okta_saml 3.0.1 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/README.md +9 -0
- data/app/controllers/saml_controller.rb +2 -2
- data/app/helpers/okta_application_helper.rb +3 -3
- data/app/models/okta_user.rb +2 -2
- data/lib/okta_saml/constants.rb +2 -2
- data/lib/okta_saml/engine.rb +1 -61
- data/lib/okta_saml/session_helper.rb +5 -1
- data/lib/okta_saml/version.rb +1 -1
- metadata +19 -12
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
ZTJmYTczNTQwZWVhNmZlYTMxNWUwMWY1ZWMzNjA2NjQxMGJhZjlmMw==
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: cb1e64c45b5e58f72d2388a23890625d39cb2c3a
|
4
|
+
data.tar.gz: 72b22d10a35ee1eeee728e496b2d7d0e99d0ce2b
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
YTUzYzZkNGQ0NWIwNzZiYWQyMmI5YTVkM2ZlOTNmOWJlYWI2OWIwMzJkNjk2
|
11
|
-
YWVjZjQwZjZkYzVmYjBkNTU5YjM4ZDZiOWE1ZTEyODU5YWU2NmU=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
OWEyODU3MGEyNTI3YjIyNGRjY2Y1MzVjMzMwZTY0NTI4NjdkMDJlNjczZTk2
|
14
|
-
NWY0NDNmZDIxNTdjOThiNDdmYmJhNjUyYzZhMmRhODA1MjZlOGQxOTNmMzNi
|
15
|
-
NmY1ZjUxOTM0YjU3ZTZkZjg5MDAwYmU2MjBlODE3ZGI1Y2JkMTY=
|
6
|
+
metadata.gz: ea662074d17d0bd8da667f1e1566c30353342d0719550a680084ff0ef5b278d5f83f4faf30def4515f4f46f6ee827ccd6a56079a7e3295ea3ce894e188beebda
|
7
|
+
data.tar.gz: d3214772254bf46ea268c5c7bcf56ac1a807248790c5146e03ab1225edd0b4e53df2c127fa9ca0c9e1d0d77127bb1e0143e23ac612f15358f600cc253bd7ac31
|
data/README.md
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
# OktaSaml
|
2
2
|
|
3
|
+
# Not maintained / Seeking a new maintainer
|
4
|
+
Rentpath doesn't use SAML in our ruby applications anymore so keeping this project up today isn't likely.
|
5
|
+
If you are interested in taking over this project please reach out to us.
|
6
|
+
|
3
7
|
[](http://badge.fury.io/rb/okta_saml)
|
4
8
|
[](https://codeclimate.com/repos/5175815b56b1020c56000864/feed)
|
5
9
|
[](https://travis-ci.org/primedia/okta_saml)
|
@@ -63,6 +67,11 @@ The following steps are required when using the okta_saml gem
|
|
63
67
|
2. Add a `before_filter` using okta_authenticate! in the controllers where authentication is required
|
64
68
|
|
65
69
|
|
70
|
+
## TODO:
|
71
|
+
|
72
|
+
- update setting configs from YAML to configuration block
|
73
|
+
- rails 4 support
|
74
|
+
|
66
75
|
## Contributing
|
67
76
|
|
68
77
|
1. Fork it
|
@@ -11,10 +11,10 @@ class SamlController < ApplicationController
|
|
11
11
|
response = idp_response(params)
|
12
12
|
response.settings = saml_settings(request)
|
13
13
|
if response.is_valid?
|
14
|
-
sign_in(OktaUser.new(
|
14
|
+
sign_in(OktaUser.new(email: response.name_id, attributes: response.attributes, issuer: response.issuer))
|
15
15
|
redirect_to redirect_url
|
16
16
|
else
|
17
|
-
render :
|
17
|
+
render text: "Failure"
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
@@ -1,11 +1,11 @@
|
|
1
1
|
module OktaApplicationHelper
|
2
2
|
|
3
3
|
def idp_response(params)
|
4
|
-
|
4
|
+
OneLogin::RubySaml::Response.new(params[:SAMLResponse])
|
5
5
|
end
|
6
6
|
|
7
7
|
def saml_settings(request)
|
8
|
-
settings =
|
8
|
+
settings = OneLogin::RubySaml::Settings.new
|
9
9
|
|
10
10
|
settings.assertion_consumer_service_url = saml_consume_url(host: request.host)
|
11
11
|
settings.issuer = "http://#{request.port == 80 ? request.host : request.host_with_port}"
|
@@ -19,7 +19,7 @@ module OktaApplicationHelper
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def idp_login_request_url(request)
|
22
|
-
idp_request =
|
22
|
+
idp_request = OneLogin::RubySaml::Authrequest.new
|
23
23
|
idp_request.create(saml_settings(request))
|
24
24
|
end
|
25
25
|
|
data/app/models/okta_user.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
class OktaUser
|
2
|
-
attr_accessor :email
|
2
|
+
attr_accessor :email, :attributes, :issuer
|
3
3
|
|
4
4
|
def initialize(params)
|
5
5
|
populate(params)
|
@@ -14,7 +14,7 @@ class OktaUser
|
|
14
14
|
end
|
15
15
|
|
16
16
|
def self.retrieve_from_cookie(remember_token)
|
17
|
-
|
17
|
+
self.new(:email => remember_token) unless remember_token.blank?
