okta_saml 3.0.1 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/README.md +9 -0
- data/app/controllers/saml_controller.rb +2 -2
- data/app/helpers/okta_application_helper.rb +3 -3
- data/app/models/okta_user.rb +2 -2
- data/lib/okta_saml/constants.rb +2 -2
- data/lib/okta_saml/engine.rb +1 -61
- data/lib/okta_saml/session_helper.rb +5 -1
- data/lib/okta_saml/version.rb +1 -1
- metadata +19 -12
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
ZTJmYTczNTQwZWVhNmZlYTMxNWUwMWY1ZWMzNjA2NjQxMGJhZjlmMw==
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: cb1e64c45b5e58f72d2388a23890625d39cb2c3a
|
4
|
+
data.tar.gz: 72b22d10a35ee1eeee728e496b2d7d0e99d0ce2b
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
YTUzYzZkNGQ0NWIwNzZiYWQyMmI5YTVkM2ZlOTNmOWJlYWI2OWIwMzJkNjk2
|
11
|
-
YWVjZjQwZjZkYzVmYjBkNTU5YjM4ZDZiOWE1ZTEyODU5YWU2NmU=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
OWEyODU3MGEyNTI3YjIyNGRjY2Y1MzVjMzMwZTY0NTI4NjdkMDJlNjczZTk2
|
14
|
-
NWY0NDNmZDIxNTdjOThiNDdmYmJhNjUyYzZhMmRhODA1MjZlOGQxOTNmMzNi
|
15
|
-
NmY1ZjUxOTM0YjU3ZTZkZjg5MDAwYmU2MjBlODE3ZGI1Y2JkMTY=
|
6
|
+
metadata.gz: ea662074d17d0bd8da667f1e1566c30353342d0719550a680084ff0ef5b278d5f83f4faf30def4515f4f46f6ee827ccd6a56079a7e3295ea3ce894e188beebda
|
7
|
+
data.tar.gz: d3214772254bf46ea268c5c7bcf56ac1a807248790c5146e03ab1225edd0b4e53df2c127fa9ca0c9e1d0d77127bb1e0143e23ac612f15358f600cc253bd7ac31
|
data/README.md
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
# OktaSaml
|
2
2
|
|
3
|
+
# Not maintained / Seeking a new maintainer
|
4
|
+
Rentpath doesn't use SAML in our ruby applications anymore so keeping this project up today isn't likely.
|
5
|
+
If you are interested in taking over this project please reach out to us.
|
6
|
+
|
3
7
|
[![Gem Version](https://badge.fury.io/rb/okta_saml.svg)](http://badge.fury.io/rb/okta_saml)
|
4
8
|
[![Code Climate](https://codeclimate.com/repos/5175815b56b1020c56000864/badges/aec34f2ab248de6035e0/gpa.png)](https://codeclimate.com/repos/5175815b56b1020c56000864/feed)
|
5
9
|
[![Build Status](https://travis-ci.org/primedia/okta_saml.svg?branch=dev)](https://travis-ci.org/primedia/okta_saml)
|
@@ -63,6 +67,11 @@ The following steps are required when using the okta_saml gem
|
|
63
67
|
2. Add a `before_filter` using okta_authenticate! in the controllers where authentication is required
|
64
68
|
|
65
69
|
|
70
|
+
## TODO:
|
71
|
+
|
72
|
+
- update setting configs from YAML to configuration block
|
73
|
+
- rails 4 support
|
74
|
+
|
66
75
|
## Contributing
|
67
76
|
|
68
77
|
1. Fork it
|
@@ -11,10 +11,10 @@ class SamlController < ApplicationController
|
|
11
11
|
response = idp_response(params)
|
12
12
|
response.settings = saml_settings(request)
|
13
13
|
if response.is_valid?
