onelogin 1.3.1 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b149586910635855872b58c39e17cecf82dbf489
-  data.tar.gz: 1886b20c18c654706ba9b815187a1ab33bb9f5ab
+  metadata.gz: 43e75b93559432eb4abb128fda09326b0888f7dd
+  data.tar.gz: dffa50f002def9f773dfbfbb7d2aa26dc7752769
 SHA512:
-  metadata.gz: 9786512a9794cdc1e267436ed1021d275ab05c147b4f80e01a5a6add0027abb12a9fac0148877cfe91ac099ce46c7d6e4ece02a25555ae0dfcbe51910b3dd054
-  data.tar.gz: 2f5aa83177a386e77c256ad884e4bd1fbdcf945f7c42f32a82b6d09cbdb3abbc38404abbf6728137369784eb88f96077d3c58648ba7b2555ca1e5a13812edf00
+  metadata.gz: dac538dcd80c1ae95c87f7235c6803fb7dd112671c6e1dedf1609e909da25aae8f4e50b5510545d2cef08e0eccb77069b94909cf9fb8b977fa961ca96951ca92
+  data.tar.gz: 9270fff7c56ba05816435ef2ecc81a3581e4771926c0108cbad490e584bcadbd07e2ed774b9308f923f6e2fafadde79b8af0c06d9aa60387ca678ab95bca760f

data/.github/workflows/git-secrets-public.yml

@@ -0,0 +1,55 @@
+name: git-secrets
+
+on: [push,pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:        
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: source
+
+      - name: Install git-secrets
+        shell: bash
+        run: |
+            cd ..
+            echo 'cloning https://github.com/awslabs/git-secrets.git'
+            git clone https://github.com/awslabs/git-secrets.git
+            cd git-secrets
+            echo 'installing git-secrets'
+            sudo make install   
+      - name: Add Rules
+        shell: bash
+        run: |
+          cd source
+          echo 'running git-secrets'
+          pwd
+          git secrets --add '[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"~\\s]'
+          git secrets --add 'AIza[0-9A-Za-z\\-_]{35}'
+          git secrets --add 'LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBEU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0t[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
+          git secrets --add '[Tt][Ww][Ii][Tt][Tt][Ee][Rr][^/]{0,50}[0-9a-zA-Z]{35,44}'
+          git secrets --add '[Hh][Oo][Cc][Kk][Ee][Yy].{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
+          git secrets --add '(QTNU|QUtJQ|QUdQQ|QUlEQ|QVJPQ|QUlQQ|QU5QQ|QU5WQ|QVNJQ)[%a-zA-Z0-9+/]{20,24}={0,2}'
+          git secrets --add 'ya29\\.[0-9A-Za-z\\-_]+'
+          git secrets --add 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'
+          git secrets --add '[0-9a-f]{32}-us[0-9]{1,2}'
+          git secrets --add '[Ss][Aa][Uu][Cc][Ee].{0,50}(\\\"|~|`)?[0-9a-f-]{36}(\\\"|~|`)?'
+          git secrets --add '[Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk][^/]{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
+          git secrets --add --allowed 'https:\/\/\#\{GITHUB_TOKEN\}:\#\{GITHUB_USERNAME\}@github.*'
+          git secrets --add --allowed 'AKIA[a-zA-Z0-9]{16}'
+          git secrets --add --allowed 'AIzaSyCi9HqVYImAgkqMCG0QmBUXAIfM5lyv_QU'
+          sed -i -e "s/~/'/g" .git/config
+      - name: Run Scan
+        shell: bash
+        run: |
+          cd source
+          git secrets --scan
+          echo 'Secrets found in this repo? You can install git-secrets locally to catch these issues pre-commit : https://github.com/awslabs/git-secrets'

data/README.md

@@ -235,6 +235,70 @@ apps = client.get_user_apps(user.id)
 # Get User Roles
 role_ids = client.get_user_roles(user.id)
 
