-
Notifications
You must be signed in to change notification settings - Fork 58
/
account.rb
43 lines (32 loc) · 1.74 KB
/
account.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
class Account < ActiveRecord::Base
def self.get_saml_settings(url_base)
# this is just for testing purposes.
# should retrieve SAML-settings based on subdomain, IP-address, NameID or similar
settings = OneLogin::RubySaml::Settings.new
url_base ||= "http://localhost:3000"
# Example settings data, replace this values!
# When disabled, saml validation errors will raise an exception.
settings.soft = true
#SP section
settings.issuer = url_base + "/saml/metadata"
settings.assertion_consumer_service_url = url_base + "/saml/acs"
settings.assertion_consumer_logout_service_url = url_base + "/saml/logout"
onelogin_app_id = "<onelogin-app-id>"
# IdP section
settings.idp_entity_id = "https://app.onelogin.com/saml/metadata/#{onelogin_app_id}"
settings.idp_sso_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/sso/#{onelogin_app_id}"
settings.idp_slo_target_url = "https://app.onelogin.com/trust/saml2/http-redirect/slo/#{onelogin_app_id}"
settings.idp_cert = ""
# or settings.idp_cert_fingerprint = ""
# settings.idp_cert_fingerprint_algorithm = XMLSecurity::Document::SHA1
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
# Security section
settings.security[:authn_requests_signed] = false
settings.security[:logout_requests_signed] = false
settings.security[:logout_responses_signed] = false
settings.security[:metadata_signed] = false
settings.security[:digest_method] = XMLSecurity::Document::SHA1
settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
settings
end
end