sp-rails-saml 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +105 -18
- data/app/controllers/saml/saml_settings_base_controller.rb +12 -9
- data/app/controllers/saml/saml_settings_controller.rb +3 -3
- data/app/controllers/saml/sessions_base_controller.rb +3 -2
- data/app/controllers/saml/ssos_base_controller.rb +10 -9
- data/lib/generators/sp-rails-saml/config_generator.rb +8 -6
- data/lib/generators/sp-rails-saml/install_generator.rb +8 -6
- data/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb +3 -4
- data/lib/sp-rails-saml.rb +4 -2
- data/lib/sp-rails-saml/authnrequest.rb +6 -2
- data/lib/sp-rails-saml/metadata.rb +2 -2
- data/lib/sp-rails-saml/routes/routes_template.rb +3 -3
- data/lib/sp-rails-saml/saml_response.rb +12 -4
- data/lib/sp-rails-saml/settings.rb +17 -11
- data/lib/sp-rails-saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 374e185b6d4b9e22ecef4416b1a055aa654909183f30200f9f279975a092931f
|
|
4
|
+
data.tar.gz: c51814db83d99ed6df955fb96f3fb1ea8e028648670ef9ad98887c8ed07c900c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1627970cfb7b3627f29ac4b1939093bad85a1bd46169416066d054fec078f82dafdb75763dfdb48d8bfc2b132cd4a3757d5e01f75be48b3dfae1b3bb26092679
|
|
7
|
+
data.tar.gz: 6ef81eece0dbf54117a22838f132007610a4d3a7f82dd41f76c57db6dd3754921f3d271de1029dfba55308d434a7218fcfeb1655173957c679d88abfbea46113
|
data/README.md
CHANGED
|
@@ -1,12 +1,24 @@
|
|
|
1
|
-
|
|
1
|
+
<h1 align="center">
|
|
2
|
+
<br>
|
|
3
|
+
<img width=60% src="https://github.com/metaps/sp-rails-saml/blob/feature/Update_readme/media/logo.png"></p>
|
|
4
|
+
</h1>
|
|
2
5
|
|
|
3
|
-
|
|
6
|
+
<p align="center">
|
|
7
|
+
<br>
|
|
8
|
+
<img alt="Gem version" src="https://img.shields.io/gem/v/sp-rails-saml">
|
|
9
|
+
<img alt="Dependencies" src="https://img.shields.io/badge/dependencies-up%20to%20date-brightgreen.svg">
|
|
10
|
+
<img alt="Contributions welcome" src="https://img.shields.io/badge/contributions-welcome-orange.svg">
|
|
11
|
+
<img alt="License" src="https://img.shields.io/badge/license-MIT-blue.svg">
|
|
12
|
+
</p>
|
|
4
13
|
|
|
5
|
-
|
|
14
|
+
## :bulb: Introduction
|
|
6
15
|
|
|
7
|
-
|
|
16
|
+
sp-rails-saml is to be make onelogin ruby-saml easier to use in Ruby on Rails.
|
|
8
17
|
|
|
9
|
-
|
|
18
|
+
## :arrow_down: Installation
|
|
19
|
+
|
|
20
|
+
sp-rails-saml works with Rails 6.1 onwards.
