pbraswell/gist:e07681b85b7c664ed380

## gistfile1.rb
# routes.rb
ActionController::Routing::Routes.draw do |map|

  map.connect 'saml', :controller => 'saml', :action => 'init'
  map.connect '/saml/:action', :controller => 'saml'
...

# Gemfile
gem 'ruby-saml'

...


# /app/controllers/saml_controller.ruby
require 'onelogin/ruby-saml'

class SamlController < ApplicationController
  def init
    request = OneLogin::RubySaml::Authrequest.new
    redirect_to(request.create(saml_settings))
  end

  def consume
    response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
    response.settings = saml_settings

    if response.is_valid? && user = current_account.users.find_by_email(response.name_id)
      authorize_success(user)
    else
      authorize_failure(user)
    end
  end

  private

  def saml_settings
    settings = OneLogin::RubySaml::Settings.new

    settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
    settings.issuer                         = request.host
    settings.idp_sso_target_url             = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
    settings.idp_cert_fingerprint           = OneLoginAppCertFingerPrint
    settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
    # Optional for most SAML IdPs
    settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
    # Optional. Describe according to IdP specification (if supported) which attributes the SP desires to receive in SAMLResponse.
    settings.attributes_index = 30

    settings
  end
end
	# routes.rb
	ActionController::Routing::Routes.draw do \|map\|

	map.connect 'saml', :controller => 'saml', :action => 'init'
	map.connect '/saml/:action', :controller => 'saml'
	...

	# Gemfile
	gem 'ruby-saml'

	...


	# /app/controllers/saml_controller.ruby
	require 'onelogin/ruby-saml'

	class SamlController < ApplicationController
	def init
	request = OneLogin::RubySaml::Authrequest.new
	redirect_to(request.create(saml_settings))
	end

	def consume
	response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
	response.settings = saml_settings

	if response.is_valid? && user = current_account.users.find_by_email(response.name_id)
	authorize_success(user)
	else
	authorize_failure(user)
	end
	end

	private

	def saml_settings
	settings = OneLogin::RubySaml::Settings.new

	settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
	settings.issuer = request.host
	settings.idp_sso_target_url = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
	settings.idp_cert_fingerprint = OneLoginAppCertFingerPrint
	settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
	# Optional for most SAML IdPs
	settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
	# Optional. Describe according to IdP specification (if supported) which attributes the SP desires to receive in SAMLResponse.
	settings.attributes_index = 30

	settings
	end
	end