|
18
18
|
end
|
19
19
|
|
20
20
|
end
|
data/lib/okta_saml/constants.rb
CHANGED
@@ -2,8 +2,8 @@ if defined?(Rails)
|
|
2
2
|
begin
|
3
3
|
saml = YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
|
4
4
|
SAML_SETTINGS = {
|
5
|
-
:
|
6
|
-
:
|
5
|
+
idp_sso_target_url: saml[Rails.env]['idp_sso_target_url'],
|
6
|
+
idp_cert_fingerprint: saml[Rails.env]['idp_cert_fingerprint']
|
7
7
|
}
|
8
8
|
rescue Errno::ENOENT
|
9
9
|
p "Missing okta_saml.yml file in Rails.root/config"
|
data/lib/okta_saml/engine.rb
CHANGED
@@ -10,72 +10,12 @@ class ActionController::Base
|
|
10
10
|
|
11
11
|
def okta_authenticate!
|
12
12
|
session[:redirect_url] = params[:app_referer] || "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
|
13
|
-
|
14
|
-
session[:referrer] = params[:referrer] if params[:referrer]
|
15
|
-
session[:auth_code] = params[:auth_code] if params[:auth_code]
|
16
|
-
auth_code = session[:auth_code]
|
17
|
-
|
18
|
-
# if no auth_code from propsol, auth using okta
|
19
|
-
if auth_code.blank?
|
20
|
-
redirect_to login_path unless signed_in?
|
21
|
-
|
22
|
-
else
|
23
|
-
ps_user_info = get_user_info(auth_code)
|
24
|
-
ps_user_id = ps_user_info["user-id"]
|
25
|
-
ps_token = ps_user_info["token"]
|
26
|
-
email = get_cr3_email(ps_user_id, ps_token)
|
27
|
-
|
28
|
-
if email.present?
|
29
|
-
# They have auth_code and mapping already exists (since email present)
|
30
|
-
# so log them in.
|
31
|
-
sign_in(OktaUser.new({:email => email}))
|
32
|
-
|
33
|
-
else # no mapping exists
|
34
|
-
if signed_in? # if already signed into okta, but does have
|
35
|
-
# auth_code create the mapping.
|
36
|
-
create_ps_to_cr3_mapping(ps_user_id, current_user.email, ps_token)
|
37
|
-
|
38
|
-
else # since not signed into okta, send them to okta login.
|
39
|
-
redirect_to login_path
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
13
|
+
redirect_to saml_init_path unless signed_in?
