Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to pass OneLogin::RubySaml::Response configuration options? #197

Open
kwent opened this issue Jul 23, 2021 · 6 comments
Open

How to pass OneLogin::RubySaml::Response configuration options? #197

kwent opened this issue Jul 23, 2021 · 6 comments

Comments

@kwent
Copy link

kwent commented Jul 23, 2021

In the doc: https://github.com/onelogin/ruby-saml

response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], {skip_authnstatement: true}) # skips AuthnStatement
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], {skip_conditions: true}) # skips conditions
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], {skip_subject_confirmation: true}) # skips subject confirmation
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], {skip_recipient_check: true}) # doens't skip subject confirmation, but skips the recipient check which is a sub check of the subject_confirmation check
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], {skip_audience: true}) # skips audience check

I'm not sure how to for example set skip_subject_confirmation through devise_saml_authenticatable any guidance is welcome.

Regards
@adamstegman
Copy link
Collaborator

We pass in a OneLogin::RubySaml::Settings instance that you can update, but unfortunately it looks like these are not on that class.

Here's where the response is constructed:

devise_saml_authenticatable/lib/devise_saml_authenticatable/strategy.rb

Line 58 in 04659f2

def response_options
. We could probably provide some configuration to add more options to that.

@arcreative
Copy link

I ended up having to monkeypatch for skip_audience, would be great to have it handled by some sort of configuration hash or lambda

@adamstegman
Copy link
Collaborator

Yeah, if you want to create a PR that would make sense to me!

@dominikduda
Copy link

dominikduda commented Apr 25, 2023
edited
Loading

@arcreative Can u elaborate on how did you implement the patch?

Where do u store it?
What way of patching did u use?
What has to be done for the patch to work outside of creating a file for it?

I will probably need to patch adevise_saml_authenticatable/lib/devise_saml_authenticatable/strategy.rb#response_options as @adamstegman mentioned but I can't make it work.

@jaredmoody
Copy link

jaredmoody commented May 19, 2023
edited
Loading

I don't know if this is the best, but it's working for me:

# lib/devise/extensions/saml_response_options.rb
require 'devise_saml_authenticatable/strategy'

module Devise
  module Extensions
    module SamlResponseOptions
      def response_options
        super.merge(skip_audience: true, skip_recipient_check: true)
      end
    end
  end
end
# config/initializers/devise.rb
# Monkey Patch Devise::Strategies::SamlAuthenticatable to skip audience validation in test env
if Rails.env.test?
  require 'devise/extensions/saml_response_options'
  Devise::Strategies::SamlAuthenticatable.prepend Devise::Extensions::SamlResponseOptions
end

UPDATE: This actually wasn't working until I switched .include to .prepend. Also updated to extend/use super instead of overwriting the whole method, which is more clear as to what modification is being made.

@fastfedora
Copy link

@jaredmoody Thanks! I was having the same problem and your solution worked perfectly for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jaredmoody @adamstegman @kwent @fastfedora @arcreative @dominikduda