Skip to content


Subversion checkout URL

You can clone with
Download ZIP
WS-Federation and WS-Trust strategy for OmniAuth.
Latest commit 9c91c9f @kbeckman Merge pull request #18 from mttdffy/bugfix-saml-nil-values
SAML Tokens: Guards against attributes with nil values
Failed to load latest commit information.
lib Guards against attributes with nil values by converting text to string
spec Merge pull request #17 from mak-it/default-reply-url
.gitignore removing Gemfile.lock to fix Travis build errors
.travis.yml updating Travis CI config to allow certain failures
Gemfile Initial Commit - bundler gem creation updating license information (#11)
Rakefile Initial Commit - bundler gem creation
omniauth-wsfed.gemspec gemspec changes to resolve 'gem build' warnings

OmniAuth WS-Fed

Gem Version Code Climate Build Status

The OmniAuth-WSFed authentication strategy can be used with the following technologies under scenarios requiring the WS-Federation protocol for authentication. These services are typically used for Identity Federation and Single Sign-On across large organizations or authentication domains.


Add this line to your application's Gemfile:

    gem 'omniauth-wsfed'

And then execute:

$ bundle install

Or install it globally as:

$ gem install omniauth-wsfed


Use the WSFed strategy as a middleware in your application:

require 'omniauth'

use OmniAuth::Strategies::WSFed,
  :issuer_name           => "",
  :issuer                => "",
  :realm                 => "http://my.relyingparty/realm",
  :reply                 => "http://localhost:3000/auth/wsfed/callback",
  :id_claim              => "",
  :idp_cert_fingerprint  => "FC96D2983…"

or in your Rails application:

in Gemfile:

gem 'omniauth-wsfed'

and in config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do

  provider :wsfed,
    :issuer_name           => "",
    :issuer                => "",
    :realm                 => "http://my.relyingparty/realm",
    :reply                 => "http://localhost:3000/auth/wsfed/callback",
    :id_claim              => "",
    :idp_cert_fingerprint  => "FC96D2983…"


Configuration Options

  • :issuer_name - The URI name of your Identity Provider (IdP). Required

  • :issuer - The IdP web endpoint (URL) to which the authentication request should be sent. Required.

  • :idp_cert_fingerprint - The SHA1 fingerprint of the IdP's signing certificate (e.g. "90:CC:16:F0:8D:…"). This is provided by the IdP when setting up the trust relationship. This option or :idp_cert must be present.

  • :idp_cert - The IdP's certificate in PEM format. This option or :idp_cert_fingerprint must be present.

  • :realm - Your site's security realm. This is a URI defining the realm to which the IdP must issue a secure token. Required

  • :reply - The reply-to URL in your application for which a WSFed response should be posted. Defaults to the OmniAuth callback URL. Optional

  • :id_claim - Name of the authentication claim that you want to use as OmniAuth's uid property.

  • :saml_version - The version of SAML tokens. Defaults to 2.

Authors and Credits

Authored by Keith Beckman.

Special thanks to the developers of the following projects from which I borrowed from for omniauth-wsfed:

Something went wrong with that request. Please try again.