sp-rails-saml 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +105 -18
- data/app/controllers/saml/saml_settings_base_controller.rb +12 -9
- data/app/controllers/saml/saml_settings_controller.rb +3 -3
- data/app/controllers/saml/sessions_base_controller.rb +3 -2
- data/app/controllers/saml/ssos_base_controller.rb +10 -9
- data/lib/generators/sp-rails-saml/config_generator.rb +8 -6
- data/lib/generators/sp-rails-saml/install_generator.rb +8 -6
- data/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb +3 -4
- data/lib/sp-rails-saml.rb +4 -2
- data/lib/sp-rails-saml/authnrequest.rb +6 -2
- data/lib/sp-rails-saml/metadata.rb +2 -2
- data/lib/sp-rails-saml/routes/routes_template.rb +3 -3
- data/lib/sp-rails-saml/saml_response.rb +12 -4
- data/lib/sp-rails-saml/settings.rb +17 -11
- data/lib/sp-rails-saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 374e185b6d4b9e22ecef4416b1a055aa654909183f30200f9f279975a092931f
|
|
4
|
+
data.tar.gz: c51814db83d99ed6df955fb96f3fb1ea8e028648670ef9ad98887c8ed07c900c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1627970cfb7b3627f29ac4b1939093bad85a1bd46169416066d054fec078f82dafdb75763dfdb48d8bfc2b132cd4a3757d5e01f75be48b3dfae1b3bb26092679
|
|
7
|
+
data.tar.gz: 6ef81eece0dbf54117a22838f132007610a4d3a7f82dd41f76c57db6dd3754921f3d271de1029dfba55308d434a7218fcfeb1655173957c679d88abfbea46113
|
data/README.md
CHANGED
|
@@ -1,12 +1,24 @@
|
|
|
1
|
-
|
|
1
|
+
<h1 align="center">
|
|
2
|
+
<br>
|
|
3
|
+
<img width=60% src="https://github.com/metaps/sp-rails-saml/blob/feature/Update_readme/media/logo.png"></p>
|
|
4
|
+
</h1>
|
|
2
5
|
|
|
3
|
-
|
|
6
|
+
<p align="center">
|
|
7
|
+
<br>
|
|
8
|
+
<img alt="Gem version" src="https://img.shields.io/gem/v/sp-rails-saml">
|
|
9
|
+
<img alt="Dependencies" src="https://img.shields.io/badge/dependencies-up%20to%20date-brightgreen.svg">
|
|
10
|
+
<img alt="Contributions welcome" src="https://img.shields.io/badge/contributions-welcome-orange.svg">
|
|
11
|
+
<img alt="License" src="https://img.shields.io/badge/license-MIT-blue.svg">
|
|
12
|
+
</p>
|
|
4
13
|
|
|
5
|
-
|
|
14
|
+
## :bulb: Introduction
|
|
6
15
|
|
|
7
|
-
|
|
16
|
+
sp-rails-saml is to be make onelogin ruby-saml easier to use in Ruby on Rails.
|
|
8
17
|
|
|
9
|
-
|
|
18
|
+
## :arrow_down: Installation
|
|
19
|
+
|
|
20
|
+
sp-rails-saml works with Rails 6.1 onwards.
