omniauth-multi-provider-saml 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b88dcbe4376a25239e1c08ecec6bf330caaa7245
+  data.tar.gz: e17b2e7949d80d1f7228172d6874e3d4d2f48d53
+SHA512:
+  metadata.gz: 654e98112ec38319203941522c5c0db8a2d37bf1157cb540da7925e9bb03acfb6f1e670d5c42fcf878b4cc8a525632418995c402720f39d27c42726e4c7ffca4
+  data.tar.gz: 9c390eddac7e7c6334e1324158e746ea129f464a8ede1faae610af3b92c832e5cf849b07b5298b442937e7d70e6a96960d95cd13752a99eb2f2c41cbd8de613f

data/README.md

@@ -0,0 +1,88 @@
+# Omniauth Multiple Provider SAML
+
+This is a simple extension to [omniauth-saml](https://github.com/PracticallyGreen/omniauth-saml) for supporting multiple identity providers based on a URL path segment e.g. dispatching requests to `/auth/saml/foo` to identity provider "foo" and `/app/saml/bar` to identity provider "bar".
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-multi-provider-saml', github: 'salsify/omniauth-multi-provider-saml'
+```
+
+And then execute:
+
+    $ bundle
+
+## Setup
+
+**I would highly recommend first getting [omniauth-saml](https://github.com/PracticallyGreen/omniauth-saml) setup to work with a single identity provider before attempting to use this gem.** 
+
+The setup process consists of the following steps:
+
+1. Add an omniauth-saml monkey patch for omniauth-saml PR [#56](https://github.com/PracticallyGreen/omniauth-saml/pull/56).
+1. Configure your routes to handle SAML routes for multiple identity providers
+1. Configure omniauth-saml to choose the appropriate identity provider
+
+### Monkey Patch omniauth-saml
+
+This step will only be necessary until omniauth-saml PR [#56](https://github.com/PracticallyGreen/omniauth-saml/pull/56) merges. Place the following in an initializer:
+
+```ruby
+require 'omniauth-saml'
+
+OmniAuth::Strategies::SAML.class_eval do
+
+  private
+
+  def initialize_copy(orig)
+    super
+    @options = @options.deep_dup
+  end
+end
+```
+
+### Configure SAML Routes
+
+Add something like the following to your routes assuming you're using Rails (your actual URL structure may vary):
+
+```ruby
+MyApplication::Application.routes.draw do
+  match '/auth/saml/:identity_provider_id/callback',
+        via: [:get, :post],
+        to: 'omniauth_callbacks#saml',
+        as: 'user_omniauth_callback'
+
+  match '/auth/saml/:identity_provider_id',
+        via: [:get, :post],
+        to: 'omniauth_callbacks#passthru',
+        as: 'user_omniauth_authorize'
+end
+```
+
+### Configure omniauth-saml to use multiple identity providers
+
+The basic configuration looks something like this:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  OmniAuth::SAML::MultiProvider.register(self, issuer: 'Salsify') do |identity_provider_id, rack_env|
+    # Customize this code to return the appropriate SAML options for the given identity provider
+    # See omniauth-saml for details on the supported options
+    identity_provider = IdentityProvider.find_by!(uuid: identity_provider_id)
+    identity_provider.options
+  end
+end
+```
+The `OmniAuth::SAML::MultiProvider.register` method takes a hash of static omniauth-saml options and a block to generate any request specific options. It also takes the following options:
+* `identity_provider_id_regex` - The regex for a valid identity provider id. Defaults to `/\w+/`
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/salsify/omniauth-multi-provider-saml.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/lib/omniauth-multi-provider-saml.rb

