#!/usr/bin/env ruby # Start the server by running: # # $ ruby main.rb require "bundler/inline" gemfile do source "https://rubygems.org" gem "erb", "~> 4.0" gem "rack", "~> 3.0" gem "rackup", "~> 2.0" gem "saml-kit", "~> 1.0" gem "webrick", "~> 1.0" end class User def initialize(attributes) @attributes = attributes end def name_id_for(name_id_format) @attributes[:email] end def assertion_attributes_for(request) { custom: 'custom attribute' } end end class OnDemandRegistry < Saml::Kit::DefaultRegistry def metadata_for(entity_id) found = super(entity_id) return found if found register_url(entity_id, verify_ssl: false) super(entity_id) end end Saml::Kit.configure do |x| x.entity_id = "http://localhost:8282/metadata.xml" x.registry = OnDemandRegistry.new x.logger = Logger.new("/dev/stderr") end class IdentityProvider def initialize @storage = {} end # Download IDP Metadata # # GET /metadata.xml def metadata xml = Saml::Kit::Metadata.build_xml do |builder| builder.contact_email = 'hi@example.com' builder.organization_name = "Acme, Inc" builder.organization_url = "https://example.com" builder.build_identity_provider do |x| x.add_single_sign_on_service("http://localhost:8282/sessions/new", binding: :http_post) x.name_id_formats = [Saml::Kit::Namespaces::EMAIL_ADDRESS] x.attributes << :Username end end [200, { 'Content-Type' => "application/samlmetadata+xml" }, [xml]] end def call(env) path = env['PATH_INFO'] case env['REQUEST_METHOD'] when 'GET' case path when "/metadata.xml" return metadata when "/sessions/new" return post_back(Rack::Request.new(env)) else return not_found end when 'POST' case path when "/sessions/new" return post_back(Rack::Request.new(env)) else return not_found end end not_found end private def post_back(request) params = saml_params_from(request) saml_request = binding_for(request).deserialize(params) @builder = nil url, saml_params = saml_request.response_for( User.new({ email: "example@example.com" }), binding: :http_post, relay_state: params[:RelayState] ) do |builder| builder.embed_signature = true @builder = builder end template = <<~ERB

Recieved SAML Request

<%=- saml_request.to_xml(pretty: true) -%>

Sending SAML Response (IdP -> SP)

<%=- @builder.build.to_xml(pretty: true) -%>

ERB erb = ERB.new(template, nil, trim_mode: '-') html = erb.result(binding) [200, { 'Content-Type' => "text/html" }, [html]] end def not_found [404, {}, []] end def saml_params_from(request) if request.post? { "SAMLRequest" => request.params["SAMLRequest"], "RelayState" => request.params["RelayState"], } else query_string = request.query_string on = query_string.include?("&") ? "&" : "&" Hash[query_string.split(on).map { |x| x.split("=", 2) }].symbolize_keys end end def binding_for(request) location = "http://localhost:8282/sessions/new" if request.post? Saml::Kit::Bindings::HttpPost .new(location: location) else Saml::Kit::Bindings::HttpRedirect .new(location: location) end end end if __FILE__ == $0 app = Rack::Builder.new do use Rack::Reloader run IdentityProvider.new end.to_app Rackup::Server.start(app: app, Port: 8282) end