okta_saml 0.0.6 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CONTRIBUTORS +11 -0
- data/{LICENSE.txt → LICENSE} +2 -2
- data/README.md +2 -0
- data/Rakefile +2 -17
- data/app/controllers/saml_controller.rb +1 -1
- data/config/routes.rb +2 -2
- data/lib/okta_saml.rb +1 -1
- data/lib/okta_saml/constants.rb +8 -7
- data/lib/okta_saml/engine.rb +64 -2
- data/lib/okta_saml/session_helper.rb +1 -2
- data/lib/okta_saml/version.rb +1 -1
- metadata +30 -42
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: c75f4693aef436cf69cfd2d7b63ac4bacb42f397
|
4
|
+
data.tar.gz: f01778c3f18cf909d9ecc927a5c73469340f162a
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: cd25ad264353c69513000f4d6d6b2027e2b921b063e20c2cf8f736cba8fbb5431093359a98cdaf56e920f4496cf012dae2236d4239e8afd7f5c7f3078c89cc7f
|
7
|
+
data.tar.gz: afed5cd8f440331994fc18be18da01bc841cc7f7a3a85bfa13466eec12e0281b919578228823d0087345ac465d294841e44e946888bc9cdbcbd6dee47b4f5304
|
data/CONTRIBUTORS
ADDED
data/{LICENSE.txt → LICENSE}
RENAMED
@@ -1,4 +1,4 @@
|
|
1
|
-
Copyright (c)
|
1
|
+
Copyright (c) 2014 RentPath, Inc.
|
2
2
|
|
3
3
|
MIT License
|
4
4
|
|
@@ -19,4 +19,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
19
19
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
20
|
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
21
|
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
-
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# OktaSaml
|
2
2
|
|
3
|
+
[![Code Climate](https://codeclimate.com/repos/5175815b56b1020c56000864/badges/aec34f2ab248de6035e0/gpa.png)](https://codeclimate.com/repos/5175815b56b1020c56000864/feed)
|
4
|
+
|
3
5
|
[Okta](http://www.okta.com) is an IDP (Identity Provider) that offers enterprise authentication solutions. Okta works by redirecting visitors to your application to a login page that is hosted by Okta. Upon successful authentication Okta sends a POST request with a SAML payload to a Post Back URL (configured by you at setup). The okta_saml gem helps Ruby on Rails applications communicate with Okta.
|
4
6
|
|
5
7
|
It is an engine that adds the following features to your application
|
data/Rakefile
CHANGED
@@ -12,6 +12,8 @@ rescue LoadError
|
|
12
12
|
RDoc::Task = Rake::RDocTask
|
13
13
|
end
|
14
14
|
|
15
|
+
require 'bundler/gem_tasks'
|
16
|
+
|
15
17
|
RDoc::Task.new(:rdoc) do |rdoc|
|
16
18
|
rdoc.rdoc_dir = 'rdoc'
|
17
19
|
rdoc.title = 'OktaSaml'
|
@@ -23,12 +25,6 @@ end
|
|
23
25
|
APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
|
24
26
|
load 'rails/tasks/engine.rake'
|
25
27
|
|
26
|
-
|
27
|
-
|
28
|
-
Bundler::GemHelper.install_tasks
|
29
|
-
|
30
|
-
Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each{|f| load f}
|
31
|
-
|
32
28
|
require 'rspec/core'
|
33
29
|
require 'rspec/core/rake_task'
|
34
30
|
|
