act as an saml identity provider

2020-11-12 16:09:21 +01:00 · 2020-11-12 16:09:21 +01:00 · 9347951cea
commit 9347951cea
parent f30ac39ffb
9 changed files with 93 additions and 0 deletions
--- a/config/env.example
+++ b/config/env.example
@ -20,6 +20,11 @@ SIGNING_KEY="aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017"
 # Clé de chiffrement OTP, pour 2FA
 OTP_SECRET_KEY=""

+# Clé et certificat pour SAML IdP
+
+# SAML_IDP_CERTIFICATE="billybop"
+# SAML_IDP_SECRET_KEY="-----BEGIN RSA PRIVATE KEY-----\nblabla+blabla\n-----END RSA PRIVATE KEY-----\n"
+
 # Database
 DB_DATABASE="tps_development"
 DB_HOST="localhost"
--- a/config/initializers/saml_idp.rb
+++ b/config/initializers/saml_idp.rb
@ -0,0 +1,7 @@
+# The certificate and secret key are not fetched from secrets.yml because there is a problem to set a secret key from a multiline env var"
+# So we fetch env var directly here
+
+if Rails.env.production?
+  SamlIdp.config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
+  SamlIdp.config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
+end
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@ -105,6 +105,7 @@ fr:

  errors:
    messages:
+      saml_not_authorized: "Vous n'êtes pas autorisé à accéder à ce service."
      already_confirmed: "a déjà été validé(e), veuillez essayer de vous connecter"
      confirmation_period_expired: "à confirmer dans les %{period}, merci de faire une nouvelle demande"
      expired: "a expiré, merci d’en faire une nouvelle demande"
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,4 +1,8 @@
 Rails.application.routes.draw do
+  get '/saml/auth' => 'saml_idp#new'
+  post '/saml/auth' => 'saml_idp#create'
+  get '/saml/metadata' => 'saml_idp#metadata'
+
  #
  # Manager
  #