saml_camel 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +10 -4
- data/app/controllers/concerns/saml_camel/saml_helpers.rb +2 -0
- data/app/controllers/saml_camel/saml_controller.rb +10 -0
- data/app/models/saml_camel/application_record.rb +2 -2
- data/app/models/saml_camel/logging.rb +23 -0
- data/app/models/saml_camel/transaction.rb +1 -1
- data/app/views/saml_camel/saml/attr_check.html.erb +5 -0
- data/config/routes.rb +1 -0
- data/lib/saml_camel/engine.rb +0 -1
- data/lib/saml_camel/version.rb +1 -1
- data/lib/tasks/saml_camel_tasks.rake +4 -8
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a2a4e67055ffc48f78dc0139b9c759e2433549c
|
|
4
|
+
data.tar.gz: e76ae8caa11b55411a315c284fae6d4fe8a38555
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9cfb538fa1e85ef6d3089431b4f30e97ce773d4fce4498c9349c602a799427499fbe2cd25f37e0ffb53aee3ae4672210903c00017e97de2eb2580e42a4122374
|
|
7
|
+
data.tar.gz: 9dd9c2fe2afc86d84bbf4333e57853c546ab76c096d3f08c08b16c4987fb65640e7759ba77d72c86ca61ca2a151d76a2c8b412609f4fe27c2fefcf1dfbd1d043
|
data/README.md
CHANGED
|
@@ -3,9 +3,7 @@
|
|
|
3
3
|
Add this line to your application's Gemfile:
|
|
4
4
|
|
|
5
5
|
```ruby
|
|
6
|
-
source "https://gems-internal.oit.duke.edu" do
|
|
7
6
|
gem 'saml_camel'
|
|
8
|
-
end
|
|
9
7
|
```
|
|
10
8
|
|
|
11
9
|
|
|
@@ -46,8 +44,6 @@ end
|
|
|
46
44
|
6. now simply provide the `saml protect` method in your controllers (via `around_action`) to protect paths
|
|
47
45
|
**NOTE: it is important you MUST use around_action**
|
|
48
46
|
|
|
49
|
-
7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
|
|
50
|
-
|
|
51
47
|
```ruby
|
|
52
48
|
class DashboardController < ApplicationController
|
|
53
49
|
around_action :saml_protect, except: [:home]
|
|
@@ -61,8 +57,18 @@ class DashboardController < ApplicationController
|
|
|
61
57
|
end
|
|
62
58
|
```
|
|
63
59
|
|
|
60
|
+
|
|
61
|
+
7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
|
|
62
|
+
|
|
64
63
|
7. response attributes found in `session[:saml_attributes]`
|
|
65
64
|
|
|
65
|
+
8. It is recommended to set `config.force_ssl = true` in the `config/environments/production.rb` file
|
|
66
|
+
|
|
67
|
+
|
|
68
|
+
9. Logging is turned on by default. Logging is configured in `saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
|
|
69
|
+
|
|
70
|
+
10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through
|
|
71
|
+
|
|
66
72
|
|
|
67
73
|
## License
|
|
68
74
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
|
@@ -2,6 +2,8 @@ require_dependency "saml_camel/application_controller"
|
|
|
2
2
|
|
|
3
3
|
module SamlCamel::SamlHelpers
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
|
+
SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
|
|
6
|
+
|
|
5
7
|
|
|
6
8
|
#this generates a call to the idp, which will then be returned to the consume action the in saml_contorller
|
|
7
9
|
def saml_request(host_request)
|
|
@@ -2,7 +2,9 @@ require_dependency "saml_camel/application_controller"
|
|
|
2
2
|
|
|
3
3
|
module SamlCamel
|
|
4
4
|
class SamlController < ApplicationController
|
|
5
|
+
include SamlCamel::SamlHelpers
|
|
5
6
|
skip_before_action :verify_authenticity_token ,only: [:consume,:logout]
|
|
7
|
+
around_action :saml_protect, only: [:attr_check]
|
|
6
8
|
|
|
7
9
|
|
|
8
10
|
#TODO ROUTABLE STUFF GOES IN THE SHIB CONTROLLER, METHODS CALLED BUT NOT ROUTED GO TO SAML_CONTROLLER
|
|
@@ -19,6 +21,7 @@ module SamlCamel
|
|
|
19
21
|
session[:saml_success] = true
|
|
20
22
|
session[:sp_session] = true
|
|
21
23
|
session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
|
|
24
|
+
SamlCamel::Logging.successfull_auth(session[:saml_attributes])
|
|
22
25
|
|
|
23
26
|
#TODO account for nil redirect
|
|
24
27
|
redirect_to cookies.encrypted[:saml_camel_redirect]
|
|
@@ -26,11 +29,14 @@ module SamlCamel
|
|
|
26
29
|
#TODO how do we handle errors?
