Omniauth Multiple Provider SAML
This is a simple extension to omniauth-saml for supporting multiple identity providers based on a URL path segment e.g. dispatching requests to
/auth/saml/foo to identity provider "foo" and
/app/saml/bar to identity provider "bar".
Add this line to your application's Gemfile:
gem 'omniauth-multi-provider-saml', github: 'salsify/omniauth-multi-provider-saml'
And then execute:
I would highly recommend first getting omniauth-saml setup to work with a single identity provider before attempting to use this gem.
The setup process consists of the following steps:
- Add an omniauth-saml monkey patch for omniauth-saml PR #56.
- Configure your routes to handle SAML routes for multiple identity providers
- Configure omniauth-saml to choose the appropriate identity provider
Monkey Patch omniauth-saml
This step will only be necessary until omniauth-saml PR #56 merges. Place the following in an initializer:
require 'omniauth-saml' ::Strategies::SAML.class_eval do private def initialize_copy(orig) super @options = @options.deep_dup end end
Configure SAML Routes
Add something like the following to your routes assuming you're using Rails (your actual URL structure may vary):
MyApplication::Application.routes.draw do match '/auth/saml/:identity_provider_id/callback', via: [:get, :post], to: 'omniauth_callbacks#saml', as: 'user_omniauth_callback' match '/auth/saml/:identity_provider_id', via: [:get, :post], to: 'omniauth_callbacks#passthru', as: 'user_omniauth_authorize' end
Configure omniauth-saml to use multiple identity providers
The basic configuration looks something like this:
Rails.application.config.middleware.use ::Builder do ::::.(self, issuer: 'Salsify') do |identity_provider_id, rack_env| # Customize this code to return the appropriate SAML options for the given identity provider # See omniauth-saml for details on the supported options identity_provider = IdentityProvider.find_by!(uuid: identity_provider_id) identity_provider. end end
OmniAuth::SAML::MultiProvider.register method takes a hash of static omniauth-saml options and a block to generate any request specific options. It also takes the following options:
identity_provider_id_regex- The regex for a valid identity provider id. Defaults to
Bug reports and pull requests are welcome on GitHub at https://github.com/salsify/omniauth-multi-provider-saml.
The gem is available as open source under the terms of the MIT License.