Class: Maestrano::Auth::SamlController

Inherits:
Rails::SamlBaseController
  • Object
show all
Defined in:
lib/generators/maestrano/templates/saml_controller.rb

Instance Method Summary collapse

Instance Method Details

#consumeObject

POST ‘/maestrano/auth/saml/consume/:tenant’

Final phase of the Single Sign-On handshake. Find or create the required resources (user and group) and sign the user in

This action is left to you to customize based on your application requirements. Below is presented a potential way of writing the action.

Assuming you have enabled maestrano on a user model called ‘User’ and a group model called ‘Organization’ the action could be written the following way

Raises:

  • (NotImplemented) 


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/generators/maestrano/templates/saml_controller.rb', line 15

def consume
  ### 1)Find or create the user and the group
  ### --
  ### The class method 'find_or_create_for_maestrano' is provided
  ### by the maestrano-rails gem on the model you have maestrano-ized.
  ### The method uses the mapping defined in the model 'maestrano_*_via' 
  ### block to create the resource if it does not exist
  ### The 'user_auth_hash' and 'group_auth_hash' methods are provided
  ### by the controller.
  ### --
  # user = User.find_or_create_for_maestrano(user_auth_hash)
  # organization = Organization.find_or_create_for_maestrano(group_auth_hash)
  #
  # user.tenant = params[:tenant]
  # user.save
  # organization.tenant = params[:tenant]
  # organization.save
  #
  #
  ### 2) Add the user to the group if not already a member
  ### --
  ### The 'user_group_rel_hash' method is provided by the controller.
  ### The role attribute provided by maestrano is one of the following: 
  ### 'Member', 'Power User', 'Admin', 'Super Admin'
  ### The 'member_of?' and 'add_member' methods are not provided by 
  ### maestrano and are left to you to implement on your models
  ### --
  # unless user.member_of?(organization)
  #   organization.add_member(user,role: user_group_rel_hash[:role])
  # end
  #
  #
  ### Sign the user in and redirect to application root
  ### --
  ### The 'sign_in' method is not provided by maestrano but should already
  ### be there if you are using an authentication framework like Devise
  ### --
  # sign_in(user)
  # redirect_to root_path
  
  raise NotImplemented.new("The consume action should be customized to fit your application needs")
end