federated_rails 0.2.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: eb55e97af1673e142ca61d53be8860f6b11690b4
+  data.tar.gz: 0bf597bfa4538c80007358f8efafab5200d0d1f0
+SHA512:
+  metadata.gz: 2ba093decda6fee395fc2fb5df843ed11ffa983b8cd7e4c99abed6d5321ee8c5ac080e47542508291e0c72cef8b06648febe80d01f5cb07442d68023e8c6c907
+  data.tar.gz: 45eb56f25228e209a2c6c69ff513279583505205557ce133c51476acb0f78acd0ce922616181908639ecb9c9288cc0d5fa8ef54ab0d21b3863c5ee0c2728a4d2

data/Gemfile

@@ -0,0 +1,16 @@
+source "http://rubygems.org"
+
+gem "rails", "3.0.9"
+gem "sqlite3"
+
+gem "rails_warden", "~> 0.5.5"
+
+group :development do
+  gem "bundler", "~> 1.0.0"
+  gem "rcov", ">= 0"
+end
+
+group :test, :development do
+  gem "rspec-rails", "~> 2.6"
+  gem "factory_girl_rails", "~> 1.1"
+end

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2011 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,25 @@
+# encoding: UTF-8
+require 'rubygems'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rake'
+require 'rake/rdoctask'
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'FederatedRails'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/app/controller/federated_rails/auth_controller.rb

@@ -0,0 +1,55 @@
+
+class FederatedRails::AuthController < ApplicationController
+
+  skip_before_filter :ensure_valid_subject
+
+  def login
+    # Integrates with Shibboleth NativeSPSessionCreationParameters as per https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters
+    login_url = "#{Rails.application.config.federation.ssoendpoint}?target=#{url_for(:controller => 'auth', :action => 'federation_login')}"
+    if Rails.application.config.federation.automatelogin
+      redirect_to login_url
+      return
+    end
+
+    @spsession_url = login_url
+  end
+
+  def logout
+    uri = url_for root_path
+    logger.info "Logging out principal #{security_manager.subject.principal} and directing to #{uri.inspect}" if security_manager.subject
+    warden.logout
+    redirect_to uri
+  end
+
+  def unauthenticated
+  end
+
+  def federation_login
+    if Rails.application.config.federation.federationactive
+      warden.authenticate!(:federation_login)
+      
+      uri = session[:security_manager_return_to] ||= url_for(root_path)
+      logger.info "Redirecting principal #{security_manager.subject.principal} to #{uri.inspect}"
+      redirect_to uri
+    else
+      logger.error "Attempt utilize federation login when federation disabled"
+      render :partial => "loginerror", :nothing => true, :status => :forbidden
+      return
+    end
+  end
+
+  def development_login
+    if Rails.application.config.federation.developmentactive
+      warden.authenticate!(:development_login)
+      
+      uri = session[:security_manager_return_to] ||= url_for(root_path)
+      logger.info "Redirecting principal #{security_manager.subject.principal} to #{uri.inspect}"
+      redirect_to uri
+    else
+      logger.error "Attempt utilize development login when development is disabled"
+      render :partial => "loginerror", :nothing => true, :status => 403
+      return
+    end
+  end 
+
+end

data/app/views/federated_rails/auth/_loginerror.html.erb

@@ -0,0 +1,11 @@
+<h2>Login Denied</h2>
+Login attempt was halted.
+
+<h2>Headers</h2>
+<table border="1">
+<% for header in request.env %>
+  <tr>
+    <td><%=header[0]%></td><td><%=header[1]%></td>    
+  </tr>
+<% end %>
+</table>

data/app/views/federated_rails/auth/federatedlogin.html.erb

@@ -0,0 +1,14 @@
+
+<%= request.env['HTTP_PERSISTENT_ID'] %><br>
+<%= request.env['HTTP_SHIB_SESSION_ID'] %><br>
+<%= request.env['HTTP_SHIB_IDENTITY_PROVIDER'] %><br>
+<%= request.env['HTTP_SHIB_APPLICATION_ID'] %><br>
+<%= request.env['HTTP_SHIB_AUTHENTICATION_INSTANT'] %><br>
+
+<br>
+
+<%= request.env['HTTP_DISPLAYNAME'] %><br>
+<%= request.env['HTTP_MAIL'] %><br>
+<%= request.env['HTTP_ENTITLEMENT'] %><br>
+<%= request.env['HTTP_HOMEORGANIZATION'] %><br>
+<%= request.env['HTTP_HOMEORGANIZATIONTYPE'] %><br>

