omniauth-suomifi 0.6.3 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/omniauth/strategies/suomifi.rb +44 -1
- data/lib/omniauth-suomifi/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc0704db48f42ecbc14c86e3e629e611b535b427cfd23ee9d0363545d12f0ee7
|
|
4
|
+
data.tar.gz: e895872a3b621fa5e7a3fe61b45156c8ce12b05abdc55b962dd2a3d4a5e7df8b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4f4c2d1ffb1e80a120a832aae423ead500d3a725be94bbd776127c28892d02a70ab4f8748e0ff01a95fba14f8747b8742c63b33f49b35867add4970bbe812cba
|
|
7
|
+
data.tar.gz: 30dc8039e91aa1e6def01027596e47a060ef190fedcc68537b7c1ad0496a4e8d87efa38d2b03084744cc976adfa7e5353509814549dc95ebf3af2d5b61b8a663
|
|
@@ -529,7 +529,7 @@ module OmniAuth
|
|
|
529
529
|
authn_request = OneLogin::RubySaml::Authrequest.new
|
|
530
530
|
locale = locale_for_authn_request
|
|
531
531
|
|
|
532
|
-
session[
|
|
532
|
+
session['saml_redirect_url'] = request.params['redirect_url']
|
|
533
533
|
|
|
534
534
|
with_settings do |settings|
|
|
535
535
|
url = authn_request.create(settings, additional_params_for_authn_request)
|
|
@@ -562,6 +562,49 @@ module OmniAuth
|
|
|
562
562
|
|
|
563
563
|
private
|
|
564
564
|
|
|
565
|
+
# The single log-out (SLO) in Suomi.fi is initiated in an iframe within
|
|
566
|
+
# the single logout page at Suomi.fi side. Therefore, due to browser
|
|
567
|
+
# restrictions, it is not possible to transfer session related data to the
|
|
568
|
+
# service from that page because it would require 3rd party cookies which
|
|
569
|
+
# are restricted by browsers.
|
|
570
|
+
#
|
|
571
|
+
# Therefore, the SLO request needs to be handled at the service's side by
|
|
572
|
+
# storing the Suomi.fi sessions in a database and then comparing the SAML
|
|
573
|
+
# uid of the SLO request to the values stored witin the database to log
|
|
574
|
+
# out the user who requested the logout. There is no other way to transfer
|
|
575
|
+
# this information from the
|
|
576
|
+
#
|
|
577
|
+
# The default functionality within the `omniauth-saml` strategy relies on
|
|
578
|
+
# the session variables to compare the SAML uid during the SLO request but
|
|
579
|
+
# this is not possible with Suomi.fi when the 3rd party cookies are
|
|
580
|
+
# prevented by the browser.
|
|
581
|
+
def handle_logout_request(raw_request, settings)
|
|
582
|
+
# If the "saml_uid" is set, the logout request was initiated by the
|
|
583
|
+
# application itself. If not, the code below calls the application which
|
|
584
|
+
# can do the validation against the database where the sessions are
|
|
585
|
+
# stored.
|
|
586
|
+
return super if session["saml_uid"]
|
|
587
|
+
|
|
588
|
+
# Otherwise, the application itself needs to handle the logout because
|
|
589
|
+
# this is not happening within the same session that the user has
|
|
590
|
+
# currently open at the website.
|
|
591
|
+
logout_request = OneLogin::RubySaml::SloLogoutrequest.new(
|
|
592
|
+
raw_request,
|
|
593
|
+
{ settings: settings, get_params: @request.params }
|
|
594
|
+
)
|
|
595
|
+
raise OmniAuth::Strategies::SAML::ValidationError.new("SAML failed to process LogoutRequest") unless logout_request.is_valid?
|
|
596
|
+
|
|
597
|
+
@env['omniauth.saml_request'] = logout_request
|
|
598
|
+
|
|
599
|
+
# The SAML request needs to be validated at the application side and
|
|
600
|
+
# then the user needs to be redirected to the
|
|
601
|
+
logout_request_id = logout_request.id
|
|
602
|
+
logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, RelayState: slo_relay_state)
|
|
603
|
+
@env['omniauth.saml_response'] = logout_response
|
|
604
|
+
|
|
605
|
+
call_app!
|
|
606
|
+
end
|
|
607
|
+
|
|
565
608
|
# Suomi.fi requires that the service provider needs to end the local user
|
|
566
609
|
# session BEFORE sending the logout request to the identity provider.
|
|
567
610
|
def other_phase_for_spslo
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-suomifi
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Antti Hukkanen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-saml
|