omniauth-saml 1.4.0 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of omniauth-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +22 -0
- data/lib/omniauth-saml/version.rb +1 -1
- data/lib/omniauth/strategies/saml.rb +13 -0
- data/spec/omniauth/strategies/saml_spec.rb +15 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2974eb31e16837cace7a25f6b94f4fc6b0e35fb9
|
|
4
|
+
data.tar.gz: db9560dbfc1cfe42fe9f01ed03aad459aa11e528
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 80afb434850d5cdf2f26d3cf3612d5d5cd7b45a494faae1f721f9d127466da32db08dbcbaf2d235d4f18041728f469115e8403e60e95993828538f3363f82030
|
|
7
|
+
data.tar.gz: 1605a7ff623a28f00e69a649f0882bde4fb43efcc118a8df13e7ec3f808af32105ce49bd6adf43ab4c8bfd2cf8e7235ddd0c179172451b9e5a51a703ea1e28f5
|
data/README.md
CHANGED
|
@@ -94,8 +94,30 @@ The service provider metadata used to ease configuration of the SAML SP in the I
|
|
|
94
94
|
If not specified, the IdP is free to choose the name identifier format used
|
|
95
95
|
in the response. Optional.
|
|
96
96
|
|
|
97
|
+
* `:request_attributes` - Used to build the metadata file to inform the IdP to send certain attributes
|
|
98
|
+
along with the SAMLResponse messages. Defaults to requesting `name`, `first_name`, `last_name` and `email`
|
|
99
|
+
attributes. See the `OneLogin::RubySaml::AttributeService` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for the available options for each attribute. Set to `{}` to disable this from metadata.
|
|
100
|
+
|
|
101
|
+
* `:attribute_service_name` - Name for the attribute service. Defaults to `Required attributes`.
|
|
102
|
+
|
|
97
103
|
* See the `OneLogin::RubySaml::Settings` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for additional supported options.
|
|
98
104
|
|
|
105
|
+
## Devise Integration
|
|
106
|
+
|
|
107
|
+
Straightforward integration with [Devise](https://github.com/plataformatec/devise), the widely-used authentication solution for Rails.
|
|
108
|
+
|
|
109
|
+
In `config/initializers/devise.rb`:
|
|
110
|
+
|
|
111
|
+
```ruby
|
|
112
|
+
Devise.setup do |config|
|
|
113
|
+
config.omniauth :saml,
|
|
114
|
+
idp_cert_fingerprint: 'fingerprint',
|
|
115
|
+
idp_sso_target_url: 'target_url'
|
|
116
|
+
end
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
Then follow Devise's general [OmniAuth tutorial](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview), replacing references to `facebook` with `saml`.
|
|
120
|
+
|
|
99
121
|
## Authors
|
|
100
122
|
|
|
101
123
|
Authored by [Rajiv Aaron Manglani](http://www.rajivmanglani.com/), Raecoo Cao, Todd W Saxton, Ryan Wilcox, Steven Anderson, Nikos Dimitrakopoulos, Rudolf Vriend and [Bruno Pedro](http://brunopedro.com/).
|
|
@@ -8,6 +8,13 @@ module OmniAuth
|
|
|
8
8
|
|
|
9
9
|
option :name_identifier_format, nil
|
|
10
10
|
option :idp_sso_target_url_runtime_params, {}
|
|
11
|
+
option :request_attributes, [
|
|
12
|
+
{ name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
|
|
13
|
+
{ name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
|
|
14
|
+
{ name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
|
|
15
|
+
{ name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
|
|
16
|
+
]
|
|
17
|
+
option :attribute_service_name, 'Required attributes'
|
|
11
18
|
|
|
12
19
|
def request_phase
|
|
13
20
|
options[:assertion_consumer_service_url] ||= callback_url
|
|
@@ -81,6 +88,12 @@ module OmniAuth
|
|
|
81
88
|
|
|
82
89
|
response = OneLogin::RubySaml::Metadata.new
|
|
83
90
|
settings = OneLogin::RubySaml::Settings.new(options)
|
|
91
|
+
if options.request_attributes.length > 0
|
|
92
|
+
settings.attribute_consuming_service.service_name options.attribute_service_name
|
|
93
|
+
options.request_attributes.each do |attribute|
|
|
94
|
+
settings.attribute_consuming_service.add_attribute attribute
|
|
95
|
+
end
|
|
96
|
+
end
|
|
84
97
|
Rack::Response.new(response.generate(settings), 200, { "Content-Type" => "application/xml" }).finish
|
|
85
98
|
else
|
|
86
99
|
call_app!
|
|
@@ -20,7 +20,14 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
|
|
|
20
20
|
:idp_sso_target_url => "https://idp.sso.target_url/signon/29490",
|
|
21
21
|
:idp_cert_fingerprint => "C1:59:74:2B:E8:0C:6C:A9:41:0F:6E:83:F6:D1:52:25:45:58:89:FB",
|
|
22
22
|
:idp_sso_target_url_runtime_params => {:original_param_key => :mapped_param_key},
|
|
23
|
-
:name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
|
23
|
+
:name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
|
24
|
+
:request_attributes => [
|
|
25
|
+
{ name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address' },
|
|
26
|
+
{ name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name' },
|
|
27
|
+
{ name: 'first_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Given name' },
|
|
28
|
+
{ name: 'last_name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Family name' }
|
|
29
|
+
],
|
|
30
|
+
:attribute_service_name => 'Required attributes'
|
|
24
31
|
}
|
|
25
32
|
end
|
|
26
33
|
let(:strategy) { [OmniAuth::Strategies::SAML, saml_options] }
|
|
@@ -157,5 +164,12 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
|
|
|
157
164
|
last_response.status.should == 200
|
|
158
165
|
last_response.header["Content-Type"].should == "application/xml"
|
|
159
166
|
end
|
|
167
|
+
|
|
168
|
+
it 'should configure attributes consuming service' do
|
|
169
|
+
last_response.body.should match /AttributeConsumingService/
|
|
170
|
+
last_response.body.should match /first_name/
|
|
171
|
+
last_response.body.should match /last_name/
|
|
172
|
+
last_response.body.should match /Required attributes/
|
|
173
|
+
end
|
|
160
174
|
end
|
|
161
175
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Raecoo Cao
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2015-
|
|
17
|
+
date: 2015-08-09 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: omniauth
|
|
@@ -120,10 +120,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
120
120
|
version: '0'
|
|
121
121
|
requirements: []
|
|
122
122
|
rubyforge_project:
|
|
123
|
-
rubygems_version: 2.
|
|
123
|
+
rubygems_version: 2.4.3
|
|
124
124
|
signing_key:
|
|
125
125
|
specification_version: 4
|
|
126
126
|
summary: A generic SAML strategy for OmniAuth.
|
|
127
127
|
test_files:
|
|
128
128
|
- spec/omniauth/strategies/saml_spec.rb
|
|
129
129
|
- spec/spec_helper.rb
|
|
130
|
+
has_rdoc:
|