Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
app
bin
config
db
lib
public
test
vendor
.gitignore
.ruby-version
Gemfile
Gemfile.lock
README.md
Rakefile
config.ru
package.json

README.md

Customized Login Page

This sample is a default Ruby on Rails 5 app that makes use of the OneLogin ruby sdk for authenticating users.

It is the recommended approach when building a customized login flow where you want complete control over the look & feel.

The downside to this approach is that you have to implement MFA and password resets etc yourself. However we do have the APIs for these actions available and have demonstrated how to use them in this app.

Custom Login

If you want a standards based, out of the box way to authenticate users then we recommend you use our OpenId Connect implementation.

Get Started

The sample tries to keep everything as simple as possible so only implements

  • Login - Authenticate users in a single request to OneLogin with out any redirects
  • MFA - Does MFA verification if required
  • User Apps - List apps available to a user and provides SSO links
  • User Roles - Lists a users roles
  • Logout - destroying the local session and revoking the token at OneLogin

In order to run this sample you need API credentials for a OneLogin account. If you don't have a OneLogin developer account you can sign up here.

  1. Clone this repo
git clone https://github.com/onelogin/onelogin-ruby-sdk.git
  1. Move to the rails example and install the required gems
cd onelogin-ruby-sdk/examples/rails-custom-login-page && bundle install
  1. Rename config/secrets.yml.sample to config/secrets.yml and update with your OneLogin API credentials, region and subdomain.
development:
  secret_key_base: xxx
  ONELOGIN_CLIENT_ID: xxx
  ONELOGIN_CLIENT_SECRET: xxx
  ONELOGIN_REGION: us
  ONELOGIN_SUBDOMAIN: xxx
  1. Run the sample and browse to http://localhost:3000
rails s

The /dashboard route renders a protected page to prove the authentication works and creates a session. You will need to be authenticated to view it. If you are not authenticate you will be redirected back to the login page.

Authenticate the user

helpers/sessions_helper.rb

response = api_client.create_session_login_token({
    'username_or_email' => username,
    'password' => password,
    'subdomain' => ONELOGIN_SUBDOMAIN,
  },
  request.base_url # included for CORS session cookie request
)

Verify MFA

helpers/sessions_helper.rb

response = api_client.get_session_token_verified(
  device_id,
  session[:state_token],
  otp_token,
  request.base_url
)

Destroy the session

helpers/sessions_helper.rb

api_client.log_user_out(current_user_id)
session.delete(:user)

Make CORS request to establish SSO session

Using the session_token returned from the session_controller after a new login or successful MFA verification.

views/home/index.html.erb

function makeCors(session_token) {
  var xhr = new XMLHttpRequest();
  xhr.withCredentials = true;
  method = "POST";
  var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
  xhr.open(method, url, true);
  xhr.setRequestHeader("Content-Type", "application/json");
  body = {"session_token": session_token};
  xhr.send(JSON.stringify(body));
};