0

I need a way to send dynamic params using omniauth-saml from SP TO IDP. The requirement is there are 2 websites website 1 and website 2. Website 1 is controlled by another team where saml is already implemented. On my website, I have added a button and on click of it, I will send a request to website 1. Along with the request I need to send user parameters such as first_name, last_name, email & some custom attributes. In my previous stackoverflow post I was able to understand that I need to make use of omniauth-saml and some basic details. But the issue which I am still not able to send dynamic attributes.

When I am going through the documentation I believe I need to make use of

:idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},

But I am not sure how can I pass dynamic params through it. In my previous post, a person referred me to do a monkey patch but it didn't work for me. Could anyone has any suggestion

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :saml,
    #:assertion_consumer_service_url     => "consumer_service_url",
    :issuer                             => "my_application",
    :idp_sso_target_url                 => "target_url",
    :idp_sso_target_url_runtime_params  => {:original_request_param => :mapped_idp_param},
    :idp_cert                           => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
    :name_identifier_format             => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
end
Aniket Tiwari
  • 3,561
  • 4
  • 21
  • 61

1 Answers1

1

You can pass dynamic values via middleware adapter. Like:

app/service/saml_idp_setting_adapter.rb

class SamlIdpSettingAdapter
  def self.settings(issuer)
    idp = ::IdentityProvider.find_by_issuer(issuer)
    if idp.present?
      {
        assertion_consumer_service_url: "#{ENV['APP_URL']}/users/saml/auth",
        assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        issuer: "issuer",
        idp_entity_id: idp.entity_id,
        idp_slo_service_url: idp.slo_target_url,
        idp_sso_service_url: idp.sso_target_url,
        idp_cert_fingerprint: idp.cert_fingerprint,
        idp_cert_fingerprint_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha256'
      }
    else
      {}
    end
  end
end

and setup initialiser file with above adaptor

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :saml,
    :idp_settings_adapter => SamlIdpSettingAdapter
end
Hardik Upadhyay
  • 2,639
  • 1
  • 19
  • 34