diff options
| author | mo khan <mo@mokhan.ca> | 2025-02-27 11:39:38 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-02-27 11:39:38 -0700 |
| commit | fc35bf1ab821445b71daf4fb25f303e29866d46b (patch) | |
| tree | 2be3609c9d08ae38a75f251a1bbc4b08bf61ccec /src/idp/main.rb | |
| parent | f9f9dce24d4099ab919d605447c9928b5734e365 (diff) | |
Complete the first portion of a saml transaction
Diffstat (limited to 'src/idp/main.rb')
| -rwxr-xr-x | src/idp/main.rb | 57 |
1 files changed, 12 insertions, 45 deletions
diff --git a/src/idp/main.rb b/src/idp/main.rb index 1b18f54c..daa15cc6 100755 --- a/src/idp/main.rb +++ b/src/idp/main.rb @@ -8,40 +8,12 @@ require "bundler/inline" gemfile do source "https://rubygems.org" + gem "erb", "~> 4.0" gem "rack", "~> 3.0" gem "rackup", "~> 2.0" gem "saml-kit", "~> 1.0" gem "webrick", "~> 1.0" end -require "erb" - -class Configuration - def initialize - @config = YAML.safe_load(read_from("config.yml")) - end - - def [](key) - @config.fetch(key.to_s) - end - - def private_key - @private_key ||= read_from('insecure-key.pem') - end - - def certificate - @certificate ||= read_from('cert.pem') - end - - private - - def base_dir - @base_dir ||= Pathname.new(__FILE__).parent - end - - def read_from(file) - base_dir.join(file).read - end -end class User def initialize(attributes) @@ -49,7 +21,7 @@ class User end def name_id_for(name_id_format) - @attributes.fetch(:email) + @attributes[:email] end def assertion_attributes_for(request) @@ -61,22 +33,18 @@ end class OnDemandRegistry < Saml::Kit::DefaultRegistry def metadata_for(entity_id) - puts entity_id.inspect + found = super(entity_id) + return found if found + + register_url(entity_id, verify_ssl: false) super(entity_id) end end -$config = Configuration.new - Saml::Kit.configure do |x| - x.entity_id = "https://#{$config[:host]}/metadata.xml" + x.entity_id = "http://localhost:8282/metadata.xml" x.registry = OnDemandRegistry.new x.logger = Logger.new("/dev/stderr") - x.add_key_pair( - $config.certificate, - $config.private_key, - use: :signing - ) end class IdentityProvider @@ -89,12 +57,11 @@ class IdentityProvider # GET /metadata.xml def metadata xml = Saml::Kit::Metadata.build_xml do |builder| - builder.embed_signature = false builder.contact_email = 'hi@example.com' builder.organization_name = "Acme, Inc" builder.organization_url = "https://example.com" builder.build_identity_provider do |x| - x.add_single_sign_on_service("https://#{$config[:host]}/sessions/new", binding: :http_post) + x.add_single_sign_on_service("http://localhost:8282/sessions/new", binding: :http_post) x.name_id_formats = [Saml::Kit::Namespaces::EMAIL_ADDRESS] x.attributes << :Username end @@ -133,7 +100,7 @@ class IdentityProvider saml_request = binding_for(request).deserialize(params) @builder = nil url, saml_params = saml_request.response_for( - User.new($config), + User.new({ email: "example@example.com" }), binding: :http_post, relay_state: params[:RelayState] ) do |builder| @@ -145,10 +112,10 @@ class IdentityProvider <html> <head><title></title></head> <body> - <h2>SAML Request</h2> + <h2>Recieved SAML Request</h2> <textarea readonly="readonly" disabled="disabled" cols=225 rows=6><%=- saml_request.to_xml(pretty: true) -%></textarea> - <h2>SAML Response</h2> + <h2>Sending SAML Response (IdP -> SP)</h2> <textarea readonly="readonly" disabled="disabled" cols=225 rows=30><%=- @builder.build.to_xml(pretty: true) -%></textarea> <form action="<%= url %>" method="post"> <%- saml_params.each do |(key, value)| -%> @@ -183,7 +150,7 @@ class IdentityProvider end def binding_for(request) - location = "#{$config[:host]}/sessions/new" + location = "http://localhost:8282/sessions/new" if request.post? Saml::Kit::Bindings::HttpPost .new(location: location) |