@@ -37,14 +33,3 @@ RSpec::Core::RakeTask.new(:spec)
|
|
37
33
|
|
38
34
|
task :default => :spec
|
39
35
|
|
40
|
-
namespace :gem do
|
41
|
-
task :build do
|
42
|
-
output = IO.popen("gem build okta_saml.gemspec")
|
43
|
-
a = output.readlines
|
44
|
-
a.keep_if{|line| line =~ /File:/}
|
45
|
-
a[0].match(/File:/)
|
46
|
-
filename = $'.strip
|
47
|
-
# puts `echo #{filename}`
|
48
|
-
puts `gem inabox #{filename}`
|
49
|
-
end
|
50
|
-
end
|
data/config/routes.rb
CHANGED
data/lib/okta_saml.rb
CHANGED
data/lib/okta_saml/constants.rb
CHANGED
@@ -1,11 +1,12 @@
|
|
1
1
|
if defined?(Rails)
|
2
|
-
|
3
|
-
YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
|
2
|
+
begin
|
3
|
+
saml = YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
|
4
|
+
SAML_SETTINGS = {
|
5
|
+
:idp_sso_target_url => saml[Rails.env]['idp_sso_target_url'],
|
6
|
+
:idp_cert_fingerprint => saml[Rails.env]['idp_cert_fingerprint']
|
7
|
+
}
|
4
8
|
rescue Errno::ENOENT
|
5
9
|
p "Missing okta_saml.yml file in Rails.root/config"
|
10
|
+
SAML_SETTINGS = {}
|
6
11
|
end
|
7
|
-
|
8
|
-
:idp_sso_target_url => saml[Rails.env]['idp_sso_target_url'],
|
9
|
-
:idp_cert_fingerprint => saml[Rails.env]['idp_cert_fingerprint']
|
10
|
-
}
|
11
|
-
end
|
12
|
+
end
|
data/lib/okta_saml/engine.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
require 'rubygems'
|
2
2
|
require 'ruby-saml'
|
3
|
+
require "net/http"
|
4
|
+
require "uri"
|
5
|
+
require "json"
|
3
6
|
require_relative 'session_helper'
|
4
7
|
|
5
8
|
class ActionController::Base
|
@@ -7,13 +10,72 @@ class ActionController::Base
|
|
7
10
|
|
8
11
|
def okta_authenticate!
|
9
12
|
session[:redirect_url] = params[:app_referer] || "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
|
10
|
-
|
13
|
+
|
14
|
+
session[:referrer] = params[:referrer] if params[:referrer]
|
15
|
+
session[:auth_code] = params[:auth_code] if params[:auth_code]
|
16
|
+
auth_code = session[:auth_code]
|
17
|
+
|
18
|
+
# if no auth_code from propsol, auth using okta
|
19
|
+
if auth_code.blank?
|
20
|
+
redirect_to login_path unless signed_in?
|
21
|
+
|
22
|
+
else
|
23
|
+
ps_user_info = get_user_info(auth_code)
|
24
|
+
ps_user_id = ps_user_info["user-id"]
|
25
|
+
ps_token = ps_user_info["token"]
|
26
|
+
email = get_cr3_email(ps_user_id, ps_token)
|
27
|
+
|
28
|
+
if email.present?
|
29
|
+
# They have auth_code and mapping already exists (since email present)
|
30
|
+
# so log them in.
|
31
|
+
sign_in(OktaUser.new({:email => email}))
|
32
|
+
|
33
|
+
else # no mapping exists
|
34
|
+
if signed_in? # if already signed into okta, but does have
|
35
|
+
# auth_code create the mapping.
|
36
|
+
create_ps_to_cr3_mapping(ps_user_id, current_user.email, ps_token)
|
37
|
+
|
38
|
+
else # since not signed into okta, send them to okta login.