+# Generate MFA Token
+mfa_token = client.generate_mfa_token(user.id)
+
+# Get all Connectors in a OneLogin account filtering by name*/
+apps = client.get_connectors({name:'SAML'})
+
+# Get all Apps in a OneLogin account using API v1 */
+apps_v1 = client.get_apps_v1
+
+# Get all Apps in a OneLogin account filtering by auth_method*/
+apps = client.get_apps({auth_method:6})
+
+# Create app
+app_data = {
+ name: "Created SAML App by API",
+ description:"Created SAML App by API description",
+ notes: "Created SAML App by API notes",
+ auth_method: 2,
+ policy_id: 167865,
+ allow_assumed_signin: false,
+ parameters: {
+    saml_username: {
+        user_attribute_mappings: "email",
+        label: "NameID (fka Email)",
+    }
+ },
+ connector_id: 110016,
+ visible: true,
+ configuration: {
+   saml_initiater_id: "0",
+   encrypt_assertion: "0",
+   recipient: "http://sp.example.com/acs",
+   saml_notbefore: "3",
+   saml_nameid_format_id: "0",
+   saml_issuer_type: "0",
+   saml_sign_element: "0",
+   consumer_url: "http://sp.example.com/acs",
+   validator: ".*",
+   relaystate: "",
+   logout_url: "http://sp.example.com/sls",
+   saml_encryption_method_id: "0",
+   login: "http://sp.example.com/login",
+   saml_sessionnotonorafter: "1440",
+   generate_attribute_value_tags: "0",
+   saml_notonorafter: "3",
+   audience: "http://sp.example.com/audience",
+   signature_algorithm: "SHA-256"
+ }
+}
+app = client.create_app(app_data)
+
+# Update app
+app_data[:name] = "Created SAML App by API updated"
+client.update_app(app.id, app_data)
+
+# Get app
+app = client.get_app(app.id)
+
+# Delete app
+result = client.delete_app(app.id)
+
+# Delete parameter from app
+result = client.delete_parameter_from_app(app.id, parameter_id)
+
 # Create user
 new_user_params = {
     email: "testcreate_1@example.com",

data/examples/Gemfile.lock

@@ -1,13 +1,17 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    httparty (0.16.2)
+    httparty (0.18.0)
+      mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
-    mini_portile2 (2.3.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.0425)
+    mini_portile2 (2.4.0)
     multi_xml (0.6.0)
-    nokogiri (1.8.4)
-      mini_portile2 (~> 2.3.0)
-    onelogin (1.2.1)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
+    onelogin (1.6.0)
       httparty (>= 0.13.7)
       nokogiri (>= 1.6.3.1)
 
@@ -18,4 +22,4 @@ DEPENDENCIES
   onelogin
 
 BUNDLED WITH
-   1.16.0.pre.3
+   2.1.4

data/examples/another-get-all-login-events-of-last-day-to-csv.rb

@@ -0,0 +1,141 @@
+require 'onelogin'
+
+client = OneLogin::Api::Client.new(
+    client_id: '9a19e9b07257c30ed3eddc0f9cf8d4127b4387646940acc8432c0dbcbd5f0c0d',
+    client_secret: 'd5cfcbe70b626f1d131f632c398b5b0d60dbc149b9ad9a55ac33715c7239acf7',
+    region: 'us',
+    max_results: 50000
+)
+
+client.access_token
+
+unless client.error.nil?
+  puts "Error #{client.error}  #{client.error_description}"
+  exit
+end
+
+
+user_attribute_names = ['id', 'username', 'email']
+event_attribute_names = ['created_at', 'user_id', 'user_name', 'ipaddr', 'app_id', 'app_name']
+csv_event_header = ['Timestamp', 'Description',  'Username', 'App', 'IP Address', 'User Id', 'Email', 'App Id']
+
+user_options = {}
+user_options[:fields] = user_attribute_names.join(",")
+
+
+now = Date.today
+days_ago = (now - 1)
+event_options = {}
+event_options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
+event_options[:event_type_id] = 8;
+event_options[:fields] = event_attribute_names.join(",")
+event_options[:sort] = "-created_at"
+
+now_str = Time.now.strftime("%Y-%m-%d_%H-%M-%S")
+login_app_event_csv_name = now_str + '_login_app_events.csv'
+login_event_csv_name = now_str + '_login_events.csv'
+radius_event_csv_name = now_str + '_radius_events.csv'
+
+users = {}
+counter = 0
+
+rate_limits = client.get_rate_limits
+remaining_before = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_before}"
+
+puts "Extracting users from OneLogin"
+
+client.get_users(user_options).each do |user|
+  users[user.id] = user
+  counter +=1
+end
+puts "#{counter} users extracted"
+
+csv_login_app_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'App Id', 'Email']
+csv_login_event_header = ['Timestamp', 'Description', 'Username', 'IP Address', 'User Id', 'Email']
+
+puts "Extracting login app events from OneLogin"
+counter = 0
+CSV.open(login_app_event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_login_app_event_header
+
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} signed into #{event.app_name}"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.app_name, event.ipaddr, event.user_id, event.app_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} login app events to  #{login_app_event_csv_name}"
+
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+
+
+event_options[:event_type_id] = 5;
+puts "Extracting login events from OneLogin"
+counter = 0
+CSV.open(login_event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_login_event_header
+
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} logged into OneLogin"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.ipaddr, event.user_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} login events to #{login_event_csv_name}"
+
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+
+
+event_options[:event_type_id] = 68;
+puts "Extracting login radius events from OneLogin"
+counter = 0
+CSV.open(radius_event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_login_event_header
+
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} logged via Radius"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.ipaddr, event.user_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} radius events to #{radius_event_csv_name}"
+
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+
+
+consumed = remaining_before - remaining_after
+puts "The script consumed #{consumed} calls"

