consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't set issuer and idp_metadata in SAML settings

Browse Source 
The `issuer` setting was renamed to `sp_entity_id` in omniauth-saml [1],
and it's been deprecated in ruby-saml since version 1.11.0, released on
July 24, 2019 [2].

The ruby-saml code currently uses:

```
      def sp_entity_id
        @sp_entity_id || @issuer
      end
```

So setting `issuer` to the same value as `sp_entity_id` if
`sp_entity_id` is present, as we were doing, has no effect.

On the other hand, neither omniauth-saml nor ruby-saml use the
`idp_metadata_url` and `idp_metadata` settings.

[1] https://github.com/omniauth/omniauth-saml/commit/74ed8dfb3aed
[2] https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.11.0
This commit is contained in:
Javi Martín
2025-10-22 11:31:27 +02:00
parent 3ad47e4819
commit 75f6bebc30
2 changed files with 0 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/lib/omniauth_tenant_setup.rb
View File

@@ -46,16 +46,7 @@ module OmniauthTenantSetup
strategy = env["omniauth.strategy"] strategy = env["omniauth.strategy"]
strategy.options[:sp_entity_id] = sp_entity_id if sp_entity_id.present? strategy.options[:sp_entity_id] = sp_entity_id if sp_entity_id.present?
strategy.options[:idp_metadata_url] = idp_metadata_url if idp_metadata_url.present?
strategy.options[:idp_sso_service_url] = idp_sso_service_url if idp_sso_service_url.present? strategy.options[:idp_sso_service_url] = idp_sso_service_url if idp_sso_service_url.present?
if strategy.options[:issuer].present? && sp_entity_id.present?
strategy.options[:issuer] = sp_entity_id
end
if strategy.options[:idp_metadata].present? && idp_metadata_url.present?
strategy.options[:idp_metadata] = idp_metadata_url
end
end end
end end

3
spec/lib/omniauth_tenant_setup_spec.rb
View File

@@ -34,7 +34,6 @@ describe OmniauthTenantSetup do
mars_strategy_options = mars_env["omniauth.strategy"].options mars_strategy_options = mars_env["omniauth.strategy"].options
expect(mars_strategy_options[:sp_entity_id]).to eq "https://mars.consul.dev/saml/metadata" expect(mars_strategy_options[:sp_entity_id]).to eq "https://mars.consul.dev/saml/metadata"
expect(mars_strategy_options[:idp_metadata_url]).to eq "https://mars-idp.example.com/metadata"
expect(mars_strategy_options[:idp_sso_service_url]).to eq "https://mars-idp.example.com/sso" expect(mars_strategy_options[:idp_sso_service_url]).to eq "https://mars-idp.example.com/sso"
end end
@@ -48,7 +47,6 @@ describe OmniauthTenantSetup do
venus_strategy_options = venus_env["omniauth.strategy"].options venus_strategy_options = venus_env["omniauth.strategy"].options
expect(venus_strategy_options[:sp_entity_id]).to eq "https://venus.consul.dev/saml/metadata" expect(venus_strategy_options[:sp_entity_id]).to eq "https://venus.consul.dev/saml/metadata"
expect(venus_strategy_options[:idp_metadata_url]).to eq "https://venus-idp.example.com/metadata"
expect(venus_strategy_options[:idp_sso_service_url]).to eq "https://venus-idp.example.com/sso" expect(venus_strategy_options[:idp_sso_service_url]).to eq "https://venus-idp.example.com/sso"
end end
end end
@@ -79,7 +77,6 @@ describe OmniauthTenantSetup do
earth_strategy_options = earth_env["omniauth.strategy"].options earth_strategy_options = earth_env["omniauth.strategy"].options
expect(earth_strategy_options[:sp_entity_id]).to eq "https://default.consul.dev/saml/metadata" expect(earth_strategy_options[:sp_entity_id]).to eq "https://default.consul.dev/saml/metadata"
expect(earth_strategy_options[:idp_metadata_url]).to eq "https://default-idp.example.com/metadata"
expect(earth_strategy_options[:idp_sso_service_url]).to eq "https://default-idp.example.com/sso" expect(earth_strategy_options[:idp_sso_service_url]).to eq "https://default-idp.example.com/sso"
end end
end end