|
|
21
|
+
Add the following line to your Gemfile:
|
|
10
22
|
|
|
11
23
|
```ruby
|
|
12
24
|
gem 'sp-rails-saml'
|
|
@@ -14,32 +26,107 @@ gem 'sp-rails-saml'
|
|
|
14
26
|
|
|
15
27
|
And then execute:
|
|
16
28
|
|
|
17
|
-
|
|
29
|
+
```
|
|
30
|
+
$ bundle install
|
|
31
|
+
```
|
|
18
32
|
|
|
19
33
|
Or install it yourself as:
|
|
20
34
|
|
|
21
|
-
|
|
35
|
+
```
|
|
36
|
+
$ gem install sp-rails-saml
|
|
37
|
+
```
|
|
22
38
|
|
|
23
|
-
##
|
|
39
|
+
## :wrench: Getting started
|
|
24
40
|
|
|
25
|
-
TODO: Write usage instructions here
|
|
26
41
|
|
|
27
|
-
|
|
42
|
+
### 1. Generate saml templates
|
|
28
43
|
|
|
29
|
-
|
|
44
|
+
You need to run the generator:
|
|
30
45
|
|
|
31
|
-
|
|
46
|
+
```
|
|
47
|
+
$ rails g sp_rails_saml:install {reference_table_name}
|
|
48
|
+
```
|
|
32
49
|
|
|
33
|
-
|
|
50
|
+
At this point, you need to write your account table name in `reference_table_name`.
|
|
51
|
+
This will generate the saml templates for controller, view, model, initializer, etc.
|
|
34
52
|
|
|
35
|
-
|
|
53
|
+
**Controller**
|
|
54
|
+
- [app/controllers/saml/sessions_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
|
|
55
|
+
- [app/controllers/saml/ssos_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
|
|
56
|
+
- [app/controllers/saml/saml_settings_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb)
|
|
36
57
|
|
|
58
|
+
**View**
|
|
59
|
+
- [app/views/saml/sessions/new.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb)
|
|
60
|
+
- [app/views/saml/saml_settings/show.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb)
|
|
61
|
+
- [app/views/saml/saml_settings/edit.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb)
|
|
37
62
|
|
|
38
|
-
|
|
63
|
+
**Model**
|
|
64
|
+
- [app/models/saml_setting.rb](https://github.com/metaps/sp-rails-saml/blob/develop/spec/fixtures/models/saml_setting.rb)
|
|
39
65
|
|
|
40
|
-
|
|
66
|
+
**Migration**
|
|
67
|
+
- [db/migrate/create_saml_settings](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb)
|
|
68
|
+
|
|
69
|
+
### 2. Add routing
|
|
41
70
|
|
|
42
|
-
|
|
71
|
+
To configure routings for above templates, just add the following line to your `config/routes.rb`:
|
|
43
72
|
|
|
44
|
-
|
|
73
|
+
```ruby
|
|
74
|
+
sp_rails_saml_routes
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
This routing method encompasses the following endpoints:
|
|
78
|
+
|
|
79
|
+
```
|
|
80
|
+
GET /saml/metadata/:id
|
|
81
|
+
POST /saml/sso/:id
|
|
82
|
+
|
|
83
|
+
GET /saml/sign_in
|
|
84
|
+
POST /saml/sign_in
|
|
85
|
+
|
|
86
|
+
GET /saml/saml_settings
|
|
87
|
+
GET /saml/saml_settings/edit
|
|
88
|
+
PATCH /saml/saml_settings
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### 3. Setting model associations
|
|
92
|
+
|
|
93
|
+
If you associate the reference table and the saml model, you need to add the follwing line to your reference model file:
|
|
94
|
+
|
|
95
|
+
```ruby
|
|
96
|
+
has_one :saml_setting, dependent: :destroy
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### 4. Migrate
|
|
100
|
+
|
|
101
|
+
You need to run migration command.
|
|
102
|
+
|
|
103
|
+
```
|
|
104
|
+
$ rails db:migrate
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
### 5. Add before action
|
|
108
|
+
You need to add the following line to your `SsosController` and `SessionController`:
|
|
109
|
+
|
|
110
|
+
```ruby
|
|
111
|
+
skip_before_action :authenticate_user!
