OmniAuth MultiProvider
This is a simple extension to omniauth for supporting multiple identity provider instances of a given type e.g. multiple SAML or OAuth2 identity providers. It is a generalization of the omniauth-multi-provider-saml.
Installation
Add this line to your application's Gemfile:
gem 'omniauth-multi-provider'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-multi-provider
Setup
Getting your setup to work with a single identity provider before attempting to use this gem is highly recommended.
The setup process consists of the following steps:
- Create an OmniAuth callback controller for your identity provider like you normally would with OmniAuth.
- Configure your routes to handle routes for multiple identity provider instances.
- Configure omniauth-multi-provider to choose the appropriate identity provider instance.
Configure Routes
Add something like the following to your routes assuming you're using Rails and a SAML identity provider (your actual URL structure may vary):
MyApplication::Application.routes.draw do
match '/auth/saml/:identity_provider_id/callback',
via: [:get, :post],
to: 'omniauth_callbacks#saml',
as: 'user_omniauth_callback'
match '/auth/saml/:identity_provider_id',
via: [:get, :post],
to: 'omniauth_callbacks#passthru',
as: 'user_omniauth_authorize'
end
Configure OmniAuth
The basic configuration of OmniAuth looks something like this:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
OmniAuth::MultiProvider.register(self,
provider_name: :saml,
identity_provider_id_regex: /\d+/,
path_prefix: '/auth/saml',
callback_suffix: 'callback',
# Specify any additional provider specific options
name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
issuer: 'salsify.com',
allowed_clock_drift: 5.seconds) do |identity_provider_id, rack_env|
identity_provider = SAML::IdentityProvider.find(identity_provider_id)
# Optionally store a reference to the identity provider in the Rack environment
# so you can reference it in your OmniAuth callbacks controller
rack_env['salsify.saml_identity_provider'] = identity_provider
# Any dynamic options returned by this block will be merged in with any statically
# configured options for the identity provider type e.g. issuer in this example.
identity_provider.
end
# This also works with multiple provider types
OmniAuth::MultiProvider.register(self,
provider_name: :oauth2,
identity_provider_id_regex: /\d+/,
path_prefix: '/auth/oauth2') do |identity_provider_id, rack_env|
identity_provider = OAuth2::IdentityProvider.find(identity_provider_id)
rack_env['salsify.oauth2_identity_provider'] = identity_provider
identity_provider.
end
end
Development
After checking out the repo, run bin/setup to install dependencies. Then,
run rake spec to run the tests. You can also run bin/console for an
interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install.
To release a new version, update the version number in version.rb, and then
run bundle exec rake release, which will create a git tag for the version,
push git commits and tags, and push the .gem file to
rubygems.org
.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/salsify/omniauth-multi-provider.## License
The gem is available as open source under the terms of the MIT License.