forked from External/greenlight
Added SAML2 support (#185)
* ~ in gitignore * add config options for SAML authentication * add information about SP metadata * add gem for omniauth-saml * Add the SAML strategy as a middleware * add gem for omniauth-saml * Send SAML request to saml module * Pass env parameters to saml provider * Add options for specifying saml signing certificate * Almost there * Re-enable SAML redirection * Correctly map saml attributes * change full certificate to only the fingerprint * change full certificate to only the fingerprint * revert changes to gitgnore * cleanup
This commit is contained in:
Peter Havekes
committed by
Jesus Federico
Jesus Federico
parent
8c64087395
commit
ab62fc3e13
@ -1,4 +1,4 @@
|
||||
Rails.application.config.providers = [:google, :twitter, :ldap]
|
||||
Rails.application.config.providers = [:google, :twitter, :ldap, :saml]
|
||||
|
||||
Rails.application.config.omniauth_google = ENV['GOOGLE_OAUTH2_ID'].present? && ENV['GOOGLE_OAUTH2_SECRET'].present?
|
||||
|
||||
@ -6,6 +6,8 @@ Rails.application.config.omniauth_twitter = ENV['TWITTER_ID'].present? && ENV['T
|
||||
|
||||
Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present? && ENV['LDAP_UID'].present? && ENV['LDAP_BASE'].present? && ENV['LDAP_BIND_DN'].present? && ENV['LDAP_PASSWORD'].present?
|
||||
|
||||
Rails.application.config.omniauth_saml = ENV['SAML_ISSUER'].present? && ENV['SAML_IDP_URL'].present? && ENV['SAML_IDP_CERT_FINGERPRINT'].present?
|
||||
|
||||
Rails.application.config.middleware.use OmniAuth::Builder do
|
||||
provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
|
||||
provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'],
|
||||
@ -22,6 +24,18 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
||||
base: ENV['LDAP_BASE'],
|
||||
bind_dn: ENV['LDAP_BIND_DN'],
|
||||
password: ENV['LDAP_PASSWORD']
|
||||
provider :saml,
|
||||
issuer: ENV['SAML_ISSUER'],
|
||||
idp_sso_target_url: ENV['SAML_IDP_URL'],
|
||||
idp_cert_fingerprint: ENV['SAML_IDP_CERT_FINGERPRINT'],
|
||||
name_identifier_format: ENV['SAML_NAME_IDENTIFIER'] || "urn:mace:dir:attribute-def:eduPersonPrincipalName",
|
||||
attribute_statements: { \
|
||||
nickname: [ENV['SAML_USERNAME_ATTRIBUTE'] || 'urn:mace:dir:attribute-def:eduPersonPrincipalName'],\
|
||||
email: [ENV['SAML_EMAIL_ATTRIBUTE'] || 'urn:mace:dir:attribute-def:mail'], \
|
||||
last_name: [ENV['SAML_LASTNAME_ATTRIBUTE'] || 'urn:mace:dir:attribute-def:sn'], \
|
||||
first_name: [ENV['SAML_FIRTSNAME_ATTRIBUTE'] || 'urn:mace:dir:attribute-def:givenName'],\
|
||||
name: [ENV['SAML_COMMOMNAME_ATTRIBUTE'] || 'urn:mace:dir:attribute-def:cn'] },
|
||||
uid_attribute: ENV['SAML_UID_ATTRIBUTE'] || "urn:mace:dir:attribute-def:uid"
|
||||
end
|
||||
|
||||
# Redirect back to login in development mode.
|
||||
|
||||
Reference in New Issue
Block a user