|
|
21
|
+
Add the following line to your Gemfile:
|
|
10
22
|
|
|
11
23
|
```ruby
|
|
12
24
|
gem 'sp-rails-saml'
|
|
@@ -14,32 +26,107 @@ gem 'sp-rails-saml'
|
|
|
14
26
|
|
|
15
27
|
And then execute:
|
|
16
28
|
|
|
17
|
-
|
|
29
|
+
```
|
|
30
|
+
$ bundle install
|
|
31
|
+
```
|
|
18
32
|
|
|
19
33
|
Or install it yourself as:
|
|
20
34
|
|
|
21
|
-
|
|
35
|
+
```
|
|
36
|
+
$ gem install sp-rails-saml
|
|
37
|
+
```
|
|
22
38
|
|
|
23
|
-
##
|
|
39
|
+
## :wrench: Getting started
|
|
24
40
|
|
|
25
|
-
TODO: Write usage instructions here
|
|
26
41
|
|
|
27
|
-
|
|
42
|
+
### 1. Generate saml templates
|
|
28
43
|
|
|
29
|
-
|
|
44
|
+
You need to run the generator:
|
|
30
45
|
|
|
31
|
-
|
|
46
|
+
```
|
|
47
|
+
$ rails g sp_rails_saml:install {reference_table_name}
|
|
48
|
+
```
|
|
32
49
|
|
|
33
|
-
|
|
50
|
+
At this point, you need to write your account table name in `reference_table_name`.
|
|
51
|
+
This will generate the saml templates for controller, view, model, initializer, etc.
|
|
34
52
|
|
|
35
|
-
|
|
53
|
+
**Controller**
|
|
54
|
+
- [app/controllers/saml/sessions_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
|
|
55
|
+
- [app/controllers/saml/ssos_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
|
|
56
|
+
- [app/controllers/saml/saml_settings_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb)
|
|
36
57
|
|
|
58
|
+
**View**
|
|
59
|
+
- [app/views/saml/sessions/new.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb)
|
|
60
|
+
- [app/views/saml/saml_settings/show.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb)
|
|
61
|
+
- [app/views/saml/saml_settings/edit.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb)
|
|
37
62
|
|
|
38
|
-
|
|
63
|
+
**Model**
|
|
64
|
+
- [app/models/saml_setting.rb](https://github.com/metaps/sp-rails-saml/blob/develop/spec/fixtures/models/saml_setting.rb)
|
|
39
65
|
|
|
40
|
-
|
|
66
|
+
**Migration**
|
|
67
|
+
- [db/migrate/create_saml_settings](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb)
|
|
68
|
+
|
|
69
|
+
### 2. Add routing
|
|
41
70
|
|
|
42
|
-
|
|
71
|
+
To configure routings for above templates, just add the following line to your `config/routes.rb`:
|
|
43
72
|
|
|
44
|
-
|
|
73
|
+
```ruby
|
|
74
|
+
sp_rails_saml_routes
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
This routing method encompasses the following endpoints:
|
|
78
|
+
|
|
79
|
+
```
|
|
80
|
+
GET /saml/metadata/:id
|
|
81
|
+
POST /saml/sso/:id
|
|
82
|
+
|
|
83
|
+
GET /saml/sign_in
|
|
84
|
+
POST /saml/sign_in
|
|
85
|
+
|
|
86
|
+
GET /saml/saml_settings
|
|
87
|
+
GET /saml/saml_settings/edit
|
|
88
|
+
PATCH /saml/saml_settings
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### 3. Setting model associations
|
|
92
|
+
|
|
93
|
+
If you associate the reference table and the saml model, you need to add the follwing line to your reference model file:
|
|
94
|
+
|
|
95
|
+
```ruby
|
|
96
|
+
has_one :saml_setting, dependent: :destroy
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### 4. Migrate
|
|
100
|
+
|
|
101
|
+
You need to run migration command.
|
|
102
|
+
|
|
103
|
+
```
|
|
104
|
+
$ rails db:migrate
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
### 5. Add before action
|
|
108
|
+
You need to add the following line to your `SsosController` and `SessionController`:
|
|
109
|
+
|
|
110
|
+
```ruby
|
|
111
|
+
skip_before_action :authenticate_user!