data/examples/events-to-csv.rb

@@ -24,7 +24,7 @@ OptionParser.new do |opts|
     options[:since] = s.iso8601
   end
 
-  opts.on("-lLAST", "--last=LAST", Integer, "Events since this many days ago") do |d|
+  opts.on("-dLAST", "--last=LAST", Integer, "Events since this many days ago") do |d|
     now = Date.today
     days_ago = (now - d)
     options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
@@ -64,7 +64,7 @@ attribute_names = ['id', 'created_at', 'account_id', 'user_id', 'user_name', 'ev
                   'role_id', 'role_name', 'app_id', 'app_name', 'group_id', 'group_name', 'otp_device_id',
                   'otp_device_name', 'policy_id', 'policy_name', 'actor_system', 'custom_message',
                   'operation_name', 'directory_sync_run_id', 'directory_id', 'resolution', 'client_id',
-                  'resource_type_id', 'error_description']
+                  'resource_type_id', 'error_description', 'risk_score', 'risk_reasons', 'risk_cookie_id', 'browser_fingerprint']
 
 counter = 0
 limit = options[:limit] || 1000
@@ -82,7 +82,7 @@ CSV.open('events.csv', 'wb') do |csv|
 
   # fetch the events
   client.get_events(options).take(limit).each do |event|
-    csv << attribute_names.map { |attribute_name| event.send(attribute_name) }
+    csv << attribute_names.map { |attribute_name| event.send(attribute_name) if event.respond_to?(attribute_name) }
     counter += 1
   end
 end

data/examples/get-all-login-events-of-last-day-to-csv.rb

@@ -0,0 +1,88 @@
+require 'onelogin'
+
+#
+# This example shows how you can export user details from OneLogin using the Ruby SDK
+#
+# Usage:
+# 1. Set your own CLIENT_ID and CLIENT_SECRET below
+# 2. From terminal run "ruby all-users-to-csv.rb" to extract all users including
+#    any custom attributes that might have been defined for the each user
+#
+
+#client = OneLogin::Api::Client.new(
+#    client_id: 'ONELOGIN_CLIENT_ID',
+#    client_secret:'ONELOGIN_CLIENT_SECRET',
+#    region: 'us',
+#    max_results: 50000
+#)
+client = OneLogin::Api::Client.new(
+    client_id: 'ONELOGIN_CLIENT_ID_GOES_HERE',
+    client_secret: 'ONELOGIN_CLIENT_SECRET_GOES_HERE',
+    region: 'us',
+    max_results: 50000
+)
+
+
+user_attribute_names = ['id', 'username', 'email']
+event_attribute_names = ['created_at', 'user_id', 'user_name', 'ipaddr', 'app_id', 'app_name']
+csv_event_header = ['Timestamp', 'Description',  'Username', 'App', 'IP Address', 'User Id', 'Email', 'App Id']
+
+user_options = {}
+user_options[:fields] = user_attribute_names.join(",")
+
+
+now = Date.today
+days_ago = (now - 1)
+event_options = {}
+event_options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
+event_options[:event_type_id] = 8;
+event_options[:fields] = event_attribute_names.join(",")
+event_options[:sort] = "-created_at"
+
+now_str = Time.now.strftime("%Y-%m-%d_%H-%M-%S")
+event_csv_name = now_str + '_events.csv'
+
+users = {}
+counter = 0
+
+rate_limits = client.get_rate_limits
+remaining_before = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_before}"
+
+puts "Extracting users from OneLogin"
+
+client.get_users(user_options).each do |user|
+  users[user.id] = user
+  counter +=1
+end
+puts "#{counter} users extracted"
+
+puts "Extracting events from OneLogin"
+csv_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'App Id', 'Email']
+counter = 0
+CSV.open(event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_event_header
+
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} signed into #{event.app_name}"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.app_name, event.ipaddr, event.user_id, event.app_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} events to events.csv"
+
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+
+consumed = remaining_before - remaining_after
+puts "The script consumed #{consumed} calls"

