Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

more doc fixes

  • Loading branch information...
commit d2d3b6c05c43e11acb299a187d158fb8df236cb1 1 parent f3667b7
@calh authored
Showing with 11 additions and 7 deletions.
  1. +11 −7 README.rdoc
View
18 README.rdoc
@@ -4,13 +4,13 @@ The Ruby SAML library is for implementing the client side of a SAML authorizatio
SAML authorization is a two step process and you are expected to implement support for both.
-== The Request phase
+== The Request Phase
This is the first request you will get from the identity provider. It will hit your application at a specific URL (that you've announced as being your SAML initialization point). The response to this initialization, is a redirect back to the identity provider, which can look something like this (ignore the saml_settings method call for now):
def initialize
request = Onelogin::Saml::Authrequest.new(settings)
-
+
# Create the request, returning an action type and associated content
action, content = request.create
case action
@@ -26,7 +26,7 @@ This is the first request you will get from the identity provider. It will hit y
The create method will choose the appropriate SSO binding that the IdP supports. The "action" here represents a GET or a POST method for the request to the IdP. The content passed back will either be
a URL to redirect, or HTML content with a form. (It will submit itself with an onLoad trigger)
-== The Response phase
+== The Response Phase
Once you've redirected back to the identity provider, it will ensure that the user has been authorized and redirect back to your application for final consumption, this is can look something like this (the authorize_success and authorize_failure methods are specific to your application):
@@ -59,13 +59,14 @@ In the above there are a few assumptions in place, one being that the response.n
settings
end
-=== <b>Where does that fingerprint come from!!??</b>
+=== <b>Where does that fingerprint come from!!??11</b>
- Get a copy of the IdP public X.509 certificate
Either get the file itself, or create one by pasting in the contents of the X509Certificate tag out of the metadata or a SAML response. If you paste in the example BEGIN CERTIFICATE and END CERTIFICATE lines <b>exactly</b> as you see them in the example below:
<pre>
+
$ cat cert.pem
-----BEGIN CERTIFICATE-----
MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
@@ -79,13 +80,16 @@ GwlSiB2DDcImFvldaz/xtyua5D5jFJrplcrM1jIIcHNYwahkRpQQZFYU8wknYZ85
h5+bvkeiM0nLbhhKPRLKCG6f3E5GOM5jVI2sJZA25fZzXEV7AgMBAAEwAwYBAAMB
AA==
-----END CERTIFICATE-----
+
</pre>
-Use the openssl command line to get the SHA1 fingerprint from the public certificate file:
+- Use this openssl command line to get the SHA1 fingerprint from the public certificate file:
<pre>
+
$ openssl x509 -fingerprint < cert.pem
SHA1 Fingerprint=EC:CA:8E:0E:DB:D3:BC:06:9B:1C:1F:3F:42:FE:47:61:0B:DE:91:43
+
</pre>
Then assign <b>settings.idp_cert_fingerprint</b> to this value.
@@ -111,7 +115,7 @@ The settings themselves will be a little different. Easier than the method abov
# this is just for testing purposes.
# should retrieve SAML-settings based on subdomain, IP-address, NameID or similar
settings = Onelogin::Saml::Settings.new
-
+
# This is the URL that the SP will tell the IdP send the response to
settings.assertion_consumer_service_url = "http://sp.example.com/saml/consume"
@@ -164,7 +168,7 @@ What's left at this point, is to wrap it all up in a controller and point the in
render :inline => content
end
end
-
+
def consume
response = Onelogin::Saml::Response.new(params[:SAMLResponse])
response.settings = saml_settings
Please sign in to comment.
Something went wrong with that request. Please try again.