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
### 6. Add SSO method to ApplicationController
|
|
115
|
+
|
|
116
|
+
You need to add the follwing line to your `ApplicationController`:
|
|
117
|
+
|
|
118
|
+
```ruby
|
|
119
|
+
def sign_in_with_saml(user)
|
|
120
|
+
sign_in(:user, user)
|
|
121
|
+
redirect_to root_path
|
|
122
|
+
end
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
### 7. Edit your saml credentials
|
|
126
|
+
|
|
127
|
+
Once the above process is complete, you can edit your saml credentials in `/saml/saml_settings/edit`.
|
|
128
|
+
|
|
129
|
+
## :page_facing_up: License
|
|
130
|
+
|
|
131
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
45
132
|
|
|
@@ -1,22 +1,25 @@
|
|
|
1
1
|
module Saml
|
|
2
2
|
# Controller to register saml by SP
|
|
3
3
|
class SamlSettingsBaseController < SamlBaseController
|
|
4
|
-
# GET /saml/
|
|
4
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
5
5
|
def show
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
setting = SpRailsSaml::Settings.instance
|
|
7
|
+
account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
|
|
8
|
+
@saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
|
|
8
9
|
end
|
|
9
10
|
|
|
10
|
-
# GET /saml/
|
|
11
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
|
|
11
12
|
def edit
|
|
12
|
-
|
|
13
|
-
|
|
13
|
+
setting = SpRailsSaml::Settings.instance
|
|
14
|
+
account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
|
|
15
|
+
@saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
|
|
14
16
|
end
|
|
15
17
|
|
|
16
|
-
# PATCH /saml/
|
|
18
|
+
# PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
17
19
|
def update
|
|
18
|
-
|
|
19
|
-
|
|
20
|
+
setting = SpRailsSaml::Settings.instance
|
|
21
|
+
account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
|
|
22
|
+
@saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
|
|
20
23
|
|
|
21
24
|
@saml_setting.assign_attributes(saml_setting_params)
|
|
22
25
|
|
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
module Saml
|
|
2
2
|
# Controller to register saml by SP
|
|
3
3
|
class SamlSettingsController < SamlSettingsBaseController
|
|
4
|
-
# GET /saml/
|
|
4
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
5
5
|
# def show
|
|
6
6
|
# super
|
|
7
7
|
# end
|
|
8
8
|
|
|
9
|
-
# GET /saml/
|
|
9
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
|
|
10
10
|
# def edit
|
|
11
11
|
# super
|
|
12
12
|
# end
|
|
13
13
|
|
|
14
|
-
# PATCH /saml/
|
|
14
|
+
# PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
15
15
|
# def update
|
|
16
16
|
# super
|
|
17
17
|
# end
|
|
@@ -7,8 +7,9 @@ module Saml
|
|
|
7
7
|
|
|
8
8
|
# POST /saml/sign_in
|
|
9
9
|
def create
|
|
10
|
-
|
|
11
|
-
|
|
10
|
+
setting = SpRailsSaml::Settings.instance
|
|
11
|
+
user = setting.user_class.find_by!(setting.user_find_key => params[:email])
|
|
12
|
+
account = user.send(setting.account_class.to_s.downcase.to_sym)
|
|
12
13
|
|
|
13
14
|
raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
|
|
14
15
|
|
|
@@ -6,26 +6,27 @@ module Saml
|
|
|
6
6
|
|
|
7
7
|
# POST /saml/metadata/:id
|
|
8
8
|
def consume
|
|
9
|
-
|
|
9
|
+
setting = SpRailsSaml::Settings.instance
|
|
10
|
+
account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
|
|
10
11
|
|
|
11
12
|
raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
|
|
12
13
|
|
|
13
14
|
saml_setting = account.saml_setting
|
|
14
15
|
saml_response = SpRailsSaml::SamlResponse.new(params[:SAMLResponse], saml_setting)
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
user = SpRailsSaml::Settings.user_class.find_by(email: saml_response.name_id)
|
|
18
|
-
raise LoginUserNotFound if user.blank?
|
|
17
|
+
raise SpRailsSaml::SamlResponseInvalid, saml_response.errors unless saml_response.valid?