|
|
27
30
|
session[:saml_success] = false
|
|
28
31
|
response.errors
|
|
32
|
+
SamlCamel::Logging.auth_failure(response.errors)
|
|
33
|
+
|
|
29
34
|
redirect_to main_app.try('root_path')
|
|
30
35
|
end
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
def logout
|
|
39
|
+
SamlCamel::Logging.logout(session[:saml_attributes])
|
|
34
40
|
session[:saml_attributes] = nil
|
|
35
41
|
session[:sp_session] = nil
|
|
36
42
|
|
|
@@ -38,6 +44,10 @@ module SamlCamel
|
|
|
38
44
|
redirect_to return_url
|
|
39
45
|
end
|
|
40
46
|
|
|
47
|
+
def attr_check
|
|
48
|
+
|
|
49
|
+
end
|
|
50
|
+
|
|
41
51
|
|
|
42
52
|
private
|
|
43
53
|
def saml_settings
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
module SamlCamel
|
|
2
|
+
class Logging
|
|
3
|
+
SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
|
|
4
|
+
PRIMARY_ID = SP_SETTINGS["settings"]["primary_id"]
|
|
5
|
+
SHOULD_LOG = SP_SETTINGS["settings"]["saml_logging"]
|
|
6
|
+
|
|
7
|
+
def self.successfull_auth(saml_attrs)
|
|
8
|
+
logger = Logger.new("log/saml.log")
|
|
9
|
+
logger.info("#{saml_attrs[PRIMARY_ID]} has succesfully authenticated.")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.auth_failure(error_context)
|
|
13
|
+
logger = Logger.new("log/saml.log")
|
|
14
|
+
logger.error("An error occured during authentication.")
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def self.logout(saml_attrs)
|
|
18
|
+
logger = Logger.new("log/saml.log")
|
|
19
|
+
logger.info("#{saml_attrs[PRIMARY_ID]} has succesfully logged out.")
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
data/config/routes.rb
CHANGED
data/lib/saml_camel/engine.rb
CHANGED
data/lib/saml_camel/version.rb
CHANGED
|
@@ -58,10 +58,6 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
61
|
def generate_saml_settings
|
|
66
62
|
{
|
|
67
63
|
_comment: "note you will need to restart the application when you make changes to this file",
|
|
@@ -69,7 +65,9 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
69
65
|
acs: "http://localhost:3000/saml/consumeSaml" ,
|
|
70
66
|
entity_id: "https://your-entity-id.com",
|
|
71
67
|
sso_url: "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
|
|
72
|
-
logout_return_url: "http://localhost:3000"
|
|
68
|
+
logout_return_url: "http://localhost:3000",
|
|
69
|
+
primary_id: "eduPersonPrincipalName",
|
|
70
|
+
saml_logging: true
|
|
73
71
|
},
|
|
74
72
|
"attribute_map": {
|
|
75
73
|
"urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
|
|
@@ -80,7 +78,7 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
80
78
|
"urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
|
|
81
79
|
"urn:oid:2.16.840.1.113730.3.1.241": "displayName",
|
|
82
80
|
"urn:mace:duke.edu:idms:unique-id": "duDukeID",
|
|
83
|
-
"urn:mace:duke.edu:idms:dku-id": "
|
|
81
|
+
"urn:mace:duke.edu:idms:dku-id": "dku-id",
|
|
84
82
|
"urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
|
|
85
83
|
"urn:oid:2.5.4.42": "givenName",
|
|
86
84
|
"urn:oid:2.5.4.4": "sn",
|
|
@@ -89,8 +87,6 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
89
87
|
"urn:oid:2.5.4.20": "telephoneNumber",
|
|
90
88
|
"urn:oid:2.5.4.12": "title",
|
|
91
89
|
"urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
|
|
92
|
-
"urn:mace:duke.edu:idms:sap:name-first": "duSAPNameFirst",
|
|
93
|
-
"urn:mace:duke.edu:idms:sap:name-last": "duSAPNameLast",
|
|
94
90
|
"urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
|
|
95
91
|
}
|
|
96
92
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml_camel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 'Danai Adkisson '
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -87,8 +87,10 @@ files:
|
|
|
87
87
|
- app/jobs/saml_camel/application_job.rb
|
|
88
88
|
- app/mailers/saml_camel/application_mailer.rb
|
|
89
89
|
- app/models/saml_camel/application_record.rb
|
|
90
|
+
- app/models/saml_camel/logging.rb
|
|
90
91
|
- app/models/saml_camel/transaction.rb
|
|
91
92
|
- app/views/layouts/saml_camel/application.html.erb
|
|
93
|
+
- app/views/saml_camel/saml/attr_check.html.erb
|
|
92
94
|
- config/routes.rb
|
|
93
95
|
- lib/saml_camel.rb
|
|
94
96
|
- lib/saml_camel/engine.rb
|