data/app/views/federated_rails/auth/locallogin.html.erb

@@ -0,0 +1,2 @@
+<h1>Auth#locallogin</h1>
+<p>Find me in app/views/auth/locallogin.html.erb</p>

data/app/views/federated_rails/auth/login.html.erb

@@ -0,0 +1,53 @@
+<h1>Application Login</h1>
+
+<%= link_to "Shib", @spsession_url  %>
+
+<h2>Select login account</h2>
+
+<h3>Fred Bloggs</h3>
+<p>Principal: https://idp.one.edu.au/idp/shibboleth!-!d2404817-6fb9-4165-90d8-1</p>
+<%= form_tag(:controller => 'auth', :action => 'development_login') do %>
+  <%= hidden_field_tag(:principal, 'https://idp.one.edu.au/idp/shibboleth!-!d2404817-6fb9-4165-90d8-1') %>
+  <%= hidden_field_tag(:credential, 'fake-sessionid-webform') %>
+  
+  <%= hidden_field :attributes, :cn, :value => 'Fred Bloggs' %>
+  <%= hidden_field :attributes, :email, :value => 'fredbloggs@one.edu.au' %>
+  <%= hidden_field :attributes, :shared_token, :value => 'zxcvSFDsfgsgf#$%' %>
+  <%= hidden_field :attributes, :entityID, :value => 'https://idp.one.edu.au/idp/shibboleth' %>
+  <%= hidden_field :attributes, :homeOrganization, :value => 'one.edu.au' %>
+  <%= hidden_field :attributes, :homeOrganizationType, :value => 'university:australia' %>
+
+  <%= submit_tag('Login') %>
+<% end %>
+
+<h3>Joe Schmoe</h3>
+<p>Principal: https://idp.one.edu.au/idp/shibboleth!-!d2404817-6fb9-4165-90d8-2</p>
+<%= form_tag(:controller => 'auth', :action => 'development_login') do %>
+  <%= hidden_field_tag(:principal, 'https://idp.one.edu.au/idp/shibboleth!-!d2404817-6fb9-4165-90d8-2') %>
+  <%= hidden_field_tag(:credential, 'fake-sessionid-webform') %>
+  
+  <%= hidden_field :attributes, :cn, :value => 'Joe Schmoe' %>
+  <%= hidden_field :attributes, :email, :value => 'joeschmoe@one.edu.au' %>
+  <%= hidden_field :attributes, :shared_token, :value => 'qwerSFDsfgsgf#$%' %>
+  <%= hidden_field :attributes, :entityID, :value => 'https://idp.one.edu.au/idp/shibboleth' %>
+  <%= hidden_field :attributes, :homeOrganization, :value => 'one.edu.au' %>
+  <%= hidden_field :attributes, :homeOrganizationType, :value => 'university:australia' %>
+
+  <%= submit_tag('Login') %>
+<% end %>
+
+<h3>Max Mustermann</h3>
+<p>Principal: https://idp.one.edu.au/idp/shibboleth!-!d2404817-6fb9-4165-90d8-3</p>
+<%= form_tag(:controller => 'auth', :action => 'development_login') do %>
+  <%= hidden_field_tag(:principal, 'https://idp.one.edu.au/idp/shibboleth!-!d2404817-6fb9-4165-90d8-3') %>
+  <%= hidden_field_tag(:credential, 'fake-sessionid-webform') %>
+  
+  <%= hidden_field :attributes, :cn, :value => 'Max Mustermann' %>
+  <%= hidden_field :attributes, :email, :value => 'maxmustermann@one.edu.au' %>
+  <%= hidden_field :attributes, :shared_token, :value => 'adsfSFDsfgsgf#$%' %>
+  <%= hidden_field :attributes, :entityID, :value => 'https://idp.one.edu.au/idp/shibboleth' %>
+  <%= hidden_field :attributes, :homeOrganization, :value => 'one.edu.au' %>
+  <%= hidden_field :attributes, :homeOrganizationType, :value => 'university:australia' %>
+
+  <%= submit_tag('Login') %>
+<% end %>

data/app/views/federated_rails/auth/logout.html.erb

@@ -0,0 +1,2 @@
+<h1>Auth#logout</h1>
+<p>Find me in app/views/auth/logout.html.erb</p>

