diff options
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/api | 6 | ||||
| -rwxr-xr-x | bin/idp | 13 | ||||
| -rwxr-xr-x | bin/ui | 25 |
3 files changed, 21 insertions, 23 deletions
@@ -13,9 +13,9 @@ gemfile do gem "webrick", "~> 1.0" end -$scheme = ENV.fetch('SCHEME', 'http') -$port = ENV.fetch('PORT', 8284).to_i -$host = ENV.fetch('HOST', "localhost:#{$port}") +$scheme = ENV.fetch("SCHEME", "http") +$port = ENV.fetch("PORT", 8284).to_i +$host = ENV.fetch("HOST", "localhost:#{$port}") class Project class << self @@ -13,9 +13,9 @@ gemfile do gem "webrick", "~> 1.0" end -$scheme = ENV.fetch('SCHEME', 'http') -$port = ENV.fetch('PORT', 8282).to_i -$host = ENV.fetch('HOST', "localhost:#{$port}") +$scheme = ENV.fetch("SCHEME", "http") +$port = ENV.fetch("PORT", 8282).to_i +$host = ENV.fetch("HOST", "localhost:#{$port}") class JWT attr_reader :claims @@ -66,7 +66,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry end Saml::Kit.configure do |x| - x.entity_id = "#{$scheme}://#{$host}/metadata.xml" + x.entity_id = "#{$scheme}://#{$host}/saml/metadata.xml" x.registry = OnDemandRegistry.new x.logger = Logger.new("/dev/stderr") end @@ -83,7 +83,7 @@ class IdentityProvider return oauth_metadata when '/.well-known/webfinger' # RFC-7033 return not_found - when "/metadata.xml" + when "/saml/metadata.xml" return saml_metadata when "/saml/new" # TODO:: render a login page @@ -117,9 +117,6 @@ class IdentityProvider private - # Download IDP Metadata - # - # GET /metadata.xml def saml_metadata xml = Saml::Kit::Metadata.build_xml do |builder| builder.contact_email = 'hi@example.com' @@ -14,9 +14,10 @@ gemfile do gem "webrick", "~> 1.0" end -$scheme = ENV.fetch('SCHEME', 'http') -$port = ENV.fetch('PORT', 8283).to_i -$host = ENV.fetch('HOST', "localhost:#{$port}") +$scheme = ENV.fetch("SCHEME", "http") +$port = ENV.fetch("PORT", 8283).to_i +$host = ENV.fetch("HOST", "localhost:#{$port}") +$idp_host = ENV.fetch("IDP_HOST", "localhost:8282") class OnDemandRegistry < Saml::Kit::DefaultRegistry def metadata_for(entity_id) @@ -29,7 +30,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry end Saml::Kit.configure do |x| - x.entity_id = "#{$scheme}://#{$host}/metadata.xml" + x.entity_id = "#{$scheme}://#{$host}/saml/metadata.xml" x.registry = OnDemandRegistry.new x.logger = Logger.new("/dev/stderr") end @@ -55,14 +56,14 @@ class UI case env['REQUEST_METHOD'] when 'GET' case path - when "/metadata.xml" - return metadata + when "/oauth/callback" + return oauth_callback(Rack::Request.new(env)) when "/oidc/new" - return redirect_to("http://localhost:8282/oauth/authorize?client_id=service-provider&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid") + return redirect_to("http://#{$idp_host}/oauth/authorize?client_id=service-provider&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid") + when "/saml/metadata.xml" + return metadata when "/saml/new" return saml_post_to_idp(Rack::Request.new(env)) - when "/oauth/callback" - return oauth_callback(Rack::Request.new(env)) else # return saml_post_to_idp(Rack::Request.new(env)) return redirect_to("/saml/new") @@ -90,7 +91,7 @@ class UI def oauth_callback(request) response = Net::Hippie.default_client.post( - "http://localhost:8282/oauth/token", + "http://#{$idp_host}/oauth/token", headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') }, body: { grant_type: "authorization_code", @@ -102,7 +103,7 @@ class UI end def saml_post_to_idp(request) - idp = Saml::Kit.registry.metadata_for('http://localhost:8282/metadata.xml') + idp = Saml::Kit.registry.metadata_for("http://#{$idp_host}/saml/metadata.xml") relay_state = Base64.strict_encode64(JSON.generate(redirect_to: '/dashboard')) @saml_builder = nil @@ -132,7 +133,7 @@ class UI end def saml_assertions(request) - sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/metadata.xml") + sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/saml/metadata.xml") saml_binding = sp.assertion_consumer_service_for(binding: :http_post) saml_response = saml_binding.deserialize(request.params) raise saml_response.errors unless saml_response.valid? |