saml_camel 0.1.5 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ce19d32b4ed9a740fc2af74f8ee5153b1605c6b7
|
4
|
+
data.tar.gz: 8c239788aca69ceefe788cc2112525160fe35d86
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f8a289587609b90ded6d97d4d878d23c9f6f382b8870d45ae69f1fd694f0679dc132fd86dc0bdd2b379da3e7574272ad969a6e3ec86ba1ac6dc7a1d7ced2ee26
|
7
|
+
data.tar.gz: 7a6aa2ebb91f906ac537e6e2204fd17d3ce1add3f95555e0dd80194b1b77f8b35a5fbf07f08d4cd19d617cf118637780e4c6a368ed707cb29ea608f143d07093
|
data/README.md
CHANGED
@@ -14,24 +14,25 @@ $ bundle
|
|
14
14
|
|
15
15
|
|
16
16
|
## Usage
|
17
|
-
### IMPORTANT!
|
17
|
+
### IMPORTANT: This step enables security features and is required to use the gem!
|
18
18
|
1. in your environments config (`config/development.rb` for example) ensure that you have caching configured as follows
|
19
|
+
**note** use ths cache_store most appropriate for your situation. It may make more sense to use a file store, or a redis server
|
19
20
|
```ruby
|
20
21
|
config.action_controller.perform_caching = true
|
21
22
|
config.cache_store = :memory_store
|
22
23
|
```
|
23
24
|
|
24
|
-
1. run `rake saml_camel:generate_saml` to generate metadata files for each environment. you can also specify a
|
25
|
+
1. run `rake saml_camel:generate_saml` to generate metadata files for each environment. you can also specify a custom environment like this `rake saml_camel:generate_saml environment=acceptance`
|
25
26
|
|
26
|
-
**Note: these steps will use development as an example, if you use
|
27
|
+
**Note: these steps will use development as an example, if you use separate metadata per environment, you will repeat each step for your chosen environment**
|
27
28
|
|
28
29
|
2. from the root of your app open `saml/development/settings.json` and specify an entity ID of your choice. this is a unique identifier used by the
|
29
|
-
Identity Provider(idp) to recognize your app. Typically it should take the form of a url, however note that it is just an identifier and does not have to
|
30
|
+
Identity Provider(idp) to recognize your app. Typically it should take the form of a url, however note that it is just an identifier and does not have to resolve (e.g. https://my-app-name/not/a/real/route)
|
30
31
|
|
31
|
-
3. Go to https://
|
32
|
+
3. Go to https://authentication.oit.duke.edu/manager/register/sp and register your metadata with the identity provider. You will need the values from `saml/development/settings.json` in addition to the `saml/development/saml_certificate.crt`
|
32
33
|
|
33
34
|
- copy the entity_id you chose in the `settings.json` file and paste it into the "Entity Field"
|
34
|
-
- fill out functional purpose, responsible dept, function owner dept, and audience with information
|
35
|
+
- fill out functional purpose, responsible dept, function owner dept, and audience with information relevant to your application
|
35
36
|
- copy the cert from `saml/development/saml_certificate.crt` and paste it into the Certificate Field
|
36
37
|
- copy the acs value and paste it into the Location field in the Assertion Consumer Service box
|
37
38
|
- note that the default host value for ACS is `http://locahost:3000` which is the default `rails s` host. If you're using a differnet host (such as in production or using docker) you will want to replace the host value with what is relevent for your situation(*e.g. https://my-app.duke.edu/saml/consumeSaml*), but keep the path `/saml/consumeSaml`
|
@@ -41,15 +42,8 @@ Identity Provider(idp) to recognize your app. Typically it should take the form
|
|
41
42
|
mount SamlCamel::Engine, at: "/saml"
|
42
43
|
```
|
43
44
|
|
44
|
-
5. include saml helpers in `app/controllers/application_controller.rb`
|
45
|
-
```ruby
|
46
|
-
class ApplicationController < ActionController::Base
|
47
|
-
include SamlCamel::SamlHelpers
|
48
|
-
end
|
49
|
-
```
|
50
|
-
|
51
|
-
6. now simply provide the `saml protect` method in your controllers (via `before_action`) to protect paths
|
52
45
|
|
46
|
+
6. now simply provide the `saml_protect` method in your controllers (via `before_action`) to protect paths
|
53
47
|
```ruby
|
54
48
|
class DashboardController < ApplicationController
|
55
49
|
before_action :saml_protect, except: [:home]
|
@@ -68,7 +62,7 @@ end
|
|
68
62
|
|
69
63
|
7. response attributes found in `session[:saml_attributes]`
|
70
64
|
|
71
|
-
8. It is recommended to set
|
65
|
+
8. It is recommended to set `config.force_ssl = true` in the `config/environments/production.rb` file for security
|
72
66
|
|
73
67
|
|
74
68
|
9. Logging is turned on by default. Logging is configured in `saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
|
@@ -19,8 +19,10 @@ module SamlCamel
|
|
19
19
|
permit_key = session[:session_id].to_sym
|
20
20
|
redirect_path = Rails.cache.fetch(permit_key)[:redirect_url]
|
21
21
|
Rails.cache.delete(permit_key) #we no longer need cache at this stage
|
22
|
+
|
22
23
|
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
|
23
24
|
response.settings = saml_settings
|
25
|
+
|
24
26
|
if response.is_valid? # validate the SAML Response
|
25
27
|
# authorize_success, log the user
|
26
28
|
session[:saml_success] = true
|
@@ -29,7 +31,7 @@ module SamlCamel
|
|
29
31
|
session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
|
30
32
|
SamlCamel::Logging.successfull_auth(session[:saml_attributes])
|
31
33
|
|
32
|
-
|
34
|
+
|
33
35
|
redirect_to redirect_path
|
34
36
|
else # otherwise list out the errors in the response
|
35
37
|
permit_key = session[:session_id].to_sym
|
@@ -39,7 +41,7 @@ module SamlCamel
|
|
39
41
|
response.errors
|
40
42
|
SamlCamel::Logging.auth_failure(response.errors)
|
41
43
|
|
42
|
-
redirect_to
|
44
|
+
redirect_to action: "failure", locals:{errors: response.errors}
|
43
45
|
end
|
44
46
|
rescue => e
|
45
47
|
permit_key = session[:session_id].to_sym
|
data/lib/saml_camel/engine.rb
CHANGED
data/lib/saml_camel/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml_camel
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 'Danai Adkisson '
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-04-
|
11
|
+
date: 2018-04-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|