|
|
19
18
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
user = setting.user_class.find_by(setting.saml_response_user_find_key => saml_response.name_id)
|
|
20
|
+
|
|
21
|
+
raise SpRailsSaml::LoginUserNotFound if user.blank?
|
|
22
|
+
|
|
23
|
+
sign_in_with_saml(user)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
# GET /saml/metadata/:id
|
|
27
27
|
def metadata
|
|
28
|
-
|
|
28
|
+
setting = SpRailsSaml::Settings.instance
|
|
29
|
+
account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
|
|
29
30
|
metadata = SpRailsSaml::Metadata.new(account: account)
|
|
30
31
|
render xml: metadata.generate
|
|
31
32
|
end
|
|
@@ -14,12 +14,14 @@ module SpRailsSaml
|
|
|
14
14
|
|
|
15
15
|
def default_initializer
|
|
16
16
|
<<~RUBY
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
17
|
+
Rails.configuration.to_prepare do
|
|
18
|
+
SpRailsSaml::Settings.setup do |config|
|
|
19
|
+
config.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
|
20
|
+
config.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
|
21
|
+
config.authn_context_comparison = 'exact'
|
|
22
|
+
config.user_class = User
|
|
23
|
+
config.account_class = Account
|
|
24
|
+
end
|
|
23
25
|
end
|
|
24
26
|
RUBY
|
|
25
27
|
end
|
|
@@ -22,12 +22,14 @@ module SpRailsSaml
|
|
|
22
22
|
|
|
23
23
|
def default_initializer
|
|
24
24
|
<<~RUBY
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
25
|
+
Rails.configuration.to_prepare do
|
|
26
|
+
SpRailsSaml::Settings.setup do |config|
|
|
27
|
+
config.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
|
28
|
+
config.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
|
29
|
+
config.authn_context_comparison = 'exact'
|
|
30
|
+
config.user_class = User
|
|
31
|
+
config.account_class = Account
|
|
32
|
+
end
|
|
31
33
|
end
|
|
32
34
|
RUBY
|
|
33
35
|
end
|
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
module Saml
|
|
2
2
|
# Controller to register saml by SP
|
|
3
|
-
#
|
|
4
3
|
class SamlSettingsController < SamlSettingsBaseController
|
|
5
|
-
# GET /saml/
|
|
4
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
6
5
|
# def show
|
|
7
6
|
# super
|
|
8
7
|
# end
|
|
9
8
|
|
|
10
|
-
# GET /saml/
|
|
9
|
+
# GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
|
|
11
10
|
# def edit
|
|
12
11
|
# super
|
|
13
12
|
# end
|
|
14
13
|
|
|
15
|
-
# PATCH /saml/
|
|
14
|
+
# PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
|
|
16
15
|
# def update
|
|
17
16
|
# super
|
|
18
17
|
# end
|
data/lib/sp-rails-saml.rb
CHANGED
|
@@ -14,10 +14,12 @@ module SpRailsSaml
|
|
|
14
14
|
|
|
15
15
|
class SettingValidationError < Error; end
|
|
16
16
|
|
|
17
|
-
class MultiSetupError < Error; end
|
|
18
|
-
|
|
19
17
|
class SamlLoginForbidden < Error; end
|
|
20
18
|
|
|
19
|
+
class LoginUserNotFound < Error; end
|
|
20
|
+
|
|
21
|
+
class SamlResponseInvalid < Error; end
|
|
22
|
+
|
|
21
23
|
autoload :Authnrequest, File.expand_path('./sp-rails-saml/authnrequest', __dir__)
|
|
22
24
|
autoload :SamlResponse, File.expand_path('./sp-rails-saml/saml_response', __dir__)