|
14
|
-
sign_in(OktaUser.new(
|
14
|
+
sign_in(OktaUser.new(email: response.name_id, attributes: response.attributes, issuer: response.issuer))
|
15
15
|
redirect_to redirect_url
|
16
16
|
else
|
17
|
-
render :
|
17
|
+
render text: "Failure"
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
@@ -1,11 +1,11 @@
|
|
1
1
|
module OktaApplicationHelper
|
2
2
|
|
3
3
|
def idp_response(params)
|
4
|
-
|
4
|
+
OneLogin::RubySaml::Response.new(params[:SAMLResponse])
|
5
5
|
end
|
6
6
|
|
7
7
|
def saml_settings(request)
|
8
|
-
settings =
|
8
|
+
settings = OneLogin::RubySaml::Settings.new
|
9
9
|
|
10
10
|
settings.assertion_consumer_service_url = saml_consume_url(host: request.host)
|
11
11
|
settings.issuer = "http://#{request.port == 80 ? request.host : request.host_with_port}"
|
@@ -19,7 +19,7 @@ module OktaApplicationHelper
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def idp_login_request_url(request)
|
22
|
-
idp_request =
|
22
|
+
idp_request = OneLogin::RubySaml::Authrequest.new
|
23
23
|
idp_request.create(saml_settings(request))
|
24
24
|
end
|
25
25
|
|
data/app/models/okta_user.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
class OktaUser
|
2
|
-
attr_accessor :email
|
2
|
+
attr_accessor :email, :attributes, :issuer
|
3
3
|
|
4
4
|
def initialize(params)
|
5
5
|
populate(params)
|
@@ -14,7 +14,7 @@ class OktaUser
|
|
14
14
|
end
|
15
15
|
|
16
16
|
def self.retrieve_from_cookie(remember_token)
|
17
|
-
|
17
|
+
self.new(:email => remember_token) unless remember_token.blank?
|
18
18
|
end
|
19
19
|
|
20
20
|
end
|
data/lib/okta_saml/constants.rb
CHANGED
@@ -2,8 +2,8 @@ if defined?(Rails)
|
|
2
2
|
begin
|
3
3
|
saml = YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
|
4
4
|
SAML_SETTINGS = {
|
5
|
-
:
|
6
|
-
:
|
5
|
+
idp_sso_target_url: saml[Rails.env]['idp_sso_target_url'],
|
6
|
+
idp_cert_fingerprint: saml[Rails.env]['idp_cert_fingerprint']
|
7
7
|
}
|
8
8
|
rescue Errno::ENOENT
|
9
9
|
p "Missing okta_saml.yml file in Rails.root/config"
|
data/lib/okta_saml/engine.rb
CHANGED
@@ -10,72 +10,12 @@ class ActionController::Base
|
|
10
10
|
|
11
11
|
def okta_authenticate!
|
12
12
|
session[:redirect_url] = params[:app_referer] || "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
|
13
|
-
|
14
|
-
session[:referrer] = params[:referrer] if params[:referrer]
|
15
|
-
session[:auth_code] = params[:auth_code] if params[:auth_code]
|
16
|
-
auth_code = session[:auth_code]
|
17
|
-
|
18
|
-
# if no auth_code from propsol, auth using okta
|
19
|
-
if auth_code.blank?
|
20
|
-
redirect_to login_path unless signed_in?
|
21
|
-
|
22
|
-
else
|
23
|
-
ps_user_info = get_user_info(auth_code)
|
24
|
-
ps_user_id = ps_user_info["user-id"]
|
25
|
-
ps_token = ps_user_info["token"]
|
26
|
-
email = get_cr3_email(ps_user_id, ps_token)
|
27
|
-
|
28
|
-
if email.present?
|
29
|
-
# They have auth_code and mapping already exists (since email present)
|
30
|
-
# so log them in.
|
31
|
-
sign_in(OktaUser.new({:email => email}))
|
32
|
-
|
33
|
-
else # no mapping exists
|
34
|
-
if signed_in? # if already signed into okta, but does have
|
35
|
-
# auth_code create the mapping.
|
36
|
-
create_ps_to_cr3_mapping(ps_user_id, current_user.email, ps_token)
|
37
|
-
|
38
|
-
else # since not signed into okta, send them to okta login.
|
39
|
-
redirect_to login_path
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
13
|
+
redirect_to saml_init_path unless signed_in?
