consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
75f6bebc300ab7ec27bdf4ba25472d0708ce082f
nairobi/app/lib/omniauth_tenant_setup.rb
Javi Martín 75f6bebc30 Don't set issuer and idp_metadata in SAML settings 
The `issuer` setting was renamed to `sp_entity_id` in omniauth-saml [1],
and it's been deprecated in ruby-saml since version 1.11.0, released on
July 24, 2019 [2].

The ruby-saml code currently uses:

```
      def sp_entity_id
        @sp_entity_id || @issuer
      end
```

So setting `issuer` to the same value as `sp_entity_id` if
`sp_entity_id` is present, as we were doing, has no effect.

On the other hand, neither omniauth-saml nor ruby-saml use the
`idp_metadata_url` and `idp_metadata` settings.

[1] https://github.com/omniauth/omniauth-saml/commit/74ed8dfb3aed
[2] https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.11.0
2025-10-22 11:50:56 +02:00

72 lines
2.2 KiB
Ruby
Raw Blame History

module OmniauthTenantSetup
class << self
def twitter(env)
oauth(env, secrets.twitter_key, secrets.twitter_secret)
end
def facebook(env)
oauth2(env, secrets.facebook_key, secrets.facebook_secret)
end
def google_oauth2(env)
oauth2(env, secrets.google_oauth2_key, secrets.google_oauth2_secret)
end
def wordpress_oauth2(env)
oauth2(env, secrets.wordpress_oauth2_key, secrets.wordpress_oauth2_secret)
end
def saml(env)
saml_auth(env, secrets.saml_sp_entity_id,
secrets.saml_idp_metadata_url, secrets.saml_idp_sso_service_url)
end
def oidc(env)
oidc_auth(env, secrets.oidc_client_id, secrets.oidc_client_secret, secrets.oidc_issuer)
end
private
def oauth(env, key, secret)
unless Tenant.default?
env["omniauth.strategy"].options[:consumer_key] = key
env["omniauth.strategy"].options[:consumer_secret] = secret
end
end
def oauth2(env, key, secret)
unless Tenant.default?
env["omniauth.strategy"].options[:client_id] = key
env["omniauth.strategy"].options[:client_secret] = secret
end
end
def saml_auth(env, sp_entity_id, idp_metadata_url, idp_sso_service_url)
unless Tenant.default?
strategy = env["omniauth.strategy"]
strategy.options[:sp_entity_id] = sp_entity_id if sp_entity_id.present?
strategy.options[:idp_sso_service_url] = idp_sso_service_url if idp_sso_service_url.present?
end
end
def oidc_auth(env, client_id, client_secret, issuer)
strategy = env["omniauth.strategy"]
strategy.options[:issuer] = issuer if issuer.present?
strategy.options[:client_options] ||= {}
strategy.options[:client_options][:identifier] = client_id if client_id.present?
strategy.options[:client_options][:secret] = client_secret if client_secret.present?
strategy.options[:client_options][:redirect_uri] = oidc_redirect_uri if oidc_redirect_uri.present?
end
def oidc_redirect_uri
Rails.application.routes.url_helpers.user_oidc_omniauth_callback_url(Tenant.current_url_options)
end
def secrets
Tenant.current_secrets
end
end
end
Reference in New Issue View Git Blame Copy Permalink