add dolist saml config

config/env.example

@@ -44,10 +44,8 @@ FOG_OPENSTACK_URL=""
 FOG_OPENSTACK_REGION=""
 DS_PROXY_URL=""
 
-# SAML Identity provider
+# SAML
 SAML_IDP_ENABLED="disabled"
-SAML_IDP_CERTIFICATE=""
-SAML_IDP_SECRET_KEY="-----BEGIN RSA PRIVATE KEY-----\nblabla+blabla\n-----END RSA PRIVATE KEY-----\n"
 
 # External service: authentication through France Connect
 FC_PARTICULIER_ID=""

config/env.example.optional

@@ -148,3 +148,9 @@ DATAGOUV_API_KEY="thisisasecret"
 DATAGOUV_API_URL="https://www.data.gouv.fr/api/1"
 DATAGOUV_DESCRIPTIF_DEMARCHES_DATASET="datasetid"
 DATAGOUV_DESCRIPTIF_DEMARCHES_RESOURCE="resourceid"
+
+# SAML
+SAML_IDP_CERTIFICATE="idpcertificate"
+SAML_IDP_SECRET_KEY="-----BEGIN RSA PRIVATE KEY-----\nblabla+blabla\n-----END RSA PRIVATE KEY-----\n"
+SAML_DOLIST_CERTIFICATE="spcertificate"
+SAML_DOLIST_HOST="dolisthoname"

config/initializers/saml_idp.rb

@@ -2,6 +2,30 @@
 # So we fetch env var directly here
 
 if ENV['SAML_IDP_ENABLED'] == 'enabled'
-  SamlIdp.config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
-  SamlIdp.config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
+  SamlIdp.configure do |config|
+    config.base_saml_location = "https://#{ENV['APP_HOST']}/saml/metadata"
+    config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
+    config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
+
+    config.name_id.formats = {
+      "1.1" => {
+        email_address: -> (principal) { principal.email }
+      },
+      "2.0" => {
+        transient: -> (principal) { principal.email },
+        persistent: -> (p) { p.id }
+      }
+    }
+
+    service_providers = {
+      "https://#{ENV.fetch('SAML_DOLIST_HOST')}" => {
+        response_hosts: [ENV.fetch('SAML_DOLIST_HOST')],
+        cert: ENV.fetch("SAML_DOLIST_CERTIFICATE")
+      }
+    }
+
+    config.service_provider.finder = -> (entity_id) do
+      service_providers[entity_id]
+    end
+  end
 end