RubyGems - onelogin - Versions diffs - 1.5.0 → 1.6.0 - Mend

onelogin 1.5.0 → 1.6.0

Files changed (28) hide show

checksums.yaml +4 -4
data/.github/workflows/git-secrets-public.yml +55 -0
data/README.md +60 -2
data/examples/Gemfile.lock +10 -6
data/examples/another-get-all-login-events-of-last-day-to-csv.rb +141 -0
data/examples/events-to-csv.rb +3 -3
data/examples/get-all-login-events-of-last-day-to-csv.rb +88 -0
data/examples/rails-custom-login-page/Gemfile +2 -2
data/examples/rails-custom-login-page/Gemfile.lock +20 -16
data/examples/rails-custom-login-page/README.md +32 -0
data/examples/rails-custom-login-page/app/controllers/home_controller.rb +1 -0
data/examples/rails-custom-login-page/app/views/dashboard/index.html.erb +2 -9
data/examples/rails-custom-login-page/app/views/home/index.html.erb +71 -8
data/examples/rails-custom-login-page/config/initializers/onelogin.rb +3 -1
data/examples/rails-custom-login-page/config/secrets.yml.sample +2 -0
data/lib/onelogin/api/client.rb +608 -16
data/lib/onelogin/api/cursor.rb +4 -3
data/lib/onelogin/api/models/connector_basic.rb +20 -0
data/lib/onelogin/api/models/event.rb +1 -1
data/lib/onelogin/api/models/onelogin_app.rb +46 -6
data/lib/onelogin/api/models/onelogin_app_basic.rb +51 -0
data/lib/onelogin/api/models/onelogin_app_v1.rb +22 -0
data/lib/onelogin/api/models/user.rb +1 -1
data/lib/onelogin/api/models.rb +3 -0
data/lib/onelogin/api/util/constants.rb +15 -1
data/lib/onelogin/version.rb +1 -1
data/onelogin.gemspec +2 -2
metadata +13 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b88c409d8f894444cea2c417d3cef961263c063d
-  data.tar.gz: b737ed1099a19e1d5bb7e21f5535a02e9058791b
+  metadata.gz: 43e75b93559432eb4abb128fda09326b0888f7dd
+  data.tar.gz: dffa50f002def9f773dfbfbb7d2aa26dc7752769
 SHA512:
-  metadata.gz: 21fa7556a20c6f0d851fe9b7bb92a9311aac2892fca42a73baf78135ec88c8f5ad249466a0f82330015cf34b488f9f2cdc149010a2a4492af9c9db308bfc9c3a
-  data.tar.gz: adef4c496b683e629f344fe2e771c79d6472e0db87b5bba65268e33c6f53f5dc36d6757c73172bfb1d5ca7de20430b3919616ed87fa0b81c49bc63310f7ebc7b
+  metadata.gz: dac538dcd80c1ae95c87f7235c6803fb7dd112671c6e1dedf1609e909da25aae8f4e50b5510545d2cef08e0eccb77069b94909cf9fb8b977fa961ca96951ca92
+  data.tar.gz: 9270fff7c56ba05816435ef2ecc81a3581e4771926c0108cbad490e584bcadbd07e2ed774b9308f923f6e2fafadde79b8af0c06d9aa60387ca678ab95bca760f

