devise_saml_authenticatable 1.5.0 → 1.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +0 -2
- data/.travis.yml +20 -21
- data/Gemfile +2 -2
- data/README.md +62 -18
- data/app/controllers/devise/saml_sessions_controller.rb +34 -7
- data/lib/devise_saml_authenticatable.rb +14 -1
- data/lib/devise_saml_authenticatable/default_attribute_map_resolver.rb +26 -0
- data/lib/devise_saml_authenticatable/exception.rb +1 -1
- data/lib/devise_saml_authenticatable/model.rb +8 -11
- data/lib/devise_saml_authenticatable/saml_config.rb +18 -2
- data/lib/devise_saml_authenticatable/strategy.rb +1 -1
- data/lib/devise_saml_authenticatable/version.rb +1 -1
- data/spec/controllers/devise/saml_sessions_controller_spec.rb +69 -11
- data/spec/devise_saml_authenticatable/default_attribute_map_resolver_spec.rb +58 -0
- data/spec/devise_saml_authenticatable/model_spec.rb +19 -8
- data/spec/features/saml_authentication_spec.rb +44 -37
- data/spec/rails_helper.rb +2 -2
- data/spec/spec_helper.rb +7 -0
- data/spec/support/Gemfile.rails4 +20 -10
- data/spec/support/Gemfile.rails5 +13 -2
- data/spec/support/Gemfile.rails5.1 +13 -2
- data/spec/support/Gemfile.rails5.2 +25 -0
- data/spec/support/attribute_map_resolver.rb.erb +14 -0
- data/spec/support/idp_settings_adapter.rb.erb +5 -5
- data/spec/support/idp_template.rb +3 -1
- data/spec/support/rails_app.rb +75 -17
- data/spec/support/saml_idp_controller.rb.erb +13 -6
- data/spec/support/sp_template.rb +43 -21
- metadata +13 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f648472eaaf23e5e668e51f84fadff2354879045f0ec798a383dd8a2e2ee135a
|
4
|
+
data.tar.gz: 443a5e883595f8baa2297e2ca173e8f97ae0abf3502538ce1d0f4e0e1c84081e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4765fe0a60d2a8ffd97d30d5b0d2fdb55d70a56bd9cb91f760ef7862a0d9ec80570da5d4758a784ac552232e1e5893fdd1accead2ff677893b0eb4a3500dcb9c
|
7
|
+
data.tar.gz: fcd0e6f70b75fdb9b12b3c1954899989e26f8ddb874c6222ab59ca460387a9672ab7767c13855bc4c3cbabd14fdcdb3ddabb2478412dbb452a17194c20ff4c32
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
@@ -1,53 +1,52 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
|
-
- "1.9.3"
|
4
3
|
- "2.0.0"
|
5
4
|
- "2.1.10"
|
6
5
|
- "2.2.10"
|
7
6
|
- "2.3.8"
|
8
|
-
- "2.4.
|
9
|
-
- "2.5.
|
10
|
-
- "2.6.
|
7
|
+
- "2.4.10"
|
8
|
+
- "2.5.8"
|
9
|
+
- "2.6.6"
|
10
|
+
- "2.7.1"
|
11
11
|
gemfile:
|
12
12
|
- Gemfile
|
13
|
+
- spec/support/Gemfile.rails5.2
|
13
14
|
- spec/support/Gemfile.rails5.1
|
14
15
|
- spec/support/Gemfile.rails5
|
15
16
|
- spec/support/Gemfile.rails4
|
16
17
|
matrix:
|
17
18
|
allow_failures:
|
18
|
-
- rvm: "1.9.3"
|
19
|
-
gemfile: Gemfile
|
20
|
-
- rvm: "1.9.3"
|
21
|
-
gemfile: spec/support/Gemfile.rails5
|
22
|
-
- rvm: "1.9.3"
|
23
|
-
gemfile: spec/support/Gemfile.rails5.1
|
24
19
|
- rvm: "2.0.0"
|
25
20
|
gemfile: Gemfile
|
26
21
|
- rvm: "2.0.0"
|
27
22
|
gemfile: spec/support/Gemfile.rails5
|
28
23
|
- rvm: "2.0.0"
|
29
24
|
gemfile: spec/support/Gemfile.rails5.1
|
25
|
+
- rvm: "2.0.0"
|
26
|
+
gemfile: spec/support/Gemfile.rails5.2
|
30
27
|
- rvm: "2.1.10"
|
31
28
|
gemfile: Gemfile
|
32
29
|
- rvm: "2.1.10"
|
33
30
|
gemfile: spec/support/Gemfile.rails5
|
34
31
|
- rvm: "2.1.10"
|
35
32
|
gemfile: spec/support/Gemfile.rails5.1
|
36
|
-
- rvm: "2.
