1

For my app i want to have 'omniauth-google-oauth2', 'omniauth-ruby' and normal devise auth, and for former two I have following routes

get '/auth/google_oauth2/callback' => 'authentication/omniauth#google_oauth2'
get 'omniauth/failure' => 'authentication/omniauth#failure'
post 'auth/saml', to: 'authentication/saml#saml', as: :saml_authorize
post 'auth/saml/callback', to: 'authentication/saml#callback'

view

<%= form_tag saml_authorize_path, class: 'text-center' do %>
    <%= select_tag :user_type, options_for_select([[t('.option_user'), 'user'], [t('.option_serviceuser'), 'service_user']], sel_obj_class_name), class: 'js-select-user-type platform-select-service' %>
    <button class="btn btn-light">
        SAML Auth
    </button>
<% end %>

saml_controller

module Authentication
class SamlController < NoAuthController
    def saml
        request = OneLogin::RubySaml::Authrequest.new
        cookies.permanent[:scope] = params[:user_type]
        redirect_to(request.create(saml_settings), type: params[:user_type])
    end

    def callback
        response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], settings: saml_settings)
        binding.pry
        if response.is_valid?
            request.env['omniauth.params']['user_type']
            when 'service_user'
                service_user = User.from_omniauth(request.env['omniauth.auth'])
                flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Saml'
                return sign_in_and_redirect service_user, event: :authentication if service_user
            else
                user = User.from_omniauth(request.env['omniauth.auth'])
                flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Saml'

                return sign_in_and_redirect user, event: :authentication if user
            end
        else
            notify_airbrake('Saml Omniauth Failure', errors: response.errors)
            redirect_to signin_path, alert: t('devise.failure.invalid')
        end
    end

    private

    def saml_settings
        settings = OneLogin::RubySaml::Settings.new
        # You provide to IDP
        settings.assertion_consumer_service_url = "example.com/auth/saml/callback"
        settings.issuer                         = '1234567890'
        settings.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
        settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
        # IDP provides to you
        settings.idp_sso_target_url             = CONFIG[:saml_sso_target]
        settings.idp_cert                       = CONFIG[:saml_cleint_certificate]

        settings
    end
end

end

I get the request.env['omniauth.auth'] nil in callback whereas response is valid for saml and for google-oauth2 get normal data

User and ServiceUser Models do not have omniauthable.

Omniauth init:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2,
         CONFIG[:google_client_id],
         CONFIG[:google_client_secret],
         access_type: 'online'

    on_failure { |env| Authentication::OmniauthController.action(:failure).call(env) 
}
end

OmniAuth.config.logger = Rails.logger

I cannot have the saml settings in omniauth initializer as i want to have dynamic idp_sso_target_url and idp_cert later on.

What should I be doing to get valid data in request.env['omniauth.params']

Umes Bastola
  • 527
  • 2
  • 6
  • 18

0 Answers0