对于我的应用程序,我想拥有“omniauth-google-oauth2”、“omniauth-ruby”和正常的设计身份验证,而对于前两个,我有以下路线
get '/auth/google_oauth2/callback' => 'authentication/omniauth#google_oauth2'
get 'omniauth/failure' => 'authentication/omniauth#failure'
post 'auth/saml', to: 'authentication/saml#saml', as: :saml_authorize
post 'auth/saml/callback', to: 'authentication/saml#callback'
看法
<%= form_tag saml_authorize_path, class: 'text-center' do %>
<%= select_tag :user_type, options_for_select([[t('.option_user'), 'user'], [t('.option_serviceuser'), 'service_user']], sel_obj_class_name), class: 'js-select-user-type platform-select-service' %>
<button class="btn btn-light">
SAML Auth
</button>
<% end %>
saml_controller
module Authentication
class SamlController < NoAuthController
def saml
request = OneLogin::RubySaml::Authrequest.new
cookies.permanent[:scope] = params[:user_type]
redirect_to(request.create(saml_settings), type: params[:user_type])
end
def callback
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], settings: saml_settings)
binding.pry
if response.is_valid?
request.env['omniauth.params']['user_type']
when 'service_user'
service_user = User.from_omniauth(request.env['omniauth.auth'])
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Saml'
return sign_in_and_redirect service_user, event: :authentication if service_user
else
user = User.from_omniauth(request.env['omniauth.auth'])
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Saml'
return sign_in_and_redirect user, event: :authentication if user
end
else
notify_airbrake('Saml Omniauth Failure', errors: response.errors)
redirect_to signin_path, alert: t('devise.failure.invalid')
end
end
private
def saml_settings
settings = OneLogin::RubySaml::Settings.new
# You provide to IDP
settings.assertion_consumer_service_url = "example.com/auth/saml/callback"
settings.issuer = '1234567890'
settings.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
# IDP provides to you
settings.idp_sso_target_url = CONFIG[:saml_sso_target]
settings.idp_cert = CONFIG[:saml_cleint_certificate]
settings
end
end
结尾
我request.env['omniauth.auth']
在回调中得到 nil 而响应对 saml 有效,对于 google-oauth2 获取正常数据
User 和 ServiceUser 模型没有omniauthable。
Omniauth 初始化:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2,
CONFIG[:google_client_id],
CONFIG[:google_client_secret],
access_type: 'online'
on_failure { |env| Authentication::OmniauthController.action(:failure).call(env)
}
end
OmniAuth.config.logger = Rails.logger
我不能在omniauth初始化程序中使用saml设置,因为我想拥有动态idp_sso_target_url
和idp_cert
以后。
我应该怎么做才能在 request.env['omniauth.params'] 中获取有效数据