saml_camel 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +10 -4
- data/app/controllers/concerns/saml_camel/saml_helpers.rb +2 -0
- data/app/controllers/saml_camel/saml_controller.rb +10 -0
- data/app/models/saml_camel/application_record.rb +2 -2
- data/app/models/saml_camel/logging.rb +23 -0
- data/app/models/saml_camel/transaction.rb +1 -1
- data/app/views/saml_camel/saml/attr_check.html.erb +5 -0
- data/config/routes.rb +1 -0
- data/lib/saml_camel/engine.rb +0 -1
- data/lib/saml_camel/version.rb +1 -1
- data/lib/tasks/saml_camel_tasks.rake +4 -8
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7a2a4e67055ffc48f78dc0139b9c759e2433549c
|
|
4
|
+
data.tar.gz: e76ae8caa11b55411a315c284fae6d4fe8a38555
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9cfb538fa1e85ef6d3089431b4f30e97ce773d4fce4498c9349c602a799427499fbe2cd25f37e0ffb53aee3ae4672210903c00017e97de2eb2580e42a4122374
|
|
7
|
+
data.tar.gz: 9dd9c2fe2afc86d84bbf4333e57853c546ab76c096d3f08c08b16c4987fb65640e7759ba77d72c86ca61ca2a151d76a2c8b412609f4fe27c2fefcf1dfbd1d043
|
data/README.md
CHANGED
|
@@ -3,9 +3,7 @@
|
|
|
3
3
|
Add this line to your application's Gemfile:
|
|
4
4
|
|
|
5
5
|
```ruby
|
|
6
|
-
source "https://gems-internal.oit.duke.edu" do
|
|
7
6
|
gem 'saml_camel'
|
|
8
|
-
end
|
|
9
7
|
```
|
|
10
8
|
|
|
11
9
|
|
|
@@ -46,8 +44,6 @@ end
|
|
|
46
44
|
6. now simply provide the `saml protect` method in your controllers (via `around_action`) to protect paths
|
|
47
45
|
**NOTE: it is important you MUST use around_action**
|
|
48
46
|
|
|
49
|
-
7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
|
|
50
|
-
|
|
51
47
|
```ruby
|
|
52
48
|
class DashboardController < ApplicationController
|
|
53
49
|
around_action :saml_protect, except: [:home]
|
|
@@ -61,8 +57,18 @@ class DashboardController < ApplicationController
|
|
|
61
57
|
end
|
|
62
58
|
```
|
|
63
59
|
|
|
60
|
+
|
|
61
|
+
7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
|
|
62
|
+
|
|
64
63
|
7. response attributes found in `session[:saml_attributes]`
|
|
65
64
|
|
|
65
|
+
8. It is recommended to set `config.force_ssl = true` in the `config/environments/production.rb` file
|
|
66
|
+
|
|
67
|
+
|
|
68
|
+
9. Logging is turned on by default. Logging is configured in `saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
|
|
69
|
+
|
|
70
|
+
10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through
|
|
71
|
+
|
|
66
72
|
|
|
67
73
|
## License
|
|
68
74
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
|
@@ -2,6 +2,8 @@ require_dependency "saml_camel/application_controller"
|
|
|
2
2
|
|
|
3
3
|
module SamlCamel::SamlHelpers
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
|
+
SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
|
|
6
|
+
|
|
5
7
|
|
|
6
8
|
#this generates a call to the idp, which will then be returned to the consume action the in saml_contorller
|
|
7
9
|
def saml_request(host_request)
|
|
@@ -2,7 +2,9 @@ require_dependency "saml_camel/application_controller"
|
|
|
2
2
|
|
|
3
3
|
module SamlCamel
|
|
4
4
|
class SamlController < ApplicationController
|
|
5
|
+
include SamlCamel::SamlHelpers
|
|
5
6
|
skip_before_action :verify_authenticity_token ,only: [:consume,:logout]
|
|
7
|
+
around_action :saml_protect, only: [:attr_check]
|
|
6
8
|
|
|
7
9
|
|
|
8
10
|
#TODO ROUTABLE STUFF GOES IN THE SHIB CONTROLLER, METHODS CALLED BUT NOT ROUTED GO TO SAML_CONTROLLER
|
|
@@ -19,6 +21,7 @@ module SamlCamel
|
|
|
19
21
|
session[:saml_success] = true
|
|
20
22
|
session[:sp_session] = true
|
|
21
23
|
session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
|
|
24
|
+
SamlCamel::Logging.successfull_auth(session[:saml_attributes])
|
|
22
25
|
|
|
23
26
|
#TODO account for nil redirect
|
|
24
27
|
redirect_to cookies.encrypted[:saml_camel_redirect]
|
|
@@ -26,11 +29,14 @@ module SamlCamel
|
|
|
26
29
|
#TODO how do we handle errors?