data/examples/rails-custom-login-page/Gemfile

@@ -11,7 +11,7 @@ gem 'rails', '~> 5.1.4'
 # Use sqlite3 as the database for Active Record
 gem 'sqlite3'
 # Use Puma as the app server
-gem 'puma', '~> 3.7'
+gem 'puma', '~> 3.12'
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 5.0'
 # Use Uglifier as compressor for JavaScript assets
@@ -33,7 +33,7 @@ gem 'jbuilder', '~> 2.5'
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
 
-gem 'onelogin', '~> 1.0.4'
+gem 'onelogin', '~> 1.6.0'
 gem 'jquery-rails'
 
 group :development, :test do

data/examples/rails-custom-login-page/Gemfile.lock

@@ -60,14 +60,15 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.0.5)
-    crass (1.0.3)
+    concurrent-ruby (1.1.5)
+    crass (1.0.5)
     erubi (1.7.1)
     execjs (2.7.0)
-    ffi (1.9.23)
+    ffi (1.11.1)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
-    httparty (0.16.1)
+    httparty (0.18.1)
+      mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
@@ -82,26 +83,29 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.3.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
       mini_mime (>= 0.1.1)
     method_source (0.9.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.1104)
     mini_mime (1.0.0)
-    mini_portile2 (2.3.0)
+    mini_portile2 (2.4.0)
     minitest (5.11.3)
     multi_json (1.13.1)
     multi_xml (0.6.0)
     nio4r (2.3.0)
-    nokogiri (1.8.2)
-      mini_portile2 (~> 2.3.0)
-    onelogin (1.0.4)
+    nokogiri (1.10.4)
+      mini_portile2 (~> 2.4.0)
+    onelogin (1.6.0)
       httparty (>= 0.13.7)
       nokogiri (>= 1.6.3.1)
     public_suffix (3.0.2)
-    puma (3.11.3)
-    rack (2.0.4)
+    puma (3.12.2)
+    rack (2.0.8)
     rack-test (0.8.3)
       rack (>= 1.0, < 3)
     rails (5.1.5)
@@ -132,7 +136,7 @@ GEM
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
     ruby_dep (1.5.0)
-    rubyzip (1.2.1)
+    rubyzip (1.3.0)
     sass (3.5.5)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -152,7 +156,7 @@ GEM
     spring-watcher-listen (2.0.1)
       listen (>= 2.7, < 4.0)
       spring (>= 1.2, < 3.0)
-    sprockets (3.7.1)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
@@ -191,8 +195,8 @@ DEPENDENCIES
   jbuilder (~> 2.5)
   jquery-rails
   listen (>= 3.0.5, < 3.2)
-  onelogin (~> 1.0.4)
-  puma (~> 3.7)
+  onelogin (~> 1.5.0)
+  puma (~> 3.12)
   rails (~> 5.1.4)
   sass-rails (~> 5.0)
   selenium-webdriver
@@ -205,4 +209,4 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 
 BUNDLED WITH
-   1.16.1
+   1.17.3

data/examples/rails-custom-login-page/README.md

@@ -7,8 +7,6 @@ over the look & feel.
 
 The downside to this approach is that you have to implement MFA and password resets etc yourself. However we do have the APIs for these actions available and have demonstrated how to use them in this app.
 
-![Custom Login](https://s3.amazonaws.com/onelogin-screenshots/dev_site/images/custom-login-os.gif)
-
 If you want a standards based, out of the box way to authenticate users then we recommend you use [our OpenId Connect implementation](https://github.com/onelogin/onelogin-oidc-ruby).
 