data/app/views/federated_rails/auth/unauthenticated.html.erb

@@ -0,0 +1,11 @@
+problem ? [troll]
+
+<br>
+<h2>Headers</h2>
+<table border="1">
+<% for header in request.env %>
+  <tr>
+    <td><%=header[0]%></td><td><%=header[1]%></td>    
+  </tr>
+<% end %>
+</table>

data/config/routes.rb

@@ -0,0 +1,11 @@
+Rails.application.routes.draw do
+
+  scope :module => 'federated_rails' do
+    match '/login', :to => 'auth#login', :as => :login
+    match '/logout', :to => 'auth#logout', :as => :logout
+    match '/loginerror', :to => 'auth#unauthenticated'
+    match '/auth/federation', :to => 'auth#federation_login'
+    match '/auth/development', :to => 'auth#development_login'
+  end
+
+end

data/lib/federated_rails.rb

@@ -0,0 +1,10 @@
+require 'rails'
+require 'rails_warden'
+
+module FederatedRails
+  require 'federated_rails/engine' if defined?(Rails)
+  require 'federated_rails/railtie'  if defined?(Rails)
+
+  require 'federated_rails/federation_strategy'
+  require 'federated_rails/development_strategy'
+end

data/lib/federated_rails/acts_as_federated.rb

@@ -0,0 +1,22 @@
+require 'rails'
+
+module FederatedRails
+  
+  module ActsAsFederated
+    module InstanceMethods
+      protected  
+      def ensure_valid_subject
+        unless security_manager.authenticated? 
+          session[:security_manager_return_to] = request.fullpath if request.get?
+          redirect_to :login
+          false
+        end
+      end
+      
+      def security_manager
+        @security_manager ||= SecurityManager.new request.env['warden']
+      end
+    end
+  end
+
+end

data/lib/federated_rails/authentication_controller_extension.rb

@@ -0,0 +1,12 @@
+module FederatedRails
+    module ActionControllerExtension
+    module ClassMethods
+      def acts_as_federated
+        # At this point, 'self' is the ApplicationController
+        self.send :include, ::FederatedRails::ActsAsFederated::InstanceMethods
+        self.before_filter :ensure_valid_subject
+        self.helper_method :security_manager
+      end
+    end
+  end
+end

data/lib/federated_rails/development_strategy.rb

@@ -0,0 +1,64 @@
+
+require 'federated_rails/provisioning_manager'
+
+module FederatedRails
+  class DevelopmentStrategy < Warden::Strategies::Base
+
+    include ProvisioningManager
+
+    def authenticate!
+
+      if Rails.application.config.federation.developmentactive
+        principal = params[:principal]
+        unless principal
+          return fail! 'Authentication Error - Development environment did not supply persistent ID'
+        end
+
+        credential = params[:credential]
+        unless credential
+          return fail! 'Authentication Error - Development environment did not supply session ID'
+        end
+
+        subject = host_subject.find_or_initialize_by_principal(params[:principal])
+        
+        if subject.new_record?
+          unless Rails.application.config.federation.autoprovision
+            logger.error 'Authentication Error - Automatic provisioning is disabled in configuration'
+            return fail! 'Authentication Error - Automatic provisioning is disabled in configuration'
+          end
+
+          logger.info "Creating new subject for principal #{subject.principal}"
+
+          # The default implementation simply stores the principal
+          # Customize provision_subject_development within an application initializer to meet your specific needs
+          provision_development subject
+        else
+          logger.info "Updating returning #{subject} from development source"
+
+          # If you have attributes specific to your application that may change on the IdP side
+          # such as names, email addresses and entitlemenets these will need to be updated at session establishment.
+          # Customize update_subject_development within an application initializer to meet your specific needs.
+          update_development subject
+        end
+
+        # Store details about this session
+        remote_host = request.env['HTTP_X_FORWARDED_FOR'] ||= request.remote_ip()
+        user_agent = request.env['HTTP_USER_AGENT']
+        sr = SessionRecord.new( :credential => credential, :remote_host => remote_host, :user_agent => user_agent )
+        subject.session_records << sr
+        
+        unless subject.save
+          logger.error "Unable to persist development subject"
+          subject.errors.each do |error|
+            logger.error error
+          end
+          return fail! 'Authentication Error - Unable to persist development subject'
+        end
+        
+        success!(subject)
+      else
+        return fail! 'Authentication Error - Development source is not enabled'
+      end
+    end
+  end
+end