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
### 6. Add SSO method to ApplicationController
|
|
115
|
+
|
|
116
|
+
You need to add the follwing line to your `ApplicationController`:
|
|
117
|
+
|
|
118
|
+
```ruby
|
|
119
|
+
def sign_in_with_saml(user)
|
|
120
|
+
sign_in(:user, user)
|
|
121
|
+
redirect_to root_path
|
|
122
|
+
end
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
### 7. Edit your saml credentials
|
|
126
|
+
|
|
127
|
+
Once the above process is complete, you can edit your saml credentials in `/saml/saml_settings/edit`.
|
|
128
|
+
|
|
129
|
+
## :page_facing_up: License
|
|
130
|
+
|
|
131
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
45
132
|
|
|
@@ -1,22 +1,25 @@
|
|
|
1
1
|
module Saml
|
|
2
2
|
# Controller to register saml by SP
|
|
3
3
|
class SamlSettingsBaseController < SamlBaseController
|
|
4
|
-
# GET /saml/
|
|
4
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
5
5
|
def show
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
setting = SpRailsSaml::Settings.instance
|
|
7
|
+
account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
|
|
8
|
+
@saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
|
|
8
9
|
end
|
|
9
10
|
|
|
10
|
-
# GET /saml/
|
|
11
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
|
|
11
12
|
def edit
|
|
12
|
-
|
|
13
|
-
|
|
13
|
+
setting = SpRailsSaml::Settings.instance
|
|
14
|
+
account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
|
|
15
|
+
@saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
|
|
14
16
|
end
|
|
15
17
|
|
|
16
|
-
# PATCH /saml/
|
|
18
|
+
# PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
17
19
|
def update
|
|
18
|
-
|
|
19
|
-
|
|
20
|
+
setting = SpRailsSaml::Settings.instance
|
|
21
|
+
account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
|
|
22
|
+
@saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
|
|
20
23
|
|
|
21
24
|
@saml_setting.assign_attributes(saml_setting_params)
|
|
22
25
|
|
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
module Saml
|
|
2
2
|
# Controller to register saml by SP
|
|
3
3
|
class SamlSettingsController < SamlSettingsBaseController
|
|
4
|
-
# GET /saml/
|
|
4
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
5
5
|
# def show
|
|
6
6
|
# super
|
|
7
7
|
# end
|
|
8
8
|
|
|
9
|
-
# GET /saml/
|
|
9
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
|
|
10
10
|
# def edit
|
|
11
11
|
# super
|
|
12
12
|
# end
|
|
13
13
|
|
|
14
|
-
# PATCH /saml/
|
|
14
|
+
# PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
15
15
|
# def update
|
|
16
16
|
# super
|
|
17
17
|
# end
|
|
@@ -7,8 +7,9 @@ module Saml
|
|
|
7
7
|
|
|
8
8
|
# POST /saml/sign_in
|
|
9
9
|
def create
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
setting = SpRailsSaml::Settings.instance
|
|
11
|
+
user = setting.user_class.find_by!(setting.user_find_key => params[:email])
|
|
12
|
+
account = user.send(setting.account_class.to_s.downcase.to_sym)
|
|
12
13
|
|
|
13
14
|
raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
|
|
14
15
|
|
|
@@ -6,26 +6,27 @@ module Saml
|
|
|
6
6
|
|
|
7
7
|
# POST /saml/metadata/:id
|
|
8
8
|
def consume
|
|
9
|
-
|
|
9
|
+
setting = SpRailsSaml::Settings.instance
|
|
10
|
+
account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
|
|
10
11
|
|
|
11
12
|
raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
|
|
12
13
|
|
|
13
14
|
saml_setting = account.saml_setting
|
|
14
15
|
saml_response = SpRailsSaml::SamlResponse.new(params[:SAMLResponse], saml_setting)
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
user = SpRailsSaml::Settings.user_class.find_by(email: saml_response.name_id)
|
|
18
|
-
raise LoginUserNotFound if user.blank?
|
|
17
|
+
raise SpRailsSaml::SamlResponseInvalid, saml_response.errors unless saml_response.valid?
