From bb31fd307a40bd56fd3f8f95811ca620e81a8ef1 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Fri, 1 Apr 2022 15:17:34 -0600
Subject: print SAML Request/Response

---
 src/saml-idp/main.rb | 51 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 31 insertions(+), 20 deletions(-)

(limited to 'src')

diff --git a/src/saml-idp/main.rb b/src/saml-idp/main.rb
index efd8cd8..9fd02ed 100644
--- a/src/saml-idp/main.rb
+++ b/src/saml-idp/main.rb
@@ -47,7 +47,8 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry
     # This is a HACK to work around the fact that the terraform
     # SAML metadata url is not publicly accessible.
     uri = URI.parse(entity_id)
-    if uri.host.include?("terraform.io") || uri.host.include?("ngrok.io")
+    if uri.host.include?("terraform.io") ||
+        (uri.host.include?("ngrok.io") && !uri.path.start_with?("/users/saml/metadata"))
       metadata = Saml::Kit::Metadata.build do |builder|
         builder.entity_id = entity_id
         builder.build_service_provider do |x|
@@ -57,7 +58,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry
       end
       register(metadata)
     else
-      register_url(entity_id, verify_ssl: Rails.env.production?)
+      register_url(entity_id)
     end
 
     super(entity_id)
@@ -81,10 +82,6 @@ class IdentityProvider
   # Download IDP Metadata
   #
   # GET /metadata.xml
-  # Response
-  #
-  # Status: 200 OK
-  # {xml data}
   def metadata
     xml = Saml::Kit::Metadata.build_xml do |builder|
       builder.embed_signature = false
@@ -102,32 +99,35 @@ class IdentityProvider
     [200, { 'Content-Type' => "application/samlmetadata+xml" }, [xml]]
   end
 
+  # POST /sso
+  # The Single Sign On Service endpoint.
+  # It immediately generates a response using the `email` and `member_of`
+  # configuration from the `idp.yml` file.
   def post_back(request)
-    location = "#{$config[:host]}/sso"
     params = saml_params_from(request)
-    saml = if request.post?
-      Saml::Kit::Bindings::HttpPost
-        .new(location: location)
-        .deserialize(params)
-    else
-      Saml::Kit::Bindings::HttpRedirect
-        .new(location: location)
-        .deserialize(params)
-    end
-    url, saml_params = saml.response_for(User.new, binding: :http_post, relay_state: params[:RelayState])
+    saml_request = binding_for(request).deserialize(params)
+    @builder = nil
+    url, saml_params = saml_request.response_for(
+      User.new,
+      binding: :http_post,
+      relay_state: params[:RelayState]
+    ) { |builder| @builder = builder }
     template = <<~ERB
       <!doctype html>
       <html>
         <head><title></title></head>
         <body>
+          <h2>SAML Request</h2>
+          <textarea readonly="readonly" disabled="disabled" cols=225 rows=6><%=- saml_request.to_xml(pretty: true) -%></textarea>
+
+          <h2>SAML Response</h2>
+          <textarea readonly="readonly" disabled="disabled" cols=225 rows=30><%=- @builder.build.to_xml(pretty: true) -%></textarea>
           <form action="<%= url %>" method="post">
             <%- saml_params.each do |(key, value)| -%>
               <input type="hidden" name="<%= key %>" value="<%= value %>" />
             <%- end -%>
+            <input type="submit" value="Submit" />
           </form>
-          <script>
-            document.querySelector('form').submit();
-          </script>
         </body>
       </html>
     ERB
@@ -174,6 +174,17 @@ class IdentityProvider
       Hash[query_string.split(on).map { |x| x.split("=", 2) }].symbolize_keys
     end
   end
+
+  def binding_for(request)
+    location = "#{$config[:host]}/sso"
+    if request.post?
+      Saml::Kit::Bindings::HttpPost
+        .new(location: location)
+    else
+      Saml::Kit::Bindings::HttpRedirect
+        .new(location: location)
+    end
+  end
 end
 
 if __FILE__ == $0
-- 
cgit v1.2.3