data/.github/workflows/git-secrets-public.yml ADDED Viewed

@@ -0,0 +1,55 @@
+name: git-secrets
+on: [push,pull_request]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: source
+      - name: Install git-secrets
+        shell: bash
+        run: |
+            cd ..
+            echo 'cloning https://github.com/awslabs/git-secrets.git'
+            git clone https://github.com/awslabs/git-secrets.git
+            cd git-secrets
+            echo 'installing git-secrets'
+            sudo make install
+      - name: Add Rules
+        shell: bash
+        run: |
+          cd source
+          echo 'running git-secrets'
+          pwd
+          git secrets --add '[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"~\\s]'
+          git secrets --add 'AIza[0-9A-Za-z\\-_]{35}'
+          git secrets --add 'LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBEU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0t[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
+          git secrets --add '[Tt][Ww][Ii][Tt][Tt][Ee][Rr][^/]{0,50}[0-9a-zA-Z]{35,44}'
+          git secrets --add '[Hh][Oo][Cc][Kk][Ee][Yy].{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
+          git secrets --add '(QTNU|QUtJQ|QUdQQ|QUlEQ|QVJPQ|QUlQQ|QU5QQ|QU5WQ|QVNJQ)[%a-zA-Z0-9+/]{20,24}={0,2}'
+          git secrets --add 'ya29\\.[0-9A-Za-z\\-_]+'
+          git secrets --add 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'
+          git secrets --add '[0-9a-f]{32}-us[0-9]{1,2}'
+          git secrets --add '[Ss][Aa][Uu][Cc][Ee].{0,50}(\\\"|~|`)?[0-9a-f-]{36}(\\\"|~|`)?'
+          git secrets --add '[Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk][^/]{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
+          git secrets --add --allowed 'https:\/\/\#\{GITHUB_TOKEN\}:\#\{GITHUB_USERNAME\}@github.*'
+          git secrets --add --allowed 'AKIA[a-zA-Z0-9]{16}'
+          git secrets --add --allowed 'AIzaSyCi9HqVYImAgkqMCG0QmBUXAIfM5lyv_QU'
+          sed -i -e "s/~/'/g" .git/config
+      - name: Run Scan
+        shell: bash
+        run: |
+          cd source
+          git secrets --scan
+          echo 'Secrets found in this repo? You can install git-secrets locally to catch these issues pre-commit : https://github.com/awslabs/git-secrets'

data/README.md CHANGED Viewed

@@ -238,8 +238,66 @@ role_ids = client.get_user_roles(user.id)
 # Generate MFA Token
 mfa_token = client.generate_mfa_token(user.id)
-# Get all Apps in a OneLogin account */
-apps = client.get_apps
+# Get all Connectors in a OneLogin account filtering by name*/
+apps = client.get_connectors({name:'SAML'})
+# Get all Apps in a OneLogin account using API v1 */
+apps_v1 = client.get_apps_v1
+# Get all Apps in a OneLogin account filtering by auth_method*/
+apps = client.get_apps({auth_method:6})
+# Create app
+app_data = {
+ name: "Created SAML App by API",
+ description:"Created SAML App by API description",
+ notes: "Created SAML App by API notes",
+ auth_method: 2,
+ policy_id: 167865,
+ allow_assumed_signin: false,
+ parameters: {
+    saml_username: {
+        user_attribute_mappings: "email",
+        label: "NameID (fka Email)",
+    }
+ },
+ connector_id: 110016,
+ visible: true,
+ configuration: {
+   saml_initiater_id: "0",
+   encrypt_assertion: "0",
+   recipient: "http://sp.example.com/acs",
+   saml_notbefore: "3",
+   saml_nameid_format_id: "0",
+   saml_issuer_type: "0",
+   saml_sign_element: "0",
+   consumer_url: "http://sp.example.com/acs",
+   validator: ".*",
+   relaystate: "",
+   logout_url: "http://sp.example.com/sls",
+   saml_encryption_method_id: "0",
+   login: "http://sp.example.com/login",
+   saml_sessionnotonorafter: "1440",
+   generate_attribute_value_tags: "0",
+   saml_notonorafter: "3",
+   audience: "http://sp.example.com/audience",
+   signature_algorithm: "SHA-256"
+ }
+}
+app = client.create_app(app_data)
+# Update app
+app_data[:name] = "Created SAML App by API updated"
+client.update_app(app.id, app_data)
+# Get app
+app = client.get_app(app.id)
+# Delete app
+result = client.delete_app(app.id)
+# Delete parameter from app
+result = client.delete_parameter_from_app(app.id, parameter_id)
 # Create user
 new_user_params = {

data/examples/Gemfile.lock CHANGED Viewed

@@ -1,13 +1,17 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    httparty (0.16.2)
+    httparty (0.18.0)
+      mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
-    mini_portile2 (2.3.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.0425)
+    mini_portile2 (2.4.0)
     multi_xml (0.6.0)
-    nokogiri (1.8.4)
-      mini_portile2 (~> 2.3.0)
-    onelogin (1.2.1)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
+    onelogin (1.6.0)
       httparty (>= 0.13.7)
       nokogiri (>= 1.6.3.1)
@@ -18,4 +22,4 @@ DEPENDENCIES
   onelogin
 BUNDLED WITH
-   1.16.0.pre.3
+   2.1.4