|
|
19
18
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
user = setting.user_class.find_by(setting.saml_response_user_find_key => saml_response.name_id)
|
|
20
|
+
|
|
21
|
+
raise SpRailsSaml::LoginUserNotFound if user.blank?
|
|
22
|
+
|
|
23
|
+
sign_in_with_saml(user)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
# GET /saml/metadata/:id
|
|
27
27
|
def metadata
|
|
28
|
-
|
|
28
|
+
setting = SpRailsSaml::Settings.instance
|
|
29
|
+
account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
|
|
29
30
|
metadata = SpRailsSaml::Metadata.new(account: account)
|
|
30
31
|
render xml: metadata.generate
|
|
31
32
|
end
|
|
@@ -14,12 +14,14 @@ module SpRailsSaml
|
|
|
14
14
|
|
|
15
15
|
def default_initializer
|
|
16
16
|
<<~RUBY
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
17
|
+
Rails.configuration.to_prepare do
|
|
18
|
+
SpRailsSaml::Settings.setup do |config|
|
|
19
|
+
config.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
|
20
|
+
config.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
|
21
|
+
config.authn_context_comparison = 'exact'
|
|
22
|
+
config.user_class = User
|
|
23
|
+
config.account_class = Account
|
|
24
|
+
end
|
|
23
25
|
end
|
|
24
26
|
RUBY
|
|
25
27
|
end
|
|
@@ -22,12 +22,14 @@ module SpRailsSaml
|
|
|
22
22
|
|
|
23
23
|
def default_initializer
|
|
24
24
|
<<~RUBY
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
25
|
+
Rails.configuration.to_prepare do
|
|
26
|
+
SpRailsSaml::Settings.setup do |config|
|
|
27
|
+
config.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
|
28
|
+
config.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
|
29
|
+
config.authn_context_comparison = 'exact'
|
|
30
|
+
config.user_class = User
|
|
31
|
+
config.account_class = Account
|
|
32
|
+
end
|
|
31
33
|
end
|
|
32
34
|
RUBY
|
|
33
35
|
end
|
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
module Saml
|
|
2
2
|
# Controller to register saml by SP
|
|
3
|
-
#
|
|
4
3
|
class SamlSettingsController < SamlSettingsBaseController
|
|
5
|
-
# GET /saml/
|
|
4
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
6
5
|
# def show
|
|
7
6
|
# super
|
|
8
7
|
# end
|
|
9
8
|
|
|
10
|
-
# GET /saml/
|
|
9
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
|
|
11
10
|
# def edit
|
|
12
11
|
# super
|
|
13
12
|
# end
|
|
14
13
|
|
|
15
|
-
# PATCH /saml/
|
|
14
|
+
# PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
16
15
|
# def update
|
|
17
16
|
# super
|
|
18
17
|
# end
|
data/lib/sp-rails-saml.rb
CHANGED
|
@@ -14,10 +14,12 @@ module SpRailsSaml
|
|
|
14
14
|
|
|
15
15
|
class SettingValidationError < Error; end
|
|
16
16
|
|
|
17
|
-
class MultiSetupError < Error; end
|
|
18
|
-
|
|
19
17
|
class SamlLoginForbidden < Error; end
|
|
20
18
|
|
|
19
|
+
class LoginUserNotFound < Error; end
|
|
20
|
+
|
|
21
|
+
class SamlResponseInvalid < Error; end
|
|
22
|
+
|
|
21
23
|
autoload :Authnrequest, File.expand_path('./sp-rails-saml/authnrequest', __dir__)
|
|
22
24
|
autoload :SamlResponse, File.expand_path('./sp-rails-saml/saml_response', __dir__)
|
|
23
