diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 2300379d0..0a3fd7762 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -286,11 +286,12 @@ Devise.setup do |config| Rails.application.secrets.wordpress_oauth2_secret, client_options: { site: Rails.application.secrets.wordpress_oauth2_site }, setup: ->(env) { OmniauthTenantSetup.wordpress_oauth2(env) } - config.omniauth :saml, - sp_entity_id: Rails.application.secrets.saml_sp_entity_id, - idp_cert: Rails.application.secrets.saml_idp_cert, - idp_sso_service_url: Rails.application.secrets.saml_idp_sso_service_url, - allowed_clock_drift: 1.minute + idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new + saml_settings = idp_metadata_parser.parse_remote_to_hash(Rails.application.secrets.saml_idp_metadata_url) + saml_settings[:idp_sso_service_url] = Rails.application.secrets.saml_idp_sso_service_url + saml_settings[:sp_entity_id] = Rails.application.secrets.saml_sp_entity_id + saml_settings[:allowed_clock_drift] = 1.minute + config.omniauth :saml, saml_settings # ==> Warden configuration # If you want to use other strategies, that are not supported by Devise, or diff --git a/config/secrets.yml.example b/config/secrets.yml.example index 9ed114348..7f1c92e36 100644 --- a/config/secrets.yml.example +++ b/config/secrets.yml.example @@ -92,7 +92,7 @@ staging: wordpress_oauth2_secret: "" wordpress_oauth2_site: "" saml_sp_entity_id: "" - saml_idp_cert: "" + saml_idp_metadata_url: "" saml_idp_sso_service_url: "" <<: *maps <<: *apis @@ -151,7 +151,7 @@ preproduction: wordpress_oauth2_secret: "" wordpress_oauth2_site: "" saml_sp_entity_id: "" - saml_idp_cert: "" + saml_idp_metadata_url: "" saml_idp_sso_service_url: "" <<: *maps <<: *apis @@ -209,7 +209,7 @@ production: wordpress_oauth2_secret: "" wordpress_oauth2_site: "" saml_sp_entity_id: "" - saml_idp_cert: "" + saml_idp_metadata_url: "" saml_idp_sso_service_url: "" <<: *maps <<: *apis