
6
6
|
if Rails::VERSION::MAJOR < 5
|
7
7
|
skip_before_filter :verify_authenticity_token
|
8
|
+
prepend_before_filter :store_info_for_sp_initiated_logout, only: :destroy
|
8
9
|
else
|
9
10
|
skip_before_action :verify_authenticity_token, raise: false
|
11
|
+
prepend_before_action :store_info_for_sp_initiated_logout, only: :destroy
|
10
12
|
end
|
11
13
|
|
12
14
|
def new
|
@@ -18,8 +20,9 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
18
20
|
end
|
19
21
|
|
20
22
|
def metadata
|
23
|
+
idp_entity_id = params[:idp_entity_id]
|
21
24
|
meta = OneLogin::RubySaml::Metadata.new
|
22
|
-
render :xml => meta.generate(saml_config)
|
25
|
+
render :xml => meta.generate(saml_config(idp_entity_id))
|
23
26
|
end
|
24
27
|
|
25
28
|
def idp_sign_out
|
@@ -30,16 +33,16 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
30
33
|
|
31
34
|
redirect_to generate_idp_logout_response(saml_config, logout_request.id)
|
32
35
|
elsif params[:SAMLResponse]
|
33
|
-
#Currently Devise handles the session invalidation when the request is made.
|
34
|
-
#To support a true SP initiated logout response, the request ID would have to be tracked and session invalidated
|
35
|
-
#based on that.
|
36
|
+
# Currently Devise handles the session invalidation when the request is made.
|
37
|
+
# To support a true SP initiated logout response, the request ID would have to be tracked and session invalidated
|
38
|
+
# based on that.
|
36
39
|
if Devise.saml_sign_out_success_url
|
37
40
|
redirect_to Devise.saml_sign_out_success_url
|
38
41
|
else
|
39
42
|
redirect_to action: :new
|
40
43
|
end
|
41
44
|
else
|
42
|
-
head
|
45
|
+
head 500
|
43
46
|
end
|
44
47
|
end
|
45
48
|
|
@@ -51,14 +54,38 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
51
54
|
end
|
52
55
|
end
|
53
56
|
|
57
|
+
# For non transient name ID, save info to identify user for logout purpose
|
58
|
+
# before that user's session got destroyed. These info are used in the
|
59
|
+
# `after_sign_out_path_for` method below.
|
60
|
+
def store_info_for_sp_initiated_logout
|
61
|
+
return if Devise.saml_config.name_identifier_format == "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
|
62
|
+
@name_identifier_value_for_sp_initiated_logout = Devise.saml_name_identifier_retriever.call(current_user)
|
63
|
+
@sessionindex_for_sp_initiated_logout = current_user.public_send(Devise.saml_session_index_key) if Devise.saml_session_index_key
|
64
|
+
end
|
65
|
+
|
54
66
|
# Override devise to send user to IdP logout for SLO
|
55
67
|
def after_sign_out_path_for(_)
|
56
68
|
idp_entity_id = get_idp_entity_id(params)
|
57
69
|
request = OneLogin::RubySaml::Logoutrequest.new
|
58
|
-
|
70
|
+
saml_settings = saml_config(idp_entity_id).dup
|
71
|
+
|
72
|
+
# Add attributes to saml_settings which will later be used to create the SP
|
73
|
+
# initiated logout request
|
74
|
+
unless Devise.saml_config.name_identifier_format == 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
75
|
+
saml_settings.name_identifier_value = @name_identifier_value_for_sp_initiated_logout
|
76
|
+
saml_settings.sessionindex = @sessionindex_for_sp_initiated_logout
|
77
|
+
end
|
78
|
+
|
79
|
+
request.create(saml_settings)
|
59
80
|
end
|
60
81
|
|
61
82
|
def generate_idp_logout_response(saml_config, logout_request_id)
|
62
|
-
|
83
|
+
|
84
|
+
params = {}
|
85
|
+
if relay_state
|
86
|
+
params[:RelayState] = relay_state
|
87
|
+
end
|
88
|
+
|
89
|
+
OneLogin::RubySaml::SloLogoutresponse.new.create(saml_config, logout_request_id, nil, params)
|
63
90
|
end
|
64
91
|
end
|
@@ -5,6 +5,7 @@ require "devise_saml_authenticatable/exception"
|
|
5
5
|
require "devise_saml_authenticatable/logger"
|
6
6
|
require "devise_saml_authenticatable/routes"
|
7
7
|
require "devise_saml_authenticatable/saml_config"
|
8
|
+
require "devise_saml_authenticatable/default_attribute_map_resolver"
|
8
9
|
require "devise_saml_authenticatable/default_idp_entity_id_reader"
|
9
10
|
|
10
11
|
begin
|
@@ -55,7 +56,7 @@ module Devise
|
|
55
56
|
|
56
57
|
# Reader that can parse entity id from a SAMLMessage
|
57
58
|
mattr_accessor :idp_entity_id_reader
|
58
|
-
@@idp_entity_id_reader ||= ::DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
|
59
|
+
@@idp_entity_id_reader ||= "::DeviseSamlAuthenticatable::DefaultIdpEntityIdReader"
|
59
60
|
|
60
61
|
# Implements a #handle method that takes the response and strategy as an argument
|
61
62
|
mattr_accessor :saml_failed_callback
|
@@ -66,6 +67,10 @@ module Devise
|
|
66
67
|
mattr_accessor :saml_relay_state
|
67
68
|
@@saml_relay_state
|
68
69
|
|
70
|
+
# Instead of storing the attribute_map in attribute-map.yml, store it in the database, or set it programatically
|
71
|
+
mattr_accessor :saml_attribute_map_resolver
|
72
|
+
@@saml_attribute_map_resolver ||= "::DeviseSamlAuthenticatable::DefaultAttributeMapResolver"