|
43
14
|
end
|
44
15
|
|
45
16
|
def okta_logout
|
46
17
|
redirect_to saml_logout_path
|
47
18
|
end
|
48
|
-
|
49
|
-
def create_ps_to_cr3_mapping(ps_user_id, email, token)
|
50
|
-
randr_uri = randr_uri("/portalsvc/propsol/add-user-mapping")
|
51
|
-
params = {"ps-user-id" => ps_user_id, "cr3-email" => email, "token" => token}
|
52
|
-
res = http_get(randr_uri, params)
|
53
|
-
res["result"]
|
54
|
-
end
|
55
|
-
|
56
|
-
def get_cr3_email(ps_user_id, ps_token)
|
57
|
-
randr_uri = randr_uri("/portalsvc/propsol/get-cr3-user")
|
58
|
-
params = {"ps-user-id" => ps_user_id, "token" => ps_token}
|
59
|
-
res = http_get(randr_uri, params)
|
60
|
-
res["email"]
|
61
|
-
end
|
62
|
-
|
63
|
-
def get_user_info(auth_code)
|
64
|
-
randr_uri = randr_uri("/portalsvc/propsol/get-ps-user-id")
|
65
|
-
params = {"auth-code" => auth_code}
|
66
|
-
res = http_get(randr_uri, params)
|
67
|
-
end
|
68
|
-
|
69
|
-
def http_get(uri, params)
|
70
|
-
uri = URI.parse(uri)
|
71
|
-
uri.query = URI.encode_www_form(params)
|
72
|
-
res = Net::HTTP.get_response(uri)
|
73
|
-
JSON.parse(res.body)
|
74
|
-
end
|
75
|
-
|
76
|
-
def randr_uri(path)
|
77
|
-
uri = Rails.application.config.randr_service + path
|
78
|
-
end
|
79
19
|
end
|
80
20
|
|
81
21
|
module OktaSaml
|
data/lib/okta_saml/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: okta_saml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Hoitomt
|
@@ -17,48 +17,54 @@ authors:
|
|
17
17
|
autorequire:
|
18
18
|
bindir: bin
|
19
19
|
cert_chain: []
|
20
|
-
date:
|
20
|
+
date: 2015-02-13 00:00:00.000000000 Z
|
21
21
|
dependencies:
|
22
22
|
- !ruby/object:Gem::Dependency
|
23
23
|
name: rails
|
24
24
|
requirement: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
|
-
- -
|
26
|
+
- - ">="
|
27
27
|
- !ruby/object:Gem::Version
|
28
28
|
version: 3.2.13
|
29
|
+
- - "<"
|
30
|
+
- !ruby/object:Gem::Version
|
31
|
+
version: 4.0.0
|
29
32
|
type: :runtime
|
30
33
|
prerelease: false
|
31
34
|
version_requirements: !ruby/object:Gem::Requirement
|
32
35
|
requirements:
|
33
|
-
- -
|
36
|
+
- - ">="
|
34
37
|
- !ruby/object:Gem::Version
|
35
38
|
version: 3.2.13
|
39
|
+
- - "<"
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 4.0.0
|
36
42
|
- !ruby/object:Gem::Dependency
|
37
43
|
name: ruby-saml
|
38
44
|
requirement: !ruby/object:Gem::Requirement
|
39
45
|
requirements:
|
40
|
-
- - ~>
|
46
|
+
- - "~>"
|
41
47
|
- !ruby/object:Gem::Version
|
42
|
-
version: 0.
|
48
|
+
version: 0.9.1
|
43
49
|
type: :runtime
|
44
50
|
prerelease: false
|
45
51
|
version_requirements: !ruby/object:Gem::Requirement
|
46
52
|
requirements:
|
47
|
-
- - ~>
|
53
|
+
- - "~>"
|
48
54
|
- !ruby/object:Gem::Version
|
49
|
-
version: 0.
|
55
|
+
version: 0.9.1
|
50
56
|
- !ruby/object:Gem::Dependency
|
51
57
|
name: rspec-rails
|
52
58
|
requirement: !ruby/object:Gem::Requirement
|
53
59
|
requirements:
|
54
|
-
- -
|
60
|
+
- - ">="
|
55
61
|
- !ruby/object:Gem::Version
|
56
62
|
version: '0'
|
57
63
|
type: :development
|
58
64
|
prerelease: false
|
59
65
|
version_requirements: !ruby/object:Gem::Requirement
|
60
66
|
requirements:
|
61
|
-
- -
|
67
|
+
- - ">="
|
62
68
|
- !ruby/object:Gem::Version
|
63
69
|
version: '0'
|
64
70
|
description: The okta_saml gem helps Ruby on Rails applications communicate with Okta
|
@@ -100,12 +106,12 @@ require_paths:
|
|
100
106
|
- lib
|
101
107
|
required_ruby_version: !ruby/object:Gem::Requirement
|
102
108
|
requirements:
|
103
|
-
- -
|
109
|
+
- - ">="
|
104
110
|
- !ruby/object:Gem::Version
|
105
111
|
version: '0'
|
106
112
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
107
113
|
requirements:
|
108
|
-
- -
|
114
|
+
- - ">="
|
109
115
|
- !ruby/object:Gem::Version
|
110
116
|
version: '0'
|
111
117
|
requirements: []
|
@@ -117,3 +123,4 @@ summary: The okta_saml gem helps Ruby on Rails applications communicate with Okt
|
|
117
123
|
The gem properly contstructs the request to Okta and handles the response back from
|
118
124
|
Okta.
|
119
125
|
test_files: []
|
126
|
+
has_rdoc:
|