devise_saml_authenticatable 响应不包含属性
devise_saml_authenticatable response does not contain attributes
我正在尝试理解 SSO、SAML 和联合身份管理概念。现在我正在尝试使用 devise_saml_authenticatable as SP; and SSOCircle as an IDP. I am getting a saml_response with nil attributes, looking at the gem code, I see that it might have to do with saml_config having no attributes in the consumer service. My guess is that it has to do with not having a config/idp.yml 文件对我的应用程序进行身份验证。有谁知道这个 idp.yml 文件应该是什么样子,它应该包含什么?我在回购文档中找不到它。
usage section of the README has the configuration for the gem. The saml_config is filled out in the config.saml_configure section, which just gives you the RubySaml::Settings object to configure (as described in the ruby-saml 文档)。
所以您需要一个名为 config/initializers/devise.rb 的文件,其中包含:
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "http://localhost:3000/users/saml/auth"
# more consumer configuration here
end
以下是我最终修复它的方法:
1) 我意识到 SAML 响应包含 NoAuthnContxt 状态,所以我不得不将我的 saml_config 身份验证上下文更改为
# config/devise.rb
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
2) 在此之后,我成功地在响应 SAML 中获得了属性,但是标识符键与 attributes.yml 中的不同,我不得不更改它们。
# config/attribute-map.yml
# "urn:mace:dir:attribute-def:uid": "uid"
# "urn:mace:dir:attribute-def:email": "email"
# "urn:mace:dir:attribute-def:name": "last_name"
# "urn:mace:dir:attribute-def:givenName": "first_name"
"EmailAddress": "email"
"LastName": "last_name"
"FirstName": "first_name"
我正在尝试理解 SSO、SAML 和联合身份管理概念。现在我正在尝试使用 devise_saml_authenticatable as SP; and SSOCircle as an IDP. I am getting a saml_response with nil attributes, looking at the gem code, I see that it might have to do with saml_config having no attributes in the consumer service. My guess is that it has to do with not having a config/idp.yml 文件对我的应用程序进行身份验证。有谁知道这个 idp.yml 文件应该是什么样子,它应该包含什么?我在回购文档中找不到它。
usage section of the README has the configuration for the gem. The saml_config is filled out in the config.saml_configure section, which just gives you the RubySaml::Settings object to configure (as described in the ruby-saml 文档)。
所以您需要一个名为 config/initializers/devise.rb 的文件,其中包含:
config.saml_configure do |settings|
settings.assertion_consumer_service_url = "http://localhost:3000/users/saml/auth"
# more consumer configuration here
end
以下是我最终修复它的方法:
1) 我意识到 SAML 响应包含 NoAuthnContxt 状态,所以我不得不将我的 saml_config 身份验证上下文更改为
# config/devise.rb
settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
2) 在此之后,我成功地在响应 SAML 中获得了属性,但是标识符键与 attributes.yml 中的不同,我不得不更改它们。
# config/attribute-map.yml
# "urn:mace:dir:attribute-def:uid": "uid"
# "urn:mace:dir:attribute-def:email": "email"
# "urn:mace:dir:attribute-def:name": "last_name"
# "urn:mace:dir:attribute-def:givenName": "first_name"
"EmailAddress": "email"
"LastName": "last_name"
"FirstName": "first_name"