diff options
| author | mo khan <mo@mokhan.ca> | 2022-03-30 18:08:40 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2022-03-30 18:08:40 -0600 |
| commit | f21d37116b3ac540fa61564ed807ae065b2a4ecd (patch) | |
| tree | d847e2d97ac60fe334878cb07805003bc21a3ffb | |
| parent | d15bdc6150e81cbb838376f4f6d1cbf4e086686e (diff) | |
explain hacks/bugs
| -rw-r--r-- | src/saml-idp/main.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/saml-idp/main.rb b/src/saml-idp/main.rb index d829ff9..efd8cd8 100644 --- a/src/saml-idp/main.rb +++ b/src/saml-idp/main.rb @@ -44,6 +44,8 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry found = super(entity_id) return found if found + # This is a HACK to work around the fact that the terraform + # SAML metadata url is not publicly accessible. uri = URI.parse(entity_id) if uri.host.include?("terraform.io") || uri.host.include?("ngrok.io") metadata = Saml::Kit::Metadata.build do |builder| @@ -142,6 +144,10 @@ class IdentityProvider when "/metadata.xml" return metadata when "/sso" + # This should never get hit because this IDP + # only exposes a HTTP POST Binding endpoint + # but Terraform Cloud defaults to always using + # the HTTP-Redirect binding. return post_back(Rack::Request.new(env)) end when 'POST' |