|
|
27
30
|
session[:saml_success] = false
|
|
28
31
|
response.errors
|
|
32
|
+
SamlCamel::Logging.auth_failure(response.errors)
|
|
33
|
+
|
|
29
34
|
redirect_to main_app.try('root_path')
|
|
30
35
|
end
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
def logout
|
|
39
|
+
SamlCamel::Logging.logout(session[:saml_attributes])
|
|
34
40
|
session[:saml_attributes] = nil
|
|
35
41
|
session[:sp_session] = nil
|
|
36
42
|
|
|
@@ -38,6 +44,10 @@ module SamlCamel
|
|
|
38
44
|
redirect_to return_url
|
|
39
45
|
end
|
|
40
46
|
|
|
47
|
+
def attr_check
|
|
48
|
+
|
|
49
|
+
end
|
|
50
|
+
|
|
41
51
|
|
|
42
52
|
private
|
|
43
53
|
def saml_settings
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
module SamlCamel
|
|
2
|
+
class Logging
|
|
3
|
+
SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
|
|
4
|
+
PRIMARY_ID = SP_SETTINGS["settings"]["primary_id"]
|
|
5
|
+
SHOULD_LOG = SP_SETTINGS["settings"]["saml_logging"]
|
|
6
|
+
|
|
7
|
+
def self.successfull_auth(saml_attrs)
|
|
8
|
+
logger = Logger.new("log/saml.log")
|
|
9
|
+
logger.info("#{saml_attrs[PRIMARY_ID]} has succesfully authenticated.")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.auth_failure(error_context)
|
|
13
|
+
logger = Logger.new("log/saml.log")
|
|
14
|
+
logger.error("An error occured during authentication.")
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def self.logout(saml_attrs)
|
|
18
|
+
logger = Logger.new("log/saml.log")
|
|
19
|
+
logger.info("#{saml_attrs[PRIMARY_ID]} has succesfully logged out.")
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
data/config/routes.rb
CHANGED
data/lib/saml_camel/engine.rb
CHANGED
data/lib/saml_camel/version.rb
CHANGED
|
@@ -58,10 +58,6 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
61
|
def generate_saml_settings
|
|
66
62
|
{
|
|
67
63
|
_comment: "note you will need to restart the application when you make changes to this file",
|
|
@@ -69,7 +65,9 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
69
65
|
acs: "http://localhost:3000/saml/consumeSaml" ,
|
|
70
66
|
entity_id: "https://your-entity-id.com",
|
|
71
67
|
sso_url: "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
|
|
72
|
-
logout_return_url: "http://localhost:3000"
|
|
68
|
+
logout_return_url: "http://localhost:3000",
|
|
69
|
+
primary_id: "eduPersonPrincipalName",
|
|
70
|
+
saml_logging: true
|
|
73
71
|
},
|
|
74
72
|
"attribute_map": {
|
|
75
73
|
"urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
|
|
@@ -80,7 +78,7 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
80
78
|
"urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
|
|
81
79
|
"urn:oid:2.16.840.1.113730.3.1.241": "displayName",
|
|
82
80
|
"urn:mace:duke.edu:idms:unique-id": "duDukeID",
|
|
83
|
-
"urn:mace:duke.edu:idms:dku-id": "
|
|
81
|
+
"urn:mace:duke.edu:idms:dku-id": "dku-id",
|
|
84
82
|
"urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
|
|
85
83
|
"urn:oid:2.5.4.42": "givenName",
|
|
86
84
|
"urn:oid:2.5.4.4": "sn",
|
|
@@ -89,8 +87,6 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
|
|
|
89
87
|
"urn:oid:2.5.4.20": "telephoneNumber",
|
|
90
88
|
"urn:oid:2.5.4.12": "title",
|
|
91
89
|
"urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
|
|
92
|
-
"urn:mace:duke.edu:idms:sap:name-first": "duSAPNameFirst",
|
|
93
|
-
"urn:mace:duke.edu:idms:sap:name-last": "duSAPNameLast",
|
|
94
90
|
"urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
|
|
95
91
|
}
|
|
96
92
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml_camel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 'Danai Adkisson '
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -87,8 +87,10 @@ files:
|
|
|
87
87
|
- app/jobs/saml_camel/application_job.rb
|
|
88
88
|
- app/mailers/saml_camel/application_mailer.rb
|
|
89
89
|
- app/models/saml_camel/application_record.rb
|
|
90
|
+
- app/models/saml_camel/logging.rb
|
|
90
91
|
- app/models/saml_camel/transaction.rb
|
|
91
92
|
- app/views/layouts/saml_camel/application.html.erb
|
|
93
|
+
- app/views/saml_camel/saml/attr_check.html.erb
|
|
92
94
|
- config/routes.rb
|
|
93
95
|
- lib/saml_camel.rb
|
|
94
96
|
- lib/saml_camel/engine.rb
|