|
33
|
+
- rvm: "2.1.10"
|
34
|
+
gemfile: spec/support/Gemfile.rails5.2
|
35
|
+
- rvm: "2.2.10"
|
36
|
+
gemfile: Gemfile
|
37
|
+
- rvm: "2.2.10"
|
38
|
+
gemfile: spec/support/Gemfile.rails5.2
|
39
|
+
- rvm: "2.3.8"
|
40
|
+
gemfile: Gemfile
|
41
|
+
- rvm: "2.4.10"
|
42
|
+
gemfile: Gemfile
|
43
|
+
- rvm: "2.6.6"
|
44
|
+
gemfile: spec/support/Gemfile.rails4
|
45
|
+
- rvm: "2.7.1"
|
37
46
|
gemfile: spec/support/Gemfile.rails4
|
38
47
|
|
39
48
|
before_install:
|
40
|
-
# update bundler to avoid https://github.com/travis-ci/travis-ci/issues/5239
|
41
49
|
- command -v bundle || gem install bundler -v '~> 1.17.3'
|
42
50
|
|
43
51
|
script:
|
44
52
|
- bundle exec rake
|
45
|
-
|
46
|
-
notifications:
|
47
|
-
hipchat:
|
48
|
-
rooms:
|
49
|
-
secure: cuDak5a6fBeg+sp61COqxQfzdcFEsjwCqtwvCISso0RNh5SR8v+uVYKcA8rlK+GE1l9uR7tLRHeHF3ZmzvFSOat07NvpScvjZXi+OSpWlc6rwQ6Pl6bBP6gu6sREiKVe0eT/uGrvJloyWKZaXIhiiBzQ+ZERx/ssGA9WMmNkhlwy1OgGnPNurNNHZLBjEZn1V6kdyxiXx6QPASNpjNEgN1G8dUh3qzcWUGVQGNZSJk65A6ie1MveNyecTjDhw+ADBU8nS28Ja4y6ohRm4FzofSgespYrvfygIZ5rYF0HPMj5FW1ZDWtM5355ojCk8RLT+ZkuhssCn1OJk7ogaOVjnYcOFRxEfpu3eIbjtMmUz3j4umatFqbgas+6SXMVIPkr5HUoTrP8HNFssIpcEBOnPwAF8QCpx+daHc0r2cc8lGuXhtJfpW0P2F0dmwJNiQ7//nz2y2xs84x4Gb7MV9tEDYp0FqEClMuFBkPNizBljarm04PkiLSrqvR52aMDfQz7YAX2oXAvFjPzI1GC0K8x7xX8TuHT9yuHy7fI+rUSNivZYLKO+IEZqPPDdJpXISUbVwanZoNvmQYk5PZV21MfDSGwQrz8eO/uFiAblj18yIlNbAfb2hdZDVYsm4EvWxELJtfaTxgrj6M3Y3m/KbCbCoDp+2jE307M2rxL0Gum2gk=
|
50
|
-
template:
|
51
|
-
- '%{repository}<a href="%{build_url}">#%{build_number}</a> (%{branch} - <a href="%{compare_url}">%{commit}</a> : %{author}): %{message}'
|
52
|
-
format: html
|
53
|
-
on_pull_requests: true
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -6,18 +6,15 @@ It uses [ruby-saml][] to handle all SAML-related stuff.
|
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
9
|
-
Add this
|
9
|
+
Add this gem to your application's Gemfile:
|
10
10
|
|
11
|
-
|
11
|
+
git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
|
12
|
+
gem "devise_saml_authenticatable", github: "apokalipto/devise_saml_authenticatable"
|
12
13
|
|
13
14
|
And then execute:
|
14
15
|
|
15
16
|
$ bundle
|
16
17
|
|
17
|
-
Or install it yourself as:
|
18
|
-
|
19
|
-
$ gem install devise_saml_authenticatable
|
20
|
-
|
21
18
|
## Usage
|
22
19
|
|
23
20
|
Follow the [normal devise installation process](https://github.com/plataformatec/devise/tree/master#getting-started). The controller filters and helpers are unchanged from normal devise usage.