data/lib/federated_rails/engine.rb

@@ -0,0 +1,9 @@
+
+require "federated_rails"
+require "rails"
+
+module FederatedRails
+  class Engine < Rails::Engine
+
+  end
+end

data/lib/federated_rails/federation_strategy.rb

@@ -0,0 +1,66 @@
+
+require 'federated_rails/provisioning_manager'
+
+class FederatedRails::FederationStrategy < Warden::Strategies::Base
+
+  include FederatedRails::ProvisioningManager
+
+  def authenticate!
+    if Rails.application.config.federation.federationactive
+
+      principal = retrieve_federated_value :principal
+      unless principal
+        logger.error 'Authentication Error - Federation did not supply persistent ID'
+        return fail! 'Authentication Error - Federation did not supply persistent ID'
+      end
+
+      credential = retrieve_federated_value :credential
+      unless credential
+        logger.error 'Authentication Error - Federation did not supply session ID'
+        return fail! 'Authentication Error - Federation did not supply session ID'
+      end
+
+      subject = host_subject.find_or_initialize_by_principal(principal)
+
+      if subject.new_record?
+        unless Rails.application.config.federation.autoprovision
+          logger.error 'Authentication Error - Automatic provisioning is disabled in configuration'
+          return fail! 'Authentication Error - Automatic provisioning is disabled in configuration'
+        end
+
+        logger.info "Creating new subject for principal #{subject.principal}"
+
+        # The default implementation simply stores the principal
+        # Customize provision_subject within an application initializer to meet your specific needs
+        provision subject
+      else
+        logger.info "Updating returning #{subject} from federated source"
+
+        # If you have attributes specific to your application that may change on the IdP side
+        # such as names, email addresses and entitlemenets these will need to be updated at session establishment.
+        # Customize update_subject within an application initializer to meet your specific needs.
+        update subject
+      end
+
+      # Store details about this session
+      remote_host = request.env['HTTP_X_FORWARDED_FOR'] ||= request.remote_ip()
+      user_agent = request.env['HTTP_USER_AGENT']
+      sr = SessionRecord.new( :credential => credential, :remote_host => remote_host, :user_agent => user_agent )
+      subject.session_records << sr
+      
+      unless subject.save
+        logger.error "Unable to persist federated subject"
+        logger.debug sr.inspect
+        subject.errors.each do |error|
+          logger.error error
+        end
+        return fail! 'Authentication Error - Unable to persist federated subject'
+      end
+
+      success! subject
+    else
+      return fail! 'Authentication Error - Federated source is not enabled'
+    end
+  end
+
+end

data/lib/federated_rails/provisioning_manager.rb

@@ -0,0 +1,33 @@
+module FederatedRails
+  module ProvisioningManager
+
+    def provision (subject)
+      logger.debug "Executed default NOOP provisioner against #{subject}"
+    end
+
+    def update (subject)
+      logger.debug "Executed default NOOP updater against #{subject}"
+    end
+
+    def provision_development (subject)
+      logger.debug "Executed default NOOP development provisioning against #{subject}"
+    end
+
+    def update_development (subject)
+      logger.debug "Executed default NOOP development updater against #{subject}"
+    end
+
+    def retrieve_federated_value(attr)
+      if Rails.application.config.federation.attributes
+        request.env[ Rails.application.config.federation.mapping[attr][:env] ]
+      else
+        request.env[ Rails.application.config.federation.mapping[attr][:header] ]
+      end
+    end
+
+    def host_subject
+      Object::const_get(Rails.application.config.federation.subject)
+    end
+
+  end
+end

data/lib/federated_rails/railtie.rb

@@ -0,0 +1,12 @@
+
+require 'federated_rails/acts_as_federated'
+require 'federated_rails/authentication_controller_extension'
+require 'federated_rails/security_manager'
+
+module FederatedRails
+  class Railtie < Rails::Railtie
+    initializer 'federated_rails.action_controller_federated_extension' do |app|
+      ActionController::Base.send :extend, ::FederatedRails::ActionControllerExtension::ClassMethods
+    end
+  end
+end

data/lib/federated_rails/security_manager.rb

@@ -0,0 +1,14 @@
+module FederatedRails
+  class SecurityManager
+    attr_accessor :warden
+    def initialize(w)
+      @warden = w
+    end
+    def method_missing(name, *args)
+      warden.send name, *args
+    end
+    def subject
+      warden.user
+    end
+  end
+end