 ## Get Started
@@ -17,6 +15,9 @@ The sample tries to keep everything as simple as possible so only
 implements
 * Login - Authenticate users in a single request to OneLogin with out any redirects
 * MFA - Does MFA verification if required
+* Password Reset with user verification via MFA
+* Self sign Up / Create a new user
+* Onboard / Activate a user
 * User Apps - List apps available to a user and provides SSO links
 * User Roles - Lists a users roles
 * Logout - destroying the local session and revoking the token at OneLogin
@@ -36,6 +37,14 @@ cd onelogin-ruby-sdk/examples/rails-custom-login-page && bundle install
 
 3. Rename `config/secrets.yml.sample` to `config/secrets.yml` and update with your OneLogin API credentials, region and subdomain.
 
+If you are using a custom domain instance, set it
+in order to be used for the login demo.
+
+If you want to set the cookie via post-form set
+COOKIE_VIA_POST_FORM to true, otherwise the cookie
+will be set via javascript via the makeCors method
+described later.
+
 ```yaml
 development:
   secret_key_base: xxx
@@ -43,6 +52,8 @@ development:
   ONELOGIN_CLIENT_SECRET: xxx
   ONELOGIN_REGION: us
   ONELOGIN_SUBDOMAIN: xxx
+  CUSTOM_DOMAIN: xxx
+  COOKIE_VIA_POST_FORM: true
 ```
 4. Run the sample and browse to `http://localhost:3000`
 ```sh
@@ -95,6 +106,7 @@ function makeCors(session_token) {
   xhr.withCredentials = true;
   method = "POST";
   var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
+  // var url = "https://" + CUSTOM_DOMAIN + "/session_via_api_token";
   xhr.open(method, url, true);
   xhr.setRequestHeader("Content-Type", "application/json");
   body = {"session_token": session_token};
@@ -102,3 +114,24 @@ function makeCors(session_token) {
 };
 ```
 
+### Make form-based request to establish SSO session
+```html
+<!doctype html>
+<html>
+    <head>
+        <meta charset="utf-8">
+    </head>
+    <body>
+        <p>Auth API Test</p>
+        <form action=
+         "https://{onelogin_instance}/session_via_api_token" method="POST">
+            <input type="hidden" name="session_token" value="{your session token value}">
+            <input type="submit" placeholder="GO">
+            <input id="auth_token" type="hidden">
+        </form>
+    </body>
+</html>
+
+where onelogin_instance is a custom domain or
+{subdomain}.onelogin.com
+```

data/examples/rails-custom-login-page/app/assets/stylesheets/application.css

@@ -12,64 +12,4 @@
  *
  *= require_tree .
  *= require_self
- */
-
-body {
-  padding: 20px;
-  font-family: Arial, Helvetica, sans-serif
-}
-
-.alert, .error {
-  color: red;
-  text-align: center;
-}
-
-.row {
-  padding: 5px 0px;
-}
-
-.row span {
-  display: inline-block;
-  font-weight: bold;
-}
-
-.form {
-  width: 300px;
-  margin: 0 auto;
-  text-align: center;
-  padding: 50px;
-  background: green; /* For browsers that do not support gradients */
-  background: -webkit-linear-gradient(left, orange , yellow, green, cyan, blue, violet); /* For Safari 5.1 to 6.0 */
-  background: -o-linear-gradient(right, orange, yellow, green, cyan, blue, violet); /* For Opera 11.1 to 12.0 */
-  background: -moz-linear-gradient(right, orange, yellow, green, cyan, blue, violet); /* For Firefox 3.6 to 15 */
-  background: linear-gradient(to right, orange , yellow, green, cyan, blue, violet); /* Standard syntax (must be last) */
-}
-
-.form input {
-  width: 90%;
-  padding: 5px;
-  margin: 5px;
-}
-
-.form h1 {
-  color: #fff;
-}
-
-.login-footer {
-  width: 300px;
-  margin: 50px auto;
-  text-align: center;
-}
-
-form.edit div {
-  padding: 10px;
-}
-
-table.list {
-  width: 100%;
-}
-
-table.list tr td {
-  padding: 5px;
-  border-bottom: 1px #ccc solid;
-}
+ */

data/examples/rails-custom-login-page/app/controllers/home_controller.rb

@@ -1,4 +1,5 @@
 class HomeController < ApplicationController
   def index
+    redirect_to "/dashboard" if session["user"]
   end
 end