1

对于我的应用程序,我想拥有“omniauth-google-oauth2”、“omniauth-ruby”和正常的设计身份验证,而对于前两个,我有以下路线

get '/auth/google_oauth2/callback' => 'authentication/omniauth#google_oauth2'
get 'omniauth/failure' => 'authentication/omniauth#failure'
post 'auth/saml', to: 'authentication/saml#saml', as: :saml_authorize
post 'auth/saml/callback', to: 'authentication/saml#callback'

看法

<%= form_tag saml_authorize_path, class: 'text-center' do %>
    <%= select_tag :user_type, options_for_select([[t('.option_user'), 'user'], [t('.option_serviceuser'), 'service_user']], sel_obj_class_name), class: 'js-select-user-type platform-select-service' %>
    <button class="btn btn-light">
        SAML Auth
    </button>
<% end %>

saml_controller

module Authentication
class SamlController < NoAuthController
    def saml
        request = OneLogin::RubySaml::Authrequest.new
        cookies.permanent[:scope] = params[:user_type]
        redirect_to(request.create(saml_settings), type: params[:user_type])
    end

    def callback
        response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], settings: saml_settings)
        binding.pry
        if response.is_valid?
            request.env['omniauth.params']['user_type']
            when 'service_user'
                service_user = User.from_omniauth(request.env['omniauth.auth'])
                flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Saml'
                return sign_in_and_redirect service_user, event: :authentication if service_user
            else
                user = User.from_omniauth(request.env['omniauth.auth'])
                flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Saml'

                return sign_in_and_redirect user, event: :authentication if user
            end
        else
            notify_airbrake('Saml Omniauth Failure', errors: response.errors)
            redirect_to signin_path, alert: t('devise.failure.invalid')
        end
    end

    private

    def saml_settings
        settings = OneLogin::RubySaml::Settings.new
        # You provide to IDP
        settings.assertion_consumer_service_url = "example.com/auth/saml/callback"
        settings.issuer                         = '1234567890'
        settings.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
        settings.idp_cert_fingerprint_algorithm = 'http://www.w3.org/2000/09/xmldsig#sha256'
        # IDP provides to you
        settings.idp_sso_target_url             = CONFIG[:saml_sso_target]
        settings.idp_cert                       = CONFIG[:saml_cleint_certificate]

        settings
    end
end

结尾

request.env['omniauth.auth']在回调中得到 nil 而响应对 saml 有效,对于 google-oauth2 获取正常数据

User 和 ServiceUser 模型没有omniauthable。

Omniauth 初始化:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2,
         CONFIG[:google_client_id],
         CONFIG[:google_client_secret],
         access_type: 'online'

    on_failure { |env| Authentication::OmniauthController.action(:failure).call(env) 
}
end

OmniAuth.config.logger = Rails.logger

我不能在omniauth初始化程序中使用saml设置,因为我想拥有动态idp_sso_target_urlidp_cert以后。

我应该怎么做才能在 request.env['omniauth.params'] 中获取有效数据

4

0 回答 0