|
@@ -92,13 +89,13 @@ In `config/initializers/devise.rb`:
|
|
92
89
|
# If you don't set it then email will be extracted from SAML assertation attributes.
|
93
90
|
config.saml_use_subject = true
|
94
91
|
|
95
|
-
# You can support multiple IdPs by setting this value to a class that implements a
|
96
|
-
# an IdP entity id as an argument and returns a hash of idp settings for the corresponding IdP.
|
97
|
-
config.idp_settings_adapter =
|
92
|
+
# You can support multiple IdPs by setting this value to the name of a class that implements a ::settings method
|
93
|
+
# which takes an IdP entity id as an argument and returns a hash of idp settings for the corresponding IdP.
|
94
|
+
# config.idp_settings_adapter = "MyIdPSettingsAdapter"
|
98
95
|
|
99
96
|
# You provide you own method to find the idp_entity_id in a SAML message in the case of multiple IdPs
|
100
|
-
# by setting this to a custom reader class, or use the default.
|
101
|
-
# config.idp_entity_id_reader = DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
|
97
|
+
# by setting this to the name of a custom reader class, or use the default.
|
98
|
+
# config.idp_entity_id_reader = "DeviseSamlAuthenticatable::DefaultIdpEntityIdReader"
|
102
99
|
|
103
100
|
# You can set a handler object that takes the response for a failed SAML request and the strategy,
|
104
101
|
# and implements a #handle method. This method can then redirect the user, return error messages, etc.
|
@@ -110,6 +107,10 @@ In `config/initializers/devise.rb`:
|
|
110
107
|
# If saml_route_helper_prefix = 'saml' then the new_user_session route becomes new_saml_user_session
|
111
108
|
# config.saml_route_helper_prefix = 'saml'
|
112
109
|
|
110
|
+
# You can add allowance for clock drift between the sp and idp.
|
111
|
+
# This is a time in seconds.
|
112
|
+
# config.allowed_clock_drift_in_seconds = 0
|
113
|
+
|
113
114
|
# Configure with your SAML settings (see ruby-saml's README for more information: https://github.com/onelogin/ruby-saml).
|
114
115
|
config.saml_configure do |settings|
|
115
116
|
# assertion_consumer_service_url is required starting with ruby-saml 1.4.3: https://github.com/onelogin/ruby-saml#updating-from-142-to-143
|
@@ -126,7 +127,26 @@ In `config/initializers/devise.rb`:
|
|
126
127
|
end
|
127
128
|
```
|
128
129
|
|
129
|
-
|
130
|
+
#### Attributes
|
131
|
+
|
132
|
+
There are two ways to map SAML attributes to User attributes:
|
133
|
+
|
134
|
+
- [initializer](#attribute-map-initializer)
|
135
|
+
- [config file](#attribute-map-config-file)
|
136
|
+
|
137
|
+
The attribute mappings are very dependent on the way the IdP encodes the attributes.
|
138
|
+
In these examples the attributes are given in URN style.
|
139
|
+
Other IdPs might provide them as OID's, or by other means.
|
140
|
+
|
141
|
+
You are now ready to test it against an IdP.
|
142
|
+
|
143
|
+
When the user visits `/users/saml/sign_in` they will be redirected to the login page of the IdP.
|
144
|
+
|
145
|
+
Upon successful login the user is redirected to the Devise `user_root_path`.
|
146
|
+
|
147
|
+
##### Attribute map config file
|
148
|
+
|
149
|
+
Create a YAML file (`config/attribute-map.yml`) that maps SAML attributes with your model's fields:
|
130
150
|
|
131
151
|
```yaml
|
132
152
|
# attribute-map.yml
|
@@ -137,15 +157,39 @@ In the config directory, create a YAML file (`attribute-map.yml`) that maps SAML
|
|
137
157
|
"urn:mace:dir:attribute-def:givenName": "name"
|
138
158
|
```
|
139
159
|
|
140
|
-
|
141
|
-
In this example the attributes are given in URN style.
|
142
|
-
Other IdPs might provide them as OID's, or by other means.
|
160
|
+
##### Attribute map initializer
|
143
161
|
|
144
|
-
|
162
|
+
In `config/initializers/devise.rb` (see above), add an attribute map resolver.