data/lib/generators/federated_rails/install/install_generator.rb

@@ -0,0 +1,41 @@
+require 'rails/generators/migration'
+
+module FederatedRails
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      argument :model, :type => :string, :desc => "The model name to represent the applications subject (recommend: Subject)"
+      class_option :createsubject, :optional => true, :type => :boolean, :default => true, :desc => "Create the subject model and migrations? False if object exists."
+      include Rails::Generators::Migration
+      source_root File.expand_path('../../templates', __FILE__)
+      desc "add the migrations"
+
+      def self.next_migration_number(dirname)
+        if ActiveRecord::Base.timestamped_migrations
+          Time.now.utc.to_f
+        else
+          "%.3d" % (current_migration_number(dirname) + 1)
+        end
+      end
+
+      def copy_initializers
+        template "warden.rb.erb", "config/initializers/warden.rb"
+        template "federation.rb.erb", "config/initializers/federation.rb"
+        template "provisioning_manager.rb.erb", "config/initializers/provisioning_manager.rb"
+        template "security_manager.rb.erb", "config/initializers/security_manager.rb"
+      end
+
+      def copy_models
+        if options[:createsubject]
+          template "subject.rb.erb", "app/models/#{model.downcase}.rb"
+          template "session_record.rb.erb", "app/models/session_record.rb"
+
+          migration_template "create_subjects.rb.erb", "db/migrate/create_#{model.downcase}s.rb"
+          migration_template "create_session_records.rb.erb", "db/migrate/create_session_records.rb"
+        end
+      end
+
+      private
+
+    end
+  end
+end

data/lib/generators/federated_rails/templates/create_session_records.rb.erb

@@ -0,0 +1,16 @@
+class CreateSessionRecords < ActiveRecord::Migration
+  def self.up
+    create_table :session_records do |t|
+      t.string :credential
+      t.string :remote_host
+      t.string :user_agent
+      t.references :<%= model.downcase %>
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :session_records
+  end
+end

data/lib/generators/federated_rails/templates/create_subjects.rb.erb

@@ -0,0 +1,14 @@
+class Create<%= model %>s < ActiveRecord::Migration
+  def self.up
+    create_table :<%= model.downcase %>s do |t|
+      t.string :principal
+      t.boolean :enabled, :default => false
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :<%= model.downcase %>s
+  end
+end

data/lib/generators/federated_rails/templates/federation.rb.erb

@@ -0,0 +1,27 @@
+<%= Rails.application.class.name %>.instance_eval do
+	config.federation = ActiveSupport::OrderedOptions.new
+	federation = config.federation
+
+	# Key integration configuration
+	federation.automatelogin = false
+	federation.federationactive = false
+	federation.developmentactive = false
+	federation.autoprovision = false
+	federation.subject = '<%= model %>'
+
+	# SP session init endpoint
+	federation.ssoendpoint = '/Shibboleth.sso/Login'
+	federation.attributes = false
+
+	# Attribute mappings
+	federation.mapping = ActiveSupport::OrderedOptions.new
+	federation.mapping.principal = {:header => 'HTTP_PERSISTENT_ID', :env => 'persistent-id'}			# The unique and persistent ID used to identify this principal for current and subsequent sessions (eduPersonTargetedID)
+	federation.mapping.credential = {:header => 'HTTP_SHIB_SESSION_ID', :env => 'Shib-Session-ID'}		# The internal session key assigned to the session associated with the request and hence the credential used
+	federation.mapping.entityID = {:header => 'HTTP_SHIB_IDENTITY_PROVIDER', :env => 'Shib-Identity-Provider'}		# The entityID of the IdP that authenticated the user associated with the request.
+	federation.mapping.applicationID = {:header => 'HTTP_SHIB_APPLICATION_ID', :env => 'Shib-Application-ID'}		# The applicationId property derived for the request.
+	federation.mapping.idpAuthenticationInstant = {:header => 'HTTP_SHIB_AUTHENTICATION_INSTANT', :env => 'Shib-Authentication-Instant'}		# The ISO timestamp provided by the IdP indicating the time of authentication. 
+
+	## See mappings in your attribute-map.xml file to enable more attributes - some common additional requirements
+	# federation.mapping.displayName = {:header => 'HTTP_DISPLAYNAME', :env => 'displayName'}
+	# federation.mapping.email = {:header => 'HTTP_MAIL', :env => 'mail'}
+end