|
73
|
+
|
69
74
|
# Implements a #validate method that takes the retrieved resource and response right after retrieval,
|
70
75
|
# and returns true if it's valid. False will cause authentication to fail.
|
71
76
|
# Only one of saml_resource_validator and saml_resource_validator_hook may be used.
|
@@ -124,6 +129,14 @@ module Devise
|
|
124
129
|
# See saml_default_resource_locator above for an example.
|
125
130
|
mattr_accessor :saml_resource_locator
|
126
131
|
@@saml_resource_locator = @@saml_default_resource_locator
|
132
|
+
|
133
|
+
# Proc that is called to resolve the name identifier to use in a LogoutRequest for the current user.
|
134
|
+
# Receives the logged-in user.
|
135
|
+
# Is expected to return the identifier the IdP understands for this user, e.g. email address or username.
|
136
|
+
mattr_accessor :saml_name_identifier_retriever
|
137
|
+
@@saml_name_identifier_retriever = Proc.new do |current_user|
|
138
|
+
current_user.public_send(Devise.saml_default_user_key)
|
139
|
+
end
|
127
140
|
end
|
128
141
|
|
129
142
|
# Add saml_authenticatable strategy to defaults.
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module DeviseSamlAuthenticatable
|
2
|
+
class DefaultAttributeMapResolver
|
3
|
+
def initialize(saml_response)
|
4
|
+
@saml_response = saml_response
|
5
|
+
end
|
6
|
+
|
7
|
+
def attribute_map
|
8
|
+
return {} unless File.exist?(attribute_map_path)
|
9
|
+
|
10
|
+
attribute_map = YAML.load(File.read(attribute_map_path))
|
11
|
+
if attribute_map.key?(Rails.env)
|
12
|
+
attribute_map[Rails.env]
|
13
|
+
else
|
14
|
+
attribute_map
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
attr_reader :saml_response
|
21
|
+
|
22
|
+
def attribute_map_path
|
23
|
+
Rails.root.join("config", "attribute-map.yml")
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -33,9 +33,9 @@ module Devise
|
|
33
33
|
key = Devise.saml_default_user_key
|
34
34
|
decorated_response = ::SamlAuthenticatable::SamlResponse.new(
|
35
35
|
saml_response,
|
36
|
-
attribute_map
|
36
|
+
attribute_map(saml_response),
|
37
37
|
)
|
38
|
-
if
|
38
|
+
if Devise.saml_use_subject
|
39
39
|
auth_value = saml_response.name_id
|
40
40
|
else
|
41
41
|
auth_value = decorated_response.attribute_value_by_resource_key(key)
|
@@ -81,18 +81,15 @@ module Devise
|
|
81
81
|
find_for_authentication(conditions)
|
82
82
|
end
|
83
83
|
|
84
|
-
def attribute_map
|
85
|
-
|
84
|
+
def attribute_map(saml_response = nil)
|
85
|
+
attribute_map_resolver.new(saml_response).attribute_map
|
86
86
|
end
|
87
87
|
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
attribute_map = YAML.load(File.read("#{Rails.root}/config/attribute-map.yml"))
|
92
|
-
if attribute_map.has_key?(Rails.env)
|
93
|
-
attribute_map[Rails.env]
|
88
|
+
def attribute_map_resolver
|
89
|
+
if Devise.saml_attribute_map_resolver.respond_to?(:new)
|
90
|
+
Devise.saml_attribute_map_resolver
|
94
91
|
else
|
95
|
-
|
92
|
+
Devise.saml_attribute_map_resolver.constantize
|
96
93
|
end
|
97
94
|
end
|
98
95
|
end
|
@@ -22,7 +22,7 @@ module DeviseSamlAuthenticatable
|
|
22
22
|
def adapter_based_config(idp_entity_id)
|
23
23
|
config = Marshal.load(Marshal.dump(Devise.saml_config))
|
24
24
|
|
25
|
-
|
25
|
+
idp_settings_adapter.settings(idp_entity_id).each do |k,v|
|
26
26
|
acc = "#{k.to_s}=".to_sym
|
27
27
|
|
28
28
|
if config.respond_to? acc
|
@@ -33,7 +33,23 @@ module DeviseSamlAuthenticatable
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def get_idp_entity_id(params)
|
36
|
-
|
36
|
+
idp_entity_id_reader.entity_id(params)
|
37
|
+
end
|
38
|
+
|
39
|
+
def idp_entity_id_reader
|
40
|
+
if Devise.idp_entity_id_reader.respond_to?(:entity_id)
|
41
|
+
Devise.idp_entity_id_reader
|
42
|
+
else
|
43
|
+
@idp_entity_id_reader ||= Devise.idp_entity_id_reader.constantize
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def idp_settings_adapter
|
48
|
+
if Devise.idp_settings_adapter.respond_to?(:settings)
|
49
|
+
Devise.idp_settings_adapter
|
50
|
+
else
|
51
|
+
@idp_settings_adapter ||= Devise.idp_settings_adapter.constantize
|
52
|
+
end
|
37
53
|
end
|
38
54
|
end
|
39
55
|
end
|