|
163
|
+
The resolver gets the [SAML response from the IdP](https://github.com/onelogin/ruby-saml/blob/master/lib/onelogin/ruby-saml/response.rb) so it can decide which attribute map to load.
|
164
|
+
If you only have one IdP, you can use the config file above, or just return a single hash.
|
145
165
|
|
146
|
-
|
166
|
+
```ruby
|
167
|
+
# config/initializers/devise.rb
|
168
|
+
Devise.setup do |config|
|
169
|
+
...
|
170
|
+
# ==> Configuration for :saml_authenticatable
|
147
171
|
|
148
|
-
|
172
|
+
config.saml_attribute_map_resolver = "MyAttributeMapResolver"
|
173
|
+
end
|
174
|
+
```
|
175
|
+
|
176
|
+
```ruby
|
177
|
+
# app/lib/my_attribute_map_resolver
|
178
|
+
class MyAttributeMapResolver < DeviseSamlAuthenticatable::DefaultAttributeMapResolver
|
179
|
+
def attribute_map
|
180
|
+
issuer = saml_response.issuers.first
|
181
|
+
case issuer
|
182
|
+
when "idp_entity_id"
|
183
|
+
{
|
184
|
+
"urn:mace:dir:attribute-def:uid" => "user_name",
|
185
|
+
"urn:mace:dir:attribute-def:email" => "email",
|
186
|
+
"urn:mace:dir:attribute-def:name" => "last_name",
|
187
|
+
"urn:mace:dir:attribute-def:givenName" => "name",
|
188
|
+
}
|
189
|
+
end
|
190
|
+
end
|
191
|
+
end
|
192
|
+
```
|
149
193
|
|
150
194
|
## Supporting Multiple IdPs
|
151
195
|
|
@@ -5,8 +5,10 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
5
5
|
unloadable if Rails::VERSION::MAJOR < 4
|
6
6
|
if Rails::VERSION::MAJOR < 5
|
7
7
|
skip_before_filter :verify_authenticity_token
|
8
|
+
prepend_before_filter :store_info_for_sp_initiated_logout, only: :destroy
|
8
9
|
else
|
9
10
|
skip_before_action :verify_authenticity_token, raise: false
|
11
|
+
prepend_before_action :store_info_for_sp_initiated_logout, only: :destroy
|
10
12
|
end
|
11
13
|
|
12
14
|
def new
|
@@ -18,8 +20,9 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
18
20
|
end
|
19
21
|
|
20
22
|
def metadata
|
23
|
+
idp_entity_id = params[:idp_entity_id]
|
21
24
|
meta = OneLogin::RubySaml::Metadata.new
|
22
|
-
render :xml => meta.generate(saml_config)
|
25
|
+
render :xml => meta.generate(saml_config(idp_entity_id))
|
23
26
|
end
|
24
27
|
|
25
28
|
def idp_sign_out
|
@@ -30,16 +33,16 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
30
33
|
|
31
34
|
redirect_to generate_idp_logout_response(saml_config, logout_request.id)
|
32
35
|
elsif params[:SAMLResponse]
|
33
|
-
#Currently Devise handles the session invalidation when the request is made.
|
34
|
-
#To support a true SP initiated logout response, the request ID would have to be tracked and session invalidated
|
35
|
-
#based on that.
|
36
|
+
# Currently Devise handles the session invalidation when the request is made.
|
37
|
+
# To support a true SP initiated logout response, the request ID would have to be tracked and session invalidated
|
38
|
+
# based on that.
|
36
39
|
if Devise.saml_sign_out_success_url
|
37
40
|
redirect_to Devise.saml_sign_out_success_url
|
38
41
|
else
|
39
42
|
redirect_to action: :new
|
40
43
|
end
|
41
44
|
else
|
42
|
-
head
|
45
|
+
head 500
|
43
46
|
end
|
44
47
|
end
|
45
48
|
|
@@ -51,14 +54,38 @@ class Devise::SamlSessionsController < Devise::SessionsController