@@ -0,0 +1,18 @@
+require 'omniauth/saml/multi_provider/handler'
+require 'omniauth/saml/multi_provider/version'
+
+module OmniAuth
+  module SAML
+    module MultiProvider
+      def self.register(builder, path_prefix: OmniAuth.config.path_prefix,
+          identity_provider_id_regex: /\w+/, **options, &dynamic_options_generator)
+
+        handler = OmniAuth::SAML::MultiProvider::Handler.new(path_prefix: path_prefix,
+                                                             identity_provider_id_regex: identity_provider_id_regex,
+                                                             &dynamic_options_generator)
+        static_options = options.merge(path_prefix: path_prefix)
+        builder.provider(:saml, static_options.merge(handler.provider_options))
+      end
+    end
+  end
+end

data/lib/omniauth/saml/multi_provider/handler.rb

@@ -0,0 +1,84 @@
+require 'omniauth'
+require 'omniauth-saml'
+
+module OmniAuth
+  module SAML
+    module MultiProvider
+      class Handler
+        attr_reader :path_prefix, :identity_provider_id_regex
+
+        def initialize(path_prefix: OmniAuth.config.path_prefix,
+                       identity_provider_id_regex: /\w+/, &identity_provider_options_generator)
+          raise 'Missing provider options generator block' unless block_given?
+
+          @path_prefix = path_prefix
+          @identity_provider_id_regex = identity_provider_id_regex
+          @identity_provider_options_generator = identity_provider_options_generator
+
+          # Eagerly compute these since lazy evaluation will not be threadsafe
+          @provider_path_prefix = "#{@path_prefix}/saml"
+          @saml_path_regex = /^#{@provider_path_prefix}\/(?<identity_provider_id>#{@identity_provider_id_regex})/
+          @request_path_regex = /#{saml_path_regex}\/?$/
+          @callback_path_regex = /#{saml_path_regex}\/callback\/?$/
+        end
+
+        def provider_options
+          {
+              request_path: method(:request_path?),
+              callback_path: method(:callback_path?),
+              setup: method(:setup)
+          }
+        end
+
+        private
+
+        attr_reader :provider_path_prefix, :saml_path_regex, :request_path_regex, :callback_path_regex,
+                    :identity_provider_options_generator
+
+        def setup(env)
+          identity_provider_id = extract_identity_provider_id(env)
+          if identity_provider_id
+            strategy = env['omniauth.strategy']
+            add_path_options(strategy, identity_provider_id)
+            add_identity_provider_options(strategy, env, identity_provider_id)
+          end
+        end
+
+        def add_path_options(strategy, identity_provider_id)
+          strategy.options.merge!(
+              request_path: "#{provider_path_prefix}/#{identity_provider_id}",
+              callback_path: "#{provider_path_prefix}/#{identity_provider_id}/callback"
+          )
+        end
+
+        def add_identity_provider_options(strategy, env, identity_provider_id)
+          identity_provider_options = identity_provider_options_generator.call(identity_provider_id, env) || {}
+          strategy.options.merge!(identity_provider_options)
+        rescue => e
+          result = strategy.fail!(:invalid_identity_provider, e)
+          throw :warden, result
+        end
+
+        def request_path?(env)
+          path = current_path(env)
+          !!request_path_regex.match(path)
+        end
+
+        def callback_path?(env)
+          path = current_path(env)
+          !!callback_path_regex.match(path)
+        end
+
+        def current_path(env)
+          env['PATH_INFO']
+        end
+
+        def extract_identity_provider_id(env)
+          path = current_path(env)
+          match = saml_path_regex.match(path)
+          match ? match[:identity_provider_id] : nil
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/saml/multi_provider/version.rb

@@ -0,0 +1,7 @@
+module OmniAuth
+  module SAML
+    module MultiProvider
+      VERSION = '0.1.0'
+    end
+  end
+end

metadata

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-multi-provider-saml
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Joel Turkel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-10-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- jturkel@salsify.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/omniauth-multi-provider-saml.rb
+- lib/omniauth/saml/multi_provider/handler.rb
+- lib/omniauth/saml/multi_provider/version.rb
+homepage: https://github.com/salsify/omniauth-multi-provider-saml
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: An extension to omniauth-saml for handling multiple identity providers
+test_files: []