diff --git a/lib/omniauth/core.rb b/lib/omniauth/core.rb index 2c9bd243e..7f164776e 100644 --- a/lib/omniauth/core.rb +++ b/lib/omniauth/core.rb @@ -103,6 +103,7 @@ module Utils 'cas' => 'CAS', 'trademe' => 'TradeMe', 'ldap' => 'LDAP', + 'saml' => 'SAML', 'google_oauth2' => 'GoogleOAuth2' } diff --git a/oa-core/lib/omniauth/core.rb b/oa-core/lib/omniauth/core.rb index 5a2201a98..fef188430 100644 --- a/oa-core/lib/omniauth/core.rb +++ b/oa-core/lib/omniauth/core.rb @@ -104,6 +104,7 @@ module Utils 'cas' => 'CAS', 'trademe' => 'TradeMe', 'ldap' => 'LDAP', + 'saml' => 'SAML', 'google_oauth2' => 'GoogleOAuth2' } diff --git a/oa-enterprise/lib/omniauth/strategies/saml.rb b/oa-enterprise/lib/omniauth/strategies/saml.rb index 4238b11bc..657c81620 100644 --- a/oa-enterprise/lib/omniauth/strategies/saml.rb +++ b/oa-enterprise/lib/omniauth/strategies/saml.rb @@ -8,9 +8,9 @@ class SAML autoload :AuthResponse, 'omniauth/strategies/saml/auth_response' autoload :ValidationError, 'omniauth/strategies/saml/validation_error' autoload :XMLSecurity, 'omniauth/strategies/saml/xml_security' - + @@settings = {} - + def initialize(app, options={}) super(app, :saml) @@settings = { @@ -21,30 +21,39 @@ def initialize(app, options={}) :name_identifier_format => options[:name_identifier_format] || "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" } end - + def request_phase request = OmniAuth::Strategies::SAML::AuthRequest.new redirect(request.create(@@settings)) end - + def callback_phase begin - response = OmniAuth::Strategies::SAML::AuthResponse.new(request.params['SAMLResponse']) - response.settings = @@settings + @response = OmniAuth::Strategies::SAML::AuthResponse.new(request.params['SAMLResponse']) + @response.settings = @@settings @name_id = response.name_id return fail!(:invalid_ticket, 'Invalid SAML Ticket') if @name_id.nil? || @name_id.empty? super rescue ArgumentError => e fail!(:invalid_ticket, 'Invalid SAML Response') - end + end end - + def auth_hash OmniAuth::Utils.deep_merge(super, { - 'uid' => @name_id + 'uid' => @name_id, + 'user_info' => user_info }) - end - + end + + def user_info + name = @response.attributes[:name] || "#{@response.attributes[:firstname]} #{@response.attributes[:lastname]}" + { + :name => name, + :email => @response.attributes[:email] + } + end + end end end diff --git a/oa-enterprise/lib/omniauth/strategies/saml/auth_response.rb b/oa-enterprise/lib/omniauth/strategies/saml/auth_response.rb index d63f39d17..5e9dd0b4e 100644 --- a/oa-enterprise/lib/omniauth/strategies/saml/auth_response.rb +++ b/oa-enterprise/lib/omniauth/strategies/saml/auth_response.rb @@ -4,7 +4,7 @@ module OmniAuth module Strategies class SAML class AuthResponse - + ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion" PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol" DSIG = "http://www.w3.org/2000/09/xmldsig#" @@ -47,7 +47,7 @@ def attributes name = attr_element.attributes["Name"] value = attr_element.elements.first.text - result[name] = value + result[name.downcase] = value end result.keys.each do |key| @@ -134,8 +134,8 @@ def parse_time(node, attribute) Time.parse(node.attributes[attribute]) end end - + end end end -end \ No newline at end of file +end