|
|
51
54
|
end
|
52
55
|
end
|
53
56
|
|
57
|
+
# For non transient name ID, save info to identify user for logout purpose
|
58
|
+
# before that user's session got destroyed. These info are used in the
|
59
|
+
# `after_sign_out_path_for` method below.
|
60
|
+
def store_info_for_sp_initiated_logout
|
61
|
+
return if Devise.saml_config.name_identifier_format == "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
|
62
|
+
@name_identifier_value_for_sp_initiated_logout = Devise.saml_name_identifier_retriever.call(current_user)
|
63
|
+
@sessionindex_for_sp_initiated_logout = current_user.public_send(Devise.saml_session_index_key) if Devise.saml_session_index_key
|
64
|
+
end
|
65
|
+
|
54
66
|
# Override devise to send user to IdP logout for SLO
|
55
67
|
def after_sign_out_path_for(_)
|
56
68
|
idp_entity_id = get_idp_entity_id(params)
|
57
69
|
request = OneLogin::RubySaml::Logoutrequest.new
|
58
|
-
|
70
|
+
saml_settings = saml_config(idp_entity_id).dup
|
71
|
+
|
72
|
+
# Add attributes to saml_settings which will later be used to create the SP
|
73
|
+
# initiated logout request
|
74
|
+
unless Devise.saml_config.name_identifier_format == 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
75
|
+
saml_settings.name_identifier_value = @name_identifier_value_for_sp_initiated_logout
|
76
|
+
saml_settings.sessionindex = @sessionindex_for_sp_initiated_logout
|
77
|
+
end
|
78
|
+
|
79
|
+
request.create(saml_settings)
|
59
80
|
end
|
60
81
|
|
61
82
|
def generate_idp_logout_response(saml_config, logout_request_id)
|
62
|
-
|
83
|
+
|
84
|
+
params = {}
|
85
|
+
if relay_state
|
86
|
+
params[:RelayState] = relay_state
|
87
|
+
end
|
88
|
+
|
89
|
+
OneLogin::RubySaml::SloLogoutresponse.new.create(saml_config, logout_request_id, nil, params)
|
63
90
|
end
|
64
91
|
end
|
@@ -5,6 +5,7 @@ require "devise_saml_authenticatable/exception"
|
|
5
5
|
require "devise_saml_authenticatable/logger"
|
6
6
|
require "devise_saml_authenticatable/routes"
|
7
7
|
require "devise_saml_authenticatable/saml_config"
|
8
|
+
require "devise_saml_authenticatable/default_attribute_map_resolver"
|
8
9
|
require "devise_saml_authenticatable/default_idp_entity_id_reader"
|
9
10
|
|
10
11
|
begin
|
@@ -55,7 +56,7 @@ module Devise
|
|
55
56
|
|
56
57
|
# Reader that can parse entity id from a SAMLMessage
|
57
58
|
mattr_accessor :idp_entity_id_reader
|
58
|
-
@@idp_entity_id_reader ||= ::DeviseSamlAuthenticatable::DefaultIdpEntityIdReader
|
59
|
+
@@idp_entity_id_reader ||= "::DeviseSamlAuthenticatable::DefaultIdpEntityIdReader"
|
59
60
|
|
60
61
|
# Implements a #handle method that takes the response and strategy as an argument
|
61
62
|
mattr_accessor :saml_failed_callback
|
@@ -66,6 +67,10 @@ module Devise
|
|
66
67
|
mattr_accessor :saml_relay_state
|
67
68
|
@@saml_relay_state
|
68
69
|
|
70
|
+
# Instead of storing the attribute_map in attribute-map.yml, store it in the database, or set it programatically
|
71
|
+
mattr_accessor :saml_attribute_map_resolver
|
72
|
+
@@saml_attribute_map_resolver ||= "::DeviseSamlAuthenticatable::DefaultAttributeMapResolver"
|
73
|
+
|
69
74
|
# Implements a #validate method that takes the retrieved resource and response right after retrieval,
|
70
75
|
# and returns true if it's valid. False will cause authentication to fail.
|
71
76
|
# Only one of saml_resource_validator and saml_resource_validator_hook may be used.
|
@@ -124,6 +129,14 @@ module Devise
|
|
124
129
|
# See saml_default_resource_locator above for an example.
|
125
130
|
mattr_accessor :saml_resource_locator
|
126
131
|
@@saml_resource_locator = @@saml_default_resource_locator
|
132
|
+
|
133
|
+
# Proc that is called to resolve the name identifier to use in a LogoutRequest for the current user.
|
134
|
+
# Receives the logged-in user.
|
135
|
+
# Is expected to return the identifier the IdP understands for this user, e.g. email address or username.
|
136
|
+
mattr_accessor :saml_name_identifier_retriever
|
137
|
+
@@saml_name_identifier_retriever = Proc.new do |current_user|
|
138
|
+
current_user.public_send(Devise.saml_default_user_key)