|
39
|
+
redirect_to login_path
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
11
43
|
end
|
12
44
|
|
13
45
|
def okta_logout
|
14
46
|
redirect_to saml_logout_path
|
15
47
|
end
|
16
48
|
|
49
|
+
def create_ps_to_cr3_mapping(ps_user_id, email, token)
|
50
|
+
randr_uri = randr_uri("/portalsvc/propsol/add-user-mapping")
|
51
|
+
params = {"ps-user-id" => ps_user_id, "cr3-email" => email, "token" => token}
|
52
|
+
res = http_get(randr_uri, params)
|
53
|
+
res["result"]
|
54
|
+
end
|
55
|
+
|
56
|
+
def get_cr3_email(ps_user_id, ps_token)
|
57
|
+
randr_uri = randr_uri("/portalsvc/propsol/get-cr3-user")
|
58
|
+
params = {"ps-user-id" => ps_user_id, "token" => ps_token}
|
59
|
+
res = http_get(randr_uri, params)
|
60
|
+
res["email"]
|
61
|
+
end
|
62
|
+
|
63
|
+
def get_user_info(auth_code)
|
64
|
+
randr_uri = randr_uri("/portalsvc/propsol/get-ps-user-id")
|
65
|
+
params = {"auth-code" => auth_code}
|
66
|
+
res = http_get(randr_uri, params)
|
67
|
+
end
|
68
|
+
|
69
|
+
def http_get(uri, params)
|
70
|
+
uri = URI.parse(uri)
|
71
|
+
uri.query = URI.encode_www_form(params)
|
72
|
+
res = Net::HTTP.get_response(uri)
|
73
|
+
JSON.parse(res.body)
|
74
|
+
end
|
75
|
+
|
76
|
+
def randr_uri(path)
|
77
|
+
uri = Rails.application.config.randr_service + path
|
78
|
+
end
|
17
79
|
end
|
18
80
|
|
19
81
|
module OktaSaml
|
@@ -30,4 +92,4 @@ module OktaSaml
|
|
30
92
|
end
|
31
93
|
end
|
32
94
|
end
|
33
|
-
end
|
95
|
+
end
|
data/lib/okta_saml/version.rb
CHANGED
metadata
CHANGED
@@ -1,130 +1,118 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: okta_saml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
5
|
-
prerelease:
|
4
|
+
version: 3.0.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Michael Hoitomt
|
9
8
|
- Jared Branum
|
10
9
|
- Ed Leung
|
11
10
|
- Luke Fender
|
11
|
+
- Thomas Stankus
|
12
|
+
- Jeb Beich
|
13
|
+
- Eric Caspary
|
14
|
+
- Phong Si
|
15
|
+
- Eric Toulson
|
16
|
+
- Jordi Noguera
|
12
17
|
autorequire:
|
13
18
|
bindir: bin
|
14
19
|
cert_chain: []
|
15
|
-
date:
|
20
|
+
date: 2014-04-30 00:00:00.000000000 Z
|
16
21
|
dependencies:
|
17
22
|
- !ruby/object:Gem::Dependency
|
18
23
|
name: rails
|
19
24
|
requirement: !ruby/object:Gem::Requirement
|
20
|
-
none: false
|
21
25
|
requirements:
|
22
|
-
- -
|
26
|
+
- - ">="
|
23
27
|
- !ruby/object:Gem::Version
|
24
28
|
version: 3.2.13
|
25
29
|
type: :runtime
|
26
30
|
prerelease: false
|
27
31
|
version_requirements: !ruby/object:Gem::Requirement
|
28
|
-
none: false
|
29
32
|
requirements:
|
30
|
-
- -
|
33
|
+
- - ">="
|
31
34
|
- !ruby/object:Gem::Version
|
32
35
|
version: 3.2.13
|
33
36
|
- !ruby/object:Gem::Dependency
|
34
37
|
name: ruby-saml
|
35
38
|
requirement: !ruby/object:Gem::Requirement
|
36
|
-
none: false
|
37
39
|
requirements:
|
38
|
-
- - ~>
|
40
|
+
- - "~>"
|
39
41
|
- !ruby/object:Gem::Version
|
40
42
|
version: 0.7.2
|
41
43
|
type: :runtime
|
42
44
|
prerelease: false
|
43
45
|
version_requirements: !ruby/object:Gem::Requirement
|
44
|
-
none: false
|
45
46
|
requirements:
|
46
|
-
- - ~>
|
47
|
+
- - "~>"
|
47
48
|
- !ruby/object:Gem::Version
|
48
49
|
version: 0.7.2
|
49
50
|