data/examples/another-get-all-login-events-of-last-day-to-csv.rb ADDED Viewed

@@ -0,0 +1,141 @@
+require 'onelogin'
+client = OneLogin::Api::Client.new(
+    client_id: '9a19e9b07257c30ed3eddc0f9cf8d4127b4387646940acc8432c0dbcbd5f0c0d',
+    client_secret: 'd5cfcbe70b626f1d131f632c398b5b0d60dbc149b9ad9a55ac33715c7239acf7',
+    region: 'us',
+    max_results: 50000
+)
+client.access_token
+unless client.error.nil?
+  puts "Error #{client.error}  #{client.error_description}"
+  exit
+end
+user_attribute_names = ['id', 'username', 'email']
+event_attribute_names = ['created_at', 'user_id', 'user_name', 'ipaddr', 'app_id', 'app_name']
+csv_event_header = ['Timestamp', 'Description',  'Username', 'App', 'IP Address', 'User Id', 'Email', 'App Id']
+user_options = {}
+user_options[:fields] = user_attribute_names.join(",")
+now = Date.today
+days_ago = (now - 1)
+event_options = {}
+event_options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
+event_options[:event_type_id] = 8;
+event_options[:fields] = event_attribute_names.join(",")
+event_options[:sort] = "-created_at"
+now_str = Time.now.strftime("%Y-%m-%d_%H-%M-%S")
+login_app_event_csv_name = now_str + '_login_app_events.csv'
+login_event_csv_name = now_str + '_login_events.csv'
+radius_event_csv_name = now_str + '_radius_events.csv'
+users = {}
+counter = 0
+rate_limits = client.get_rate_limits
+remaining_before = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_before}"
+puts "Extracting users from OneLogin"
+client.get_users(user_options).each do |user|
+  users[user.id] = user
+  counter +=1
+end
+puts "#{counter} users extracted"
+csv_login_app_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'App Id', 'Email']
+csv_login_event_header = ['Timestamp', 'Description', 'Username', 'IP Address', 'User Id', 'Email']
+puts "Extracting login app events from OneLogin"
+counter = 0
+CSV.open(login_app_event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_login_app_event_header
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} signed into #{event.app_name}"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.app_name, event.ipaddr, event.user_id, event.app_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} login app events to  #{login_app_event_csv_name}"
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+event_options[:event_type_id] = 5;
+puts "Extracting login events from OneLogin"
+counter = 0
+CSV.open(login_event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_login_event_header
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} logged into OneLogin"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.ipaddr, event.user_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} login events to #{login_event_csv_name}"
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+event_options[:event_type_id] = 68;
+puts "Extracting login radius events from OneLogin"
+counter = 0
+CSV.open(radius_event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_login_event_header
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} logged via Radius"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.ipaddr, event.user_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} radius events to #{radius_event_csv_name}"
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+consumed = remaining_before - remaining_after
+puts "The script consumed #{consumed} calls"

data/examples/events-to-csv.rb CHANGED Viewed

@@ -24,7 +24,7 @@ OptionParser.new do |opts|
     options[:since] = s.iso8601
   end
-  opts.on("-lLAST", "--last=LAST", Integer, "Events since this many days ago") do |d|
+  opts.on("-dLAST", "--last=LAST", Integer, "Events since this many days ago") do |d|
     now = Date.today
     days_ago = (now - d)
     options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
@@ -64,7 +64,7 @@ attribute_names = ['id', 'created_at', 'account_id', 'user_id', 'user_name', 'ev
                   'role_id', 'role_name', 'app_id', 'app_name', 'group_id', 'group_name', 'otp_device_id',
                   'otp_device_name', 'policy_id', 'policy_name', 'actor_system', 'custom_message',
                   'operation_name', 'directory_sync_run_id', 'directory_id', 'resolution', 'client_id',
-                  'resource_type_id', 'error_description']
+                  'resource_type_id', 'error_description', 'risk_score', 'risk_reasons', 'risk_cookie_id', 'browser_fingerprint']
 counter = 0
 limit = options[:limit] || 1000
@@ -82,7 +82,7 @@ CSV.open('events.csv', 'wb') do |csv|
   # fetch the events
   client.get_events(options).take(limit).each do |event|
-    csv << attribute_names.map { |attribute_name| event.send(attribute_name) }
+    csv << attribute_names.map { |attribute_name| event.send(attribute_name) if event.respond_to?(attribute_name) }
     counter += 1
   end
 end

