Commit cf60d1e

mo <mo.khan@gmail.com>
2017-11-18 23:50:43
serialize post form correctly.
1 parent 348e261
Changed files (5)
airport
app
controllers
sessions_controller.rb
views
sessions
new.html.erb
config
initializers
filter_parameter_logging.rb
proof
app
controllers
sessions_controller.rb
config
initializers
filter_parameter_logging.rb
airport/app/controllers/sessions_controller.rb
@@ -17,7 +17,7 @@ class SessionsController < ApplicationController
     # * URI
     # * SAMLRequest/SAMLResponse
     post_binding = idp_metadata.single_sign_on_service_for(binding: :post)
-    @post_uri, @saml_request = post_binding.serialize(builder, relay_state: @relay_state)
+    @post_uri, @saml_params = post_binding.serialize(builder, relay_state: @relay_state)
   end
 
   def create
airport/app/views/sessions/new.html.erb
@@ -4,8 +4,9 @@
       <%= link_to "Log in to IDP via redirect", @redirect_uri %>
 
       <%= form_tag @post_uri.to_s, method: :post do %>
-        <%= hidden_field_tag 'SAMLRequest', @saml_request %>
-        <%= hidden_field_tag 'RelayState', @relay_state %>
+        <% @saml_params.each do |(key, value)| %>
+          <%= hidden_field_tag key, value %>
+        <% end %>
         <%= submit_tag "Log In to IDP via POST" %>
       <% end %>
     </div>
airport/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,4 @@
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, 'SAMLResponse', 'SAMLRequest', 'RelayState']
+Rails.application.config.filter_parameters += [:password, :authenticity_token, 'SAMLResponse', 'SAMLRequest', 'RelayState', 'SigAlg', 'Signature']
proof/app/controllers/sessions_controller.rb
@@ -46,10 +46,7 @@ class SessionsController < ApplicationController
   end
 
   def binding_for(request)
-    if request.post?
-      idp.single_sign_on_service_for(binding: :post)
-    else
-      idp.single_sign_on_service_for(binding: :http_redirect)
-    end
+    target_binding = request.post? ? :post : :http_redirect
+    idp.single_sign_on_service_for(binding: target_binding)
   end
 end
proof/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,4 @@
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, 'SAMLResponse', 'SAMLRequest', 'RelayState']
+Rails.application.config.filter_parameters += [:password, :authenticity_token, 'SAMLResponse', 'SAMLRequest', 'RelayState']