I am trying to integrate saml_idp into my project. I am getting an error Neither PUB key nor PRIV key: nested asn1 error regarding missing private key. Even though I have added my private key and certificate in config/saml_configuration.rb but still I am getting the same error. I tried to take some reference from this link & link2 but no luck
class SamlsController < ApplicationController
include SamlIdp::Controller
def new
@saml_response = encode_response(
current_user, {
encryption: {
cert: certificate,
block_encryption: 'aes256-cbc',
key_transport: 'rsa-oaep-mgf1p'
},
audience_uri: 'http://localhost:3000/samls/custom_action'
}
)
render layout: false
end
def custom_action
<<-SAML
<xml>
<saml>
<random>random</random>
<random>random</random>
<random>random</random>
<random>asd</random>
</saml>
</xml>
SAML
end
def certificate
ENV["SAML_CERTIFICATE"]
end
end
config/saml_configuration.rb
SamlIdp.configure do |config|
base = "http://url.com"
config.x509_certificate = <<-CERT.strip_heredoc
-----BEGIN CERTIFICATE-----
my_certificate
-----END CERTIFICATE-----
CERT
config.secret_key = <<-CERT.strip_heredoc
-----BEGIN PRIVATE KEY-----
my_private_key
-----END PRIVATE KEY-----
CERT
config.algorithm = :sha256
config.name_id.formats = {
persistent: -> (principal) { fail('you should not even be loading this') }
}
config.attributes = {
"Email address" => {
"name" => "email",
"name_format" => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"getter" => ->(principal) {
principal.email
},
},
"First Name" => {
"name" => "First_Name",
"name_format" => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"getter" => ->(principal) {
principal.first_name
}
},
"Last Name" => {
"name" => "Last_Name",
"name_format" => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"getter" => ->(principal) {
principal.last_name
}
},
}
config.name_id.formats = {
email_address: -> (principal) { principal.email },
transient: -> (principal) { principal.id },
persistent: -> (principal) { principal.id },
}
service_providers = {
"some-issuer-url.com/saml" => {
fingerprint: "my_finger_print",
metadata_url: "http://some-issuer-url.com/saml/metadata",
response_hosts: ["foo.some-issuer-url.com"]
},
}
config.service_provider.metadata_persister = ->(identifier, settings) {
fname = identifier.to_s.gsub(/\/|:/,"_")
FileUtils.mkdir_p(Rails.root.join('cache', 'saml', 'metadata').to_s)
File.open Rails.root.join("cache/saml/metadata/#{fname}"), "r+b" do |f|
Marshal.dump settings.to_h, f
end
}
config.service_provider.persisted_metadata_getter = ->(identifier, service_provider){
fname = identifier.to_s.gsub(/\/|:/,"_")
FileUtils.mkdir_p(Rails.root.join('cache', 'saml', 'metadata').to_s)
full_filename = Rails.root.join("cache/saml/metadata/#{fname}")
if File.file?(full_filename)
File.open full_filename, "rb" do |f|
Marshal.load f
end
end
}
config.service_provider.finder = ->(issuer_or_entity_id) do
service_providers[issuer_or_entity_id]
end
end
Also, I have doubts about the service_providers block.
- What should be the key
- What is metadata_url
- What is response_hosts