|
139
|
+
end
|
127
140
|
end
|
128
141
|
|
129
142
|
# Add saml_authenticatable strategy to defaults.
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module DeviseSamlAuthenticatable
|
2
|
+
class DefaultAttributeMapResolver
|
3
|
+
def initialize(saml_response)
|
4
|
+
@saml_response = saml_response
|
5
|
+
end
|
6
|
+
|
7
|
+
def attribute_map
|
8
|
+
return {} unless File.exist?(attribute_map_path)
|
9
|
+
|
10
|
+
attribute_map = YAML.load(File.read(attribute_map_path))
|
11
|
+
if attribute_map.key?(Rails.env)
|
12
|
+
attribute_map[Rails.env]
|
13
|
+
else
|
14
|
+
attribute_map
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
attr_reader :saml_response
|
21
|
+
|
22
|
+
def attribute_map_path
|
23
|
+
Rails.root.join("config", "attribute-map.yml")
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -33,9 +33,9 @@ module Devise
|
|
33
33
|
key = Devise.saml_default_user_key
|
34
34
|
decorated_response = ::SamlAuthenticatable::SamlResponse.new(
|
35
35
|
saml_response,
|
36
|
-
attribute_map
|
36
|
+
attribute_map(saml_response),
|
37
37
|
)
|
38
|
-
if
|
38
|
+
if Devise.saml_use_subject
|
39
39
|
auth_value = saml_response.name_id
|
40
40
|
else
|
41
41
|
auth_value = decorated_response.attribute_value_by_resource_key(key)
|
@@ -81,18 +81,15 @@ module Devise
|
|
81
81
|
find_for_authentication(conditions)
|
82
82
|
end
|
83
83
|
|
84
|
-
def attribute_map
|
85
|
-
|
84
|
+
def attribute_map(saml_response = nil)
|
85
|
+
attribute_map_resolver.new(saml_response).attribute_map
|
86
86
|
end
|
87
87
|
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
attribute_map = YAML.load(File.read("#{Rails.root}/config/attribute-map.yml"))
|
92
|
-
if attribute_map.has_key?(Rails.env)
|
93
|
-
attribute_map[Rails.env]
|
88
|
+
def attribute_map_resolver
|
89
|
+
if Devise.saml_attribute_map_resolver.respond_to?(:new)
|
90
|
+
Devise.saml_attribute_map_resolver
|
94
91
|
else
|
95
|
-
|
92
|
+
Devise.saml_attribute_map_resolver.constantize
|
96
93
|
end
|
97
94
|
end
|
98
95
|
end
|
@@ -22,7 +22,7 @@ module DeviseSamlAuthenticatable
|
|
22
22
|
def adapter_based_config(idp_entity_id)
|
23
23
|
config = Marshal.load(Marshal.dump(Devise.saml_config))
|
24
24
|
|
25
|
-
|
25
|
+
idp_settings_adapter.settings(idp_entity_id).each do |k,v|
|
26
26
|
acc = "#{k.to_s}=".to_sym
|
27
27
|
|
28
28
|
if config.respond_to? acc
|
@@ -33,7 +33,23 @@ module DeviseSamlAuthenticatable
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def get_idp_entity_id(params)
|
36
|
-
|
36
|
+
idp_entity_id_reader.entity_id(params)
|
37
|
+
end
|
38
|
+
|
39
|
+
def idp_entity_id_reader
|
40
|
+
if Devise.idp_entity_id_reader.respond_to?(:entity_id)
|
41
|
+
Devise.idp_entity_id_reader
|
42
|
+
else
|
43
|
+
@idp_entity_id_reader ||= Devise.idp_entity_id_reader.constantize
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def idp_settings_adapter
|
48
|
+
if Devise.idp_settings_adapter.respond_to?(:settings)
|
49
|
+
Devise.idp_settings_adapter
|
50
|
+
else
|
51
|
+
@idp_settings_adapter ||= Devise.idp_settings_adapter.constantize
|
52
|
+
end
|
37
53
|
end
|
38
54
|
end
|
39
55
|
end
|