data/lib/generators/federated_rails/templates/provisioning_manager.rb.erb

@@ -0,0 +1,23 @@
+
+# This allows us to extend how <%= model %> is provisioned and updated
+# to suit the explict needs of the host application
+
+FederatedRails::ProvisioningManager.module_eval do
+	
+	# Customize <%= model %> management within production deployment
+
+	# def provision( <%= model.downcase %> )
+	# end
+
+	# def update ( <%= model.downcase %> )
+	# end
+
+	# Customize <%= model %> management within development deployment
+	
+	# def provision_development ( <%= model.downcase %> )
+	# end
+
+	# def update_development ( <%= model.downcase %> )
+	# end
+
+end

data/lib/generators/federated_rails/templates/security_manager.rb.erb

@@ -0,0 +1,11 @@
+
+# This allows us to extend how security is managed
+# to suit the explict needs of the host application
+
+FederatedRails::SecurityManager.class_eval do
+	
+	def <%= model.downcase %>
+		warden.user
+	end
+
+end

data/lib/generators/federated_rails/templates/session_record.rb.erb

@@ -0,0 +1,6 @@
+class SessionRecord < ActiveRecord::Base
+	belongs_to :<%= model.downcase %>
+
+	validates_presence_of :credential, :remote_host, :user_agent
+  attr_accessible :credential, :remote_host, :user_agent
+end

data/lib/generators/federated_rails/templates/subject.rb.erb

@@ -0,0 +1,13 @@
+class <%= model %> < ActiveRecord::Base
+	has_many :session_records
+
+	validates_presence_of :principal
+	validates_uniqueness_of :principal
+	validates_associated :session_records
+  
+  attr_accessible :administrator, :subject
+
+	def to_s
+		"<%= model.downcase %> [#{self.id}, #{self.principal}]"
+	end
+end

data/lib/generators/federated_rails/templates/warden.rb.erb

@@ -0,0 +1,10 @@
+Rails.configuration.middleware.use RailsWarden::Manager do |manager|
+  manager.default_strategies :federation_login
+  manager.failure_app = FederatedRails::AuthController
+end
+
+Warden::Manager.serialize_into_session { |<%= model.downcase %>| <%= model.downcase %>.id }
+Warden::Manager.serialize_from_session { |id| <%= model %>.find_by_id(id) }
+
+Warden::Strategies.add(:federation_login, FederatedRails::FederationStrategy)
+Warden::Strategies.add(:development_login, FederatedRails::DevelopmentStrategy)

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification
+name: federated_rails
+version: !ruby/object:Gem::Version
+  version: 0.2.2
+platform: ruby
+authors:
+- Bradley Beddoes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-16 00:00:00.000000000 Z
+dependencies: []
+description: Allows Ruby on Rails applications to easily integrate to federated authentication
+  sources particuarly those served by Shibboleth service providers.
+email:
+- bradleybeddoes@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- app/controller/federated_rails/auth_controller.rb
+- app/views/federated_rails/auth/_loginerror.html.erb
+- app/views/federated_rails/auth/federatedlogin.html.erb
+- app/views/federated_rails/auth/locallogin.html.erb
+- app/views/federated_rails/auth/login.html.erb
+- app/views/federated_rails/auth/logout.html.erb
+- app/views/federated_rails/auth/unauthenticated.html.erb
+- lib/federated_rails/acts_as_federated.rb
+- lib/federated_rails/authentication_controller_extension.rb
+- lib/federated_rails/development_strategy.rb
+- lib/federated_rails/engine.rb
+- lib/federated_rails/federation_strategy.rb
+- lib/federated_rails/provisioning_manager.rb
+- lib/federated_rails/railtie.rb
+- lib/federated_rails/security_manager.rb
+- lib/federated_rails.rb
+- lib/generators/federated_rails/install/install_generator.rb
+- lib/generators/federated_rails/templates/create_session_records.rb.erb
+- lib/generators/federated_rails/templates/create_subjects.rb.erb
+- lib/generators/federated_rails/templates/federation.rb.erb
+- lib/generators/federated_rails/templates/provisioning_manager.rb.erb
+- lib/generators/federated_rails/templates/security_manager.rb.erb
+- lib/generators/federated_rails/templates/session_record.rb.erb
+- lib/generators/federated_rails/templates/subject.rb.erb
+- lib/generators/federated_rails/templates/warden.rb.erb
+- config/routes.rb
+- MIT-LICENSE
+- Rakefile
+- Gemfile
+homepage: https://github.com/ausaccessfed/federatedrails
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: SAML federation authentication and access control
+test_files: []