2020-11-12 16:09:21 +01:00
|
|
|
# The certificate and secret key are not fetched from secrets.yml because there is a problem to set a secret key from a multiline env var"
|
|
|
|
# So we fetch env var directly here
|
|
|
|
|
2022-01-26 11:59:59 +01:00
|
|
|
if ENV['SAML_IDP_ENABLED'] == 'enabled'
|
2022-08-18 15:58:19 +02:00
|
|
|
SamlIdp.configure do |config|
|
|
|
|
config.base_saml_location = "https://#{ENV['APP_HOST']}/saml/metadata"
|
|
|
|
config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
|
|
|
|
config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
|
2022-10-03 12:30:54 +02:00
|
|
|
config.single_service_post_location = "https://#{ENV['APP_HOST']}/saml/auth"
|
|
|
|
config.single_service_redirect_location = "https://#{ENV['APP_HOST']}/saml/auth"
|
2022-08-18 15:58:19 +02:00
|
|
|
|
|
|
|
config.name_id.formats = {
|
|
|
|
"1.1" => {
|
|
|
|
email_address: -> (principal) { principal.email }
|
|
|
|
},
|
|
|
|
"2.0" => {
|
|
|
|
transient: -> (principal) { principal.email },
|
|
|
|
persistent: -> (p) { p.id }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-25 21:31:14 +02:00
|
|
|
service_providers = {}
|
|
|
|
if ENV['SAML_DOLIST_HOST'].present?
|
|
|
|
service_providers["https://#{ENV.fetch('SAML_DOLIST_HOST')}"] =
|
|
|
|
{
|
|
|
|
response_hosts: [ENV.fetch('SAML_DOLIST_HOST')],
|
|
|
|
cert: ENV.fetch("SAML_DOLIST_CERTIFICATE")
|
|
|
|
}
|
|
|
|
end
|
2022-08-18 15:58:19 +02:00
|
|
|
|
|
|
|
config.service_provider.finder = -> (entity_id) do
|
|
|
|
service_providers[entity_id]
|
|
|
|
end
|
|
|
|
end
|
2020-11-12 16:09:21 +01:00
|
|
|
end
|