|
43
14
|
end
|
44
15
|
|
45
16
|
def okta_logout
|
46
17
|
redirect_to saml_logout_path
|
47
18
|
end
|
48
|
-
|
49
|
-
def create_ps_to_cr3_mapping(ps_user_id, email, token)
|
50
|
-
randr_uri = randr_uri("/portalsvc/propsol/add-user-mapping")
|
51
|
-
params = {"ps-user-id" => ps_user_id, "cr3-email" => email, "token" => token}
|
52
|
-
res = http_get(randr_uri, params)
|
53
|
-
res["result"]
|
54
|
-
end
|
55
|
-
|
56
|
-
def get_cr3_email(ps_user_id, ps_token)
|
57
|
-
randr_uri = randr_uri("/portalsvc/propsol/get-cr3-user")
|
58
|
-
params = {"ps-user-id" => ps_user_id, "token" => ps_token}
|
59
|
-
res = http_get(randr_uri, params)
|
60
|
-
res["email"]
|
61
|
-
end
|
62
|
-
|
63
|
-
def get_user_info(auth_code)
|
64
|
-
randr_uri = randr_uri("/portalsvc/propsol/get-ps-user-id")
|
65
|
-
params = {"auth-code" => auth_code}
|
66
|
-
res = http_get(randr_uri, params)
|
67
|
-
end
|
68
|
-
|
69
|
-
def http_get(uri, params)
|
70
|
-
uri = URI.parse(uri)
|
71
|
-
uri.query = URI.encode_www_form(params)
|
72
|
-
res = Net::HTTP.get_response(uri)
|
73
|
-
JSON.parse(res.body)
|
74
|
-
end
|
75
|
-
|
76
|
-
def randr_uri(path)
|
77
|
-
uri = Rails.application.config.randr_service + path
|
78
|
-
end
|
79
19
|
end
|
80
20
|
|
81
21
|
module OktaSaml
|
data/lib/okta_saml/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: okta_saml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Hoitomt
|
@@ -17,48 +17,54 @@ authors:
|
|
17
17
|
autorequire:
|
18
18
|
bindir: bin
|
19
19
|
cert_chain: []
|
20
|
-
date:
|
20
|
+
date: 2015-02-13 00:00:00.000000000 Z
|
21
21
|
dependencies:
|
22
22
|
- !ruby/object:Gem::Dependency
|
23
23
|
name: rails
|
24
24
|
requirement: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
|
-
- -
|
26
|
+
- - ">="
|
27
27
|
- !ruby/object:Gem::Version
|
28
28
|
version: 3.2.13
|
29
|
+
- - "<"
|
30
|
+
- !ruby/object:Gem::Version
|
31
|
+
version: 4.0.0
|
29
32
|
type: :runtime
|
30
33
|
prerelease: false
|
31
34
|
version_requirements: !ruby/object:Gem::Requirement
|
32
35
|
requirements:
|
33
|
-
- -
|
36
|
+
- - ">="
|
34
37
|
- !ruby/object:Gem::Version
|
35
38
|
version: 3.2.13
|
39
|
+
- - "<"
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 4.0.0
|
36
42
|
- !ruby/object:Gem::Dependency
|
37
43
|
name: ruby-saml
|
38
44
|
requirement: !ruby/object:Gem::Requirement
|
39
45
|
requirements:
|
40
|
-
- - ~>
|
46
|
+
- - "~>"
|
41
47
|
- !ruby/object:Gem::Version
|
42
|
-
version: 0.
|
48
|
+
version: 0.9.1
|
43
49
|
type: :runtime
|
44
50
|
prerelease: false
|
45
51
|
version_requirements: !ruby/object:Gem::Requirement
|
46
52
|
requirements:
|
47
|
-
- - ~>
|
53
|
+
- - "~>"
|
48
54
|
- !ruby/object:Gem::Version
|
49
|
-
version: 0.
|
55
|
+
version: 0.9.1
|
50
56
|
- !ruby/object:Gem::Dependency
|
51
57
|
name: rspec-rails
|
52
58
|
requirement: !ruby/object:Gem::Requirement
|
53
59
|
requirements:
|
54
|
-
- -
|
60
|
+
- - ">="
|
55
61
|
- !ruby/object:Gem::Version
|
56
62
|
version: '0'
|
57
63
|
type: :development
|
58
64
|
prerelease: false
|
59
65
|
version_requirements: !ruby/object:Gem::Requirement
|
60
66
|
requirements:
|
61
|
-
- -
|
67
|
+
- - ">="
|
62
68
|
- !ruby/object:Gem::Version
|
63
69
|
version: '0'
|
64
70
|
description: The okta_saml gem helps Ruby on Rails applications communicate with Okta
|
@@ -100,12 +106,12 @@ require_paths:
|
|
100
106
|
- lib
|
101
107
|
required_ruby_version: !ruby/object:Gem::Requirement
|
102
108
|
requirements:
|
103
|
-
- -
|
109
|
+
- - ">="
|
104
110
|
- !ruby/object:Gem::Version
|
105
111
|
version: '0'
|
106
112
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
107
113
|
requirements:
|
108
|
-
- -
|
114
|
+
- - ">="
|
109
115
|
- !ruby/object:Gem::Version
|
110
116
|
version: '0'
|
111
117
|
requirements: []
|
@@ -117,3 +123,4 @@ summary: The okta_saml gem helps Ruby on Rails applications communicate with Okt
|
|
117
123
|
The gem properly contstructs the request to Okta and handles the response back from
|
118
124
|
Okta.
|
119
125
|
test_files: []
|
126
|
+
has_rdoc:
|