data/examples/get-all-login-events-of-last-day-to-csv.rb ADDED Viewed

@@ -0,0 +1,88 @@
+require 'onelogin'
+#
+# This example shows how you can export user details from OneLogin using the Ruby SDK
+#
+# Usage:
+# 1. Set your own CLIENT_ID and CLIENT_SECRET below
+# 2. From terminal run "ruby all-users-to-csv.rb" to extract all users including
+#    any custom attributes that might have been defined for the each user
+#
+#client = OneLogin::Api::Client.new(
+#    client_id: 'ONELOGIN_CLIENT_ID',
+#    client_secret:'ONELOGIN_CLIENT_SECRET',
+#    region: 'us',
+#    max_results: 50000
+#)
+client = OneLogin::Api::Client.new(
+    client_id: 'ONELOGIN_CLIENT_ID_GOES_HERE',
+    client_secret: 'ONELOGIN_CLIENT_SECRET_GOES_HERE',
+    region: 'us',
+    max_results: 50000
+)
+user_attribute_names = ['id', 'username', 'email']
+event_attribute_names = ['created_at', 'user_id', 'user_name', 'ipaddr', 'app_id', 'app_name']
+csv_event_header = ['Timestamp', 'Description',  'Username', 'App', 'IP Address', 'User Id', 'Email', 'App Id']
+user_options = {}
+user_options[:fields] = user_attribute_names.join(",")
+now = Date.today
+days_ago = (now - 1)
+event_options = {}
+event_options[:since] = days_ago.strftime('%Y-%m-%dT%H:%M:%SZ')
+event_options[:event_type_id] = 8;
+event_options[:fields] = event_attribute_names.join(",")
+event_options[:sort] = "-created_at"
+now_str = Time.now.strftime("%Y-%m-%d_%H-%M-%S")
+event_csv_name = now_str + '_events.csv'
+users = {}
+counter = 0
+rate_limits = client.get_rate_limits
+remaining_before = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_before}"
+puts "Extracting users from OneLogin"
+client.get_users(user_options).each do |user|
+  users[user.id] = user
+  counter +=1
+end
+puts "#{counter} users extracted"
+puts "Extracting events from OneLogin"
+csv_event_header = ['Timestamp', 'Description', 'Username', 'App', 'IP Address', 'User Id', 'App Id', 'Email']
+counter = 0
+CSV.open(event_csv_name, 'wb') do |csv|
+  # header row
+  csv << csv_event_header
+  # fetch the events
+  client.get_events(event_options).each do |event|
+    username = email = ""
+    description = "#{event.user_name} signed into #{event.app_name}"
+    unless users.nil?
+      if users.has_key?(event.user_id)
+        username = users[event.user_id].username
+        email = users[event.user_id].email
+      end
+    end
+    csv << [event.created_at, description, username, event.app_name, event.ipaddr, event.user_id, event.app_id, email]
+    counter +=1
+  end
+end
+puts "Exported #{counter} events to events.csv"
+rate_limits = client.get_rate_limits
+remaining_after = rate_limits.remaining
+puts "Remaining RateLimit: #{remaining_after}"
+consumed = remaining_before - remaining_after
+puts "The script consumed #{consumed} calls"

data/examples/rails-custom-login-page/Gemfile CHANGED Viewed

@@ -11,7 +11,7 @@ gem 'rails', '~> 5.1.4'
 # Use sqlite3 as the database for Active Record
 gem 'sqlite3'
 # Use Puma as the app server
-gem 'puma', '~> 3.7'
+gem 'puma', '~> 3.12'
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 5.0'
 # Use Uglifier as compressor for JavaScript assets
@@ -33,7 +33,7 @@ gem 'jbuilder', '~> 2.5'
 # Use Capistrano for deployment
 # gem 'capistrano-rails', group: :development
-gem 'onelogin', '~> 1.0.4'
+gem 'onelogin', '~> 1.6.0'
 gem 'jquery-rails'
 group :development, :test do