25
|
autoload :Metadata, File.expand_path('./sp-rails-saml/metadata', __dir__)
|
|
@@ -26,8 +26,12 @@ module SpRailsSaml
|
|
|
26
26
|
|
|
27
27
|
sp_rails_saml_setting = SpRailsSaml::Settings.instance
|
|
28
28
|
|
|
29
|
-
settings.assertion_consumer_service_url =
|
|
30
|
-
|
|
29
|
+
settings.assertion_consumer_service_url = saml_sp_consume_url(
|
|
30
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
31
|
+
)
|
|
32
|
+
settings.sp_entity_id = saml_sp_metadata_url(
|
|
33
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
34
|
+
)
|
|
31
35
|
settings.name_identifier_format = sp_rails_saml_setting.name_identifier_format
|
|
32
36
|
settings.authn_context = sp_rails_saml_setting.authn_context
|
|
33
37
|
settings.authn_context_comparison = sp_rails_saml_setting.authn_context_comparison
|
|
@@ -30,8 +30,8 @@ module SpRailsSaml
|
|
|
30
30
|
|
|
31
31
|
sp_rails_saml_setting = SpRailsSaml::Settings.instance
|
|
32
32
|
|
|
33
|
-
settings.assertion_consumer_service_url =
|
|
34
|
-
settings.sp_entity_id =
|
|
33
|
+
settings.assertion_consumer_service_url = saml_sp_consume_url(@account.send(sp_rails_saml_setting.account_find_key))
|
|
34
|
+
settings.sp_entity_id = saml_sp_metadata_url(@account.send(sp_rails_saml_setting.account_find_key))
|
|
35
35
|
settings.name_identifier_format = sp_rails_saml_setting.name_identifier_format
|
|
36
36
|
settings.security[:want_assertions_signed] =
|
|
37
37
|
SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
|
|
@@ -5,12 +5,12 @@ namespace :saml do
|
|
|
5
5
|
|
|
6
6
|
unless @sso_only
|
|
7
7
|
# Saml settings for SP
|
|
8
|
-
resources SpRailsSaml::Settings.account_class.to_s.downcase.to_sym, only: [] do
|
|
8
|
+
resources SpRailsSaml::Settings.instance.account_class.to_s.downcase.to_sym, only: [], param: SpRailsSaml::Settings.instance.account_find_key do
|
|
9
9
|
resource :saml_settings, only: %i[show edit update]
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
# SSO
|
|
14
|
-
post
|
|
15
|
-
get
|
|
14
|
+
post "sp/consume/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#consume', as: :sp_consume
|
|
15
|
+
get "sp/metadata/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#metadata', as: :sp_metadata
|
|
16
16
|
end
|
|
@@ -22,7 +22,8 @@ module SpRailsSaml
|
|
|
22
22
|
@saml_response,
|
|
23
23
|
settings: ruby_saml_settings,
|
|
24
24
|
skip_subject_confirmation: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_subject_confirmation],
|
|
25
|
-
skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions]
|
|
25
|
+
skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions],
|
|
26
|
+
skip_destination: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_destination]
|
|
26
27
|
)
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -45,7 +46,8 @@ module SpRailsSaml
|
|
|
45
46
|
private
|
|
46
47
|
|
|
47
48
|
def required_value_is_set?
|
|
48
|
-
|
|
49
|
+
# ruby-samlの仕様上、idp_entity_idが空だとissuer = idp_entity_idの検証が行われないため、idp_entity_idがblankの検証は必須
|
|
50
|
+
@saml_setting.idp_cert.present? && @saml_setting.idp_entity_id.present?
