diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/saml-idp/main.rb | 51 |
1 files changed, 31 insertions, 20 deletions
diff --git a/src/saml-idp/main.rb b/src/saml-idp/main.rb index efd8cd8..9fd02ed 100644 --- a/src/saml-idp/main.rb +++ b/src/saml-idp/main.rb @@ -47,7 +47,8 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry # This is a HACK to work around the fact that the terraform # SAML metadata url is not publicly accessible. uri = URI.parse(entity_id) - if uri.host.include?("terraform.io") || uri.host.include?("ngrok.io") + if uri.host.include?("terraform.io") || + (uri.host.include?("ngrok.io") && !uri.path.start_with?("/users/saml/metadata")) metadata = Saml::Kit::Metadata.build do |builder| builder.entity_id = entity_id builder.build_service_provider do |x| @@ -57,7 +58,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry end register(metadata) else - register_url(entity_id, verify_ssl: Rails.env.production?) + register_url(entity_id) end super(entity_id) @@ -81,10 +82,6 @@ class IdentityProvider # Download IDP Metadata # # GET /metadata.xml - # Response - # - # Status: 200 OK - # {xml data} def metadata xml = Saml::Kit::Metadata.build_xml do |builder| builder.embed_signature = false @@ -102,32 +99,35 @@ class IdentityProvider [200, { 'Content-Type' => "application/samlmetadata+xml" }, [xml]] end + # POST /sso + # The Single Sign On Service endpoint. + # It immediately generates a response using the `email` and `member_of` + # configuration from the `idp.yml` file. def post_back(request) - location = "#{$config[:host]}/sso" params = saml_params_from(request) - saml = if request.post? - Saml::Kit::Bindings::HttpPost - .new(location: location) - .deserialize(params) - else - Saml::Kit::Bindings::HttpRedirect - .new(location: location) - .deserialize(params) - end - url, saml_params = saml.response_for(User.new, binding: :http_post, relay_state: params[:RelayState]) + saml_request = binding_for(request).deserialize(params) + @builder = nil + url, saml_params = saml_request.response_for( + User.new, + binding: :http_post, + relay_state: params[:RelayState] + ) { |builder| @builder = builder } template = <<~ERB <!doctype html> <html> <head><title></title></head> <body> + <h2>SAML Request</h2> + <textarea readonly="readonly" disabled="disabled" cols=225 rows=6><%=- saml_request.to_xml(pretty: true) -%></textarea> + + <h2>SAML Response</h2> + <textarea readonly="readonly" disabled="disabled" cols=225 rows=30><%=- @builder.build.to_xml(pretty: true) -%></textarea> <form action="<%= url %>" method="post"> <%- saml_params.each do |(key, value)| -%> <input type="hidden" name="<%= key %>" value="<%= value %>" /> <%- end -%> + <input type="submit" value="Submit" /> </form> - <script> - document.querySelector('form').submit(); - </script> </body> </html> ERB @@ -174,6 +174,17 @@ class IdentityProvider Hash[query_string.split(on).map { |x| x.split("=", 2) }].symbolize_keys end end + + def binding_for(request) + location = "#{$config[:host]}/sso" + if request.post? + Saml::Kit::Bindings::HttpPost + .new(location: location) + else + Saml::Kit::Bindings::HttpRedirect + .new(location: location) + end + end end if __FILE__ == $0 |