- Using this gem https://github.com/omniauth/omniauth-saml
- Assumes you have a simple AuthConcern mixin for current user session. Or use devise.
Created
November 20, 2020 22:23
-
-
Save metaskills/8019a6e0f6be49a79728cf8682be49b9 to your computer and use it in GitHub Desktop.
AWS SSO Omniauth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata = Rails.root.join 'config', 'myapp_ins-8d2c1e14da9ca2bc.xml' | |
| idpdata = File.read(metadata) | |
| parser = OneLogin::RubySaml::IdpMetadataParser.new | |
| SAML_SETTINGS = parser.parse_to_hash(idpdata) | |
| Rails.application.config.middleware.use OmniAuth::Builder do | |
| provider :saml, SAML_SETTINGS.merge( | |
| issuer: 'myapp' | |
| ) | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class SessionsController < ApplicationController | |
| skip_before_action :verify_authenticity_token | |
| def create | |
| self.current_user = aws_attributes | |
| redirect_to root_url | |
| end | |
| def destroy | |
| self.current_user = nil | |
| redirect_to SAML_SETTINGS[:idp_slo_target_url] | |
| end | |
| protected | |
| def aws_attributes | |
| { username: session['saml_uid'], | |
| email: saml_attributes['email'] } | |
| end | |
| def saml_attributes | |
| saml_response.attributes | |
| end | |
| def saml_response | |
| auth_hash.extra.response_object | |
| end | |
| def auth_hash | |
| request.env['omniauth.auth'] | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment