33 lines
1 KiB
Ruby
33 lines
1 KiB
Ruby
# The certificate and secret key are not fetched from secrets.yml because there is a problem to set a secret key from a multiline env var"
|
|
# So we fetch env var directly here
|
|
|
|
if ENV['SAML_IDP_ENABLED'] == 'enabled'
|
|
SamlIdp.configure do |config|
|
|
config.base_saml_location = "https://#{ENV['APP_HOST']}/saml/metadata"
|
|
config.x509_certificate = ENV.fetch("SAML_IDP_CERTIFICATE")
|
|
config.secret_key = ENV.fetch("SAML_IDP_SECRET_KEY")
|
|
|
|
config.name_id.formats = {
|
|
"1.1" => {
|
|
email_address: -> (principal) { principal.email }
|
|
},
|
|
"2.0" => {
|
|
transient: -> (principal) { principal.email },
|
|
persistent: -> (p) { p.id }
|
|
}
|
|
}
|
|
|
|
service_providers = {}
|
|
if ENV['SAML_DOLIST_HOST'].present?
|
|
service_providers["https://#{ENV.fetch('SAML_DOLIST_HOST')}"] =
|
|
{
|
|
response_hosts: [ENV.fetch('SAML_DOLIST_HOST')],
|
|
cert: ENV.fetch("SAML_DOLIST_CERTIFICATE")
|
|
}
|
|
end
|
|
|
|
config.service_provider.finder = -> (entity_id) do
|
|
service_providers[entity_id]
|
|
end
|
|
end
|
|
end
|