Class: FederatedRails::FederationStrategy
- Inherits:
-
Warden::Strategies::Base
- Object
- Warden::Strategies::Base
- FederatedRails::FederationStrategy
- Includes:
- ProvisioningManager
- Defined in:
- lib/federated_rails/federation_strategy.rb
Instance Method Summary collapse
Methods included from ProvisioningManager
#host_subject, #provision, #provision_development, #retrieve_federated_value, #update, #update_development
Instance Method Details
#authenticate! ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/federated_rails/federation_strategy.rb', line 8 def authenticate! if Rails.application.config.federation.federationactive principal = retrieve_federated_value :principal unless principal logger.error 'Authentication Error - Federation did not supply persistent ID' return fail! 'Authentication Error - Federation did not supply persistent ID' end credential = retrieve_federated_value :credential unless credential logger.error 'Authentication Error - Federation did not supply session ID' return fail! 'Authentication Error - Federation did not supply session ID' end subject = host_subject.find_or_initialize_by(principal: principal) if subject.new_record? unless Rails.application.config.federation.autoprovision logger.error 'Authentication Error - Automatic provisioning is disabled in configuration' return fail! 'Authentication Error - Automatic provisioning is disabled in configuration' end logger.info "Creating new subject for principal #{subject.principal}" # The default implementation simply stores the principal # Customize provision_subject within an application initializer to meet your specific needs provision subject else logger.info "Updating returning #{subject} from federated source" # If you have attributes specific to your application that may change on the IdP side # such as names, email addresses and entitlemenets these will need to be updated at session establishment. # Customize update_subject within an application initializer to meet your specific needs. update subject end # Store details about this session remote_host = request.env['HTTP_X_FORWARDED_FOR'] ||= request.remote_ip() user_agent = request.env['HTTP_USER_AGENT'] sr = SessionRecord.new( :credential => credential, :remote_host => remote_host, :user_agent => user_agent ) subject.session_records << sr unless subject.save logger.error "Unable to persist federated subject" logger.debug sr.inspect subject.errors.each do |error| logger.error error end return fail! 'Authentication Error - Unable to persist federated subject' end success! subject else return fail! 'Authentication Error - Federated source is not enabled' end end |