Commit 06a4e07
bin/api
@@ -13,9 +13,9 @@ gemfile do
gem "webrick", "~> 1.0"
end
-$scheme = ENV.fetch('SCHEME', 'http')
-$port = ENV.fetch('PORT', 8284).to_i
-$host = ENV.fetch('HOST', "localhost:#{$port}")
+$scheme = ENV.fetch("SCHEME", "http")
+$port = ENV.fetch("PORT", 8284).to_i
+$host = ENV.fetch("HOST", "localhost:#{$port}")
class Project
class << self
bin/idp
@@ -13,9 +13,9 @@ gemfile do
gem "webrick", "~> 1.0"
end
-$scheme = ENV.fetch('SCHEME', 'http')
-$port = ENV.fetch('PORT', 8282).to_i
-$host = ENV.fetch('HOST', "localhost:#{$port}")
+$scheme = ENV.fetch("SCHEME", "http")
+$port = ENV.fetch("PORT", 8282).to_i
+$host = ENV.fetch("HOST", "localhost:#{$port}")
class JWT
attr_reader :claims
@@ -66,7 +66,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry
end
Saml::Kit.configure do |x|
- x.entity_id = "#{$scheme}://#{$host}/metadata.xml"
+ x.entity_id = "#{$scheme}://#{$host}/saml/metadata.xml"
x.registry = OnDemandRegistry.new
x.logger = Logger.new("/dev/stderr")
end
@@ -83,7 +83,7 @@ class IdentityProvider
return oauth_metadata
when '/.well-known/webfinger' # RFC-7033
return not_found
- when "/metadata.xml"
+ when "/saml/metadata.xml"
return saml_metadata
when "/saml/new"
# TODO:: render a login page
@@ -117,9 +117,6 @@ class IdentityProvider
private
- # Download IDP Metadata
- #
- # GET /metadata.xml
def saml_metadata
xml = Saml::Kit::Metadata.build_xml do |builder|
builder.contact_email = 'hi@example.com'
bin/ui
@@ -14,9 +14,10 @@ gemfile do
gem "webrick", "~> 1.0"
end
-$scheme = ENV.fetch('SCHEME', 'http')
-$port = ENV.fetch('PORT', 8283).to_i
-$host = ENV.fetch('HOST', "localhost:#{$port}")
+$scheme = ENV.fetch("SCHEME", "http")
+$port = ENV.fetch("PORT", 8283).to_i
+$host = ENV.fetch("HOST", "localhost:#{$port}")
+$idp_host = ENV.fetch("IDP_HOST", "localhost:8282")
class OnDemandRegistry < Saml::Kit::DefaultRegistry
def metadata_for(entity_id)
@@ -29,7 +30,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry
end
Saml::Kit.configure do |x|
- x.entity_id = "#{$scheme}://#{$host}/metadata.xml"
+ x.entity_id = "#{$scheme}://#{$host}/saml/metadata.xml"
x.registry = OnDemandRegistry.new
x.logger = Logger.new("/dev/stderr")
end
@@ -55,14 +56,14 @@ class UI
case env['REQUEST_METHOD']
when 'GET'
case path
- when "/metadata.xml"
- return metadata
+ when "/oauth/callback"
+ return oauth_callback(Rack::Request.new(env))
when "/oidc/new"
- return redirect_to("http://localhost:8282/oauth/authorize?client_id=service-provider&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid")
+ return redirect_to("http://#{$idp_host}/oauth/authorize?client_id=service-provider&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid")
+ when "/saml/metadata.xml"
+ return metadata
when "/saml/new"
return saml_post_to_idp(Rack::Request.new(env))
- when "/oauth/callback"
- return oauth_callback(Rack::Request.new(env))
else
# return saml_post_to_idp(Rack::Request.new(env))
return redirect_to("/saml/new")
@@ -90,7 +91,7 @@ class UI
def oauth_callback(request)
response = Net::Hippie.default_client.post(
- "http://localhost:8282/oauth/token",
+ "http://#{$idp_host}/oauth/token",
headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') },
body: {
grant_type: "authorization_code",
@@ -102,7 +103,7 @@ class UI
end
def saml_post_to_idp(request)
- idp = Saml::Kit.registry.metadata_for('http://localhost:8282/metadata.xml')
+ idp = Saml::Kit.registry.metadata_for("http://#{$idp_host}/saml/metadata.xml")
relay_state = Base64.strict_encode64(JSON.generate(redirect_to: '/dashboard'))
@saml_builder = nil
@@ -132,7 +133,7 @@ class UI
end
def saml_assertions(request)
- sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/metadata.xml")
+ sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/saml/metadata.xml")
saml_binding = sp.assertion_consumer_service_for(binding: :http_post)
saml_response = saml_binding.deserialize(request.params)
raise saml_response.errors unless saml_response.valid?