act as an saml identity provider

2020-11-12 16:09:21 +01:00 · 2020-11-12 16:09:21 +01:00 · 9347951cea
commit 9347951cea
parent f30ac39ffb
9 changed files with 93 additions and 0 deletions
--- a/app/controllers/saml_idp_controller.rb
+++ b/app/controllers/saml_idp_controller.rb
@ -0,0 +1,28 @@
+class SamlIdpController < ActionController::Base
+  include SamlIdp::Controller
+
+  before_action :validate_saml_request
+
+  def new
+    if super_admin_signed_in?
+      @saml_response = encode_SAMLResponse(current_super_admin.email, saml_attributes)
+      render :template => "saml_idp/idp/saml_post", :layout => false
+    else
+      redirect_to root_path, alert: t("errors.messages.saml_not_authorized")
+    end
+  end
+
+  def metadata
+    render layout: false, content_type: "application/xml", formats: :xml
+  end
+
+  private
+
+  def saml_attributes
+    admin_attributes = %[<saml:AttributeStatement><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><saml:AttributeValue>#{current_super_admin.email}</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue>ds|#{current_super_admin.id}</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>]
+    {
+      issuer_uri: saml_auth_url,
+      attributes_provider: admin_attributes
+    }
+  end
+end