From 3d175f107e24de6da4b1ea39161ed1be3409682f Mon Sep 17 00:00:00 2001
From: Christophe Robillard <christophe.robillard@beta.gouv.fr>
Date: Thu, 18 Aug 2022 15:58:19 +0200
Subject: [PATCH] add dolist saml config

---
 config/env.example              |  4 +---
 config/env.example.optional     |  6 ++++++
 config/initializers/saml_idp.rb | 28 ++++++++++++++++++++++++++--
 3 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/config/env.example b/config/env.example
index b3090af82..978dfd183 100644
--- a/config/env.example
+++ b/config/env.example
@@ -44,10 +44,8 @@ FOG_OPENSTACK_URL=""
 FOG_OPENSTACK_REGION=""
 DS_PROXY_URL=""
 
-# SAML Identity provider
+# SAML
 SAML_IDP_ENABLED="disabled"
-SAML_IDP_CERTIFICATE=""
-SAML_IDP_SECRET_KEY="-----BEGIN RSA PRIVATE KEY-----\nblabla+blabla\n-----END RSA PRIVATE KEY-----\n"
 
 # External service: authentication through France Connect
 FC_PARTICULIER_ID=""
diff --git a/config/env.example.optional b/config/env.example.optional
index 332bbb9b8..9469b1725 100644
--- a/config/env.example.optional
+++ b/config/env.example.optional
@@ -148,3 +148,9 @@ DATAGOUV_API_KEY="thisisasecret"
 DATAGOUV_API_URL="https://www.data.gouv.fr/api/1"
 DATAGOUV_DESCRIPTIF_DEMARCHES_DATASET="datasetid"
 DATAGOUV_DESCRIPTIF_DEMARCHES_RESOURCE="resourceid"
+
+# SAML
+SAML_IDP_CERTIFICATE="idpcertificate"
+SAML_IDP_SECRET_KEY="-----BEGIN RSA PRIVATE KEY-----\nblabla+blabla\n-----END RSA PRIVATE KEY-----\n"
+SAML_DOLIST_CERTIFICATE="spcertificate"
+SAML_DOLIST_HOST="dolisthoname"
diff --git a/config/initializers/saml_idp.rb b/config/initializers/saml_idp.rb
index 946567e10..65f51b116 100644
--- a/config/initializers/saml_idp.rb
+++ b/config/initializers/saml_idp.rb
@@ -2,6 +2,30 @@
 # So we fetch env var directly here
 
 if ENV['SAML_IDP_ENABLED'] == 'enabled'
-  SamlIdp.config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
-  SamlIdp.config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
+  SamlIdp.configure do |config|
+    config.base_saml_location = "https://#{ENV['APP_HOST']}/saml/metadata"
+    config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
+    config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
+
+    config.name_id.formats = {
+      "1.1" => {
+        email_address: -> (principal) { principal.email }
+      },
+      "2.0" => {
+        transient: -> (principal) { principal.email },
+        persistent: -> (p) { p.id }
+      }
+    }
+
+    service_providers = {
+      "https://#{ENV.fetch('SAML_DOLIST_HOST')}" => {
+        response_hosts: [ENV.fetch('SAML_DOLIST_HOST')],
+        cert: ENV.fetch("SAML_DOLIST_CERTIFICATE")
+      }
+    }
+
+    config.service_provider.finder = -> (entity_id) do
+      service_providers[entity_id]
+    end
+  end
 end