|
|
23
25
|
autoload :Metadata, File.expand_path('./sp-rails-saml/metadata', __dir__)
|
|
@@ -26,8 +26,12 @@ module SpRailsSaml
|
|
|
26
26
|
|
|
27
27
|
sp_rails_saml_setting = SpRailsSaml::Settings.instance
|
|
28
28
|
|
|
29
|
-
settings.assertion_consumer_service_url =
|
|
30
|
-
|
|
29
|
+
settings.assertion_consumer_service_url = saml_sp_consume_url(
|
|
30
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
31
|
+
)
|
|
32
|
+
settings.sp_entity_id = saml_sp_metadata_url(
|
|
33
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
34
|
+
)
|
|
31
35
|
settings.name_identifier_format = sp_rails_saml_setting.name_identifier_format
|
|
32
36
|
settings.authn_context = sp_rails_saml_setting.authn_context
|
|
33
37
|
settings.authn_context_comparison = sp_rails_saml_setting.authn_context_comparison
|
|
@@ -30,8 +30,8 @@ module SpRailsSaml
|
|
|
30
30
|
|
|
31
31
|
sp_rails_saml_setting = SpRailsSaml::Settings.instance
|
|
32
32
|
|
|
33
|
-
settings.assertion_consumer_service_url =
|
|
34
|
-
settings.sp_entity_id =
|
|
33
|
+
settings.assertion_consumer_service_url = saml_sp_consume_url(@account.send(sp_rails_saml_setting.account_find_key))
|
|
34
|
+
settings.sp_entity_id = saml_sp_metadata_url(@account.send(sp_rails_saml_setting.account_find_key))
|
|
35
35
|
settings.name_identifier_format = sp_rails_saml_setting.name_identifier_format
|
|
36
36
|
settings.security[:want_assertions_signed] =
|
|
37
37
|
SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
|
|
@@ -5,12 +5,12 @@ namespace :saml do
|
|
|
5
5
|
|
|
6
6
|
unless @sso_only
|
|
7
7
|
# Saml settings for SP
|
|
8
|
-
resources SpRailsSaml::Settings.account_class.to_s.downcase.to_sym, only: [] do
|
|
8
|
+
resources SpRailsSaml::Settings.instance.account_class.to_s.downcase.to_sym, only: [], param: SpRailsSaml::Settings.instance.account_find_key do
|
|
9
9
|
resource :saml_settings, only: %i[show edit update]
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
# SSO
|
|
14
|
-
post
|
|
15
|
-
get
|
|
14
|
+
post "sp/consume/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#consume', as: :sp_consume
|
|
15
|
+
get "sp/metadata/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#metadata', as: :sp_metadata
|
|
16
16
|
end
|
|
@@ -22,7 +22,8 @@ module SpRailsSaml
|
|
|
22
22
|
@saml_response,
|
|
23
23
|
settings: ruby_saml_settings,
|
|
24
24
|
skip_subject_confirmation: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_subject_confirmation],
|
|
25
|
-
skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions]
|
|
25
|
+
skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions],
|
|
26
|
+
skip_destination: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_destination]
|
|
26
27
|
)
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -45,7 +46,8 @@ module SpRailsSaml
|
|
|
45
46
|
private
|
|
46
47
|
|
|
47
48
|
def required_value_is_set?
|
|
48
|
-
|
|
49
|
+
# ruby-samlの仕様上、idp_entity_idが空だとissuer = idp_entity_idの検証が行われないため、idp_entity_idがblankの検証は必須
|
|
50
|
+
@saml_setting.idp_cert.present? && @saml_setting.idp_entity_id.present?
