Class: Mumukit::Login::Provider::Saml

Inherits:

Base

• Object
• Base
• Mumukit::Login::Provider::Saml

Defined in:

lib/mumukit/login/provider/saml.rb

Instance Method Summary

• #configure_omniauth!(omniauth) ⇒ Object
• #configure_rails_forgery_protection!(_controller_class) ⇒ Object
• #logout_redirection_path ⇒ Object
• #saml_config ⇒ Object

Methods inherited from Base

#auth_path, #button_html, #callback_path, #footer_html, #header_html, #login_path, #name, #request_authentication!

Instance Method Details

#configure_omniauth!(omniauth) ⇒ Object

# File 'lib/mumukit/login/provider/saml.rb', line 6

def configure_omniauth!(omniauth)
  omniauth.provider :saml,
                    # TODO: change the :assertion_consumer_service_url, the :issuer and the :slo_default_relay_state:
                    # =>  1. we can not call any Organization method since there is none instantiated yet and
                    # =>  2. we must use the absolut path to generate the right SAML metadata to set up the federation with the IdP
                    assertion_consumer_service_url: "#{saml_config.base_url}#{callback_path}",
                    single_logout_service_url: "#{saml_config.base_url}#{auth_path}/slo",
                    issuer: "#{saml_config.base_url}#{auth_path}",
                    idp_sso_target_url: saml_config.idp_sso_target_url,
                    idp_slo_target_url: saml_config.idp_slo_target_url,
                    slo_default_relay_state: saml_config.base_url,
                    idp_cert: File.read('./saml_idp.crt'),
                    certificate: File.read('./saml.crt'),
                    private_key: File.read('./saml.key'),
                    attribute_service_name: 'Mumuki',
                    request_attributes: [
                        {name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
                        {name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name'},
                        {name: 'image', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Avatar image'}
                    ],
                    attribute_statements: {
                        name: [saml_config.translation_name],
                        email: [saml_config.translation_email],
                        image: [saml_config.translation_image]
                    }
end

#configure_rails_forgery_protection!(_controller_class) ⇒ Object

# File 'lib/mumukit/login/provider/saml.rb', line 33

def configure_rails_forgery_protection!(_controller_class)
  # FIXME this is big security issue
  # Do nothing (do not protect): the IdP calls the assertion_url via POST and without the CSRF token
end

#logout_redirection_path ⇒ Object

# File 'lib/mumukit/login/provider/saml.rb', line 38

def logout_redirection_path
  "#{auth_path}/spslo"
end

#saml_config ⇒ Object

# File 'lib/mumukit/login/provider/saml.rb', line 2

def saml_config
  Mumukit::Login.config.saml
end