- !ruby/object:Gem::Dependency
|
50
51
|
name: rspec-rails
|
51
52
|
requirement: !ruby/object:Gem::Requirement
|
52
|
-
none: false
|
53
53
|
requirements:
|
54
|
-
- -
|
54
|
+
- - ">="
|
55
55
|
- !ruby/object:Gem::Version
|
56
56
|
version: '0'
|
57
57
|
type: :development
|
58
58
|
prerelease: false
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
60
|
-
none: false
|
61
60
|
requirements:
|
62
|
-
- -
|
63
|
-
- !ruby/object:Gem::Version
|
64
|
-
version: '0'
|
65
|
-
- !ruby/object:Gem::Dependency
|
66
|
-
name: geminabox
|
67
|
-
requirement: !ruby/object:Gem::Requirement
|
68
|
-
none: false
|
69
|
-
requirements:
|
70
|
-
- - ! '>='
|
71
|
-
- !ruby/object:Gem::Version
|
72
|
-
version: '0'
|
73
|
-
type: :development
|
74
|
-
prerelease: false
|
75
|
-
version_requirements: !ruby/object:Gem::Requirement
|
76
|
-
none: false
|
77
|
-
requirements:
|
78
|
-
- - ! '>='
|
61
|
+
- - ">="
|
79
62
|
- !ruby/object:Gem::Version
|
80
63
|
version: '0'
|
81
64
|
description: The okta_saml gem helps Ruby on Rails applications communicate with Okta
|
82
65
|
email:
|
83
|
-
- mhoitomt@
|
66
|
+
- mhoitomt@rentpath.com
|
84
67
|
- jbranum@primedia.com
|
85
68
|
- eleung@primedia.com
|
86
69
|
- lfender@primedia.com
|
70
|
+
- tstankus@rentpath.com
|
71
|
+
- jbeich@rentpath.com
|
72
|
+
- ecaspary@rentpath.com
|
73
|
+
- phong.si@gmail.com
|
74
|
+
- etoulson@rentpath.com
|
87
75
|
executables: []
|
88
76
|
extensions: []
|
89
77
|
extra_rdoc_files: []
|
90
78
|
files:
|
79
|
+
- CONTRIBUTORS
|
80
|
+
- LICENSE
|
81
|
+
- README.md
|
82
|
+
- Rakefile
|
91
83
|
- app/controllers/saml_controller.rb
|
92
84
|
- app/helpers/okta_application_helper.rb
|
93
85
|
- app/models/okta_user.rb
|
94
86
|
- config/okta_saml.sample.yml
|
95
87
|
- config/routes.rb
|
96
88
|
- lib/generators/okta_saml_generator.rb
|
89
|
+
- lib/okta_saml.rb
|
97
90
|
- lib/okta_saml/constants.rb
|
98
91
|
- lib/okta_saml/engine.rb
|
99
92
|
- lib/okta_saml/session_helper.rb
|
100
93
|
- lib/okta_saml/version.rb
|
101
|
-
- lib/okta_saml.rb
|
102
|
-
- LICENSE.txt
|
103
|
-
- Rakefile
|
104
|
-
- README.md
|
105
94
|
homepage: https://github.com/primedia/okta_saml
|
106
95
|
licenses: []
|
96
|
+
metadata: {}
|
107
97
|
post_install_message:
|
108
98
|
rdoc_options: []
|
109
99
|
require_paths:
|
110
100
|
- lib
|
111
101
|
required_ruby_version: !ruby/object:Gem::Requirement
|
112
|
-
none: false
|
113
102
|
requirements:
|
114
|
-
- -
|
103
|
+
- - ">="
|
115
104
|
- !ruby/object:Gem::Version
|
116
105
|
version: '0'
|
117
106
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
118
|
-
none: false
|
119
107
|
requirements:
|
120
|
-
- -
|
108
|
+
- - ">="
|
121
109
|
- !ruby/object:Gem::Version
|
122
110
|
version: '0'
|
123
111
|
requirements: []
|
124
112
|
rubyforge_project:
|
125
|
-
rubygems_version:
|
113
|
+
rubygems_version: 2.2.2
|
126
114
|
signing_key:
|
127
|
-
specification_version:
|
115
|
+
specification_version: 4
|
128
116
|
summary: The okta_saml gem helps Ruby on Rails applications communicate with Okta.
|
129
117
|
The gem properly contstructs the request to Okta and handles the response back from
|
130
118
|
Okta.
|