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
def ruby_saml_settings
|
|
@@ -55,11 +57,17 @@ module SpRailsSaml
|
|
|
55
57
|
|
|
56
58
|
sp_rails_saml_setting = SpRailsSaml::Settings.instance
|
|
57
59
|
|
|
58
|
-
settings.assertion_consumer_service_url
|
|
59
|
-
|
|
60
|
+
settings.assertion_consumer_service_url = saml_sp_consume_url(
|
|
61
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
62
|
+
)
|
|
63
|
+
settings.sp_entity_id = saml_sp_metadata_url(
|
|
64
|
+
@saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
|
|
65
|
+
)
|
|
60
66
|
settings.idp_cert = @saml_setting.idp_cert
|
|
67
|
+
settings.idp_entity_id = @saml_setting.idp_entity_id
|
|
61
68
|
settings.security[:want_assertions_signed] =
|
|
62
69
|
SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
|
|
70
|
+
|
|
63
71
|
settings
|
|
64
72
|
end
|
|
65
73
|
end
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
require 'singleton'
|
|
2
2
|
|
|
3
|
-
# rubocop:disable Style/ClassVars
|
|
4
3
|
module SpRailsSaml
|
|
5
4
|
# SAML2 settings for initializer.
|
|
6
5
|
#
|
|
@@ -11,27 +10,33 @@ module SpRailsSaml
|
|
|
11
10
|
compress_request: true,
|
|
12
11
|
skip_subject_confirmation: true,
|
|
13
12
|
skip_conditions: true,
|
|
14
|
-
|
|
13
|
+
skip_destination: false,
|
|
14
|
+
want_assertions_signed: true,
|
|
15
|
+
account_find_key: :id,
|
|
16
|
+
user_find_key: :email,
|
|
17
|
+
saml_response_user_find_key: :email
|
|
15
18
|
}.freeze
|
|
16
19
|
|
|
17
20
|
attr_reader :name_identifier_format,
|
|
18
21
|
:authn_context,
|
|
19
22
|
:authn_context_comparison,
|
|
20
23
|
:user_class,
|
|
21
|
-
:account_class
|
|
22
|
-
|
|
23
|
-
|
|
24
|
+
:account_class,
|
|
25
|
+
:user_find_key,
|
|
26
|
+
:account_find_key,
|
|
27
|
+
:saml_response_user_find_key
|
|
24
28
|
|
|
25
29
|
class << self
|
|
26
30
|
attr_accessor :name_identifier_format,
|
|
27
31
|
:authn_context,
|
|
28
32
|
:authn_context_comparison,
|
|
29
33
|
:user_class,
|
|
30
|
-
:account_class
|
|
34
|
+
:account_class,
|
|
35
|
+
:user_find_key,
|
|
36
|
+
:account_find_key,
|
|
37
|
+
:saml_response_user_find_key
|
|
31
38
|
|
|
32
39
|
def setup
|
|
33
|
-
raise SpRailsSaml::MultiSetupError if @@setuped
|
|
34
|
-
|
|
35
40
|
yield self
|
|
36
41
|
|
|
37
42
|
setting = SpRailsSaml::Settings.instance
|
|
@@ -41,10 +46,11 @@ module SpRailsSaml
|
|
|
41
46
|
setting.instance_variable_set(:@authn_context_comparison, SpRailsSaml::Settings.authn_context_comparison)
|
|
42
47
|
setting.instance_variable_set(:@user_class, SpRailsSaml::Settings.user_class)
|
|
43
48
|
setting.instance_variable_set(:@account_class, SpRailsSaml::Settings.account_class)
|
|
44
|
-
|
|
45
|
-
|
|
49
|
+
setting.instance_variable_set(:@user_find_key, SpRailsSaml::Settings.user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:user_find_key])
|
|
50
|
+
setting.instance_variable_set(:@account_find_key, SpRailsSaml::Settings.account_find_key || RUBY_SAML_DEFAULT_SETTINGS[:account_find_key])
|
|
51
|
+
setting.instance_variable_set(:@saml_response_user_find_key,
|
|
52
|
+
SpRailsSaml::Settings.saml_response_user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:saml_response_user_find_key])
|
|
46
53
|
end
|
|
47
54
|
end
|
|
48
55
|
end
|
|
49
56
|
end
|
|
50
|
-
# rubocop:enable Style/ClassVars
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sp-rails-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- psyashes
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-06
|
|
12
|
+
date: 2021-07-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: ruby-saml
|