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
def ruby_saml_settings
|
|
@@ -55,11 +57,17 @@ module SpRailsSaml
|
|
|
55
57
|
|
|
56
58
|
sp_rails_saml_setting = SpRailsSaml::Settings.instance
|
|
57
59
|
|
|
58
|
-
settings.assertion_consumer_service_url
|
|
59
|
-
|
|
60
|
+
settings.assertion_consumer_service_url = saml_sp_consume_url(
|
|
61
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
62
|
+
)
|
|
63
|
+
settings.sp_entity_id = saml_sp_metadata_url(
|
|
64
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
65
|
+
)
|
|
60
66
|
settings.idp_cert = @saml_setting.idp_cert
|
|
67
|
+
settings.idp_entity_id = @saml_setting.idp_entity_id
|
|
61
68
|
settings.security[:want_assertions_signed] =
|
|
62
69
|
SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
|
|
70
|
+
|
|
63
71
|
settings
|
|
64
72
|
end
|
|
65
73
|
end
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
require 'singleton'
|
|
2
2
|
|
|
3
|
-
# rubocop:disable Style/ClassVars
|
|
4
3
|
module SpRailsSaml
|
|
5
4
|
# SAML2 settings for initializer.
|
|
6
5
|
#
|
|
@@ -11,27 +10,33 @@ module SpRailsSaml
|
|
|
11
10
|
compress_request: true,
|
|
12
11
|
skip_subject_confirmation: true,
|
|
13
12
|
skip_conditions: true,
|
|
14
|
-
|
|
13
|
+
skip_destination: false,
|
|
14
|
+
want_assertions_signed: true,
|
|
15
|
+
account_find_key: :id,
|
|
16
|
+
user_find_key: :email,
|
|
17
|
+
saml_response_user_find_key: :email
|
|
15
18
|
}.freeze
|
|
16
19
|
|
|
17
20
|
attr_reader :name_identifier_format,
|
|
18
21
|
:authn_context,
|
|
19
22
|
:authn_context_comparison,
|
|
20
23
|
:user_class,
|
|
21
|
-
:account_class
|
|
22
|
-
|
|
23
|
-
|
|
24
|
+
:account_class,
|
|
25
|
+
:user_find_key,
|
|
26
|
+
:account_find_key,
|
|
27
|
+
:saml_response_user_find_key
|
|
24
28
|
|
|
25
29
|
class << self
|
|
26
30
|
attr_accessor :name_identifier_format,
|
|
27
31
|
:authn_context,
|
|
28
32
|
:authn_context_comparison,
|
|
29
33
|
:user_class,
|
|
30
|
-
:account_class
|
|
34
|
+
:account_class,
|
|
35
|
+
:user_find_key,
|
|
36
|
+
:account_find_key,
|
|
37
|
+
:saml_response_user_find_key
|
|
31
38
|
|
|
32
39
|
def setup
|
|
33
|
-
raise SpRailsSaml::MultiSetupError if @@setuped
|
|
34
|
-
|
|
35
40
|
yield self
|
|
36
41
|
|
|
37
42
|
setting = SpRailsSaml::Settings.instance
|
|
@@ -41,10 +46,11 @@ module SpRailsSaml
|
|
|
41
46
|
setting.instance_variable_set(:@authn_context_comparison, SpRailsSaml::Settings.authn_context_comparison)
|
|
42
47
|
setting.instance_variable_set(:@user_class, SpRailsSaml::Settings.user_class)
|
|
43
48
|
setting.instance_variable_set(:@account_class, SpRailsSaml::Settings.account_class)
|
|
44
|
-
|
|
45
|
-
|
|
49
|
+
setting.instance_variable_set(:@user_find_key, SpRailsSaml::Settings.user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:user_find_key])
|
|
50
|
+
setting.instance_variable_set(:@account_find_key, SpRailsSaml::Settings.account_find_key || RUBY_SAML_DEFAULT_SETTINGS[:account_find_key])
|
|
51
|
+
setting.instance_variable_set(:@saml_response_user_find_key,
|
|
52
|
+
SpRailsSaml::Settings.saml_response_user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:saml_response_user_find_key])
|
|
46
53
|
end
|
|
47
54
|
end
|
|
48
55
|
end
|
|
49
56
|
end
|
|
50
|
-
# rubocop:enable Style/ClassVars
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sp-rails-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- psyashes
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-06
|
|
12
|
+
date: 2021-07-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: ruby-saml
|