feat(saml): inherits allows response options from ruby-saml instead o…

…f whitelist
omniauth · Oct 8, 2018 · a0eedd6 · a0eedd6
1 parent 91f1282
commit a0eedd6
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb
@@ -10,10 +10,7 @@ def self.inherited(subclass)
         OmniAuth::Strategy.included(subclass)
       end
 
-      OTHER_REQUEST_OPTIONS = [
-        :skip_conditions, :allowed_clock_drift, :matches_request_id,
-        :skip_subject_confirmation, :skip_destination, :skip_recipient_check
-      ].freeze
+      RUBYSAML_RESPONSE_OPTIONS = OneLogin::RubySaml::Response::AVAILABLE_OPTIONS
 
       option :name_identifier_format, nil
       option :idp_sso_target_url_runtime_params, {}
@@ -234,7 +231,7 @@ def validate_fingerprint(settings)
 
       def options_for_response_object
         # filter options to select only extra parameters
-        opts = options.select {|k,_| OTHER_REQUEST_OPTIONS.include?(k.to_sym)}
+        opts = options.select {|k,_| RUBYSAML_RESPONSE_OPTIONS.include?(k.to_sym)}
 
         # symbolize keys without activeSupport/symbolize_keys (ruby-saml use symbols)
         opts.inject({}) do |new_hash, (key, value)|