Commit 03d38fe
2017-11-10 19:31:12
1 parent
b39e297
Changed files (5)
airport
app
controllers
views
sessions
proof
app
controllers
saml-kit
lib
saml
kit
airport/app/controllers/sessions_controller.rb
@@ -3,8 +3,10 @@ class SessionsController < ApplicationController
skip_before_action :authenticate!
def new
+ @saml_request = authentication_request
+ @relay_state = JSON.generate(redirect_to: '/')
@uri = URI.parse(idp_metadata.single_sign_on_service_for(binding: :http_redirect)[:location])
- @redirect_uri = redirect_url_for(@uri)
+ @redirect_uri = redirect_url_for(@uri, @saml_request, @relay_state)
end
def create
@@ -17,11 +19,11 @@ class SessionsController < ApplicationController
private
- def redirect_url_for(uri)
+ def redirect_url_for(uri, saml_request, relay_state)
uri.to_s + '?' +
{
- 'SAMLRequest' => Saml::Kit::Request.authentication(assertion_consumer_service: session_url),
- 'RelayState' => JSON.generate(inbound_path: '/'),
+ 'SAMLRequest' => saml_request,
+ 'RelayState' => relay_state,
}.map do |(x, y)|
"#{x}=#{CGI.escape(y)}"
end.join('&')
@@ -30,4 +32,10 @@ class SessionsController < ApplicationController
def idp_metadata
Saml::Kit.configuration.registry.metadata_for(DEFAULT_IDP_ENTITY_ID)
end
+
+ def authentication_request
+ builder = AuthenticationRequest::Builder.new
+ builder.acs_url = assertion_consumer_service
+ Saml::Kit::Request.encode(builder)
+ end
end
airport/app/views/sessions/new.html.erb
@@ -2,9 +2,10 @@
<div class="row">
<div class="col">
<%= link_to "Log in to IDP via redirect", @redirect_uri %>
+
<%= form_tag @uri.to_s, method: :post do %>
- <%= hidden_field_tag 'SAMLRequest', Saml::Kit::Request.authentication(assertion_consumer_service: session_url) %>
- <%= hidden_field_tag 'RelayState', JSON.generate(inbound_path: '/') %>
+ <%= hidden_field_tag 'SAMLRequest', @saml_request %>
+ <%= hidden_field_tag 'RelayState', @relay_state %>
<%= submit_tag "Log In to IDP via POST" %>
<% end %>
</div>
proof/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
- def render_http_status(status, item: nil)
+ def render_error(status, item: nil)
@item = item
render template: "errors/#{status}", status: status
end
proof/app/controllers/sessions_controller.rb
@@ -1,6 +1,6 @@
class SessionsController < ApplicationController
skip_before_action :verify_authenticity_token, only: [:new]
- before_action :validate_saml_request, only: [:new, :create]
+ before_action :load_saml_request, only: [:new, :create]
def new
end
@@ -38,8 +38,8 @@ class SessionsController < ApplicationController
}
end
- def validate_saml_request(raw_saml_request = params[:SAMLRequest])
+ def load_saml_request(raw_saml_request = params[:SAMLRequest])
@saml_request = Saml::Kit::Request.decode(raw_saml_request)
- render_http_status(:forbidden, item: @saml_request) if @saml_request.invalid?
+ render_error(:forbidden, item: @saml_request) if @saml_request.invalid?
end
end
saml-kit/lib/saml/kit/request.rb
@@ -5,13 +5,6 @@ module Saml
Saml::Kit::Content.encode_raw_saml(document.to_xml)
end
- def self.authentication(assertion_consumer_service:, entity_id: nil)
- builder = AuthenticationRequest::Builder.new
- builder.acs_url = assertion_consumer_service
- builder.entity_id = entity_id unless entity_id.blank?
- encode(builder)
- end
-
def self.decode(raw_request)
request = Saml::Kit::Content.decode_raw_saml(raw_request)
AuthenticationRequest.new(request)