data/examples/rails-custom-login-page/Gemfile.lock CHANGED Viewed

@@ -60,14 +60,15 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.0.5)
-    crass (1.0.3)
+    concurrent-ruby (1.1.5)
+    crass (1.0.5)
     erubi (1.7.1)
     execjs (2.7.0)
-    ffi (1.9.23)
+    ffi (1.11.1)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
-    httparty (0.16.1)
+    httparty (0.18.1)
+      mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
@@ -82,26 +83,29 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.3.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
       mini_mime (>= 0.1.1)
     method_source (0.9.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.1104)
     mini_mime (1.0.0)
-    mini_portile2 (2.3.0)
+    mini_portile2 (2.4.0)
     minitest (5.11.3)
     multi_json (1.13.1)
     multi_xml (0.6.0)
     nio4r (2.3.0)
-    nokogiri (1.8.2)
-      mini_portile2 (~> 2.3.0)
-    onelogin (1.0.4)
+    nokogiri (1.10.4)
+      mini_portile2 (~> 2.4.0)
+    onelogin (1.6.0)
       httparty (>= 0.13.7)
       nokogiri (>= 1.6.3.1)
     public_suffix (3.0.2)
-    puma (3.11.3)
-    rack (2.0.4)
+    puma (3.12.2)
+    rack (2.0.8)
     rack-test (0.8.3)
       rack (>= 1.0, < 3)
     rails (5.1.5)
@@ -132,7 +136,7 @@ GEM
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
     ruby_dep (1.5.0)
-    rubyzip (1.2.1)
+    rubyzip (1.3.0)
     sass (3.5.5)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -152,7 +156,7 @@ GEM
     spring-watcher-listen (2.0.1)
       listen (>= 2.7, < 4.0)
       spring (>= 1.2, < 3.0)
-    sprockets (3.7.1)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
@@ -191,8 +195,8 @@ DEPENDENCIES
   jbuilder (~> 2.5)
   jquery-rails
   listen (>= 3.0.5, < 3.2)
-  onelogin (~> 1.0.4)
-  puma (~> 3.7)
+  onelogin (~> 1.5.0)
+  puma (~> 3.12)
   rails (~> 5.1.4)
   sass-rails (~> 5.0)
   selenium-webdriver
@@ -205,4 +209,4 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 BUNDLED WITH
-   1.16.1
+   1.17.3

data/examples/rails-custom-login-page/README.md CHANGED Viewed

@@ -37,6 +37,14 @@ cd onelogin-ruby-sdk/examples/rails-custom-login-page && bundle install
 3. Rename `config/secrets.yml.sample` to `config/secrets.yml` and update with your OneLogin API credentials, region and subdomain.
+If you are using a custom domain instance, set it
+in order to be used for the login demo.
+If you want to set the cookie via post-form set
+COOKIE_VIA_POST_FORM to true, otherwise the cookie
+will be set via javascript via the makeCors method
+described later.
 ```yaml
 development:
   secret_key_base: xxx
@@ -44,6 +52,8 @@ development:
   ONELOGIN_CLIENT_SECRET: xxx
   ONELOGIN_REGION: us
   ONELOGIN_SUBDOMAIN: xxx
+  CUSTOM_DOMAIN: xxx
+  COOKIE_VIA_POST_FORM: true
 ```
 4. Run the sample and browse to `http://localhost:3000`
 ```sh
@@ -96,6 +106,7 @@ function makeCors(session_token) {
   xhr.withCredentials = true;
   method = "POST";
   var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
+  // var url = "https://" + CUSTOM_DOMAIN + "/session_via_api_token";
   xhr.open(method, url, true);
   xhr.setRequestHeader("Content-Type", "application/json");
   body = {"session_token": session_token};
@@ -103,3 +114,24 @@ function makeCors(session_token) {
 };
 ```
+### Make form-based request to establish SSO session
+```html
+<!doctype html>
+<html>
+    <head>
+        <meta charset="utf-8">
+    </head>
+    <body>
+        <p>Auth API Test</p>
+        <form action=
+         "https://{onelogin_instance}/session_via_api_token" method="POST">
+            <input type="hidden" name="session_token" value="{your session token value}">
+            <input type="submit" placeholder="GO">
+            <input id="auth_token" type="hidden">
+        </form>
+    </body>
+</html>
+where onelogin_instance is a custom domain or
+{subdomain}.onelogin.com
+```

data/examples/rails-custom-login-page/app/controllers/home_controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 class HomeController < ApplicationController
   def index
+    redirect_to "/dashboard" if session["user"]
   end
 end

data/examples/rails-custom-login-page/app/views/dashboard/index.html.erb CHANGED Viewed

@@ -14,8 +14,9 @@
     <div class="col-sm">
       <h2>Apps</h2>
       <ul class="list-group">
+      <% url_base = CUSTOM_DOMAIN || ONELOGIN_SUBDOMAIN + ".onelogin.com" %>
       <%@apps.each do |app|%>
-        <li class="list-group-item"><a href="https://<%= ONELOGIN_SUBDOMAIN %>.onelogin.com/launch/<%= app.id %>"><%= app.name %></a></li>
+        <li class="list-group-item"><a target="_blank" href="https://<%= url_base %>/launch/<%= app.id %>"><%= app.name %></a></li>
       <%end%>
       </ul>
     </div>
@@ -40,11 +41,3 @@
     </div>
   </div>
 </div>